What is the FELCA Law and how does Qonclor help comply?

Law 15.211/2025 (FELCA Law / ECA Digital) is federal law and requires reliable age verification and related duties for platforms minors may use; the adaptation period is already underway. Qonclor provides an API for identity verification and compliance support.

Qonclor Terms of Use and General Conditions

Last updated: May 15, 2026

Preamble and initial considerations

These Terms of Use and General Conditions («Terms of Use» or «Terms») set forth the conditions, guidelines, obligations, limitations, rights, and other provisions applicable to access and use of the products and services identified by the Qonclor brand («Qonclor», «we», «our», «us» or «Contractor», as applicable).

The Qonclor brand designates the infrastructure platform for identity verification, trust decisioning, and compliance («Platform» or «Services»), aimed at companies operating regulated digital environments. The commercial and contractual operation of the Services is carried out by Clervix Inova Simples (I.S.), registered under CNPJ No. 63.252.137/0001-53, with headquarters in the Municipality of Chapadão do Sul, State of Mato Grosso do Sul, Brazil («Contractor»).

These Terms govern, together with the Privacy Policy and the Cookie Policy, when applicable:

(i) access to and use of the institutional website available at qonclor.com and related domains («Site»);
(ii) submission of forms, demonstration requests, and other commercial prospecting interactions;
(iii) registration and use of the administrative dashboard by company representatives; and
(iv) use of the Platform by companies that formally contract the Services, within the limits described herein and in the specific instruments of Section 2.2.

These Terms were prepared in compliance with the legislation of the Federative Republic of Brazil, in particular the Civil Code, the Brazilian Internet Civil Rights Framework (Law No. 12.965/2014), the Brazilian General Personal Data Protection Law (Law No. 13.709/2018 — «LGPD»), the Brazilian Consumer Defense Code (Law No. 8.078/1990), when applicable, and other relevant rules.

By accessing the Site, submitting forms, creating an account on the administrative dashboard, using the Platform, or otherwise using the Services within the scopes described herein, you declare that you have read, understood, and accepted these Terms and the Privacy Policy, as well as the Cookie Policy, when applicable. If you do not agree with any provision, do not use the Site or the Services.

Nature of the information. Materials available on the Site, including informational pages, educational content, and texts on regulation (for example, provisions related to ECA Digital and the framework applicable to digital platforms), are general and illustrative in nature and do not constitute, under any circumstances, legal, regulatory, tax, accounting, or compliance advice. Interpretation and application of legal requirements to each concrete case are the exclusive responsibility of the Client and its qualified advisors.

Contact channels: commercial and demonstrations — [email protected]; privacy — [email protected]; contracts and terms — [email protected]. Details in Section 21.

1. Definitions and interpretation

For the purposes of these Terms, the definitions in the Privacy Policy and the LGPD apply when relevant, and, complementarily, the following:

1.1. Client: legal entity that contracts the Services, directly or indirectly, under a specific commercial instrument, accepted proposal, or documented practice within the limits of Section 2.4.

1.2. User: natural person who accesses the administrative dashboard, uses Credentials, or interacts with the Platform on behalf of the Client, including, but not limited to, administrators, developers, operators, or other authorized collaborators.

1.3. Verified data subject: natural person whose personal data are processed in identity, age, trust, or compliance verification flows promoted by the Client through the Platform. The verified data subject is not a party to these Terms; their contractual and privacy relationship is, as a rule, with the Client as data controller, pursuant to Section 8.5.

1.4. Documentation: manuals, technical specifications, policies published on the Site or in an environment designated by the Contractor, integration guidelines, API references, changelogs, and other materials made available for adequate use of the Services, in the version in force at the time of use.

1.5. Credentials: dashboard access accounts, API keys, shared secrets, digital certificates, session tokens, webhook credentials, and any other authentication, authorization, or technical identification mechanisms linked to the Client.

1.6. Client Content: data, processing instructions, flow configurations, internal policies reflected in parameters, reference identifiers, integration metadata, and other inputs sent by the Client or its systems to the Platform within the scope of the Services.

1.7. Interpretation. Section titles and summaries are for organizational purposes only. References to laws include amendments and related regulations. The singular includes the plural and vice versa when the context so requires.

2. Precedence of contracts and commercial addendum

2.1. These Terms constitute general conditions applicable to the Site and, in the absence of a specific instrument in force that replaces or supplements them, to the Services provided by the Contractor.

2.2. Specific instruments. Other conditions — including, when contracted, service level agreement (SLA), price schedule, functional scope, services agreement, data protection clauses (DPA), enhanced confidentiality agreements, subprocessor list or policy, work orders, technical annexes, addenda, and related instruments — may be agreed and/or superseded by contract, commercial proposal, purchase order, electronic acceptance, or written instrument signed or accepted between Client and Contractor at the time of contracting or during the commercial relationship.

2.3. Precedence in case of conflict. In case of conflict between a provision of these Terms and a binding document signed or accepted during onboarding or the contractual term, the specific instrument prevails, only to the extent of the identified conflict, with the remaining unaffected provisions remaining valid.

2.4. Contracting without extensive formal instrument. The absence of an extensive written contract shall not, by itself, prevent charging of fees, issuance of invoices, or provision of the Services according to an accepted proposal by electronic means, documented commercial practices, or proven de facto relationship, when permitted by law and informed to the Client, without prejudice to the possibility of subsequent formalization under Section 2.2.

2.5. Evaluation, beta, and proof-of-concept (POC) programs. The Contractor may, at its discretion, grant experimental, temporary, or limited access in a sandbox, beta, pilot, or proof-of-concept (POC) environment, with or without a complete formal contract, subject to acceptance of these Terms and additional conditions informed in writing or electronically. In such programs, without prejudice to the other clauses:

(i) the Services may be discontinued, modified, or replaced without prolonged prior notice;
(ii) there is no SLA, availability guarantee, performance guarantee, or guarantee of a specific result;
(iii) data used in tests must be fictitious, synthetic, or anonymized, unless express and documented authorization;
(iv) access may be revoked at any time, for the Contractor’s convenience or identified risk; and
(v) instruments under Section 2.2, when executed, prevail over generic provisions of these Terms to the extent applicable to them.

3. Scope, parties, and eligibility

3.1. Part A — Site and prospecting. Provisions relating to the Site, institutional browsing, reading of published content, and requests submitted through the demonstration form or other indicated channels apply regardless of a prior contractual relationship with the Contractor.

3.2. Part B — Platform and Services. Use of the Platform in a production environment, integration via API, configuration of webhooks, processing of verified data subjects, and other contracted features are governed by these Terms and, when existing, by the instruments of Section 2.2.

3.3. Eligibility and capacity. The Services are intended for companies and authorized representatives in a business (B2B) context. Anyone accessing the Site or accepting these Terms on behalf of a legal entity declares that they have adequate powers of representation. The Site user declares that they have full civil capacity and a minimum age of 18 (eighteen) years. Submission of data, acceptances, or declarations on behalf of third parties without adequate powers is expressly prohibited.

3.4. No commercial binding through prospecting. A demonstration request, commercial contact, or form submission through the Site does not constitute, by itself, contracting of the Services, a binding commercial proposal, price promise, service level agreement, or commitment to availability of specific resources or features. The Contractor may, at its sole discretion, qualify, accept, or decline commercial opportunities.

3.5. Business relationship and Consumer Defense Code. The commercial relationship with the Contractor presupposes a business purpose and use of the Services in the exercise of the Client’s economic activity. The Brazilian Consumer Defense Code (Law No. 8.078/1990) applies only if and to the extent that a consumer relationship is legally characterized in the concrete case, which is not presumed automatically. Submission of data through the demonstration form treats information of representatives under the Privacy Policy and does not convert, by itself, the interaction into a consumer relationship with Qonclor.

4. Site, content, and commercial requests

4.1. Lawful use of the Site. The Client, visitors, and any Site users undertake to use it in a lawful, ethical manner compatible with these Terms, refraining from compromising the availability, security, or integrity of the Contractor’s or third parties’ systems, and from employing abusive automated mechanisms (including scanning, scraping, or crawling inconsistent with robots.txt, published instructions, or reasonable technical limits).

4.2. Feedback and suggestions. Comments, feedback, ideas, and suggestions sent to the Contractor, when not identified as confidential, may be used, reproduced, and incorporated to improve the Services, without obligation of remuneration or attribution, except for trade secrets or information that the Client expressly identifies in writing as confidential under applicable contractual terms.

4.3. Third-party links. Links or references to third-party sites, products, or services eventually made available on the Site are offered for convenience only. The Contractor does not control and is not responsible for content, privacy practices, terms of use, or conduct of third parties accessed through such links.

5. Registration, administrative dashboard, and Credentials

5.1. Registration data. The Client is fully responsible for the accuracy, completeness, and updating of registration, contractual, billing, and contact information provided to the Contractor, as well as for communicating relevant changes within a reasonable time.

5.2. Confidentiality and Credential management. Each Credential must be treated as highly sensitive confidential information. The Client must restrict access to authorized persons, apply internal controls compatible with the risk, and immediately revoke credentials of collaborators who leave their role, the organization, or the scope of authorization.

5.3. Incident notification. The Client must notify the Contractor without unreasonable delay in case of suspected misuse, compromise, loss, or leak of Credentials, unauthorized access, or a security incident related to the account or integration. For incidents involving personal data, the channel and procedures indicated in the Privacy Policy must also be used.

5.4. Suspension and termination of access. The Contractor may suspend, limit, or terminate access under the hypotheses and according to the priorities described in Section 5.5.

5.5. Measures regarding access (priorities). The Contractor may suspend, limit, or terminate, immediately when necessary, access to the Site, administrative dashboard, or Platform, observing the severity of the risk, the need to preserve security, and, when reasonable in context, prior, concurrent, or subsequent communication to the Client. Measures may be adopted, without mandatory rigid order, as applicable:

(i) Security and compliance — threat to system integrity, leak or misuse of Credentials, incident involving personal data, fraud, API abuse, attack, or requirement of a competent authority;
(ii) Contractual breach — material breach of these Terms, Documentation, technical limits, or an instrument under Section 2.2;
(iii) Default — delay in payment after notice, due date, or contractual deadline, pursuant to Section 13.2; or
(iv) Termination — end of contract, Client request, discontinuation of a program (including beta/POC, Section 2.5), or technical or legal impossibility of continuity.

Measures motivated by (i) or by (ii) of high severity may be immediate and independent of financial default. Reactivation of access depends on regularization of the cause that motivated it and reasonable criteria of the Contractor.

6. Use of the Platform, API, and integrations

6.1. Compliance with Documentation. The Client shall use the Platform, API, webhooks, and integrations only in accordance with the current Documentation, applicable legislation, lawful instructions of the data controller, and these Terms.

6.2. Responsibility for integrations. The Client is exclusively responsible for secure configuration of webhooks, callback endpoints, queues, destination environments, and systems that receive or process Platform results, including, when applicable, use of TLS, validation of message authenticity, secret rotation, and protection of logs in its own environments.

6.3. Technical limits and quotas. The Contractor may establish or change rate limits, usage quotas, concurrency limits, volume restrictions, or other technical parameters necessary for stability, security, and fairness among Platform clients. Use exceeding contracted or planned limits may require a plan upgrade, contractual adjustment, or temporary throughput reduction.

6.4. Evolution and discontinuation. The Contractor may modify, discontinue, or replace Platform features, API endpoints, or supported integrations, with reasonable prior notice when feasible, except urgent security corrections, changes required by law, or changes imposed by essential providers outside reasonable control. Documentation will be updated when relevant to reflect such changes.

6.5. Technical dependencies. Adequate functioning of the Services depends on internet connectivity, availability of third-party providers (including identity verification, biometrics, cloud, and telecommunications providers), and proper functioning of systems, devices, browsers, networks, firewalls, and endpoints under the Client’s responsibility. The Contractor is not liable for unavailability, latency, packet loss, software incompatibility, or other failures arising from an environment outside its reasonable control.

7. Nature of the Services and expectation of results

7.1. General description. Qonclor offers technology infrastructure for orchestration of identity and trust verifications, aggregation of signals from multiple providers, application of configurable rules, and generation of structured outputs — including, as applicable, trust indicators, risk classification, decision metadata, audit records, and other artifacts defined in the Documentation — according to Client configuration and integrated providers.

7.2. Client’s final decision. The final decision regarding treatment of verified data subjects — for example, granting or denying access to a digital product, maintaining or deleting a registration, applying additional verification measures, or communicating with the data subject — is the Client’s, as controller of the data and responsible for the product or service offered to the public, unless a mandatory legal provision provides otherwise. The Contractor does not replace legal, product, business risk, or internal policy assessment by the Client.

7.3. No guarantee of results. Results produced by the Services may depend on quality and truthfulness of inputs provided by the Client, availability of external providers, known or emerging technical limitations, and adverse scenarios (including fraud attempts). There is no guarantee of achieving a specific regulatory outcome, total absence of fraud, or automatic compliance with any law, regulatory norm, code of conduct, or sector policy, including legislation on protection of minors in digital environments, Law No. 15.211/2025, and ANPD or other related authority regulations.

7.4. Probabilistic nature of indicators. Probabilistic indicators, trust scores, age range estimates, risk classifications, or similar outputs do not constitute, in isolation, an absolute or definitive statement about identity, age, legal eligibility, or absence of risk, and must be considered in the context of policies, human reviews, and legal requirements defined by the Client.

8. Client obligations and compliance

8.1. Legal bases and transparency. The Client declares and warrants that it has valid legal bases and adequate transparency mechanisms to process personal data in its flows integrated with the Platform, including verifications involving sensitive personal data or biometric data, when applicable under the LGPD.

8.2. Instructions to the processor. When the Contractor acts as processor under the LGPD, the Client shall provide documented, lawful, and specific instructions, and ensure that verified data subjects are adequately informed by the controller, including regarding purposes, legal bases, rights, and service channels, subject to applicable legislation — in particular hypotheses involving children and adolescents (for example, Article 14 of the LGPD and rules on protection of minors in digital environments).

8.3. Prohibited purposes. The Client shall not send to the Platform, through integrations, dashboard, or any other means, data, categories of data, or processing purposes not permitted by law, these Terms, the Documentation, or the applicable contract.

8.4. Roles in personal data processing. When the Contractor acts as controller in relation to dashboard Users or representatives interacting with the Site in the contexts described in the Privacy Policy, processing is governed by that Policy. When acting as processor in relation to verified data subjects, the Client’s instructions and data processing instruments (DPA), when executed, also apply.

8.5. Verified data subjects. The Contractor does not establish a direct contractual relationship with verified data subjects within the scope of these Terms. The Client must provide privacy notice, legal bases, information required by law, and its own service channels to data subjects. The fact that a data subject accesses a verification flow integrated with the Platform does not imply, by itself, acceptance of these Terms in relation to Qonclor, unless there is a specific Contractor interface with express, informed, and prominent acceptance.

8.6. No prior review. The Contractor does not previously audit, validate, or approve the legality, regulatory adequacy, proportionality, or purpose of verifications requested by the Client, Client Content, or processing instructions sent. It may, however, investigate, restrict, block, or suspend use when there is reasonable indication of breach of these Terms, the contract, the law, or relevant risk to security, under Sections 5.5 and 9.3.

8.7. General responsibilities of the Client and Users. Without prejudice to other obligations under these Terms, the Client and its Users undertake to:

(i) observe applicable legislation, including the LGPD, Marco Civil, and sector rules pertinent to their business;
(ii) keep registration, technical, and integration data truthful, complete, and up to date;
(iii) answer for all acts and omissions performed through their Credentials, except proven compromise without Client fault;
(iv) ensure that integrations, Client Content, and processing instructions have legal basis, authorization, and purpose compatible with the contract and the law; and
(v) repair damages caused to the Contractor or third parties by breach of these Terms, to the extent permitted by law, without prejudice to indemnification under Section 16.

9. Acceptable use and prohibited conduct

9.1. Prohibited conduct. It is expressly prohibited to use the Services or the Site, directly or indirectly, to:

(i) commit unlawful acts or violate third-party rights, including intellectual property, privacy, personality, and data protection;
(ii) engage in discrimination prohibited by law or disproportionate automated processing without adequate legal basis;
(iii) circumvent, disable, or bypass security controls, authentication, rate limits, or segregation between clients;
(iv) interfere with the Platform, infrastructure, or environments of other clients;
(v) perform reverse engineering, decompilation, or disassembly of the Services, except to the extent applicable law prohibits such restriction;
(vi) use the Qonclor brand or distinctive elements in a manner suggesting regulatory endorsement, official certification, institutional partnership, or nonexistent result guarantee;
(vii) falsely represent employment, corporate, commercial, or agency ties with the Contractor or another Client;
(viii) introduce viruses, malware, ransomware, malicious code, or mechanisms intended to compromise systems;
(ix) carry out automated attacks, including hacking, abusive scraping, or crawling of the API or Site;
(x) resell, sublicense, rent, assign, or make available the Platform, Credentials, or technical access to third parties without express authorization from the Contractor; or
(xi) use the Services to develop or operate a directly competing product or to facilitate undue access by a competitor of the Contractor.

9.2. Processing of verified data subject data. It is prohibited to request, store, retain beyond what is necessary, or process verified data subject data through the Platform without a lawful purpose, adequate legal basis, and instructions compatible with the contract, Documentation, and applicable legislation.

9.3. Investigation and cooperation. The Contractor may investigate, preserve evidence, and cooperate with administrative, regulatory, or judicial authorities in case of suspected unlawful use, security incident, or valid legal order.

9.4. Report of misuse. Suspected violations of these Terms, Platform abuse, or security risk may be reported to [email protected] or [email protected], depending on the nature of the matter, with a reasonable description of the occurrence and available identifying elements to allow diligent investigation.

10. Intellectual property

10.1. Ownership. The Qonclor brand, Site, Platform, Documentation, software, algorithms, interfaces, layouts, operational databases (to the extent of the Contractor’s rights), and other components developed or licensed by the Contractor remain the property of the Contractor or its licensors, unless express written provision to the contrary.

10.2. License of use. Subject to compliance with these Terms, instruments under Section 2.2, and payment of amounts due, the Contractor grants the Client a non-exclusive, non-transferable (unless written authorization) and revocable license to access and use the Platform and Documentation, within the contracted scope and during the term of the commercial relationship.

10.3. No transfer of technology. The Client does not acquire, through these Terms or use of the Services, ownership of software, models, know-how, proprietary training data, or other intellectual property assets of the Contractor. Non-confidential feedback may be freely used to improve the Services, without obligation of identification or compensation to the Client.

10.4. Use of the brand and references. It is prohibited to use logos, names, symbols, or elements of the Qonclor brand in a manner suggesting regulatory endorsement, official certification, institutional partnership, government approval, or nonexistent result guarantee, in alignment with Section 9.1.

10.5. Authorized references. Upon prior written authorization from the Contractor — or according to a published and current brand guide — the Client may display textual or visual references such as «powered by Qonclor» or approved equivalent, only within the authorized scope, media, and term, with current visual identity and without altering the perception that the final decision regarding data subjects, product, and regulatory compliance of the Client’s business is the Client’s own. Authorization is revocable at any time and ceases automatically upon contract termination, except for an expressly agreed transition period.

11. Data, confidentiality, and privacy

11.1. Ownership of Client Content. Client Content remains owned by the Client or its original data subjects, to the extent applicable by law. The Client grants the Contractor a non-exclusive, worldwide, and limited license as necessary to host, process, transmit, temporarily store, and display Client Content exclusively for provision of the Services, legal compliance, and defense of rights, under these Terms, the Privacy Policy, and applicable contractual instruments.

11.2. Confidentiality. Each party shall protect the other party’s confidential information received in a commercial, technical, or implementation context, using the same degree of reasonable care it uses to protect similar information of its own, and shall not disclose it to third parties except with the consent of the owning party, legal requirement, or necessity to exercise rights or fulfill obligations under these instruments.

11.3. Privacy Policy. For detailed information on categories of personal data, legal bases, data subject rights, retention periods, international transfers, security measures, and Data Protection Officer (DPO), see the Privacy Policy, which integrates and supplements these Terms regarding personal data.

12. Third-party providers, availability, and maintenance

12.1. Dependence on providers. The Services may depend on third-party providers — including, without limitation, identity verification, biometrics, antifraud, hosting, cloud processing, telecommunications, and information security providers. The Contractor selects and contracts providers with safeguards compatible with the risk, without guaranteeing, however, performance, availability, or conduct of third parties outside its reasonable control.

12.2. «As is» availability. Except when SLA, availability metrics, or specific remedies are expressly agreed in an instrument under Section 2.2, the Services are provided «as is» and «as available», and unavailability, degradation, or latency may occur due to maintenance, external dependencies, internet failures or Client equipment failures (Section 6.5), force majeure, or events beyond the Contractor’s reasonable control.

12.3. Scheduled maintenance. The Contractor may perform scheduled or emergency maintenance, seeking to minimize impact on Clients and, when feasible, communicate with reasonable advance notice through the dashboard, registered email, or other indicated operational channel.

13. Prices, billing, and taxes

13.1. Commercial conditions. Price conditions, currency, periodicity, payment method, adjustments, renewal, contractual penalties, and other economic terms shall be defined in a commercial proposal, order, contract, or equivalent document accepted by the parties, as applicable.

13.2. Default. Delay in payment of amounts due, after notice or due date under applicable contractual terms, may result in suspension or limitation of the Services under Section 5.5, accrual of interest, penalties, and legal or contractual charges, and other collection measures permitted by law, without prejudice to other rights of the Contractor.

13.3. Taxes. Taxes, contributions, and charges incident on the contracting shall observe applicable legislation and each party’s tax qualification, as itemized on tax invoices, bills, or equivalent documents issued under current regulations.

14. Warranties and disclaimers

14.1. Exclusion of warranties. To the maximum extent permitted by applicable law, the Contractor excludes and disclaims express or implied warranties, including, without limitation, warranties of merchantability, fitness for a particular purpose, and non-infringement of third-party rights, except only legal warranties not available for contractual exclusion.

14.2. Assistive nature of results. Signals, scores, classifications, estimated ranges, and other Platform outputs have an assistive character and may contain inaccuracies in adverse, incomplete, or fraudulent scenarios. The Client is exclusively responsible for automated or human decision policies, reviews required by law, and assessing adequacy of use of the Services to its use case and regulated sector.

15. Limitation of liability

15.1. Excluded damages. To the maximum extent permitted by applicable law, under no circumstances shall the Contractor, its partners, officers, employees, or providers be liable for lost profits, loss of revenue, loss of business opportunity, loss of data in the Client’s systems, or indirect, special, incidental, punitive, or consequential damages, even if the Contractor has been advised of the possibility of such damages.

15.2. Aggregate cap. The Contractor’s total aggregate liability for any claim or set of claims related to the Services or these Terms, whatever the cause of action, shall not exceed, in aggregate, the amount actually paid by the Client to the Contractor in the twelve (12) months immediately preceding the event that gave rise to the first related claim.

15.3. Legal exceptions. Limitations in this section do not apply in case of willful misconduct or gross negligence by the Contractor, nor when Brazilian law expressly prohibits such limitation in relation to certain rights or hypotheses.

16. Indemnification

16.1. Indemnification obligation. The Client shall defend, indemnify, and hold harmless the Contractor, its partners, officers, employees, and providers against claims, lawsuits, losses, damages, costs, and reasonable expenses (including proportionate attorneys’ fees and court costs) arising from:

(i) use of the Services in breach of these Terms, Documentation, the contract, or the law;
(ii) Client Content, configurations, or processing instructions;
(iii) violation of verified data subjects’ or third parties’ rights by acts of the Client as data controller or product responsible party; or
(iv) dispute between the Client and its end users, consumers, or data subjects, to the extent the Contractor is sued due to conduct attributable to the Client.

16.2. Procedure. The Contractor shall notify the Client of relevant claims when reasonably possible and allow participation in the defense, without obligation to accept settlement, transaction, or admission of fault imposing exclusive obligation on the Contractor without the Client’s prior consent, except final judicial determination.

17. Term, suspension, and termination

17.1. Term. These Terms remain valid and effective while the Client, User, or visitor uses the Site or Services within their respective scopes of application.

17.2. Contractual termination. Termination, mutual rescission, or end of the specific commercial relationship, when existing, is governed by the applicable contractual instrument. After termination, access to the Platform may be immediately revoked and Credentials invalidated, without prejudice to survival obligations.

17.3. Survival. Provisions that by their nature or wording must endure after termination — including, without limitation, limitation of liability, indemnification, confidentiality, intellectual property, applicable law, forum, and data processing to the extent required by law — shall survive termination of these Terms or the contract.

17.4. Data after termination. After rescission, contract end, or access revocation, the Contractor may deactivate Credentials, block integrations, and restrict the Client’s use of the Platform. The Client is exclusively responsible for exporting, downloading, or requesting Client Content and results needed for continuity of its operations or compliance with legal obligations before termination or within the period indicated in contract, DPA, or operational communication from the Contractor. Unless legal obligation, audit need, litigation in progress, or provision of a specific instrument, the Contractor may delete, anonymize, or restrict access to data maintained on the Platform after the applicable retention period described in the Privacy Policy or DPA, subject to routine backups for the time strictly necessary for operational continuity and disaster recovery.

18. Communications and changes to these Terms

18.1. Operational communications. Operational communications, maintenance notices, security alerts, and contractual notifications may be sent to registered email addresses, the administrative dashboard, or other means indicated by the Contractor, deemed received as provided in contract or, absent specific provision, upon sending to the last valid corporate address informed by the Client.

18.2. Changes. The Contractor may update these Terms periodically. The date at the top of this document refers to the current version. Relevant changes may be communicated by reasonable means — for example, prominent notice on the Site, dashboard notification, or email to registered clients. Continued use of the Site or Services after the new version takes effect constitutes acknowledgment of the update, without prejudice to non-waivable rights provided by law. Clients with a specific contract may observe additional deadlines or mechanisms provided in the instrument under Section 2.2.

19. Applicable law and forum

19.1. Applicable law. These Terms are governed by the laws of the Federative Republic of Brazil, in particular the Civil Code, the Brazilian Internet Civil Rights Framework (Law No. 12.965/2014), the LGPD (Law No. 13.709/2018), ANPD rules and guidance, when applicable, and other legislation pertinent to the contracted object.

19.2. Forum. The courts of the District of Chapadão do Sul, State of Mato Grosso do Sul, are elected, with waiver of any other, however privileged, to resolve disputes arising from these Terms, except hypotheses of exclusive jurisdiction otherwise provided by law or mandatory provision in a specific contract between businesses providing otherwise.

20. Final provisions

20.1. No waiver. Tolerance or non-exercise by the Contractor of any right or faculty under these Terms shall not constitute waiver, novation, or tacit amendment, and such right may be exercised at any time.

20.2. Severability. If any provision of these Terms is deemed invalid, ineffective, or unenforceable by a competent authority, the remaining provisions shall remain in full force and effect to the greatest extent permitted by law.

20.3. Assignment by the Client. The Client may not assign, transfer, or delegate these Terms or the applicable contract, in whole or in part, without prior written consent of the Contractor, except assignment in corporate transactions (merger, acquisition, or change of control) that maintain the essence of the obligations, when permitted by law and in the specific instrument.

20.4. Assignment by the Contractor. The Contractor may assign these Terms or the contract to an affiliate, successor, or entity resulting from corporate reorganization, with reasonable communication to the Client when required by law or contract.

20.5. Language. Versions of these Terms written in Portuguese (Brazil) prevail for purposes of interpretation in case of divergence with translations made available for convenience only.

20.6. Entire agreement. These Terms, together with the Privacy Policy and the Cookie Policy, constitute the entire understanding between the parties regarding the object governed herein relative to the Site and the general relationship of Platform use, superseding prior agreements on the same object between the same parties, without prejudice to specific instruments under Section 2.2 and obligations already established by law.

21. Contact

For questions, commercial requests, contractual matters, privacy, or reports of misuse, use the channels below:

Commercial and demonstrations: [email protected] or the demonstration form.

Privacy and data protection: [email protected], pursuant to the Privacy Policy.

Contracts, terms, and official correspondence: [email protected].

Misuse or security: [email protected] or [email protected] (Section 9.4).

Physical correspondence (except for exercise of personal data subject rights, which should follow the privacy channel in priority): operator of Qonclor Services — Clervix Inova Simples (I.S.), Rodovia MS-306, Km 105, S/N, Área Rural, Chapadão do Sul/MS, CEP 79560-000.