Please read these Terms of Service carefully before using AppScan Studio. By accessing or using the platform, you agree to be bound by these terms on behalf of yourself and the organisation you represent. If you do not agree to all the terms below, do not use the service.

1. Acceptance of Terms

These Terms of Service ("Terms") constitute a legally binding agreement between QUICKSYNC, UNIPESSOAL LDA, a company registered under the laws of Portugal with tax identification number 518210596 (hereinafter "AppScan", "we", "us", or "our"), and the organisation and its users that access AppScan Studio ("Client", "you", or "your").

By creating an account, logging in, or using any part of AppScan Studio, you confirm that:

• You have the legal authority to enter into this agreement on behalf of your organisation.
• Your organisation accepts these Terms in full.
• You are at least 18 years of age.

2. Description of the Service

AppScan Studio is a web-based Software-as-a-Service (SaaS) platform that analyses OutSystems low-code applications. The service enables users to:

• Submit a publicly accessible application URL for automated scanning.
• Receive structured reports covering modules, screens, roles, access controls, server actions, and mobile build metadata.
• Compare two scan reports side by side to identify changes between versions.
• Generate AI-powered changelogs using the OpenAI GPT API, based on structural scan data.

AppScan Studio is delivered entirely as a web application — no software download, local installation, or client-side configuration is required. Access is provided on a subscription basis, as described in Section 5.

3. Permitted Use

3.1 Authorised Use

You may use AppScan Studio solely for lawful purposes and in accordance with these Terms. When submitting a URL for scanning, you represent and warrant that at least one of the following is true:

• You are an authorised owner, administrator, or designated representative of the target application; or
• The target URL is publicly accessible, and you are using the scan results for legitimate analysis, quality assurance, documentation, or development purposes.

The subscription licence grants access to scan OutSystems environments that the subscribing organisation owns, operates, or has been explicitly authorised to audit in writing by the environment owner. AppScan Studio is not licensed for scanning third-party applications without prior written authorisation from the owner of that environment.

3.2 Prohibited Use

You must not use AppScan Studio to:

• Scan applications or systems for which you have no authorisation and no legitimate purpose.
• Use scan results to identify or exploit security vulnerabilities in systems belonging to third parties.
• Violate any applicable law, regulation, or third-party rights.
• Attempt to reverse-engineer, decompile, or extract the source code of AppScan Studio itself.
• Resell, sublicence, or redistribute access to AppScan Studio without prior written consent from AppScan.
• Interfere with or disrupt the integrity or performance of the platform or its underlying infrastructure.

AppScan reserves the right to suspend or terminate accounts that engage in prohibited use, without refund and without prior notice, where immediate action is warranted.

4. User Accounts

AppScan Studio operates on a multi-tenant, company-level account model. Each subscribing organisation has a single company account under which individual users are managed.

• Account registration requires valid organisational details and a business email address.
• The organisation's designated administrator is responsible for managing user access within the account.
• The Client organisation is responsible for all actions taken by its users under the company account.
• Credentials must not be shared between individuals. Each user should have their own login.
• You must notify AppScan promptly at [email protected] if you suspect unauthorised access to your account.

AppScan is not liable for any loss or damage arising from unauthorised access resulting from the Client's failure to maintain adequate security over its credentials.

5. Subscription and Payment

5.1 Pricing Model

Access to AppScan Studio is priced as a flat monthly subscription fee per OutSystems factory (environment). There is no limit on the number of users per account under the standard subscription.

5.2 Billing and Payment

• Subscription fees are billed monthly in advance.
• Payment is due within the number of days specified in the invoice or order form.
• Failure to pay may result in suspension of access until payment is received.

5.3 Cancellation

• Either party may cancel the subscription by providing written notice to the other party.
• Upon cancellation, access to the service will continue until the end of the current paid billing period.
• No refunds are provided for partial months or unused time within an active billing period.

5.4 Changes to Pricing

AppScan reserves the right to change subscription prices with at least 30 days' written notice. Continued use of the service after a price change takes effect constitutes acceptance of the new pricing.

6. Data and Privacy

6.1 Scan Data Storage

Scan results, including the structured JSON reports produced by AppScan Studio, are stored securely in our database. Each client's data is logically isolated from other clients' data through our multi-tenant architecture. We do not share, sell, or otherwise disclose your scan results to third parties.

6.2 Use of OpenAI for AI Changelogs

When you request an AI-powered changelog, AppScan Studio transmits anonymised structural data derived from your scan reports to OpenAI's API for processing. This data consists solely of structural metadata (such as module names, screen names, and action names) and does not include any personal data about end-users of the target application.

By using the AI changelog feature, you acknowledge and consent to this data being processed by OpenAI in accordance with OpenAI's terms of service and privacy policy. AppScan is not responsible for OpenAI's handling of data transmitted to their API.

6.3 General Privacy

AppScan processes personal data (such as account registration details) in accordance with applicable data protection law, including the General Data Protection Regulation (GDPR) as applicable in Portugal and the EU, and the Lei Geral de Proteção de Dados (LGPD) as applicable to our Brazilian clients. Our full Privacy Policy is available on the AppScan Studio platform.

7. Intellectual Property

7.1 AppScan Studio Platform

AppScan Studio, including its software, design, algorithms, output format, and all associated intellectual property, is and remains the exclusive property of QUICKSYNC, UNIPESSOAL LDA. Nothing in these Terms grants you any ownership right, title, or interest in or to the platform.

7.2 Client Reports

Scan reports generated from your submitted URLs belong to your organisation. You retain full ownership of the data and reports produced for your account. AppScan is granted a limited licence to store and process that data solely for the purpose of providing the service.

7.3 Feedback

If you provide feedback, suggestions, or ideas about AppScan Studio, you grant AppScan a perpetual, royalty-free licence to use that feedback without obligation to you.

8. Disclaimer of Warranties

AppScan Studio is provided "as is" and "as available". We make reasonable efforts to ensure the accuracy and reliability of the service, but we do not guarantee:

• That scan results are complete, exhaustive, or error-free.
• That the information in a report accurately reflects the current state of the target application at any time other than the moment of the scan.
• That the service will be available without interruption, or that defects will always be corrected promptly.

Scans reflect publicly available information at the time of scanning. Target applications may change after a scan is performed, and AppScan assumes no responsibility for decisions made on the basis of outdated scan data.

To the maximum extent permitted by applicable law, AppScan disclaims all warranties, express or implied, including warranties of merchantability, fitness for a particular purpose, and non-infringement.

9. Limitation of Liability

To the fullest extent permitted by law, AppScan and its directors, employees, and contractors shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising out of or related to your use of AppScan Studio, including but not limited to:

• Loss of profits, revenue, or business opportunities.
• Loss of data or reputational harm.
• Damages arising from decisions made on the basis of scan results.

In any event, AppScan's total aggregate liability to you for any claims arising under or in connection with these Terms shall not exceed the total fees paid by your organisation to AppScan in the three (3) months immediately preceding the event giving rise to the claim.

Some jurisdictions do not allow the exclusion of certain warranties or limitation of liability for certain types of damages, so some of the above limitations may not apply to you.

10. Governing Law and Jurisdiction

These Terms are governed by and construed in accordance with the laws of Portugal, without regard to its conflict of law principles.

Any disputes arising out of or in connection with these Terms shall be subject to the exclusive jurisdiction of the courts of Portugal, unless mandatory local consumer protection law in another jurisdiction requires otherwise.

We serve clients in both Portugal and Brazil. Brazilian clients are also subject to applicable provisions of Brazilian consumer and data protection law (including the LGPD) where those provisions provide mandatory protections that cannot be contractually waived.

11. Changes to These Terms

AppScan reserves the right to update or modify these Terms at any time. When we make material changes, we will notify you by:

• Sending a notification to the email address associated with your account; and/or
• Displaying a prominent notice within the AppScan Studio platform.

Changes take effect 14 days after notification, unless a longer notice period is required by applicable law. Your continued use of the service after that date constitutes acceptance of the revised Terms. If you do not agree to the updated Terms, you may cancel your subscription before the changes take effect.

12. General Provisions

12.1 Entire Agreement

These Terms, together with any applicable order form or subscription agreement, constitute the entire agreement between you and AppScan regarding the service and supersede all prior agreements, representations, and understandings.

12.2 Severability

If any provision of these Terms is found to be unenforceable or invalid under applicable law, that provision will be limited or eliminated to the minimum extent necessary, and the remaining provisions will continue in full force and effect.

12.3 Waiver

AppScan's failure to enforce any provision of these Terms shall not constitute a waiver of that provision or any other provision.

12.4 Assignment

You may not assign or transfer your rights or obligations under these Terms without AppScan's prior written consent. AppScan may assign these Terms in connection with a merger, acquisition, or sale of assets, with notice to you.

13. Contact Information

If you have any questions about these Terms, or need to reach us regarding your account, please contact us:

• Company: QUICKSYNC, UNIPESSOAL LDA
• Tax ID (NIF): 518210596
• Email: [email protected]

Thank you for using AppScan Studio.