TERMS OF USE AND GENERAL CONDITIONS

AI Tutor Ecosystem

Last Updated: March 3, 2026

These Terms of Use and General Conditions (“Terms”) establish the legal framework applicable to the access to and use of the platforms, applications, APIs, portals, integrations, extensions, websites, web environments, mobile applications, and other technological solutions made available under the AI Tutor brand (“Platform” or “Services”).

The Platform is operated, depending on the applicable territory and contracting structure, by EXPANDEL TECNOLOGIA LTDA, a private legal entity registered in Brazil under CNPJ No. 22.724.566/0001-07, with registered address at R. Francisco Rocha, 198 – Batel, Curitiba – PR, 80420-130, Brazil, for users and Institutional Customers located in Brazil (“Brazil Operations”), and by EXPANDEL LLC, a company organized under the laws of the United States of America, registered under EIN No. 35-2900120, with mailing address at 7345 W Sand Lake Rd Ste 210 Office 2098, Orlando, FL 32819, United States, for users and Institutional Customers located outside Brazil (“Global Operations”), jointly or individually referred to herein as “Expandel”, subject to the applicable territory and contracting entity.

Access to or use of the Platform implies knowledge of and agreement with these Terms, without prejudice to any non-waivable rights ensured by applicable law.

1. Definitions

For the purposes of these Terms, the following definitions shall apply:

I. Institutional Administrator: a person designated by an Institutional Customer to manage accounts, permissions, configurations, access profiles, and operational communications;

II. Institutional Customer: a private or public legal entity that contracts the Platform for its own use or for use by its End Users;

III. Account: an individual or institutional credential required to access the Platform;

IV. Customer Content: any data, texts, documents, commands, images, files, prompts, spreadsheets, records, parameters, databases, or materials inserted by the User or the Institutional Customer into the Platform;

V. Personal Data: information related to an identified or identifiable natural person, under applicable law;

VI. Documentation: manuals, policies, technical guides, knowledge base materials, and instructions for use of the Platform;

VII. Input: any command, prompt, query, file, data, or instruction submitted by the User to the Platform;

VIII. Output: any response, suggestion, recommendation, summary, classification, content, inference, automation, or result generated by the Platform;

IX. Beta Services: experimental, test, pre-release, or other functionalities made available without full continuity guarantees;

X. Subprocessor: a third party retained to support the operation, hosting, authentication, processing, monitoring, billing, security, support, or other activities necessary to provide the Services;

XI. User or End User: a natural person authorized to access and use the Platform.

2. Purpose and License of Use

2.1. Expandel grants the User, during the term of the contractual relationship and within the limits of the contracted plan, a limited, revocable, non-exclusive, non-sublicensable, and non-transferable license to access and use the Platform solely for lawful purposes and in accordance with these Terms, the applicable Documentation, and the relevant law.

2.2. The license includes, where applicable, access through browser, mobile application, desktop application, integrations, APIs, and specific modules made available by Expandel.

2.3. Unless expressly authorized in writing by Expandel, the User is prohibited from:

I. copying, reproducing, modifying, adapting, translating, distributing, transmitting, displaying, publishing, selling, licensing, assigning, or commercially exploiting the Platform or any part thereof;

II. performing reverse engineering, decompilation, disassembly, attempts to discover source code, internal architecture, models, weights, system prompts, security mechanisms, or operational logic;

III. using robots, crawlers, spiders, scripts, scraping tools, unauthorized automations, or similar means for mass data extraction;

IV. using the Platform to train, calibrate, evaluate, or improve competing models, unless expressly authorized;

V. circumventing, disabling, or interfering with technical limits, authentication, access control, telemetry, rate limits, filters, monitoring, or protection mechanisms;

VI. removing intellectual property, confidentiality, security, or Expandel identification notices.

2.4. Expandel may, at its sole technical or commercial discretion, update, modify, discontinue, or replace Platform features, provided that the essence of the contracted service is reasonably preserved, subject to legal, regulatory, operational, security, or technological evolution requirements.

3. Eligibility, Registration, and Credentials

3.1. The User declares that they have legal capacity and sufficient authority to accept these Terms or, when using the Platform on behalf of a legal entity, that they are duly authorized to do so.

3.2. The User undertakes to provide accurate, complete, and up-to-date information and shall be fully responsible for its accuracy.

3.3. Access credentials are personal and non-transferable, except in the case of corporate or institutional accounts managed by an Institutional Administrator.

3.4. The User is responsible for:

I. maintaining the confidentiality of their credentials;

II. restricting unauthorized access to their Account;

III. immediately notifying Expandel of any suspected misuse, leakage, compromise, or incident related to the Account.

3.5. Expandel may adopt additional authentication procedures, identity validation, session management, multi-factor verification, risk-based access limitation, or other security measures.

4. Third-Party Authentication and Access Scopes

4.1. The Platform may allow authentication through third-party services, including Google, Microsoft, or other identity providers.

4.2. In such cases, Expandel shall act only as the recipient and processor of the data or tokens necessary for login, without control over the availability, policies, blocks, account suspensions, outages, authentication failures, or security measures adopted by the third-party provider.

4.3. The User acknowledges that maintaining the connection with the third-party account, as well as complying with that provider’s terms, is solely the User’s responsibility.

4.4. To enable specific integrations and functionalities, including, without limitation, Google Classroom, Google Drive, Google Calendar, Google Workspace, and/or Microsoft 365, Microsoft Graph, or equivalent services, the Platform may request that the User and/or the Institutional Administrator grant authorization scopes (OAuth scopes) and/or permissions with third-party providers.

4.5. The User acknowledges and agrees that the requested scopes and permissions shall be displayed on the respective provider’s consent screen, identifying the application, the publisher, and the level of access requested, and that any grant shall only occur upon explicit and informed consent.

4.6. In corporate, educational, or institutional environments, certain permissions may depend on prior administrative consent by the relevant domain, tenant, or environment administrator, according to the third-party provider’s policies and the Institutional Customer’s internal rules.

4.7. Expandel will use commercially reasonable efforts to request only the scopes and permissions strictly necessary for the enabled functionalities to operate, in accordance with the principle of least privilege, without prejudice to adjustments resulting from technical, regulatory, operational, or integrated provider requirements.

4.8. The User or the Institutional Customer may revoke scopes or permissions at any time within the third-party provider’s environment, acknowledging that such revocation may limit, suspend, or render integrated Platform functionalities unavailable, without constituting a breach by Expandel.

4.9. The use of data and resources accessed through scopes or permissions shall comply, in addition to these Terms and the Privacy Policy, with the applicable policies of integrated providers, including, where applicable, policies relating to consent screens, sensitive or restricted scope verification, limited use of data, administrative consent, and additional security and transparency requirements.

5. Technological Nature of the Service

5.1. AI Tutor is a technological solution offered in the software-as-a-service (SaaS) model, with artificial intelligence resources, assistive automation, content organization, productivity, educational support, informational support, and output generation capabilities.

5.2. The Platform shall not be characterized as:

I. supplying teachers, human tutors, advisors, or consultants allocated to the Customer;

II. labor supply;

III. outsourcing of the Customer’s core activity;

IV. the provision of individualized human intellectual services under the Customer’s supervision;

V. the full replacement of human academic, administrative, technical, legal, regulatory, or professional judgment.

5.3. Any onboarding, implementation, configuration, training, integration, support, or customer success services do not alter the primary nature of technology licensing and Platform access.

6. Limitations Inherent to Artificial Intelligence

6.1. The User acknowledges that the Platform uses computational systems capable of generating probabilistic, contextual, and non-deterministic outputs, which may contain inaccuracies, omissions, hallucinations, biases, outdated content, inappropriate inferences, incomplete classifications, or responses incompatible with the specific context.

6.2. Every Output must be reviewed, validated, contextualized, and approved by a qualified human before being used in any academic, institutional, professional, regulatory, disciplinary, administrative, financial, medical, psychological, legal, accounting, or other high-impact context.

6.3. The User shall not use the Platform as the sole, final, or exclusive source for:

I. high-impact decision-making;

II. binding individual assessment of students, employees, candidates, or third parties;

III. issuance of regulated professional opinions;

IV. compliance with legal obligations that require human validation, technical proof, reports, professional signatures, or specific personal responsibility.

6.4. Expandel does not warrant that any Output will be exclusive, original, fully correct, complete, suitable for a specific purpose, or free from similarities to content generated for other users.

7. No Professional Advice

7.1. The Platform does not provide legal, medical, psychological, accounting, auditing, regulatory consulting, binding individualized pedagogical guidance, or any other professional activity subject to a specific legal license.

7.2. The use of Outputs in regulated environments or in activities subject to technical or professional duties shall be the sole responsibility of the User or Institutional Customer.

8. User Content, Input, and Output

8.1. The User represents and warrants that they possess all rights, authorizations, and lawful bases necessary to insert Customer Content and Inputs into the Platform.

8.2. The User shall not insert content that is:

I. unlawful, fraudulent, defamatory, discriminatory, or abusive;

II. infringing intellectual property, secrecy, confidentiality, image rights, honor, privacy, or other third-party rights;

III. containing Personal Data in violation of applicable law;

IV. containing confidential, strategic, banking, tax, medical, biometric, or children’s data without legitimate necessity, valid authorization, and adequate governance measures.

8.3. The User grants Expandel, during the term of the contractual relationship, a limited, non-exclusive, worldwide license to host, process, store, transmit, convert, index, and use Customer Content to the extent necessary to provide the Services, ensure Platform security, prevent fraud, provide support, enable billing, comply with law, and exercise legitimate rights.

8.4. Unless otherwise provided in a specific contractual provision, Output generated from the lawful use of the Platform may be used by the User for lawful purposes, without exclusivity guarantees and without transferring ownership of the Platform, models, infrastructure, system prompts, architecture, trademarks, APIs, Documentation, or any other Expandel assets.

8.5. Comments, suggestions, feedback, enhancement requests, or proposals sent by the User may be freely used by Expandel for the development, improvement, and evolution of the Services, without any compensation obligation.

9. Acceptable Use Policy

9.1. It is expressly prohibited to use the Platform to:

I. generate, facilitate, promote, or disseminate unlawful content;

II. engage in discrimination, harassment, hate, violence, exploitation, abuse, or persecution;

III. commit academic fraud, document falsification, manipulation of assessments, improper tampering with evidence, or deceptive simulation of authorship;

IV. invade, exploit vulnerabilities, attack, interrupt, sabotage, or perform offensive testing against systems without express authorization;

V. create unlawful deepfakes, conduct social engineering, phishing, spam, or malicious disinformation;

VI. violate copyrights, trade secrets, confidentiality, or third-party databases;

VII. perform automated classification of persons in sensitive or high-impact contexts without adequate human validation and governance;

VIII. engage in any activity that violates these Terms, the Documentation, or applicable law.

9.2. Expandel may monitor objective indications of abuse, fraud, security risk, use incompatible with these Terms, regulatory obligations, or valid authority orders.

10. Minors and Educational Environments

10.1. Use of the Platform by persons under 18 (eighteen) years of age shall occur:

I. with the authorization, supervision, or responsibility of parents or legal guardians; or

II. through an educational institution, public body, or contracting organization that declares it has adequate lawful basis, governance, and authorizations.

10.2. Any Institutional Customer enabling Platform use by children or adolescents declares that it:

I. is duly authorized to do so;

II. will provide all notices and transparency instruments required by applicable law;

III. will observe the best interests of the minor where applicable;

IV. will adopt internal access controls, minimization, and governance measures.

10.3. Expandel may restrict functionalities, require additional settings, request documentation, or disable uses that present elevated risk in environments involving minors.

11. Plans, Pricing, Billing, Renewal, and Cancellation

11.1. Use of the Platform may be subject to paid contracting, recurring subscription, institutional licensing, billing per user, volume, consumption unit, module, or another metric defined in the commercial proposal.

11.2. Prices, payment method, renewal, taxes, contractual term, adjustments, allowances, limits, and commercial conditions shall be set forth in the applicable offer, proposal, order, purchase order, principal agreement, or commercial page.

11.3. Where processing is carried out by third parties, payments may be intermediated by independent gateways, and Expandel shall not be responsible for failures exclusively attributable to the financial system, acquirer, issuing bank, or payment provider.

11.4. Non-payment authorizes, without prejudice to other applicable measures:

I. suspension of access;

II. limitation of functionalities;

III. blocking of new contracting;

IV. extrajudicial or judicial collection;

V. contractual termination.

11.5. Except where required by applicable law, a specific commercial policy, or express agreement between the parties, amounts already invoiced shall not be refunded.

12. Availability, Support, and Beta Services

12.1. Expandel will use commercially reasonable efforts to keep the Platform available, secure, and operational, without guaranteeing uninterrupted or error-free operation or immunity from external outages.

12.2. Preventive, evolutionary, corrective, emergency, or regulatory maintenance may occur, with or without prior notice, depending on urgency and criticality.

12.3. Service levels, response times, maintenance windows, support channels, and support scope shall only be binding where expressly set forth in a specific instrument.

12.4. Beta Services may be offered “as is”, with limited functionality, lower stability, and the possibility of change or discontinuation at any time.

13. Information Security

13.1. Expandel shall adopt reasonable technical, administrative, and organizational measures compatible with the nature of the Services to protect the Platform and the data processed.

13.2. Such measures may include, where applicable: access control, permission management, logs, encryption in transit, encryption at rest, logical segregation, monitoring, backups, continuity, hardening, vulnerability management, credential protection, and incident response.

13.3. No system is absolutely invulnerable. Accordingly, Expandel does not guarantee absolute security against malicious events, sophisticated attacks, third-party failures, global infrastructure outages, telecommunications outages, governmental acts, disasters, force majeure, or other events beyond its reasonable control.

14. Privacy and Data Protection

14.1. Processing of Personal Data related to the Platform shall observe applicable law, including, as the case may be, the Brazilian General Data Protection Law, the Brazilian Civil Rights Framework for the Internet, ANPD regulations, the GDPR, and other applicable standards.

14.2. Additional information on the processing of Personal Data is set forth in the Privacy Policy and, where applicable, in the Data Processing Addendum (DPA) executed with Institutional Customers.

14.3. Expandel may act as controller or processor, depending on the purpose of the processing, the contractual design, and applicable law.

14.4. International data transfers may occur for the provision of the Services, support, storage, security, authentication, monitoring, fraud prevention, or use of global infrastructure, through applicable legal mechanisms.

14.5. Where the Platform accesses, receives, processes, or transmits data originating from integrations with Google, Microsoft, or other providers, such processing shall occur only to the extent necessary for the enabled functionality, subject to the principle of minimization, the integrated provider’s applicable policies, the relevant access controls, and the disclosures contained in the Privacy Policy.

14.6. Expandel shall not use Institutional Customer Content to train its own or third-party foundational models without the Institutional Customer’s express and specific authorization.

15. Subprocessors and Third Parties

15.1. Expandel may use third parties for hosting, authentication, billing, support, observability, security, analytics, messaging, customer service, integration, or other activities related to the Services.

15.2. Whenever applicable, such third parties shall be bound by adequate contractual obligations of confidentiality, security, and data protection.

15.3. The use of third parties shall not, in itself, relieve Expandel of the duties that are legally incumbent upon it.

16. Intellectual Property

16.1. All rights relating to the Platform, software, code, architecture, models, flows, Documentation, interface, trademark, trade name, APIs, visual elements, proprietary database, know-how, and other assets owned by Expandel shall remain exclusively with Expandel or its licensors.

16.2. These Terms do not transfer to the User any ownership right in the Platform, except for the limited license of use expressly provided herein.

16.3. If the User believes that any content made available on the Platform violates intellectual property or any other right, the User shall notify Expandel through the official channels, with sufficient information for analysis.

17. Confidentiality

17.1. The User and Expandel undertake to treat as confidential all non-public information exchanged as a result of the contractual relationship, including credentials, non-public commercial terms, restricted Documentation, technical architecture, strategic information, and protected data.

17.2. The confidentiality obligation shall not apply to information that:

I. is or becomes public without contractual breach;

II. was already lawfully known to the receiving party;

III. is lawfully received from a third party without confidentiality duty;

IV. must be disclosed by law, court order, regulatory order, or administrative determination, in which case, where legally possible, the disclosing party shall notify the other party in advance.

18. Suspension, Restriction, and Termination

18.1. Expandel may, regardless of prior notice, suspend, restrict, or terminate access to the Platform in the event of:

I. breach of these Terms;

II. non-payment;

III. reasonable suspicion of fraud, abuse, unlawful use, or security risk;

IV. a valid authority order;

V. emergency technical necessity;

VI. use that may expose Expandel, third parties, or the Platform itself to relevant legal, technical, or reputational risk.

18.2. Adoption of suspension or restriction measures shall not imply waiver of other contractual, legal, or indemnification rights.

19. Retention, Deletion, and Preservation of Records

19.1. Data, logs, records, metadata, and evidence may be retained:

I. during the contractual term;

II. for the period necessary to comply with legal or regulatory obligations;

III. for fraud prevention, security, audit, and traceability;

IV. for the regular exercise of rights in judicial, administrative, or arbitral proceedings.

19.2. Deletion of data may be requested in accordance with applicable law, subject to mandatory or legitimate retention situations.

19.3. In the event of investigation, incident, authority order, or potential dispute, Expandel may preserve records for the time reasonably necessary for investigation or defense.

20. No Employment Relationship and No Labor Supply

20.1. The relationship between Expandel and the User or Institutional Customer is strictly contractual and commercial and shall not create any employment, corporate, associative, representative, agency, mandate, consortium, joint venture, or similar relationship.

20.2. Provision of the Platform, as well as ancillary implementation, training, or support services, does not constitute labor supply, provision of subordinated personnel, outsourcing of core activities, worker leasing, or making professionals available under the Customer’s direction.

20.3. In institutional agreements, whether public or private, responsibility for people management, pedagogical decisions, administrative acts, functional supervision, work-hour control, and internal process definition shall remain entirely with the Customer.

21. Institutional Use and Customer Responsibility

21.1. When the Platform is contracted by a school, university, company, public body, or other institution, the Institutional Customer shall:

I. designate an Institutional Administrator;

II. manage access and permissions;

III. define the purposes of use;

IV. validate operational flows and outputs;

V. ensure lawful basis for the insertion and processing of data;

VI. comply with applicable pedagogical, administrative, internal, sectoral, and regulatory rules.

21.2. Expandel shall not be responsible for academic, administrative, disciplinary, professional, regulatory, or management decisions made by the Customer based on Platform Outputs.

22. Force Majeure

22.1. Expandel shall not be liable for failures, delays, or outages arising from events beyond its reasonable control, including, without limitation: fortuitous events, force majeure, war, terrorism, civil unrest, general strike, natural disaster, pandemics, governmental acts, systemic failures of power, telecommunications, internet, data centers, cloud providers, large-scale cyberattacks, or unavailability of critical providers.

23. Limitation of Liability

23.1. To the maximum extent permitted by applicable law, Expandel’s aggregate liability arising from or related to the Platform shall be limited to the amount effectively paid by the User or Institutional Customer to Expandel in the 6 (six) months preceding the event giving rise to the claim.

23.2. Under no circumstances shall Expandel be liable for indirect damages, lost profits, loss of revenue, loss of opportunity, loss of data caused by the User’s acts, reputational damage, indirect moral damages, or consequences resulting from use of Output without adequate human validation.

23.3. The limitations set forth in this Section shall not apply to the extent prohibited by applicable law.

24. Regulatory Compliance and AI

24.1. Expandel may adjust the Platform, flows, functionalities, notices, controls, and policies to comply with legal, regulatory, sectoral, contractual, or governance requirements related to artificial intelligence, data protection, consumer law, education, public procurement, information security, and regulated markets.

24.2. The User acknowledges that specific regulatory obligations may vary according to jurisdiction, use category, economic sector, Customer profile, data volume, presence of minors, use of automation, and risk classification.

25. Amendments to these Terms

25.1. Expandel may amend these Terms at any time to reflect product evolution, legal requirements, operational improvements, security changes, regulatory adaptation, or corporate restructuring.

25.2. The current version shall be made available through the Platform’s official channel, indicating the update date.

25.3. Continued use of the Platform after the effectiveness of the updated version shall imply agreement with the new Terms, except where law requires a different form of acceptance.

26. Governing Law, Jurisdiction, and Order of Precedence

26.1. For operations conducted by Expandel in Brazil and for Brazilian Users or Institutional Customers, these Terms shall be governed by the laws of the Federative Republic of Brazil.

26.2. The courts of the District of Curitiba/PR, Brazil, are hereby elected as the competent venue, to the exclusion of any other, however privileged, subject to non-waivable rights provided by law.

26.3. For international operations, specific rules may apply as set forth in a principal agreement, master agreement, order form, DPA, regional policy, or specific addendum.

26.4. In the event of conflict between documents, the following shall prevail, unless expressly provided otherwise:

I. principal agreement, accepted proposal, order form, or contracting instrument;

II. DPA or data protection addendum, where applicable;

III. SLA or service annex, where applicable;

IV. these Terms;

V. ancillary policies and general documentation.

27. General Provisions

27.1. Any tolerance regarding non-compliance with any obligation shall not constitute novation, waiver, or contractual amendment.

27.2. If any provision of these Terms is deemed invalid, illegal, or unenforceable, the remaining provisions shall remain in full force and effect.

27.3. The User may not assign or transfer their rights and obligations without Expandel’s prior written consent.

27.4. Expandel may assign these Terms or Platform operations in the context of corporate reorganization, portfolio assignment, merger, consolidation, acquisition, or business succession, in compliance with applicable law.

27.5. These Terms shall remain in force for an indefinite period while there is access to, use of, or any contractual relationship linked to the Platform.

28. Contact Channels

Contractual matters, notices, and inquiries may be directed to:

General Support: [email protected]

Legal/Contracts: [email protected]

Privacy and Personal Data: [email protected]