TraceScam Platform Terms of Service

1. Platform operator

The operator of the TraceScam platform is NGITECH Sp. z o.o. with its registered office in Wrocław, Poland. Company registration and contact details are provided in the footer and in the producer details section on this page.

Contact for service, complaints, privacy and user support matters: office.pl{'@'}ngitech.org.

2. Scope of the terms and service structure

These Terms define the rules for using the public TraceScam informational website, the application available under /app and the API and technical backend services available under /api.

The public website provides informational, educational and legal content. The /app application is used to submit materials for analysis, view results, manage history, accounts, payments and the IT company directory.

• Public website: educational content, case studies, guides, incident reporting information and legal documents.
• SPA /app: analysis of e-mails, SMS messages, links and online shops, user account, payments, analysis history and IT company directory.
• API /api: submission handling, queues, scoring, payments, webhooks, retention and technical integrations.

3. Nature of the service and analysis result

TraceScam helps assess the risk of phishing, smishing, fraudulent links, fake online shops and other online scams. The analysis result is informational, supportive and preventive.

The risk score, risk level, reasons and recommendations are generated based on technical rules, heuristics, domain signals, submitted content and — where enabled — automated AI analysis.

TraceScam is not a law enforcement authority, court, bank, CERT/CSIRT team or guarantor of safety. The result is not an administrative decision, legal advice, investment advice or confirmation that an entity is lawful or trustworthy.

• The analysis may indicate low, medium, high or critical risk.
• False positives and false negatives are possible, especially where the submitted material is incomplete.
• Users should independently verify critical decisions, especially when payments, login credentials or personal data are involved.

4. Types of analyses

The platform supports several types of analyses. Their scope may vary depending on submitted data, account limits, queue availability and system configuration.

• E-mail analysis: message body, headers, domains, links, attachments and impersonation signals.
• SMS analysis: message body, sender, links, urgency, surcharges, payments and requests for data.
• Link analysis: URL structure, domain, shorteners, host-hiding characters, brand similarity and login risk signals.
• Online shop analysis: domain, page content, brand, seller details, company registration data, terms, contact, discounts and payment methods.

5. User account, verification and access security

Some features may require creating an account, logging in and verifying a code sent by e-mail. The account enables management of analysis history, credits, payments, invoices, IT company profile and security settings.

The user is responsible for keeping the password confidential, maintaining access to the e-mail inbox, providing accurate account data and not sharing the account with unauthorized persons.

• If account compromise is suspected, the user should change the password immediately and contact the operator.
• The operator may temporarily block an account or selected functions if abuse, attack, violation of the Terms or a security risk is suspected.
• Deleting an account may result in anonymization or deletion of data, except data required by law, settlements, security or evidence preservation.

6. Limits, credits, packages and payments

The application may offer a free analysis limit and paid credit packages. Package details, prices, currencies, limits and invoices are presented in the /app application, in particular on the pricing page.

Payments may be processed by an external payment provider. TraceScam does not store full card details if payment is processed through an external gateway.

Credits and limits are assigned to an account or e-mail address according to the technical model visible in the application. Unused credits, validity periods, renewals and invoices may depend on the package type.

• Prices may be displayed in PLN, EUR or USD depending on configuration and the user country.
• Invoices and payment confirmations are made available in the application after the payment provider confirms the payment.
• The user is responsible for the correctness of billing details, company details, VAT/tax ID, address and country.
• The operator may refuse to process a payment or cancel a transaction if fraud, legal violation, technical error or abuse is suspected.

7. IT company profile, Free plan, Pro plan and verified status

A user with an account may create an IT company profile in the directory. The directory is intended to help users find post-incident assistance or contact entities providing IT and cybersecurity services.

A Free profile is a basic listing. A Pro profile may enable presentation of specializations, technologies, certificates, SaaS products, partnership platforms and a broader service description. Verified status is an additional administrative mark, but it is not a guarantee of service quality.

• A company publishing a profile is responsible for the truthfulness, accuracy and legality of its data, descriptions, certificates, links, prices and materials.
• TraceScam is not a party to any contract between a user and an IT company found in the directory.
• The operator may moderate, hide, block or delete profiles that violate the Terms, law, third-party rights or user safety.
• Presentation of SaaS products and partnership platforms is informational and does not constitute an endorsement, certification or responsibility of the operator for those products.

8. Permitted use and prohibited actions

Users must use the platform in accordance with the law, good practice, security principles and the purpose of the service. It is prohibited to use TraceScam for attacks, abuse or bypassing security controls.

• Users must not submit materials they are not entitled to access, except to the extent necessary to report and analyze an incident.
• Users must not test the system by scanning, overloading, automated mass submissions, SSRF attempts, injection, limit bypassing, scraping or unauthorized access.
• Users must not use results for defamation, harassment, publishing personal data or falsely presenting any person or entity as fraudulent.
• Users must not submit card data, passwords, one-time codes or sensitive third-party data unless necessary for analysis. Such data should be masked where possible.

9. Data, privacy, GDPR and retention

Personal data processing rules are described in the Privacy Policy and the GDPR and data processing consent section. By using analysis functions, users may submit content containing personal data or confidential information.

Users should limit the submitted data to what is necessary for analysis. If acting on behalf of a company or another person, the user should have an appropriate basis to submit the material.

The system may apply retention, anonymization, deletion and evidence preservation functions according to application settings, law and the legitimate interest of security.

10. Incident reporting and post-loss actions

TraceScam may provide recommendations for next steps, including contacting a bank, changing a password, enabling MFA/2FA, preserving evidence and reporting to the relevant CERT/CSIRT, police, prosecutor, consumer authority or payment provider.

If money is lost, an account is taken over, data is stolen, an unauthorized transaction occurs or a crime is suspected, the user should act immediately and use official channels appropriate for their country.

11. Availability, maintenance and changes to features

The operator makes efforts to keep the platform stable, but does not guarantee uninterrupted availability, absence of errors, compatibility with every mail system or the ability to analyze every submission.

The service may be temporarily unavailable due to maintenance, failures, updates, third-party provider issues, AI limits, queues, payment providers, hosting or events beyond the operator’s control.

12. Liability

The operator is responsible for providing the service in accordance with the Terms and applicable law. To the extent permitted by law, the operator is not liable for user decisions made solely on the basis of an analysis result, lost profits, indirect damages, third-party actions, failures of external providers or content submitted by users.

Nothing in these Terms excludes liability that cannot be excluded under mandatory law, in particular consumer rights.

13. Complaints and contact

Complaints concerning the platform, payments, account or services may be sent to office.pl{'@'}ngitech.org. The report should include the account e-mail address, problem description, event date and information enabling identification of the transaction or analysis.

The operator reviews complaints within a reasonable time, no longer than required by applicable law. The response is sent to the e-mail address used for contact or assigned to the account.

14. Consumers, withdrawal right and digital services

If the user is a consumer or a person with similar statutory rights, they retain rights granted by mandatory law. For digital services provided immediately after purchase, the possibility to withdraw may depend on consent to begin performance before the withdrawal period expires and acknowledgement of losing the withdrawal right to the extent permitted by law.

Detailed information for a specific payment, package or subscription should be presented during the purchase process in the application.

15. Governing law and jurisdiction

These Terms are governed by Polish law, subject to mandatory consumer protection provisions and user rights arising from the law applicable to their place of residence.

Disputes related to the platform should first be resolved amicably by contacting the operator. This does not limit consumer rights to use competent authorities, courts or alternative dispute resolution methods.

16. Changes to the Terms

The Terms may be updated due to service development, feature changes, provider changes, legal changes, security requirements or the need to clarify rules. The current version is published on the TraceScam website.

For material changes affecting registered users, the operator may notify users in the application or by e-mail where required or justified by the nature of the change.