Terms of Service

Version 2026-05. Last updated: 20 May 2026.

These Terms of Service ("Terms") form a binding contract between Confidly OÜ ("Confidly", "we") and the legal entity identified at signup ("Customer", "you"). They govern the Customer's access to and use of the Confidly platform (the "Service"). By signing up, by clicking accept, or by using the Service, the Customer agrees to these Terms. If you are signing up on behalf of an organisation you confirm that you have authority to bind it.

Confidly is sold business-to-business. The Service is not intended for consumers. Where mandatory consumer-protection law applies because an individual is using the Service in a non-professional capacity, the consumer-protection rules of their EU Member State of habitual residence take precedence over any conflicting provision of these Terms.

1. The Service

Confidly provides a software-as-a-service whistleblowing platform consisting of:

• A public, anonymous reporting channel hosted at the customer's subdomain (e.g. acme.confidly.eu) or, for paid plans, a custom domain.
• An admin and investigation dashboard at app.confidly.eu.
• An audit trail satisfying Art. 18 of Directive (EU) 2019/1937.
• Optional AI features (case summarisation, category suggestion) that the Customer may enable or disable per channel.
• Integrations with HR systems and identity providers, where the Customer's subscription includes them.

Confidly may modify the Service from time to time. We will not materially reduce the functionality the Customer paid for during the current subscription term.

2. Accounts and authorised users

• The Customer designates an Account Administrator with authority to manage the subscription.
• Each natural person accessing the Service must have a separate user account; shared logins are not allowed.
• The Customer is responsible for all activity performed under its accounts and for keeping credentials secure.
• Multi-factor authentication is available for all users and is admin-enforceable.
• The Customer must promptly notify [email protected] of any suspected unauthorised use.

3. Acceptable use

The Customer and its users agree not to:

• Submit knowingly false or malicious reports, content that infringes third-party rights, or content that violates law.
• Reverse-engineer, decompile, or attempt to derive source code of the Service.
• Probe, scan, or test the vulnerability of the Service except under the responsible-disclosure terms published at /trust.
• Send spam, phishing, malware, or any content designed to deceive recipients of the channel.
• Use the Service to harass, intimidate, or retaliate against a reporter or any person mentioned in a report.
• Use the Service to evade obligations the Customer owes to its employees under labour or whistleblower-protection law.
• Exceed published rate limits or use automated tools to overload the Service.

4. Customer obligations under whistleblower-protection law

The Service is a technical tool. The Customer remains responsible for designating the impartial person or service competent to receive and follow up on reports (Directive (EU) 2019/1937 Art. 8(5)), for acknowledging receipt within 7 days (Art. 9(1)(b)), for providing feedback within 3 months (Art. 9(1)(f)), and for complying with all other obligations under the national law transposing the Directive. Confidly's workflow surfaces these deadlines but cannot meet them on the Customer's behalf.

5. Subscription, fees, and renewal

• 14-day free trial; no payment method required.
• Plans are billed in advance in EUR, monthly or annually, per the pricing on confidly.eu/pricing in force at the time of order.
• Annual plans renew automatically for the same term. The Customer may cancel renewal at any time before the renewal date from the billing portal.
• Monthly plans renew monthly until cancelled.
• Failed payments: we retry per Stripe's smart-retry schedule. If the payment is not collected after 7 days the channel is paused (existing data preserved); after 30 days the subscription is terminated and data is deleted per section 11.
• Price changes take effect at the next renewal with at least 30 days' notice.
• VAT, GST, sales tax and similar are added at the rate in force at the Customer's billing location, except where the Customer provides a valid VAT-ID under the EU reverse-charge mechanism.

6. Refunds and trial conversion

Free trials convert to paid subscriptions only if the Customer enters a payment method and confirms. We do not auto-convert silent trials. Annual subscriptions cancelled mid-term are refunded on a pro-rata basis for unused full months, excluding the first month, less any one-time onboarding fees actually performed. Monthly subscriptions are not refunded for partial months.

7. Data and ownership

• The Customer owns Customer Data (the reports, attachments, channel configuration, team list, and audit log relating to its tenant). We hold it as a processor on the Customer's behalf under the DPA.
• Confidly owns the Service itself, including its software, documentation, and de-identified aggregate usage metrics (no Customer Data, no reporter content).
• The Customer grants Confidly a non-exclusive, worldwide, royalty-free licence to host, process, and display Customer Data solely to provide the Service.
• The Customer can export Customer Data via the admin console at any time during the subscription and for 30 days after termination.

8. Confidentiality

Each party will treat the other's Confidential Information with the same standard of care it uses for its own confidential information of similar sensitivity, and at least with reasonable care. "Confidential Information" excludes information that is public through no fault of the receiving party, known before disclosure, or independently developed. These obligations survive termination for 5 years, or indefinitely for trade secrets.

9. Service levels

• Target availability: 99.9% per calendar month on Pro and Multi-Entity plans (Service Level Schedule, available on request).
• Planned maintenance is announced at least 7 days in advance.
• Unplanned outages are reported at status.confidly.eu.
• Service credits where availability targets are missed: Pro - up to 10%; Multi-Entity - up to 25%. Credits are the Customer's sole and exclusive remedy for availability failures.
• Starter plans have no contractual availability target; we operate Starter and Pro on the same infrastructure as a matter of fact.

10. Suspension

Confidly may suspend the Service or specific user access (a) if continued use poses a security or legal risk; (b) for breach of section 3 that remains uncured after written notice and 14 days, save where the breach is material and not curable in which case Confidly may suspend immediately; or (c) for non-payment per section 5. We will limit the suspension to what is reasonably necessary.

11. Termination

• The Customer may cancel renewal at any time from the billing portal. Cancellation takes effect at the end of the current paid period.
• Either party may terminate for material breach not cured within 30 days of written notice.
• Either party may terminate immediately on the other's insolvency or assignment for the benefit of creditors.
• On termination, Customer Data is exportable for 30 days, deleted from active systems within a further 30 days, and from backups within 90 days. Audit-log stubs are retained 7 years per the DPA section 14.
• Sections that by their nature should survive termination (confidentiality, indemnification, liability, governing law) do survive.

12. Representations and warranties

Confidly warrants that the Service will substantially conform to the Documentation and to the security and data-protection commitments described at /trust and in the DPA. The Customer warrants that it has the authority to enter into these Terms and that its use of the Service complies with applicable law, including its obligations under Directive (EU) 2019/1937 and national implementing acts.

Except as expressly set out, the Service is provided "as is" and "as available", and Confidly disclaims all implied warranties to the maximum extent permitted by law, including warranties of merchantability and fitness for a particular purpose.

13. Indemnification

Confidly will defend the Customer against any third-party claim that the Service, as provided and used in accordance with these Terms, infringes a registered EU, UK, or US patent, copyright, or trademark, and will pay damages finally awarded. The Customer must promptly notify Confidly, give sole control of the defence, and cooperate reasonably.

The Customer will defend Confidly against any claim arising from Customer Data, from the Customer's breach of section 3, or from the Customer's failure to comply with its obligations as Controller under the DPA, and will pay damages finally awarded.

14. Limitation of liability

To the maximum extent permitted by applicable law, each party's aggregate liability arising out of or related to these Terms is capped at the fees paid or payable by the Customer for the Service in the 12 months immediately preceding the event giving rise to liability. Neither party is liable for indirect, incidental, special, consequential, exemplary, or punitive damages, or for lost profits, lost revenue, lost data, or business interruption, even if advised of the possibility.

Nothing in this section limits liability that cannot be excluded under applicable law, including liability for fraud, wilful misconduct, gross negligence, death or personal injury caused by negligence, or breach of statutory consumer-protection rights.

15. Compliance with law

Each party will comply with all laws applicable to its performance, including export-control, anti-bribery, anti-corruption, and sanctions law. The Service is not designed for use in connection with the operation of life-support systems, aircraft navigation, nuclear facilities, weapons control, or other safety-critical applications.

16. Notices

Operational notices are sent by email to the Account Administrator and the billing contact. Legal notices to Confidly must be sent to [email protected] with a copy by registered post to Confidly OÜ, Tallinn, Estonia. Notices are deemed received on the next business day after sending.

17. Changes to these Terms

We may modify these Terms with at least 30 days' prior written notice for material changes. Non-material clarifications take effect on posting. If the Customer objects to a material change it may terminate the subscription within 30 days of the notice and receive a pro-rata refund of prepaid fees for the unused term.

18. Assignment

Neither party may assign these Terms without the other's prior written consent, not to be unreasonably withheld, except that either party may assign in connection with a merger, acquisition, or sale of substantially all assets, on written notice.

19. Force majeure

Neither party is liable for delay or failure caused by events beyond its reasonable control, including natural disasters, war, terrorism, civil disturbance, labour disputes (other than involving its own staff), or compliance with binding orders of government. Payment obligations are not excused by force majeure.

20. Governing law and venue

These Terms are governed by the law of the Republic of Estonia, excluding the UN Convention on Contracts for the International Sale of Goods. The courts of Tallinn, Estonia have exclusive jurisdiction over any dispute, subject to any mandatory provision of the Customer's local law granting jurisdiction to its own courts in respect of consumer-protection rights.

21. Entire agreement

These Terms, the DPA, the order form (if any), and the pricing in force at order, together form the entire agreement and supersede all prior discussions and representations. If any provision is held unenforceable, the remainder remains in force and the unenforceable provision is reformed to the minimum extent necessary.

22. Contact

Legal: [email protected]
Support: [email protected]
Billing: [email protected]