Tracuto Terms of Service
Effective date: May 10, 2026 Legal bundle version: 2026-05-10 Trade name: Tracuto (commercial name; not registered as an EU trade mark) Provider: KOHA-TECH Sp. z o.o., ul. Nowy Świat 33/13, 00-029 Warszawa, Poland (KRS: 0001183713, NIP: 5253054129, REGON: 542256381, share capital: PLN 5,000)
IMPORTANT: These Terms govern your use of the Tracuto online service, dashboard, APIs, browser script and SDK, and related documentation (the “Service”). They are reviewed periodically with qualified legal counsel. By creating an account or using the Service you agree to these Terms and to our Privacy Policy and, where Customer Data is processed on your behalf, the Data Processing Agreement.
Consumers vs business customers. The Service is offered primarily to organizations (B2B). We may also accept individual users who sign up directly. Where you act as a consumer in the meaning of the laws of your country (in Poland: Art. 22¹ of the Civil Code), the mandatory consumer-protection provisions of your country apply in addition to these Terms and prevail over any conflicting term.
1. Agreement and definitions
1.1 Parties. These Terms form a binding agreement between KOHA-TECH Sp. z o.o., a limited-liability company with its registered office at ul. Nowy Świat 33/13, 00-029 Warszawa, Poland, registered with the Register of Entrepreneurs of the National Court Register under KRS 0001183713, NIP 5253054129, REGON 542256381, share capital PLN 5,000 (fully paid in), operating under the trade name “Tracuto,” “we,” “us,” the “Provider,” and the Customer identified at signup or in an order form. If you use the Service on behalf of an organization, you represent that you have authority to bind it.
1.2 Definitions.
- “Service” — The Tracuto web application, APIs, hosted analytics and experimentation features, session replay and related processing, and the browser script/SDK delivery and ingest endpoints we operate for you, each as offered on your plan and as available.
- “Customer Data” — Data the Service processes on your behalf, including analytics events, session replay payloads, identifiers derived from visitors’ browsers, and related metadata you or your visitors cause to be sent to the Service.
- “Dashboard User” — An individual user account under your organization.
- “Project” — A configured property (e.g. a website or app) within your organization.
- “End User” or “Visitor” — A person who interacts with your site or app while the Tracuto script/SDK is active.
- “Consumer” — A natural person concluding a legal act with us not directly connected to their business or professional activity (Art. 22¹ Polish Civil Code or the equivalent in your country).
2. Description of the Service
2.1 Overview. Tracuto provides tools to collect, store, query, and visualize behavioral data and to run experiments, including, where enabled on your plan: event analytics, session replay, heatmaps, funnels, path/sitemap views, grouping, A/B testing and AI features (including AI Manager and AI session insights). Features may be plan-gated, beta, or disabled per environment.
2.2 AI features. AI features process Customer Data only to produce outputs for you (e.g. summaries, suggestions). We do not use Customer Data to train third-party foundation models without a separate agreement; if a feature would do so, it will be clearly disclosed and opt-in. The provider of any third-party model used to power an AI feature is listed on the Subprocessor list.
2.3 Third-party sites. The Service ingests data from your properties when you install our script/SDK. Tracuto does not control your websites or apps and does not decide what Visitors see or what data is collected beyond what you configure and what the script transmits.
2.4 No professional advice. Metrics, funnels, replay, and experiment reports are informational. They are not legal, medical, financial, or other professional advice.
3. Accounts and access
3.1 Registration. You must provide accurate information and keep it current. You must ensure Dashboard Users are at least the minimum age required in your jurisdiction to enter binding contracts and at least 16 years old unless your region permits a lower age and you comply with applicable law.
3.2 Credentials. You are responsible for: (a) safeguarding passwords, OAuth credentials, and ingest keys; (b) who you invite as Dashboard Users; (c) allowed origins and other project settings. You must notify us promptly of unauthorized use at [email protected] or through the in-product support channel.
3.3 Admin actions. Organization owners/admins may access, modify, or delete Customer Data for your projects according to product functionality.
3.4 Records of consent. At signup and on material changes to these Terms or the Privacy Policy, we record the legal-bundle version and acceptance timestamp as evidence of your acceptance.
4. Customer obligations and lawful use
4.1 Lawful basis and privacy. You are solely responsible for: (a) obtaining and documenting any consent, notice, or other lawful basis required to collect, instruct the processing of, or otherwise use Visitor data, including any ePrivacy / cookie-law consent on your properties; (b) your privacy policy and disclosures on your properties; (c) honoring data subject requests that apply to your role as controller (or equivalent) of Visitor data.
4.2 Prohibited and sensitive data. You must not use the Service to process data you are not permitted to share with us, or to circumvent law. Unless we explicitly agree in writing to a HIPAA BAA, PCI scope, or another regulated program, you must not submit:
- protected health information,
- payment card data (we are not a card processor — Stripe is),
- government-issued identifiers,
- biometric data within the meaning of GDPR Art. 9,
- other special-category or highly regulated data.
You must configure masking and collection scope to reduce exposure of secrets (passwords, API keys, tokens) in replay and events.
4.3 Acceptable use. You must not: (a) violate law or third-party rights; (b) transmit malware or attack the Service; (c) probe, scan, or test vulnerabilities without authorization; (d) overload or disrupt ingest or APIs; (e) resell or sublicense the Service except as permitted; (f) misrepresent identity or affiliation; (g) use the Service for non-consensual tracking or in violation of employment, biometric, or sector-specific rules applicable to you; (h) deploy the Service on internal or employee-only applications without satisfying applicable employment-monitoring notice and consultation requirements.
4.4 SDK and open source. If you use our npm SDK or sample code, open-source licenses may apply to that code independently. Your use of Tracuto-hosted endpoints and the Service is governed by these Terms, not by an open-source license alone.
5. License to the Service
5.1 Grant. Subject to these Terms and payment (if applicable), we grant you a non-exclusive, non-transferable, revocable right to access and use the Service for your internal business purposes during the Term.
5.2 Restrictions. You will not: copy the Service except as allowed by law; reverse engineer the Service except to the extent mandatory law permits (Art. 75(2)–(3) of the Polish Copyright Act / Art. 6 of Directive 2009/24/EC); remove notices; or access the Service to build a competing product.
6. Customer Data and processing
6.1 Your data. As between the parties, you retain all rights in Customer Data. You grant us a non-exclusive, worldwide license to host, process, transmit, and display Customer Data to provide the Service, prevent abuse, comply with law, and as described in our Privacy Policy and the DPA.
6.2 Aggregated/de-identified data. We may use aggregated or de-identified data that no longer identifies you or any Visitor for operations, security, billing, and product improvement, subject to law.
6.3 Instructions. You instruct us to process Customer Data as needed to provide the Service and in line with documented product behavior, unless the DPA specifies different documented instructions.
6.4 Data location and subprocessors. Production processing of Customer Data takes place in the European Economic Area (currently in Germany). Some account-related data is processed in the United States by our payment processor for billing, under the EU Standard Contractual Clauses. We use subprocessors as listed at /subprocessors; we will notify you of material changes per the DPA (currently 30 days’ notice with a right to object on data-protection grounds).
7. Fees, trials, and taxes
7.1 Fees and checkout. If you purchase a paid plan, fees are as shown at checkout (hosted by Stripe) or in a written order form. Trials, where offered, convert to paid unless cancelled in the billing portal or as stated in-product before the trial ends.
7.2 Taxes. Fees are stated net of VAT. VAT, GST or sales tax is calculated and shown at checkout by Stripe Tax. B2B reverse charge (Art. 196 of the EU VAT Directive / Art. 17 of the Polish VAT Act) applies where you provide a valid VAT identification number of an EU country other than Poland. Polish customers are charged 23 % VAT. Customers outside the EU are typically charged without VAT (export of services), subject to the rules at the time of the supply. You remain responsible for any taxes our systems do not collect.
7.3 Non-payment. We may suspend the Service for material non-payment after notice where practicable.
7.4 Price changes. We may change list prices with at least 30 days’ prior notice by email and in-product banner. Price changes take effect at the start of the next billing cycle. If you do not accept the new price, you may cancel before it takes effect; previously paid fees for the unused portion of a prepaid annual plan will be refunded pro rata if the price change is material (greater than 10 %).
7.5 Payment processor. Card and wallet payments, Customer Portal, invoices (where enabled), and charge receipts are provided by Stripe subject to Stripe’s terms and privacy notice.
7.6 Refunds and chargebacks. Outside any rights under mandatory consumer law (Section 7.7), fees are non-refundable except where (a) required by applicable law or (b) expressly stated at checkout (e.g. money-back periods on selected plans). Chargebacks and payment disputes may result in immediate suspension until resolved.
7.7 Consumer right of withdrawal (EU/EEA). If you contract with us as a Consumer, you generally have 14 days to withdraw from a distance contract under the Polish Act on Consumer Rights (implementing Directive 2011/83/EU). At checkout you will be given the option to:
- wait for the 14-day period before we begin providing the Service, or
- expressly request that performance begin immediately and acknowledge that you will lose the right of withdrawal once the Service has been fully provided with your prior express consent (Art. 38 of the Polish Act on Consumer Rights).
If you withdraw before performance is fully delivered, we will refund the proportional part of the fee. The withdrawal form is available at [email protected].
8. Term, suspension, and termination
8.1 Term. These Terms apply from first use until terminated.
8.2 Suspension. We may suspend access if (a) you breach these Terms, (b) we must comply with law, or (c) continued use poses security or abuse risk. We will use commercially reasonable efforts to notify you unless immediate action is required or we are legally prohibited from notifying you.
8.3 Termination. You may stop using the Service and, where the product allows, delete projects or request closure at [email protected]. We may terminate for material breach uncured after 30 days’ notice (or immediately for irreparable breach or if required by law).
8.4 Effect of termination.
- Customer Data. Active Customer Data is deleted within 30 days of termination (or sooner if requested), subject to the retention rules described in the Privacy Policy.
- Backups. Personal data inside operational backups is overwritten on rotation within 30 days.
- Account & billing data. Retained for the periods set in the Privacy Policy, including the 5-year period for Polish accounting/tax records.
Export features, where available, should be used before closure. Sections that by nature survive (liability, indemnity, governing law, dispute resolution, definitions) survive.
9. Service changes
We may modify, deprecate, or add features. We will provide notice of material adverse changes to the Service or these Terms at least 30 days in advance by email and in-product banner, except where shorter notice is required by law, security, or third-party constraints. Continued use after the effective date constitutes acceptance of updated Terms where permitted by law; for material changes you will be asked to re-accept the new legal-bundle version.
10. Warranties disclaimer
TO THE MAXIMUM EXTENT PERMITTED BY LAW, the Service is provided “as is” and “as available.” We disclaim all implied warranties, including merchantability, fitness for a particular purpose, and non-infringement. We do not warrant that (a) the Service will be uninterrupted or error-free, (b) analytics, replay, or experiment results will be accurate or complete, or (c) the Service meets regulated requirements (e.g. HIPAA, PCI, SOC 2, ISO 27001) unless a separate written compliance program applies. Mandatory consumer warranties (e.g. Polish rękojmia / niezgodność świadczenia z umową) are not excluded for Consumers.
11. Limitation of liability
11.1 Excluded damages. TO THE MAXIMUM EXTENT PERMITTED BY LAW, neither party will be liable for indirect, incidental, special, consequential, cover, or punitive damages, or for loss of profits, revenue, data, or goodwill, even if advised of the possibility.
11.2 Cap. OUR AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THESE TERMS OR THE SERVICE IN ANY 12-MONTH PERIOD WILL NOT EXCEED THE GREATER OF (A) THE FEES YOU PAID US FOR THE SERVICE IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM OR (B) ONE HUNDRED EUROS (EUR 100) IF NO FEES WERE PAID.
11.3 Exceptions (mandatory under EU law). Nothing in these Terms limits or excludes liability that cannot be limited under mandatory law, including:
- death or personal injury caused by negligence;
- fraud or wilful misconduct (Art. 473 § 2 Polish Civil Code);
- gross negligence to the extent it cannot be excluded under Polish law;
- liability under Art. 82 GDPR;
- statutory consumer rights under EU and Polish law.
Our liability payment obligations of either party are not capped by Section 11.2.
12. Indemnification (B2B only)
This Section 12 does not apply to Consumers. If you are a business customer, you will defend and indemnify Tracuto and its affiliates, officers, and employees against third-party claims arising from: (a) Customer Data or your properties; (b) your violation of law or these Terms; (c) a dispute between you and a Visitor or regulator regarding your collection or use of data. We will reasonably cooperate and may assume exclusive defense at our expense for claims we choose to control.
13. Compliance, export, and government requests
You represent that you are not restricted under export control or sanctions laws, including EU Regulation 2022/2474 and the U.S. OFAC lists. You will comply with applicable anti-bribery and export rules. We may produce information to law enforcement when legally required and will notify you unless gagged by law. We maintain an internal law-enforcement-request register.
14. Governing law and disputes
14.1 Governing law. These Terms are governed by the laws of the Republic of Poland, excluding conflict-of-law rules where choice of law is permitted, and without prejudice to the application of mandatory consumer-protection laws of your country of habitual residence (Art. 6 of Regulation (EC) No 593/2008 — Rome I).
14.2 Venue (B2B). For business customers, exclusive jurisdiction for disputes arising from or relating to these Terms lies with the common courts competent for the registered seat of KOHA-TECH Sp. z o.o. in Warsaw, Poland, in particular the Sąd Rejonowy / Sąd Okręgowy w Warszawie, Wydział Gospodarczy, depending on the value of the claim.
Note: KOHA-TECH Sp. z o.o. is registered with the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register, ul. Czerniakowska 100, 00-454 Warszawa. The registration court does not decide contractual disputes; the venue clause above identifies the dispute court.
14.3 Venue (Consumers). A Consumer may bring claims before the courts of the Member State of their habitual residence as required by Regulation (EU) No 1215/2012 — Brussels I bis. Any provision in these Terms that would deprive a Consumer of that right is unenforceable to that extent.
14.4 Consumer ADR / ODR. Consumers in the EEA may use the EU Online Dispute Resolution platform at https://ec.europa.eu/consumers/odr and competent alternative dispute resolution bodies in their country of residence.
14.5 UN CISG. The United Nations Convention on Contracts for the International Sale of Goods (CISG) does not apply.
15. Miscellaneous
15.1 Entire agreement. These Terms and any order form, DPA, or supplement referenced herein are the entire agreement on the subject.
15.2 Assignment. You may not assign these Terms without our consent; we may assign to an affiliate or in connection with a merger or sale of assets.
15.3 Notices. We may send notices to your account email or in-product. Legal notices to us: [email protected] or by post to KOHA-TECH Sp. z o.o., ul. Nowy Świat 33/13, 00-029 Warszawa, Poland.
15.4 Independent contractors. The parties are independent contractors.
15.5 Severability; waiver. If a provision is invalid, the remainder remains in effect. Failure to enforce is not a waiver.
15.6 Force majeure. Neither party is liable for delays or failures caused by events beyond reasonable control, including acts of God, war, terrorism, civil unrest, pandemics, internet or power outages, third-party service failures, or government acts.
15.7 Language. These Terms are published in English. A Polish translation may be provided for convenience; in case of conflict, the English version prevails, except where Polish consumer law requires the Polish version to prevail for Consumers.
16. Contact
KOHA-TECH Sp. z o.o. (trade name Tracuto) ul. Nowy Świat 33/13 00-029 Warszawa, Poland KRS: 0001183713 · NIP: 5253054129 · REGON: 542256381 · Share capital: PLN 5,000
E-mail: [email protected] · Privacy & DPA: [email protected] · Support: as indicated in the Service.