Terms of Service

Agreement to terms

These terms form an agreement between you (the "Customer") and Fidera, Inc. ("Fidera," "we," or "us") covering your access to and use of our identity verification and KYC platform, including the API, dashboard, SDKs, and any related services (together, the "Service"). By signing an order form, accepting these terms, or using the Service, you agree to be bound by them. If you are agreeing on behalf of an organization, you confirm that you have the authority to bind that organization.

Where these terms and a signed order form or master agreement conflict, the signed document controls.

Accounts & eligibility

To use the Service you must create an account and keep your account information accurate. You are responsible for:

• Safeguarding your API keys and login credentials, and for all activity that happens under your account.
• Ensuring everyone you allow to access the Service follows these terms.
• Being an organization or individual able to form a binding contract, and using the Service for legitimate business purposes.
• Notifying us promptly at security@fideralabs.com if you suspect any unauthorized access to your account.

The service

Fidera provides identity verification and KYC tooling: document verification, biometric checks (face match and liveness), sanctions, PEP, and adverse-media screening, verification orchestration, and a dashboard and case-management interface, accessible through our API, hosted flows, and SDKs.

The Service is a tool that returns verification signals and supporting evidence. It does not make legal or compliance decisions for you. You decide how to configure checks and thresholds, how to weigh results, and whether to approve, review, or reject any end-user. We may improve, change, or deprecate features over time; where a change would materially reduce core functionality you rely on, we will give reasonable advance notice.

Acceptable use

You agree to use the Service lawfully and responsibly. In particular, you will not:

• Use the Service for any unlawful, fraudulent, deceptive, or discriminatory purpose, or in violation of applicable identity, privacy, biometric, AML, or sanctions laws.
• Process the data of any end-user without the rights, notices, and consents required for that processing, or otherwise infringe the rights of end-users.
• Attempt to circumvent, defeat, or game the verification process — for example, by submitting fabricated, synthetic, or stolen identities, or by manipulating liveness or biometric checks.
• Probe, scan, overload, reverse-engineer, or interfere with the Service or its security, or attempt to access data you are not authorized to access.
• Resell, sublicense, or expose the raw Service to third parties in a way not contemplated by your agreement, or use it to build a competing product.

We may suspend access to address a security risk, a material breach of these terms, or unlawful activity, and will aim to limit any suspension to what is reasonably necessary.

Customer responsibilities & end-user consent

When you send us an end-user's information to verify, you act as the controller of that personal data and Fidera acts as your processor. You are responsible for:

• Having a lawful basis to collect and process each end-user's data, including any biometric data, before submitting it.
• Providing end-users with clear notice about the verification and obtaining any consent required in their jurisdiction.
• Honoring end-user rights, including access, correction, and deletion requests, and routing those requests to us where we hold the data on your behalf.
• Configuring the Service appropriately for your regulatory obligations and reviewing results before acting on them.

Where shareable or reusable verification is enabled, reuse is gated by explicit, revocable end-user consent, and you agree to rely on it only within the scope that consent permits.

Fees & billing

The Service is priced primarily on a per-verification basis. The specific rates, units, billing cycle, currency, payment terms, and any committed volumes are set out in your order form. Unless your order form says otherwise, fees are invoiced for the verifications and screens you run.

• Charges are based on usage recorded by the Service. Some government-database and chip-read checks may carry third-party pass-through fees, which are described in your order form.
• Invoices are payable within the period stated in your order form. Undisputed past-due amounts may accrue interest and, after notice, lead to suspension.
• Fees are exclusive of taxes; you are responsible for applicable taxes other than taxes on our income.

If anything about pricing is unclear, the order form is the controlling document — reach out before you rely on a figure you saw elsewhere.

Intellectual property

Fidera and its licensors own the Service, including the software, APIs, models, documentation, and brand. We grant you a limited, non-exclusive, non-transferable right to use the Service during your subscription, subject to these terms. You own your data and the content you submit. You grant us the rights needed to operate the Service for you, including processing end-user data to return verification results.

If you send us feedback or suggestions, we may use them to improve the Service without obligation to you. We may use aggregated and de-identified data — which cannot reasonably identify you or any end-user — to operate, secure, and improve the Service.

Confidentiality

Each party may receive confidential information from the other. The receiving party will use it only to perform under the agreement, protect it with reasonable care, and not disclose it except to people who need it and are bound by similar obligations. This does not apply to information that is public through no fault of the receiving party, already known, independently developed, or required to be disclosed by law — in which case the receiving party will give reasonable notice where permitted.

Data protection

How we handle personal data is described in our Privacy Policy and our Data Processing Addendum, which is incorporated into these terms where we process personal data on your behalf. The DPA sets out our roles, security commitments, sub-processor arrangements, and how we support your obligations to end-users.

We are built to SOC 2 Type II and ISO/IEC 27001 controls and engineer privacy and security into the platform. The sub-processors we use to deliver the Service include Amazon Web Services for hosting, Rekognition for biometrics, Textract for document OCR, and S3 for encrypted document storage.

Warranties & disclaimers

We will provide the Service with reasonable skill and care. Beyond what is expressly stated in your agreement, the Service is provided "as is" and we disclaim all other warranties to the extent permitted by law, including implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

Identity verification is probabilistic. We do not warrant that the Service will detect every fraudulent identity or that every result will be free of error, and you remain responsible for your own onboarding, compliance, and risk decisions.

Limitation of liability

To the maximum extent permitted by law, neither party is liable for indirect, incidental, special, consequential, or punitive damages, or for lost profits, revenue, data, or goodwill, even if advised of the possibility. Each party's total liability arising out of the agreement is capped at the amount stated in your order form or master agreement.

Nothing in these terms limits liability that cannot be limited by law, such as for fraud or willful misconduct. The specific cap and any exclusions are set out in your signed agreement.

Term & termination

These terms apply for as long as you use the Service or have an active order form. Either party may terminate for a material breach that the other party does not cure within a reasonable notice period, and as otherwise set out in your agreement.

On termination, your right to access the Service ends and you should stop using it. We will handle the return or deletion of personal data as described in the Data Processing Addendum. Terms that by their nature should survive — such as confidentiality, intellectual property, fees accrued, disclaimers, and limitations of liability — will survive termination.

Changes to the terms

We may update these terms from time to time. When we make material changes, we will update the date above and take reasonable steps to let you know, such as notice in the dashboard or by email. If you keep using the Service after a change takes effect, you accept the updated terms. Where your signed agreement sets a different process for changes, that process controls.

Governing law

The governing law and the venue for resolving disputes are specified in your order form or master agreement. We deliberately do not state a single jurisdiction here, because the controlling terms depend on the agreement you sign with us. If your agreement does not address this, contact legal@fideralabs.com and we will confirm the applicable terms.

Contact

Questions about these terms, or a request for the binding contract or order form, can go to our legal team. For privacy questions, see our Privacy Policy; for security matters, write to security@fideralabs.com.