Terms & Conditions for Organizations
A legally binding contract on the following Spidx Terms and Conditions for Organizations (“Agreement”) will be created between Spidx and the Organization which agrees to this Agreement. We are Spidx (“Spidx”, “Spidx LLC”, “we”, “us”, “our”). The Organization is referred to as “you” or “your”. This Agreement covers your use of the Spidx Products.
This Agreement is formed of: (1) the Terms (the first part of this Agreement) which apply to the use of all our Products; and (2) the Product Annexes which have specific clauses relevant to that Product only. A Product Annex only forms part of this Agreement from the point you first begin using that Product. So if you are not using a particular Product then that Product Annex is not relevant to you.
The person accepting this Agreement on behalf of an Organization must (a) have ﬁrst created an Individual Spidx Account in order to register the Organization and (b) be authorized to do so on behalf of the Organization.
Do not accept this Agreement or use (or attempt to use) the Spidx Products if you do not agree with or understand it. Your continued use of Spidx Products will constitute acceptance of and agreement to this Agreement by you.
This Agreement uses phrases that have specific meanings. They are set out in Schedule 1.
Integration and Documentation
Our Products allow an integrated approach using the Software, or instead, a non-integrated service offering. This clause only applies if you choose to integrate the Software and does not apply if you use a non-integrated service.
You may integrate the Software with your own platform. You are not permitted to share the Software with any other person unless we have agreed otherwise in writing. Spidx will provide Documentation (including an integration guide) to assist you with the integration process and use of Spidx Platform.
It is your sole responsibility to ensure that the Software is properly integrated with your platform. Unless otherwise agreed, beyond providing the Documentation, Spidx does not commit to providing further support with the integration of the Software.
Spidx may amend the Software at any time at its absolute discretion. You are responsible for the integration of any amended Software with your platform at your sole expense and you must do so: (i) within 90 days of Spidx notifying you if an SDK replacement is required by you; or (ii) within 30 days of Spidx notifying you if the amendment requires a small amount of integration work by you in the reasonable opinion of Spidx. Spidx will use its reasonable endeavors to inform you of any planned or actual changes to the Software or any other part of the Spidx Platform relevant to your use of the Software by informing you directly by email or by publishing a notiﬁcation on the Admin or the development section of the Spidx website.
Your license for development using a Spidx SDK is covered under this Agreement. You are responsible for the safekeeping of your API key. If a third party uses your API key you will be responsible and liable to us for their use, including for Transaction Charges incurred.
Organizational policies and data protection
Responsibility for the lawful processing of Customers’ Attributes by or on your behalf is your sole responsibility and not the responsibility of Spidx.
Each Product Annex contains a statement about which of us is the Data Controller and which is a Data Processor. Schedule 2 to the Terms contains a Data Processing Agreement that governs our responsibilities when we are a Data Processor to you.
Use of the Spidx Platform and the Software
Grant of license
Spidx grants to you a non-transferable, non-sublicensable, royalty-free, revocable, non-exclusive license to use the Spidx Platform from the date on which Spidx approves the opening of your Organization Account. This license is automatically suspended during any period when your use of your Organization Account is suspended and will terminate automatically and irrevocably on termination of this Agreement for any reason.
Any use of the Spidx name, logo, and QR codes, must follow the branding contained in the Spidx SDKs and Documentation.
Spidx may amend any part of the Spidx Platform at any time at its absolute discretion with no prior warning to you.
If you are using the Spidx Platform to outsource any of your obligations under a specific Regulation then you remain responsible for failure to apply the measures required under this Regulation.
Restrictions on Use
In relation to your use of the Spidx Platform, either during the term of this Agreement or at any time afterward, you must:
- only use it in compliance with all applicable laws;
- only use the Spidx Platform to receive or exchange Attributes with Customers solely for proper and lawful business purposes and otherwise in accordance with this Agreement;
- only make backup copies of the Software for your lawful use. You must keep a written record of the number and location of copies of the Software, which you must provide to Spidx on request, and take all reasonable steps to prevent unauthorized copying of the Software;
- not use the Spidx Platform to determine if the Spidx Platform is within the scope of a patent;
- not modify, copy, adapt, translate or create derivative works based on any part of the Spidx Platform, or attempt to discover any source code or underlying ideas or algorithms or reverse engineer, decompile or disassemble any part of the Spidx Platform for any purpose;
- not attempt to gain, or gain, unauthorized access to, or disrupt the integrity or performance of the Spidx Platform or any Attributes;
- not use the Spidx Platform, any Attributes, or any generated results to directly or indirectly train any machine learning algorithm;
- not use the Spidx Platform to commit, or with the intention to commit, any unlawful, fraudulent, dishonest, threatening, invasive, or improper behavior;
- not and are not permitted to sub-license, assign, hold on trust or novate this Agreement to or on behalf of any person;
- provide all cooperation and information reasonably required by Spidx in relation to the Spidx Platform, including all information and materials reasonably required by Spidx to make the Spidx Platform available to you. You must ensure that such information is up-to-date and accurate in all material respects;
- not provide a service which is the same as or similar to the Spidx Platform, or use any part of the Spidx Platform to build a competitive product or service or copy its features, technology, or user interface; or not act or omit to act in any way that results in damage to Spidx’s business or reputation.
Quality and reliability of Attributes
The number and type of Attributes that can be shared via the Spidx Platform, and the extent to which Spidx verifies any Attributes, will be determined by Spidx in its sole discretion from time to time. Spidx does not guarantee to provide any particular category of Attribute and may remove or amend any category of Attribute in respect of some or all Individuals and Organizations from the Spidx Platform at any time.
Spidx will perform its verification, authentication, and onboarding of Individuals and/or their Attributes with reasonable skill and care. However, Spidx does not guarantee that any Attributes are true, complete, or accurate at any time. Spidx may change its onboarding or verification processes at any time. Spidx’s liability in relation to the accuracy of Attributes is set out below.
Use of Attributes
You are permitted to use Attributes provided to you by Customers for your proper and lawful purposes.
You must notify Spidx of any misuse of Attributes or attempts of fraud made by any Individual that has been identified by your Organization.
Except with the prior written consent of Spidx you may not resell, sublicense, lease, share, transfer, make representations about or otherwise make available any Attribute, Transaction History, Spidx timestamped data or any information gleaned from the foregoing to any third-party or as part of any joint venture or partnership with any third-party. Further, you may not store any Attribute or Transaction History in any publicly distributed ledger (such as a public blockchain) without our written prior consent, which we can withhold at our absolute discretion.
Spidx may, but has no obligation to you, submit identity documents and selﬁes of suspected fraudsters to law enforcement or government bodies to help those bodies in their detection and prevention of fraud.
Spidx has no obligation to make any Third-Party Services available via the Spidx Platform, but we may at our sole discretion choose to do so from time to time. We can withdraw the provision of any Third-Party Service via the Spidx Platform at any time without giving you notice. Use of Third-Party Services will be governed solely by the terms and conditions of the relevant Third-Party Service provider and we are not liable to you. If you have an issue or a claim with the Third-Party Services we may give assistance to you (at your cost) to resolve the issue or pursue the claim. Spidx does not guarantee that any Third-Party Service is suitable for any particular purpose and as between Spidx and you the Third-Party Service is provided “as is” and we disclaim any and all implied or express representations, warranties, terms, or conditions in connection with the Third-Party Service.
Transaction Charges shall be calculated in accordance with either the Pricing Schedule or the prices we have agreed with you in a written side letter. If we have agreed to a price with you then this takes precedence over anything in the Pricing Schedule. The chargeable events for each Product are set out in the relevant Product Annex.
Spidx may invoice you monthly in arrears at any time after the last day of the calendar month in which the Transaction Charges have been incurred. Spidx reserves the right to invoice you for Transaction Charges incurred in any month in the next month or any subsequent month if you have had a low volume of Transactions and/or your invoice is of low value. Spidx also reserves the right to request advance payment of Transaction Charges for any reason, including if your credit score drops or you have a history of making late payments to us.
All Transaction Charges are payable in United States Dollars and are exclusive of taxes.
Payment card details may be entered and saved in Admin to automatically pay for future invoices. Any card details entered may be stored by our payment partner, who may apply a charge to the saved payment card upon issuance of a new invoice. If you do not have a saved payment card in Admin, you shall receive a payment link, requiring you to enter your payment card details or perform payment via an alternative option for each invoice issued to you. You must settle any outstanding invoices within 14 days of the date of the invoice.
If you fail to make any payment due to Spidx under this Agreement by the due date then, without limiting Spidx’s other remedies, we may charge interest on the overdue amount at 10%, in addition to 1% interest rate per month calculated pro rata die until actual payment of the overdue amount, including before and after judgment. You must pay the interest together with the overdue amount.
You must pay all amounts due under this Agreement in full without any set-off, counterclaim, deduction or withholding (except for any deduction or withholding required by law). Spidx may at any time, without limiting its other rights or remedies, set off any amount owed to it by you against any amount payable by Spidx to you.
Spidx may amend the Pricing Schedule at any time, on no less than 30 days prior written notice to you. Notice will be given by email to you or at Spidx.app. If you object you may terminate this Agreement in accordance with your rights below. Continued use by you is taken as acceptance of the amended Pricing Schedule.
Suspension and Termination
This Agreement will continue in force from the date on which you accept this Agreement until it is terminated.
Rights to suspend
In addition to Spidx’s right to suspend access to your Organization Account during the veriﬁcation process, Spidx reserves the right to suspend for an indeﬁnite period:
- your use of the Spidx Platform or the receipt of Attributes if any Individual with access rights to your Organization Account is suspended from their Individual Spidx Account;
- your use of the Spidx Platform or the receipt of Attributes if access to any other Organization Account associated with you is suspended or terminated for whatever reason;
- your use of the Spidx Platform or the receipt of Attributes if you fail to make any payment due to Spidx by the due date for payment. Spidx reserves the right to request advance payment from you after payment is made before your access to the Spidx Platform is resumed;
- your use of the Spidx Platform or the receipt of Attributes if Spidx suspects that you have committed a material breach of any term of this Agreement whilst it investigates that suspected breach;
- your use of the Spidx Platform or receipt of Attributes if you do not respond in a timely manner to a query from us or one of your Customers concerning your use of the Spidx Platform or Attributes received from Customers; and
- your use of the Spidx Platform or use of Attributes for any other reason whatsoever if Spidx believes, in its absolute discretion, that there is reasonable cause to do so.
Spidx will take reasonable steps to notify you of any planned or actual suspension of your Organization Account but will not be in breach of this Agreement if it does not do so.
Rights to terminate this Agreement
You may terminate this Agreement at any time on 30 days’ written notice to Spidx. We may terminate this Agreement at any time on 30 days’ notice.
Either party may terminate this Agreement with immediate effect on written notice to the other party if the other party commits a material breach of this Agreement.
Spidx may terminate this Agreement with immediate effect if:
- you breach or exceed the conditions of use of the Spidx Platform;
- where you are a sole trader, you breach our Terms of Service. We may also terminate with immediate effect if a director or senior person at your Organization breaches our Terms of Service;
- you suffer or incur any form of insolvency or enter into an arrangement with your creditors;
- you fail to pay any amount due under this Agreement on the due date for payment;
- you have provided incomplete or inaccurate information to Spidx during the account set-up process or fail to maintain such information on a timely basis;
- a territory you operate in introduces a data localization requirement that affects the Attributes we store or where we must store them or introduces any law that could require Spidx to build a ‘back door’ to any data Spidx stores or processes;
- you are or become a competitor of Spidx or the Spidx Platform, or that you control any person or organization which is a competitor of Spidx or the Spidx Platform. Spidx shall determine if you are a competitor in its sole discretion; or
- Spidx believes, in its absolute discretion, that your continued use of our product is causing harm to Individuals, our product to others, or our reputation or goodwill.
Termination of the Agreement shall not affect any rights, remedies, obligations, or liabilities of the parties that have accrued up to the date of termination.
Any provision of this Agreement that is intended to come into or continue in force on or after termination of the Agreement shall remain in full force and effect notwithstanding termination.
Consequences of termination
If this Agreement is terminated by either party for any reason:
- all rights granted to you under this Agreement shall cease;
- you shall stop using the Spidx Platform, the Software, and your Organization Account;
- you shall pay all outstanding amounts due by you to Spidx (with interest, if applicable), whether or not Spidx has submitted invoices relating to those amounts to you. The invoices shall be payable by you immediately on receipt; and
- you shall permanently delete, destroy or return to Spidx (at Spidx’s election) all copies of the Software and Documentation in your possession or control and on request shall promptly provide a signed declaration from a director that this paragraph has been complied with.
License and publicity
You acknowledge that all Intellectual Property Rights in or arising out of or in connection with the Spidx Platform, the Attributes, Transaction History and the Documentation is owned by Spidx, and you do not have any rights in or to the Spidx Platform, the Attributes, Transaction History or the Documentation, other than the limited license granted to you under this Agreement.
You must not do and must procure that no person on your behalf does anything which could infringe the Intellectual Property Rights of Spidx including any of the Intellectual Property Rights arising from or in connection with the Spidx Platform and/or the Documentation or otherwise pursuant to the terms of this Agreement. Any and all rights not expressly granted to you under this Agreement shall be reserved to Spidx.
You must not do and must procure that no person on your behalf does anything which could infringe the Intellectual Property Rights of any third party arising from or in connection with your use of the Spidx Platform.
You grant to Spidx and its Affiliates a worldwide, non-exclusive, non-transferable, irrevocable license to use such of your Intellectual Property Rights solely as necessary in order to make available and administer the Spidx Platform in order that you, other Organizations and Individuals, and Spidx may use the Spidx Platform on the terms and subject to the conditions of this Agreement and the Individual Terms and Conditions.
By entering into this Agreement, you agree that Spidx may use your company name, trading name, company contact details, and logo(s): (a) on the Spidx App or website to show the Organizations who use Spidx (including in a searchable database of Organizations); (b) in presentations, conferences and promotional materials where we showcase Organizations who use Spidx; and ( c) in public announcements about acceptance of this Agreement and your use, or intended use, of the Products. We will ask for your consent for uses beyond this.
Our searchable database on our website may also list various other of your information and contact information at our discretion. If you object to information about your Organization and key contact information being included in a searchable database you must notify us in writing within 14 days of acceptance of this Agreement.
Whenever you mention your identity publicly you must state that Spidx is the provider or use the phrase “powered by Spidx”.
Spidx warrants to you that your use and access of the Spidx Platform shall not infringe the Intellectual Property Rights of any third party, provided your use of the Spidx Platform is strictly in accordance with this Agreement. If the use of any Intellectual Property Rights comprised in the Spidx Platform are determined by a court of competent jurisdiction to infringe the Intellectual Property Rights of any third party, Spidx’s sole liability to you will be to do any of the following at Spidx’s discretion: (a) securing a license or other right to continue use of the relevant third-party intellectual property right as part of the Spidx Platform; (b) replacing the relevant part of the Spidx Platform; and ( c) suspending or terminating provision of the relevant part (or, if necessary, the whole) of the Spidx Platform.
Accuracy of Attributes
Spidx will use its reasonable skill and care in verifying or authenticating Attributes from Individuals, but will have no liability to you, and hereby disclaims to the fullest extent possible under applicable laws all implied representations, warranties, conditions, and terms in respect of the accuracy of any Attributes (including Third-Party Attributes), whether veriﬁed by Spidx or not; all Attributes are acquired and used by you at your own risk. Where Spidx is reselling a third-party data service then Spidx is not liable to you if the data received by Spidx is inaccurate in any way.
Spidx gives no representation, warranty, or undertaking in respect of the suitability of the Attributes or any combination of them for any purpose whatsoever, including any decisions made or processes (whether automated or otherwise) used by you to enter into, develop, progress, suspend, terminate, reduce or end any agreement, arrangement, relationship, license or transaction, or to provide any product, service, membership, access or other facilities to any person whatsoever, all of which you undertake at your sole risk. The Products may be used globally and in many sectors but we do not warrant that the Attributes or any Product will be compliant with, or make you compliant with, laws or regulations which may be applicable to you.
Availability and functionality of the Spidx Platform
Spidx will use all commercially reasonable endeavors to ensure that the Spidx Platform is generally accessible and usable by Organizations and Individuals. However, Spidx gives no guarantee as to the availability of the Spidx Platform or any component of the Spidx Platform, or in relation to the capacity, latency, responsiveness, accuracy, or proper operation of the Spidx Platform. If Spidx becomes aware of any defect affecting the operation of the Spidx Platform, we will take reasonable steps to restore the proper operation of the Spidx Platform in all material respects as soon as reasonably practicable and within Spidx’s available resources, but Spidx gives no guarantees in relation to response times, ﬁx times or otherwise.
Unless agreed otherwise, Transaction Charges are only payable by you when Attributes are actually exchanged via the Spidx Platform. Accordingly, Spidx will not be liable to pay (or repay) to you any amount by way of compensation for any defect or availability of the Spidx Platform.
Except as expressly stated in this Agreement, Spidx provides the Spidx Platform “as is” and all representations, warranties, undertakings, conditions, and other terms which might otherwise be implied into this Agreement are hereby excluded to the fullest extent permitted by law. Spidx gives no representation, warranty, or undertaking in respect of the Spidx Platform or otherwise in connection with this Agreement except as expressly set out in this Agreement.
Nothing in this Agreement limits or excludes the liability of either party for: (a) death or personal injury resulting from its negligence; (b) fraud or fraudulent misrepresentations; ( c) any loss that may not be limited or excluded under applicable law; (d) any Transaction Charge due; or (e) under an indemnity given in this Agreement.
Spidx shall not be liable to you, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, arising under or in connection with this Agreement for any:
- loss of proﬁts;
- loss of sales or business;
- loss of agreements or contracts;
- loss of anticipated savings;
- loss of use or corruption of software, data, or information;
- losses arising from enforcement action by regulators, including any ﬁnes;
- loss or damage to goodwill; and
- any indirect, consequential, or incidental loss.
The maximum aggregate liability of Spidx to you, any of your Aﬃliates or your Customers, whether in contract, tort (including negligence), for breach of statutory duty, or otherwise shall be capped at the higher of a sum equal to 10% of the Transaction Charges you have actually paid to us in the prior 12 months to the breach.
The parties both agree that the above limitations and exclusions of liability reﬂects the commercially agreed allocation of risk between the parties for the Spidx Platform, taking into account the Transaction Charges and that the above limitations and exclusions of liability are reasonable and proportionate.
You indemnify on demand Spidx, our directors, our employees, and our contracting parties against any and all losses, liabilities, costs (including professional costs), expenses, damages, interest, and other sums suffered or incurred by or on behalf of Spidx arising directly or indirectly from any breach of this Agreement by you.
Spidx shall not be in breach of the Agreement nor liable for any delay in performing, or failure to perform, any of its obligations under the Agreement where such delay or failure results from events, circumstances, or causes beyond its reasonable control including but not limited to failure of the internet, power outages, failure of third-party networks, cloud hosting services, industrial actions (but not industry action affecting Spidx staff), war, pandemics, civil unrest, and terrorist activity. Spidx may take mitigating measures to reduce the impact of a force majeure event.
Each party shall, for the duration of this Agreement and thereafter, keep confidential all information of a confidential nature (including pricing, trade secrets and information of commercial value) which may become known to such party and which relates to or is owned by the other party or any of its Affiliates. Neither party shall use the other party’s confidential information for its own purposes (other than the implementation of this Agreement) nor, without the prior written consent of the other, disclose it to any third party (except its professional advisors or as may be required by any law or any legal or regulatory authority). The foregoing obligations shall not apply (or shall cease to apply) if that information: (a) is public knowledge or already known to such party at the time of disclosure; or (b) subsequently becomes public knowledge other than by breach of this Agreement; or ( c) subsequently comes lawfully into the possession of such party from a third-party. Each party shall use its reasonable endeavors to prevent the unauthorized disclosure of any confidential information.
No party shall make, or permit any person to make, any public announcement concerning this Agreement without the prior written consent of the other party (such consent not to be unreasonably withheld or delayed), except as otherwise permitted in this Agreement or as required by a binding order from any governmental or regulatory authority which has the authority to force disclosure, any court or other authority of competent jurisdiction, providing that the disclosing party is given a reasonable time to dispute the order if possible.
Waiver: No failure or delay by a party to exercise in whole or part any right or remedy provided under this Agreement or by law shall constitute a waiver of that or any other right or remedy.
Entire Agreement: This Agreement contains the entire agreement between the parties relating to the use of the Spidx Platform by you when this Agreement was accepted by you to the exclusion of any other agreement or arrangement. Neither party has relied on any prior agreement, document or representation (including innocent and negligent misrepresentations) in entering into this Agreement. Nothing in this clause shall operate to exclude or limit a party’s liability for fraud or fraudulent misrepresentation.
Conflict of terms: If there is any conflict between this Agreement and any Terms of Service, the terms of this Agreement shall prevail. If there is any conflict between the Spidx Terms of Service and this Agreement, the terms of this Agreement shall prevail.
Severance: If any term of this Agreement is or becomes invalid, illegal, or unenforceable, it shall be deemed modiﬁed to the minimum extent necessary to make it valid, legal, and enforceable. If such modiﬁcation is not possible, the relevant provision or part-provision shall be deemed deleted. Any modiﬁcation to or deletion of a provision or part-provision under this section shall not affect the validity and enforceability of the rest of the Agreement.
Third parties: Except for Spidx’s Aﬃliates, which may enforce the terms of this Agreement, a person who is not a party to the Agreement shall not have any rights to enforce any term of the Agreement.
Notices: Any notice or other communication given to a party under or in connection with the Agreement shall be in writing through the Admin, which shall be deemed to have been received 1 business day after transmission, or by email which for you shall be to the email address you used to create your account on the Admin and for us shall be the email address provided below, which shall be deemed to have been received immediately after transmission provided that no automatically generated email communicating an out of office response or failed delivery is received by the sender.
Amendment of this Agreement: Spidx is entitled to amend this Agreement at any time and to add new or additional terms or conditions on your use of the Spidx Platform on 30 days notice given on either our website or app, or otherwise communicated to you. Any amendments and additional terms will be effective on expiry of the notice and incorporated into this Agreement. Your continued use of the Spidx Platform will be deemed acceptance of such updated terms and conditions.
References in this Agreement: If we refer to a statute or statutory provision, this reference includes amendments or re-enactments of that legislation, and any subordinate legislation. Any phrase introduced by the terms including, include, or in particular, or any similar expression, are illustrative and do not limit the words preceding those terms.
Subcontracting and Assignment: Spidx may subcontract or assign any of its rights and obligations in this Agreement to its Affiliates, provided that the Spidx entity you are contracting with remains directly responsible to you.
Contracting Party, Governing Law, Notices and Jurisdiction
Who you are contracting with, the address to which you should send notices, which law applies in the event of a dispute, and which courts have jurisdiction depend on where you are domiciled.
If you are domiciled in the United States or any other country except Brazil then:
- you are contracting with Spidx LLC whose EIN is 85-0973728 and whose registered address is 1178 Broadway, 3rd Floor #1005, New York, NY 1000. You can contact us by writing to us at: contact@Spidx.app or at our registered address;
- this Agreement, and any dispute or claim arising out of or in connection with it (including non-contractual disputes or claims) shall be governed by, and construed in accordance with the laws of New York, USA; and
- the courts of New York, USA shall have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this Agreement or Your use of the Spidx Services.
If you are domiciled in Brazil then:
- you are contracting with Griaule Ltda whose CNPJ is 05.248.770/0001-71 and whose registered address is Av Romeu Tortima 1448, 13083-897, Campinas, SP. You can contact us by writing to us at: contact@Spidx.app or at our registered address;
- this Agreement, and any dispute or claim arising out of or in connection with it (including non-contractual disputes or claims) shall be governed by, and construed in accordance with the laws of Campinas, Brazil; and
- the courts of Campinas, Brazil shall have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this Agreement or Your use of the Spidx Services.
Schedule 1 to the Terms – Definitions
Admin means a web application developed and made available by Spidx to Organizations which allows you to manage your Organization Account and your Use Cases.
Affiliate means any entity that directly or indirectly controls, is controlled by, or is under common control with a party to this Agreement from time to time.
Application means any application that is developed and hosted by you or on your behalf, to interface with the Spidx Platform using Spidx App through the Spidx SDKs or Spidx APIs.
Attribute means an item of personal data or document image relating to an Individual and includes identity data verified by Spidx, unverified data submitted by an Individual, Third-Party Attributes and any metadata or statement relating to an Individual.
Customer means a customer of an Organization, being an Individual who requests to share or exchange Attributes with the Organization using their Individual Spidx Account.
Data Controller, Data Processor, and Personal Data have the meaning in the Privacy Laws.
Documentation means any document and guidance (whether in electronic or hard copy) issued by or on behalf of Spidx to assist you in implementing and using the Spidx Platform.
Individual means a person with an Individual Spidx Account or a person who interacts with a Product.
Individual Spidx Account means an account created by an Individual to use Spidx App.
Intellectual Property Rights means patents, rights to inventions, copyright, trademarks, logos and service marks, business names and domain names, rights in designs, rights in computer software, database rights, rights to use and protect the confidentiality of confidential information (including know-how and trade secrets), and any other intellectual property rights, in each case whether registered or unregistered and including all applications, renewals or extensions and all similar or equivalent rights which subsist or will subsist in the future in any part of the world.
Organization means you, or any other organization which has read and accepted these terms and conditions and created an Organization Account.
Organization Account means an account created by an Organization in order to use the Spidx Platform.
Page means any webpage that is developed and hosted by you or on your behalf, to interface with the Spidx Platform using Spidx App through the Spidx SDKs or Spidx APIs.
Pricing Schedule means the pricing available on Spidx.app/pricing.
Privacy Laws means the Californian Consumer Privacy Act, the EU General Data Protection Regulation, and other applicable and equivalent local data protection laws.
Product means one of Spidx’s products, described in a Product Annex.
Product Annex means one of the annexes to this Agreement.
Software means all software and code made available by us to you in accordance with this Agreement, including Spidx APIs and Spidx SDKs.
Spidx API means an application programming interface provided by Spidx to allow Organizations or Individuals, including you, to use the Spidx Platform.
Spidx App means the app owned and made available by Spidx from time to time on the Apple App Store, Google Play, and other platforms.
Spidx Button means the software development kit made available to embed on your applications using an Spidx SDK and its branding.
Spidx Platform means Spidx’s systems (including front end and back end) used in providing the Products including but not limited to the Spidx App, SDK Spidx Button, the Software, the Admin, Applications, and Pages.
Spidx SDK(s) means one or more software development kits or libraries or application programming interfaces which allow Organizations or Individuals, including you, to communicate with and use other components of the Spidx Platform.
Terms means the main part of this Agreement, including its Schedules.
Terms of Service means Spidx’s Terms of Service which can be found at Spidx.app/terms/app, which govern the use of Individual Spidx Accounts by Individuals.
Third-Party Attribute means data relating to an Individual that is added to that person’s Individual Spidx Account profile either by the Individual or an Organization, which data may or may not be verified by a third-party, and which could include data presented in a showable ‘ID card’ format in Spidx App.
Third-Party Services means the products or services of third parties which Spidx may make available to you via the Spidx Platform from time to time.
Transaction means the receipt or exchange of one or more Attributes between Customers and you via the Spidx Platform.
Transaction Charges means the charges payable by you in respect of Transactions.
Transaction History means a receipt or other token conﬁrming the exchange of one or more Attributes between you and a Customer as part of a Transaction.
Use Cases means the set of Attributes and checks chosen by you to verify the identity of your customers using Spidx Platform.
Schedule 2 to the Terms – Data Processing Annex
Spidx certifies that it understands and will comply with its obligations under the California Consumer Privacy Act (CCPA), the EU General Data Protection Regulation, and other applicable and equivalent local data protection laws.
Spidx shall, as a Data Processor (known as a ‘service provider’ in some other Privacy Laws):
- only use the Personal Data for the legitimate purposes of performing its obligations under this Agreement and for no other purposes unless instructed to do so by you;
- act only on written lawful and reasonable instructions from you in relation to the Personal Data;
comply with all the relevant requirements of the Privacy Laws;
- not sub-contract the processing of any of the Personal Data to any third party without your prior consent. You agree that Spidx may use its Affiliates and cloud hosting services as sub-processors;
- ensure that appropriate technical and organizational security measures are in place against unauthorized or unlawful processing of the Personal Data and against accidental loss or destruction of, or damage to, the Personal Data in accordance with the Privacy Laws;
- take reasonable steps to ensure the reliability of any of its employees, agents, and contractors who have access to the Personal Data;
- only transfer Personal Data (as applicable) in compliance with Privacy Laws;
- assist you with an Individual’s rights request to the extent we can;
- either delete Personal Data as soon as the relevant service is provided, or provide you with the ability to export or delete the Personal Data;
- reasonably demonstrate compliance with this Schedule 2 on request by you; and
- inform you promptly on becoming aware of a breach of security in relation to your Personal Data.
Spidx shall use its reasonable endeavors to assist, as needed and as far as we technically can, you to demonstrate your compliance with your obligations under Privacy Laws (in connection to this Agreement) relating to:
- breach notifications;
- data protection impact assessments; and
- prior consultation.
Annex 1 – the Admin
The Admin is an online platform where entities can apply to be a verified Organization and where Organizations can obtain API keys, set up the Use Cases, and download Transaction History. You may access the Admin at admin.spidx.app. You may use the Admin to create and manage Use Cases and use the Spidx Button SDK embedded on your Applications and Pages to facilitate Transactions with your Customers.
Setting up your Organizational Account
To set up or access an Organization Account an Individual must (a) first create (or have) an Individual Spidx Account and agree to the Spidx Terms of Service; and (b) be authorized by you to create an Organization Account on your behalf. You may subsequently authorize additional Individuals to access your Organization Account and determine the access permissions of each such Individual.
You warrant and represent that the Individual who establishes the Organization Account has the authority to bind you by agreeing to this Agreement.
You must ensure that any information relating to your Organization is true and accurate in all material respects at the time that it is supplied to Spidx. You must use your best efforts to keep all information about your Organization on the Spidx Platform up to date at all times.
Verification of your Organization Account
The Individual applying for your Organization Account must enter the information required by Spidx at the account creation page. Spidx may request further information from you about your Organization, both after as well as before approving your Organization Account. Spidx may use third-party databases to verify the information provided by an Individual about you.
Until Spidx approves your application for an Organization Account your status will appear as pending. Approval of an application for an Organization Account will in every case be at Spidx’s sole discretion and if we reject your application your Organization Account may be suspended or closed.
Spidx may suspend your Organization Account if you provide insuﬃcient or inaccurate information, if Spidx is unable to verify any information provided about you, if you do not provide additional information when requested by Spidx, if your account registration appears suspicious or Spidx has any other concerns about you, your identity or the purpose for which you intend to use an Organization Account.
Data Protection, license and liability
When storing Attributes for you on the Admin we are acting as your Data Processor. We will do so in accordance with Schedule 2 to the Terms.
You are responsible for all content (including all underlying code, data, links, and functionality) forming part of any Page or Application.
You hereby grant to Spidx an irrevocable, non-exclusive, royalty-free, worldwide license to receive, store and use all Pages or Applications and all content of Pages and Applications for the purposes of providing the Spidx Platform to you.
Transaction History may be stored on the Admin or may be sent directly to you. Spidx’s current intention is not to delete these Transaction History but Spidx reserves the right to change this policy in the future. Unless agreed otherwise, Spidx shall not charge for the retention of Transaction History but Spidx reserves the right to charge in the future depending on factors which may include length or volume of storage, changes in legislation, and frequency of access of Transaction History. You should export your Transaction History and should not solely rely on Spidx continuing to store Transaction History for you, even if we have agreed to. Spidx shall not be liable to you under contract, tort, negligence or statute if we intentionally delete your Transaction History (unless we have expressly agreed to store them for you), your Transaction History are lost or corrupted or we cannot access your Transaction History for any reason.
You must ensure that material on the Admin:
- is accurate and complies with any applicable laws;
- does not contain any information which is defamatory, obscene, inflammatory or discriminatory based on race, sex, religion, nationality, disability, sexual orientation, or age;
- does not contain sexually explicit material or violence or promote any illegal activity;
- does not infringe the Intellectual Property Rights of any other person;
- is not likely to deceive any person;
- does not breach any legal duty owed to a third party;
- is not used to impersonate any person or organization, or to misrepresent someone’s identity or affiliation with any person; and
- does not advocate, promote or assist any unlawful act including copyright infringement or computer misuse.
Use of the Admin
You must procure that authorized Individuals only use the Admin (and any information contained in it, including Attributes and Transaction History) for proper and lawful business purposes and in accordance with the terms of this Agreement.
You are responsible for terminating access to your Organization Account for any Individual that you no longer want to have access to the Admin for any reason. You must do this via the Admin.
Anonymized data indicating the number and type of time-stamped Attributes exchanged with Customers will be accessible by Spidx for use in accordance with and for the purposes of this Agreement and the provision of the Spidx Platform to you.
You must access the Admin using the Individual Spidx Account of an authorized Individual or otherwise using login details as may be provided to you by Spidx from time to time.
Only an Individual who is authorized with the necessary permissions to access the Admin may access the Admin on your behalf.
You are responsible for any loss or damage resulting from the misuse of an Organization Account or misuse of any Individual Spidx Account in connection with your Organization Account, or use of login details supplied to you by Spidx, by any Individual who is authorized with the necessary permissions to access the Admin or by any third-party, either with or without your knowledge. You shall notify Spidx immediately if you notice or suspect any unauthorized use of your account, misuse of login details, or any other breach of security.
Adding links within the Admin
You may add URL links to your Page and Application login, sign up and other transactions screens within the Admin, provided you do so in a way that is fair and legal and does not damage Spidx’s reputation.
You may not display links in such a way so as to suggest any form of association, approval, or endorsement by Spidx where none exists.
Spidx reserves the right to withdraw the linking functionality without notice at its absolute discretion.
Annex 2 – the Spidx App & the Spidx Button
The Spidx App is a consumer-controlled application available on Android and iOS and is how Spidx delivers Attributes sharing by an Individual. This requires an Organization Account, Use Case, Spidx SDK, Page or Application that you have set up. The Attributes can be stored in Admin, in the form of Transaction History, or be sent directly to your systems, being stored on your systems. Attribute sharing can be used to verify identity and also to authenticate returning users.
The Spidx Button is an integration solution made available to embed on your Applications and Pages using an SDK, which is integrated into your own user journey, and which results in a call to the Spidx App, where veriﬁed or unverified Attributes may be sent to your Admin or directly to your own systems by Spidx Platform.
The Spidx App can perform data extraction checks on its supported Attributes, and it can be used by you in three different ways, from a:
- call by the Spidx Button;
- shared link created using the Admin; or
- shared link created via API call.
We are a Data Controller of Attributes that Individuals provide to us, and at the point Attributes are shared with you by an Individual you become a Data Controller of those Attributes in your own right. However, we are acting as your Data Processor where we are sent or have access to personal data in order to produce and share Third-Party Attributes. Where we are acting as your Data Processor we will do so in accordance with Schedule 2 to the Terms.
The Spidx App collects consent from the Individual when they set their Individual Spidx Account. If you are using the biometric match or liveness checks within your Use Cases and the Individuals interacting with Spidx App are from a territory where consent is required for biometric processing then you must configure the consent option ‘on’ and retain a record of that consent, or ensure you capture consent in Spidx’s name in the required manner yourself. Any biometric template received by you through Spidx Platform must be deleted within three years of the initial purpose being satisﬁed or the last interaction with the user, whichever occurs ﬁrst. You indemnify us against all losses (including for paying compensation, defending lawsuits, or regulatory or enforcement action against us) for any failure to comply with this paragraph.
Where you are using the biometric match or liveness checks within your Use Cases, you must not use Spidx App as the only method for your or another entity’s staff or customers to access a speciﬁc service or product they are obliged to use. You must offer an alternative method. This is to ensure Spidx can collect valid consent to biometric processing.
You must only request that Customers share Attributes with you that are reasonably necessary and lawful for the purpose for which you request them in accordance with the “data minimization” principle. Spidx may in its discretion restrict, suspend or terminate use of the Spidx Platform by any Organization which Spidx believes to be requesting excessive or inappropriate types or volumes of Attributes from Customers.
Spidx reserves the right to vet, prevent request or suspend Organizations requesting the document image Attribute if Spidx believes acting reasonably that the Organization will not or is not applying suﬃcient security to the document image Attribute.
If you are providing Third-Party Attributes to Spidx, you warrant as a condition to this Agreement that you will only provide data that you have veriﬁed as being correct, accurate, up to date and not misleading and that you will revoke the Third-Party Attribute as soon as you have actual or constructive knowledge that it is no longer accurate or up to date.
Liability and Transaction Charges
The chargeable event for the use of Spidx App is when Spidx completes each check. We charge for each check we do regardless of the outcome. You can configure the checks you need either in Admin or in your integration by setting up your Use Cases.
Where Spidx verifies Attributes relating to Individuals it does so as a one-time transaction. Spidx does not update or re-verify any Attributes of Individuals which subsequently change or expire. Individuals are responsible for the accuracy of their Attributes and for keeping their Attributes up-to-date. Organizations may request a re-verification of an Attribute relating to a Customer which will be charged for each re-veriﬁcation.
Spidx is able to receive Attributes in the form of Third-Party Attributes from trusted issuing authorities. Spidx does not guarantee that any Third-Party Attributes have been issued to Spidx correctly.
You have the ability to select which checks Spidx does on Individuals and whether a manual check by your side is used as back up for the automatic data extraction or biometric match checks. You may have the ability to accept, or not, different types of Attributes and checks. Some of those Attributes and checks are more reliable than others. It is your responsibility to ensure you select the Attributes and checks acceptable to you. Spidx is not liable for issues that may have been discovered using a check that you have not chosen. You shall notify Spidx immediately if you notice or suspect any Attribute provided by any Individual is false.
Spidx reserves the right to cease supporting Spidx App for older operating systems that are no longer supported by Android or Apple and for phone models that are not used by a signiﬁcant proportion of Spidx users in Spidx’s absolute opinion.
The chargeable events for receiving Attributes or Credentials from an Individual using Spidx App is when a transfer of any Attribute is completed. The chargeable event for creation of a showable Credential (a digital ID card) is when the details of the Individuals to be issued the showable Credential are received by Spidx.
Spidx Button specific terms
If using the SDK Spidx Button you must not amend or remove the Spidx branding, and you must follow the branding contained in the Spidx SDKs and Documentation.