Terms of Service

• "Authorized Users" means individuals authorized by Customer to access the Services under Customer's account.
• "Customer Data" means any data, including personal data, provided by or on behalf of Customer through the Services.
• "Documentation" means the user guides, help documentation, and API documentation provided by Company.
• "Order" means a subscription, credit purchase, or other commercial arrangement for the Services.
• "Verification Session" means a single identity verification transaction processed through the Services.
• "Verification Subject" means the individual whose identity is being verified in a Verification Session.

2.1 License Grant. Subject to the terms of this Agreement, Company grants Customer a non-exclusive, non-transferable, revocable right to access and use the Services during the applicable subscription term solely for Customer's internal business purposes.

2.2 Account Registration. Customer must register for an account and provide accurate, current, and complete information. Customer is responsible for maintaining the confidentiality of account credentials and for all activities under its account.

2.3 Free Trial. New accounts receive five (5) complimentary Verification Sessions ("Trial Credits"). Trial Credits provide full access to all verification methods. No payment information is required to use Trial Credits.

3.1 Pricing Plans. The Services are available under the following pricing models:

• Pay As You Go — $5.00 per Verification Session with no subscription commitment.
• Bulk Packs — Pre-purchased verification credits at volume discounts. Credits do not expire.
• Growth Subscription — $499/month with 200 included Verification Sessions. Overage billed at $2.50 per additional session.
• Enterprise Subscription — $1,499/month with 750 included Verification Sessions. Overage billed at $2.00 per additional session.
• Custom — Negotiated pricing for high-volume or specialized requirements.

3.2 Payment Terms. Subscription fees are billed monthly in advance. Pay-as-you-go and overage fees are billed in arrears. All payments are processed through Stripe, Inc. and are due upon invoice.

3.3 Taxes. Fees are exclusive of all taxes. Customer is responsible for all applicable taxes, excluding taxes based on Company's income.

3.4 Fee Changes. Company may change fees upon 30 days' written notice. Fee changes apply at the start of the next billing period.

4.1 Lawful Use. Customer shall use the Services in compliance with all applicable laws, regulations, and industry standards, including but not limited to the Fair Credit Reporting Act (FCRA), Equal Employment Opportunity laws, and applicable biometric privacy laws.

4.2 Verification Subject Consent. Customer is responsible for ensuring that each Verification Subject provides informed, written consent prior to initiating a Verification Session. The Services provide an on-screen consent mechanism, but Customer remains responsible for compliance with all applicable consent requirements.

4.3 Acceptable Use. Customer shall not: (a) use the Services for surveillance, mass screening, or any purpose other than identity verification of identified individuals; (b) attempt to reverse-engineer, decompile, or disassemble the Services; (c) use the Services to discriminate against any individual on a prohibited basis; (d) exceed rate limits or abuse the platform; (e) share account credentials with unauthorized parties; or (f) use the Services in violation of any law.

5.1 Data Processing. Company processes Customer Data solely as necessary to provide the Services. Company acts as a data processor (or service provider under CCPA) with respect to Customer Data containing personal information of Verification Subjects.

5.2 Data Processing Agreement. For Enterprise customers, Company will enter into a Data Processing Agreement (DPA) that includes obligations under GDPR Article 28, sub-processor management, data subject access request assistance, and audit rights. DPAs are available upon request at legal@idchecker.ai.

5.3 Security Measures. Company maintains technical and organizational security measures designed to align with NIST 800-53 controls and SOC 2 Trust Services Criteria, including:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Role-based access controls with least-privilege principles
• Immutable, SOX-compliant audit logs
• Regular vulnerability assessments and penetration testing
• Documented incident response procedures
• Employee background checks and security awareness training

5.4 Biometric Data. Biometric data collected during Verification Sessions is automatically purged within 24 hours of session completion. Company does not sell, lease, or trade biometric data.

5.5 Sub-Processors. Company uses third-party sub-processors including Google Cloud Platform and Stripe. A current list of sub-processors is available upon request. Company will notify Enterprise customers at least 30 days prior to engaging new sub-processors.

5.6 HIPAA. For healthcare organizations processing Protected Health Information (PHI), Company will execute a Business Associate Agreement (BAA) upon request.

6.1 Availability Target. Company targets 99.9% monthly uptime for Enterprise subscriptions and 99% for Growth subscriptions, measured as the percentage of minutes the Services are available during a calendar month, excluding scheduled maintenance.

6.2 Scheduled Maintenance. Company will provide at least 48 hours' advance notice of scheduled maintenance windows. Maintenance will be scheduled during off-peak hours when feasible.

6.3 Incident Response. Company will respond to reported incidents according to the following targets:

• Critical (service unavailable) — Response within 1 hour; updates every 30 minutes
• High (significant degradation) — Response within 4 hours; updates every 2 hours
• Medium (minor impact) — Response within 1 business day
• Low (informational) — Response within 2 business days

7.1 Company IP. Company retains all rights, title, and interest in the Services, including all technology, algorithms, models, documentation, and trademarks. This Agreement does not grant Customer any rights in the foregoing except the limited use rights expressly stated herein.

7.2 Customer Data. Customer retains all rights, title, and interest in Customer Data. Customer grants Company a limited license to process Customer Data solely to provide the Services.

7.3 Aggregated Data. Company may use anonymized, aggregated data derived from the Services for product improvement, benchmarking, and research purposes, provided such data cannot identify Customer, any Authorized User, or any Verification Subject.

Each party agrees to hold the other's Confidential Information in confidence using the same degree of care it uses to protect its own confidential information (but no less than reasonable care). Confidential Information includes the terms of this Agreement, Customer Data, Company technology, and any information designated as confidential. Confidential Information does not include information that is: (a) publicly available; (b) independently developed; (c) rightfully received from a third party; or (d) required to be disclosed by law.

9.1 Company Warranty. Company warrants that: (a) the Services will perform materially in accordance with the Documentation; (b) Company will provide the Services in a professional and workmanlike manner; and (c) Company has the authority to enter into this Agreement.

9.2 Disclaimer. EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE." COMPANY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. COMPANY DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR THAT ALL VERIFICATION RESULTS WILL BE ACCURATE. IDENTITY VERIFICATION RESULTS SHOULD BE USED AS ONE FACTOR AMONG MANY IN DECISION-MAKING PROCESSES.

10.1 Limitation. TO THE MAXIMUM EXTENT PERMITTED BY LAW, COMPANY'S TOTAL AGGREGATE LIABILITY UNDER THIS AGREEMENT SHALL NOT EXCEED THE GREATER OF (A) THE FEES PAID BY CUSTOMER IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (B) $10,000.

10.2 Exclusion. IN NO EVENT SHALL COMPANY BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, REVENUE, DATA, OR BUSINESS OPPORTUNITIES, REGARDLESS OF THE THEORY OF LIABILITY.

10.3 Exceptions. The limitations in this Section 10 do not apply to: (a) Company's breach of its confidentiality or data security obligations; (b) Company's indemnification obligations; or (c) Company's willful misconduct or gross negligence.

11.1 By Company. Company will indemnify, defend, and hold harmless Customer from third-party claims arising from: (a) Company's breach of its data security obligations; (b) infringement of a third party's intellectual property rights by the Services as provided by Company; or (c) Company's violation of applicable law.

11.2 By Customer. Customer will indemnify, defend, and hold harmless Company from third-party claims arising from: (a) Customer's misuse of the Services; (b) Customer's failure to obtain required consents from Verification Subjects; (c) Customer Data; or (d) Customer's violation of applicable law.

12.1 Term. This Agreement begins when Customer first accesses the Services and continues until terminated. Subscription terms automatically renew for successive periods unless either party provides 30 days' written notice of non-renewal.

12.2 Termination for Cause. Either party may terminate this Agreement immediately upon written notice if the other party: (a) materially breaches this Agreement and fails to cure within 30 days of notice; or (b) becomes insolvent, files for bankruptcy, or ceases operations.

12.3 Termination for Convenience. Customer may terminate a subscription at any time by providing 30 days' written notice. Fees paid for the current billing period are non-refundable.

12.4 Effect of Termination. Upon termination: (a) Customer's access to the Services will cease; (b) Company will make Customer Data available for export for 30 days; (c) after the 30-day export period, Company will delete Customer Data in accordance with its data retention policies; (d) Sections 7–11, 13, and 14 survive termination.

13.1 Regulatory Framework. The Services are designed to assist Customer with compliance requirements including:

• GDPR — EU General Data Protection Regulation
• CCPA/CPRA — California Consumer Privacy Act / California Privacy Rights Act
• SOX — Sarbanes-Oxley Act (audit trail requirements)
• NIST 800-53 — Security and privacy controls (aligned)
• NIST CSF — Cybersecurity Framework (aligned)
• BIPA / CUBI — Biometric privacy laws
• HIPAA — Health Insurance Portability and Accountability Act (with BAA)

13.2 Certifications Roadmap. SOC 2 Type II certification is on Company's active roadmap. Company designs all controls to meet SOC 2 Trust Services Criteria and will provide certification documentation upon achievement.

13.3 Audit Rights. Upon reasonable notice and no more than once per year, Enterprise customers may audit Company's compliance with its security and data processing obligations under this Agreement, subject to reasonable confidentiality protections.

14.1 Governing Law. This Agreement is governed by the laws of the State of Tennessee, without regard to its conflict of laws provisions.

14.2 Dispute Resolution. Any dispute arising under this Agreement shall first be subject to good-faith negotiation for 30 days. If unresolved, disputes shall be resolved by binding arbitration under the rules of the American Arbitration Association in Nashville, Tennessee.

14.3 Assignment. Customer may not assign this Agreement without Company's prior written consent, except in connection with a merger or acquisition of substantially all of Customer's assets.

14.4 Entire Agreement. This Agreement, together with any applicable Order, DPA, and BAA, constitutes the entire agreement between the parties and supersedes all prior agreements and understandings.

14.5 Amendments. Company may amend these terms upon 30 days' notice. Continued use of the Services after the notice period constitutes acceptance of amended terms. Material changes to data processing or security obligations require affirmative consent.

14.6 Severability. If any provision of this Agreement is held unenforceable, the remaining provisions shall continue in full force and effect.

14.7 Force Majeure. Neither party shall be liable for delays or failures in performance resulting from circumstances beyond its reasonable control, including natural disasters, acts of government, pandemics, cyber-attacks, or infrastructure failures.

For questions about these Terms of Service, contact:

IDChecker AI LLC
6688 Nolensville Rd, Ste 108-315
Brentwood, TN 37027
United States
Email: legal@idchecker.ai