Terms of Service

1. Acceptance of Terms

By accessing or using eIDAS Pro services ("Service"), you ("Customer," "you," or "your") agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, do not use the Service.

These Terms constitute a legally binding agreement between you and eIDAS Pro ("we," "our," or "us"). By creating an account, integrating our API, or using our verification services, you acknowledge that you have read, understood, and agree to these Terms.

2. Service Description

eIDAS Pro provides digital identity verification services using eIDAS (electronic IDentification, Authentication and trust Services) infrastructure. Our Service enables real-time verification of EU digital identity credentials through REST API, JavaScript widget, and e-commerce plugins.

The Service is provided "as is" and "as available" without warranties of any kind, either express or implied.

3. User Accounts and Eligibility

3.1 Account Registration

To use the Service, you must create an account and provide accurate, current, and complete information. You are responsible for:

• Maintaining the confidentiality of your account credentials
• All activities that occur under your account
• Notifying us immediately of any unauthorized access

3.2 Eligibility

You must be at least 18 years old and have the legal capacity to enter into binding contracts. By using the Service, you represent and warrant that you meet these requirements.

4. Acceptable Use Policy

You agree NOT to:

• Use the Service for any illegal purpose or in violation of any laws
• Attempt to gain unauthorized access to our systems or networks
• Reverse engineer, decompile, or disassemble any part of the Service
• Use the Service to verify identities without proper consent from end users
• Resell or redistribute the Service without our written permission
• Interfere with or disrupt the Service or servers
• Use automated scripts to abuse or overload the Service (rate limits apply)
• Store or transmit malicious code through the Service

Violation of this Acceptable Use Policy may result in immediate account termination without refund.

5. Customer Responsibilities and Compliance

5.1 Customer's Legal Obligations

YOU ARE SOLELY RESPONSIBLE FOR:

• Obtaining proper consent from end users before initiating identity verification
• Compliance with GDPR, eIDAS Regulation, and all applicable data protection laws
• Implementing proper data handling procedures in your application
• Securing API keys and preventing unauthorized access
• Determining the appropriateness of identity verification for your use case
• Complying with industry-specific regulations (AML, KYC, age verification laws, etc.)

5.2 Data Protection

eIDAS Pro acts as a data processor. You, as the data controller, are responsible for:

• Having a lawful basis for processing personal data
• Providing clear privacy notices to end users
• Handling data subject rights requests (access, deletion, etc.)
• Maintaining appropriate technical and organizational measures

6. Data Processing Terms

6.1 Roles and Responsibilities

For purposes of GDPR and applicable data protection laws:

• You are the Data Controller - You determine the purposes and means of processing personal data through the Service
• eIDAS Pro is the Data Processor - We process personal data only on your behalf and according to your instructions

6.2 Data We Process

When you use eIDAS Pro for identity verification, we process:

• Verification attributes - Only the specific attributes you request (e.g., age_over_18, country)
• Session metadata - Verification timestamps, session IDs, assurance levels
• Audit logs - Records of verification events (for paid tiers)

We do NOT receive or store: Identity documents, passport scans, biometric data, or any data beyond the specific attributes you request.

6.3 Our Processor Obligations

As your data processor, eIDAS Pro commits to:

• Process data only according to your documented instructions
• Implement appropriate technical and organizational security measures
• Notify you of any data breach affecting your data within 48 hours
• Assist you in responding to data subject rights requests
• Delete or return your data upon contract termination
• Not engage sub-processors without prior notification

6.4 Sub-Processors

We use the following sub-processors:

• Supabase (Database) - EU region, SOC 2 certified
• Railway/Netlify (Hosting) - Infrastructure providers
• Resend (Email) - Transactional email delivery

We will notify you of any changes to sub-processors with 30 days notice.

6.5 Data Retention and Deletion

Verification data is retained according to your subscription tier:

• Starter - No audit log retention
• Standard - 30-day audit log retention
• Scale/Enterprise - Configurable retention (up to unlimited)

Upon account termination, all your data is permanently deleted within 30 days.

7. Pricing and Payment Terms

7.1 Subscription Plans

Pricing is as stated on our website at the time of purchase. We offer multiple subscription tiers (Starter, Growth, Scale, Enterprise) with different usage limits and features.

7.2 Billing and Renewals

• Subscriptions automatically renew unless canceled before the renewal date
• Payments are processed through Freemius (third-party payment processor)
• You are responsible for providing valid payment information
• Failed payments may result in service suspension after 7 days

7.3 Refunds

We offer a 14-day money-back guarantee for first-time subscribers. Refunds after 14 days are at our sole discretion. Usage-based overages are non-refundable.

7.4 Price Changes

We may modify pricing with 30 days' notice. Price changes do not affect current subscription periods, only renewals.

8. Service Level and Uptime

We strive to provide reliable service but do not guarantee uninterrupted access. Uptime SLAs (Service Level Agreements) are only provided for Enterprise customers with written agreements.

We may perform scheduled maintenance with advance notice. Emergency maintenance may be performed without notice.

9. Limitation of Liability and Disclaimers

9.1 No Warranty

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO:

• WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
• WARRANTIES OF NON-INFRINGEMENT
• WARRANTIES THAT THE SERVICE WILL BE ERROR-FREE, SECURE, OR UNINTERRUPTED
• WARRANTIES REGARDING THE ACCURACY OR RELIABILITY OF VERIFICATION RESULTS

9.2 Customer Use and Liability

WE ARE NOT RESPONSIBLE FOR YOUR USE OF THE SERVICE OR ANY CONSEQUENCES ARISING FROM SUCH USE. Specifically:

• Customer Errors: We are not liable for mistakes, misconfigurations, or improper implementation by you or your developers
• Compliance Violations: You are solely responsible for ensuring your use of the Service complies with all applicable laws. We are not liable if you violate GDPR, eIDAS, AML/KYC regulations, or other legal requirements
• Third-Party Actions: We are not responsible for actions of your end users, including fraudulent identity claims or misuse of verified credentials
• Verification Accuracy: While we use eIDAS-compliant infrastructure, we do not guarantee 100% accuracy of verification results. You are responsible for implementing appropriate risk management procedures
• Data Breaches: If a data breach occurs in YOUR application due to YOUR security failures, you are responsible for breach notification and remediation

9.3 Regulatory and Legal Consequences

WE ARE NOT LIABLE FOR ANY FINES, PENALTIES, SANCTIONS, OR LEGAL CONSEQUENCES YOU INCUR AS A RESULT OF:

• Non-compliance with GDPR, eIDAS, or other data protection regulations
• Failure to obtain proper consent from end users
• Inadequate data security measures in your application
• Misuse of verification data or results
• Violations of AML/KYC, age verification, or sector-specific regulations
• Actions taken by regulatory authorities against your business

Example: If your business is fined by a data protection authority for GDPR violations related to how you implemented or used eIDAS Pro, you bear full responsibility for such fines. We are not liable for penalties resulting from your compliance failures.

9.4 Limitation of Damages

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

• Our total liability shall not exceed the amount you paid us in the 12 months preceding the claim
• We are not liable for indirect, incidental, consequential, special, or punitive damages
• We are not liable for lost profits, lost revenue, lost data, or business interruption
• These limitations apply regardless of the legal theory (contract, tort, negligence, strict liability, etc.)

9.5 Force Majeure

We are not liable for failures or delays caused by circumstances beyond our reasonable control, including but not limited to: acts of God, natural disasters, terrorism, war, internet service provider failures, government actions, pandemics, or third-party service disruptions.

10. Indemnification

You agree to indemnify, defend, and hold harmless eIDAS Pro (and our directors, officers, employees, agents, and affiliates) from any claims, liabilities, damages, losses, costs, or expenses (including legal fees) arising from:

• Your use or misuse of the Service
• Your violation of these Terms or applicable laws
• Your violation of any third-party rights, including privacy or intellectual property rights
• Regulatory actions taken against you due to your compliance failures
• Claims by your end users related to identity verification

11. Intellectual Property

All intellectual property rights in the Service (including software, documentation, trademarks, and content) remain our exclusive property. We grant you a limited, non-exclusive, non-transferable license to use the Service according to these Terms.

You may not:

• Copy, modify, or create derivative works of the Service
• Remove or alter any proprietary notices
• Use our trademarks without written permission

12. Termination

12.1 Termination by You

You may cancel your subscription at any time through your account dashboard. Cancellation takes effect at the end of the current billing period. No refunds for partial periods.

12.2 Termination by Us

We may suspend or terminate your account immediately if you:

• Violate these Terms
• Engage in fraudulent activity
• Fail to pay fees (after 7-day grace period)
• Use the Service in a manner that harms us or other users

12.3 Effect of Termination

Upon termination, your access to the Service immediately ceases. We will delete your account data within 30 days, except for data we are legally required to retain.

13. Dispute Resolution and Governing Law

13.1 Governing Law

These Terms are governed by the laws of [Your Jurisdiction - EU Member State], without regard to conflict of law principles.

13.2 Dispute Resolution

Before initiating legal proceedings, parties agree to attempt good-faith resolution through negotiation. If negotiation fails after 30 days, disputes may be submitted to binding arbitration or courts of [Your Jurisdiction].

14. Changes to Terms

We may modify these Terms at any time. Material changes will be communicated via:

• Email to your registered address
• Prominent notice on our website
• 30 days before changes take effect

Continued use after changes constitute acceptance. If you disagree with changes, you must cancel your subscription.

15. General Provisions

15.1 Entire Agreement

These Terms, together with our Privacy Policy, constitute the entire agreement between you and eIDAS Pro regarding the Service.

15.2 Severability

If any provision is found unenforceable, the remaining provisions remain in full effect.

15.3 Waiver

Our failure to enforce any provision does not constitute a waiver of that provision.

15.4 Assignment

You may not assign these Terms without our written consent. We may assign our rights and obligations to any successor entity.

16. Contact Information

For questions about these Terms:

Email: support [at] eidas-pro.com
Support Page: eidaspro.com/support