Acceptance of Terms of Service
These Terms of Service govern your use of BioID Web Service (“BWS”, “Service”, “BioID”, “we”, “us” or “our”). By using the Service, you agree to be bound by the following terms and conditions and any modifications, which may be made to them from time to time, that we advise you of (“Terms of Service”), so please read carefully before using the Service. If you are using the Service for an organization, you agree to these Terms of Service for that organization and affirm that you have the authority to bind that organization to these Terms of Service. In that case, “you” and “your” will refer to that organization.
Modification of Terms of Service
We reserve the right to modify these Terms of Service at any time and in any manner at our sole discretion given thirty (30) day notice by both: (a) posting a revision on our website; and (b) sending information regarding the amendment to the email address you provide to us. You agree that we shall not be liable to you or to any third party for any modification of the Terms of Service. If the modification has a material adverse impact on your Subscription Plan or Licensing and Service Agreement (your “Service Plan”) or it is a modification in one or more sections of Data Privacy, Data Protection / Data Center Security, Compliance, Availability/Scalability/Performance, Physical Security and Data Retention/Deletion, and you do not agree to the modification, then either (i) you remain governed by the existing terms in effect until the end of the then-current term as specified in your Service Plan (“Service Term”) for the affected Services, or (ii) we both agree to replace the current Service Plan with a new one.
BioID grants you the right to access and use the Service during the Service Term in exchange for a periodic or one-time fee, a business transaction carried out by and between you and BioID as per your Service Plan.
BWS is available on a pay-per-use licensing model. Specific details are outlined in your Service Plan and may include any or all of the following: (a) number of transactions that you may use over the Service Term for a fee; (b) fee for transactions in excess of the number of transactions allocated to you under the Service Plan; (c) API call restrictions; (d) per use service fees; (e) fee for and/or hosting of the Service; and (f) the license to use BioID’s software products in connection with the Service. Other licensing models may be negotiated on a case-by-case basis.
You may write a software application or website (an “Application”) that interfaces with the Service. You acknowledge that we may change, deprecate or republish APIs for any Service or feature of a Service from time to time, and that it is your responsibility to ensure that calls or requests you make to or via our Service are compatible with then-current APIs for the Service. BioID will inform you at least 30 days in advance of any API changes or feature changes, so you can adjust your Application.
Provided that you comply with the terms of this Agreement and our policies and procedures, you may use the Service to execute Applications owned or lawfully obtained by you. You are solely responsible for your Applications, including any data, text, images or content contained therein.
BioID Web Service (BWS) Terms of Service: Free Trial
BioID offers a time-limited free trial subscription for the purpose of evaluating the BioID Web Service and testing integration. BioID reserves the right to place restrictions on free trial usage, including limiting the number or frequency of transactions. BioID may change free trial restrictions at any time. No credit card or other payment information is required to register for a free trial. On expiration the free subscription simply terminates, it does not automatically renew or convert to a paid subscription. 180 days after termination all enrolled biometric data is deleted unless specifically requested otherwise by the user.
Trial instance can be upgraded to a development instance with a paid subscription. Please contact firstname.lastname@example.org for further information.
Under these Terms of Service, you agree not to intentionally misuse the Service. In addition, your use of the Service is governed by Windows Azure Acceptable Use Policy unless the Service is being hosted on-premises by you. For example, you must not, and must not attempt to intentionally, misuse the Service to do the following things:
- Probe, scan, or test the vulnerability of any BWS applications or services other than your own
- Breach or otherwise circumvent any security, accounting, licensing, audit, or authentication measures of the Service
- Access, tamper with, or use non-public areas of the Service
- Interfere with or disrupt any user, host, or network, for example by sending a virus, overloading, flooding, spamming, or mail-bombing any part of the Service
- Plant malware or otherwise use the Service to distribute malware
- Access or search the Service by any means other than our publicly supported interfaces (for example, “scraping”)
- Send unsolicited communications, promotions or advertisements, or spam
- Send altered, deceptive or false source-identifying information, including “spoofing” or “phishing”
- Publish anything that is fraudulent, misleading, or infringes another’s rights
- Promote or otherwise advertise products or services other than your own without proper authorization
- Impersonate or misrepresent your affiliation with any person or identity
- Publish or share materials that are unlawfully pornographic or indecent, or that advocate bigotry, religious, racial or ethnic hatred
- Violate the law in any way, or to violate the privacy of others, or to defame others
- Capture, store or compare biometric data from a person without his or her knowledge and consent.
You are personally responsible for all traffic originating from your Applications to the Services using your account credentials to the Services. As such, you should protect your authentication keys, certificates and security credentials. Actions taken using your credentials shall be deemed to be actions taken by you, with all consequences including accrual of associated fees and charges, service termination, civil and criminal penalties.
BioID is the owner of various intellectual property and technology rights associated with the Service, including patent, copyright, trade secret, and trademark and service mark rights. Except for the rights expressly granted in these Terms of Service, BioID does not transfer to you or any authorized user any of BioID’s technology or other intellectual property or technology rights. All right, title, and interest in and to BioID’s technology and intellectual property will remain solely with BioID. You agree not to, directly or indirectly, reverse engineer, decompile, disassemble, or otherwise attempt to derive source code or other trade secrets from the Service or BioID’s technology. BioID agrees that data and information provided by you under these Terms of Service shall remain yours.
BioID hereby grants you a limited, revocable, nonexclusive and nontransferable right to use BioID’s regular trade names, trademarks, titles and logos (“Licensed Marks”) solely for purposes of identifying BioID’s products and services.
You agree to indemnify, defend and hold us, our affiliates and licensors, each of our and their business partners (including third party sellers on websites operated by or on behalf of us) and each of our and their respective employees, officers, directors and representatives, harmless from and against any and all claims, losses, damages, liabilities, judgments, penalties, fines, costs and expenses (including reasonable attorney’s fees), arising out of or in connection with any claim arising out of (i) your use of the Service and/or Licensed Marks in a manner not authorized by this Agreement, and/or in violation of the applicable restrictions and/or applicable law, (ii) your Application, your content, or the combination of either with other applications, content or processes, including but not limited to any claim involving infringement or misappropriation of third-party rights and/or the use, development, design, manufacture, production, advertising, promotion and/or marketing of your Application and/or your content, (iii) your violation of any term or condition of this Agreement or any applicable additional policies, including without limitation, your representations and warranties, or (iv) you or your employees’ or personnel’s negligence or willful misconduct.
We agree to promptly notify you of any claim subject to indemnification; provided that our failure to promptly notify you shall not affect your obligations hereunder except to the extent that our failure to promptly notify you delays or prejudices your ability to defend the claim. At our option, you will have the right to defend against any such claim with counsel of your own choosing and to settle such claim as you deem appropriate, provided that you shall not enter into any settlement without our prior written consent and provided that we may, at any time, elect to join in the defense with our own counsel at our own expense.
BioID represents and warrants that: (a) the Service as delivered to you and used in accordance with the specifications as set forth and available https://developer.bioid.com/bwsreference (“Specifications”) will not infringe on any patent, copyright or trade secret; (b) the Service shall conform to the Specifications in their then-current form at the time of the provision of such Service; (c) BioID has implemented information security policies and safeguards to preserve the security, integrity, and confidentiality of your data and to protect against unauthorized access and anticipated threats or hazards. During the Term of this Agreement, BioID’s sole responsibility shall be to, at BioID’s own option and cost, provide a bug fix or otherwise correct any nonconformity (excluding sample source code or open source software) to substantially conform to the specification of the Service. BioID will not be liable where BioID cannot reproduce the problems despite commercially reasonable efforts to do so. IN NO EVENT WILL BIOID BE LIABLE FOR ANY COSTS YOU OR YOUR CUSTOMERS INCUR, INCLUDING LABOR, INSTALLATION, REMOVAL, SHIPPING OR ANY OTHER ASSOCIATED COSTS, AS A RESULT OF OUR REPLACEMENT OR REPAIR OF SERVICE.
Disclaimer of Warranty
EXCEPT FOR THE WARRANTIES EXPRESSLY PROVIDED IN SECTION “BioID Warranties” OF THESE TERMS OF SERVICE, THE SERVICE IS PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED OR WARRANTIES OF ANY KIND, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY BIOID, ITS DEALERS, DISTRIBUTORS, AGENTS OR EMPLOYEES SHALL IN ANY WAY INCREASE THE SCOPE OF THIS WARRANTY. BIOID DOES NOT WARRANT THAT BIOID SERVICE OR DOCUMENTATION SHALL MEET YOUR, OR OTHER THIRD PARTY’S REQUIREMENTS, THAT THE OPERATION OF BIOID SERVICE OR DOCUMENTATION SHALL BE UNINTERRUPTED OR ERROR FREE OR MAKE ANY WARRANTY AS TO THE USE, OR THE RESULTS OF THE USE, OF THE BIOID SERVICE OR DOCUMENTATION IN TERMS OF CORRECTNESS, ACCURACY, RELIABILITY OR OTHERWISE. BIOID MAKES NO WARRANTY WITH RESPECT TO DEFECTIVE CONDITIONS OR NON-CONFORMITIES RESULTING FROM YOUR USE, MISUSE, MISINSTALLATION, MISHANDLING, ACCIDENT OR ABUSE OF BIOID SERVICE OR DOCUMENTATION; OR ERRORS RESULTING FROM MALFUNCTIONING EQUIPMENT USED BY YOU, YOUR CUSTOMERS OR ANY THIRD PARTY; OR ERRORS RESULTING FROM INCORPORATION OF SOFTWARE INTO YOUR OR YOUR CUSTOMERS’ SYSTEMS, OR FAILURE OF YOU OR YOUR CUSTOMERS TO APPLY BIOID-SUPPLIED MODIFICATIONS, DIRECTIONS, UPDATES OR CORRECTIONS. Some states do not allow the types of disclaimers in this paragraph, so they may not apply to you.
Limitation of Liability
We are not responsible for any loss or damage (including loss of use, data, business, or profits) to you or any third parties caused by the Service.
BIOID, ITS AFFILIATES, OFFICERS, EMPLOYEES, AGENTS, SUPPLIERS AND LICENSORS ARE NOT LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGE, WHETHER BASED ON CONTRACT OR TORT OR ANY OTHER LEGAL THEORY ARISING OUT OF ANY USE OF THE SERVICE OR ANY PERFORMANCE OF THE TERMS OF SERVICE, WHETHER OR NOT BIOID HAS BEEN WARNED OF THE POSSIBILITY OF SUCH DAMAGES, AND EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE. AGGREGATE LIABILITY FOR ALL CLAIMS RELATING TO THE SERVICE, (INCLUDING THE INDEMNITY OBLIGATIONS), HOWEVER CAUSED, AND BASED ON ANY THEORY OF LIABILITY, INCLUDING CONTRACT, STRICT LIABILITY, NEGLIGENCE OR OTHER TORT, IS LIMITED TO THE TOTAL AMOUNT PAID BY YOU TO BIOID UNDER THESE TERMS OF SERVICE FOR SERVICES FOR THE 3 MONTHS PRECEDING THE DATE OF THE ACTION OR CLAIM. THIS LIMITATION OF LIABILITY IS CUMULATIVE AND NOT PER-INCIDENT. Some states do not allow the types of disclaimers in this paragraph, so they may not apply to you.
Term and Termination
The term of these Terms of Service begins on the date your Service Plan becomes effective and ends when that Service Plan is terminated by the Parties to the Service (the “Term”). For any termination, you will be responsible for payment of all agreed upon fees and charges through the end of the billing cycle in which termination occurs. You will be in default of these Terms of Service if you: (a) fail to pay any agreed upon amount owed to us or an affiliate of ours or any agreed upon amount appearing on your invoice 30 days after written notice of an outstanding amount; (b) breach any material provision of these Terms of Service; (c) violate any material policy applicable to the Service; (d) are subject to any proceeding under the Bankruptcy Code or similar laws; or (e) if, in our sole reasonable discretion, we believe that your continued use of the Service presents a threat to the security of the Service. If you are in default, we will ask you in writing to fix the breaches immediately. If you do not fix the breaches within 30 days, we may suspend your use of the Service, withhold refunds and terminate your service, in addition to all other remedies available to us. We may require reactivation charges to reactivate your service after termination or suspension. Notwithstanding the foregoing, in case your use of the Service poses severe risks such as security threats or denial of service, we may suspend your use of the Service immediately, in order to prevent further risks and/or damages, until you readily remedy the threat.
To provide the Service we need to maintain necessary information, such as your biometric templates and transaction logs. You give us permission to do these things only to provide the Service. You are responsible to inform your users before collecting their biometric information, as well as to obtain user consent if required by local laws.
Biometric template: We collect the biometric information you provide during enrollment and verification as snapshots, audio or video files (“Raw Data”) for extracting your unique biometric features. These Raw Data are stored for auditing, support or failure analysis unless you choose to have them deleted automatically after use. Biometric information provided for enrollment is transformed into biometric “templates”, which are irreversible, anonymous, mathematical representations of a user’s unique biometric characteristics. We only maintain biometric templates in order to perform the service for you. This information can only be used by our Service and is inaccessible via our API, management portal, or any other means. You are responsible for the accuracy, quality, and integrity of the Raw Data according to BWS recommended guidelines, as well as the proper use of the Service. In particular, you are responsible to store the Raw Data for support or audit purposes if necessary and if permitted by local laws, in which case, you are responsible to specifically inform your users about such an implementation. You are also responsible to regularly update the biometric templates, to the extent feasible and/or practicable, whenever possible to ensure the quality of the Service.
Transaction log: For accounting, licensing and audit purposes, when you use the Service, we automatically log the transaction without storing the Raw Data.
BioID Account: If you register for a BioID account, only your email is required to link you to the account. If you choose to enroll your biometrics, either through our Playground or other websites or mobile apps, your biometric information will be maintained by us in order to provide the necessary services associated with your BioID account. If you are using your BioID account via the BioID app, the only data stored in the app itself is your UserID and UserName or email. No other personal information, photos or biometrics are stored on your device. We store your your UserID and UserName or email in order to provide the service to you.
BioID Connect: Your BioID account is managed by BioID Connect, which is a separate application independent of BWS. Only BioID Connect can link your personal information to your biometric data stored at BWS; thus your template stored in BWS is completely anonymous. You can view and manage these from your profile page. If you delete all data here your template will be deleted and you will not be able to log in with your face or voice until you enroll again.
If you have a free account, your account including your template and all raw biometric data will be deleted if your account is inactive for more than 90 days. You will be notified via email before this happens. Paid accounts and the associated biometric information are not deleted due to inactivity.
Data Protection/Data Center Security
This section applies only when the Service is hosted by BioID in Microsoft Azure data centers.
The BWS server and storage components are built on Microsoft Windows Azure™. Security of these components is assured in part by the strong security controls built into the Azure platform and the security of the Microsoft Azure data centers.
BWS is available in three geographical regions, namely Asia-Pacific, Europe, and North America. Upon request, it can also be made available at other authorized Microsoft Azure reseller data centers. You can choose a geographic region to meet data protection requirements in your Service Plan. Within these geographic regions there are sub-regions providing redundancy of the service and data as follows:
- Asia: East (Hong Kong) and Southeast (Singapore)
- Europe: North (Ireland) and West (Netherlands)
- United States: North Central (Illinois), South Central (Texas), East (Virginia), and West (California)
The processing nodes and the storage systems of a BWS service plan are deployed in the same geographic sub-region. All data is replicated to another sub-region for availability reasons by default. This can be disabled at your request.
No data will be transferred into another geographic region, e.g. from Europe to the United States, except when you request to do so. The statements found in the Windows Azure Privacy Statement also apply for BioID on these points.
Development and test subscriptions may be hosted in a dedicated BWS instance within a multitenant Microsoft Azure installation in the region of our choosing.
BWS server and storage components are hosted in Microsoft Azure data centers, which are compliant with the following standards and guidelines:
- ISO/IEC 27001:2005 certification
- SOC / SSAE 16 / SAS 70 Type II accreditation
- FISMA (Federal Information Security Management Act of 2002) (US data center)
- EU Model Contract Clauses (EU data center)
- US-EU Safe Harbor (EU data center)
- Follow Disaster Recovery Institute International (DRII) Professional Practice Statements
- Adhere to Business Continuity Institute (BCI) Good Practice Guidelines
All data stored within the storage systems used for the Service is replicated three times for availability and performance reasons. If one storage system fails, two good copies of all data still exist. All access to the data is automatically distributed to the storage system, providing the best performance. The data storage can also be distributed to different countries and even continents. Data stored in one data center is automatically replicated to the other data center in the same geographic region. If one data center experiences a disaster, the data will automatically be served from the remaining data center.
System and network security are accompanied by physical security. The data centers from the cloud service provider hosting BWS are designed for 24 x 7 operations and operated independently of each other in different geographic regions. Each data center has redundant power supplies to protect against power failures, redundant network connections to ensure availability and strong physical access control and intrusion prevention. Access to those facilities is limited to a small number of operating personnel only.
Environmental Controls and Continuity
The data storage is separated from the front-end and back-end nodes in a centralized storage. This allows all nodes to access the same data storage simultaneously. A faulty node will immediately be replaced with a new one. This is done automatically in case of hardware failures in the data center. All data centers follow the Disaster Recovery Institute International (DRII) Professional Practice Statements and the Business Continuity Institute (BCI) Good Practice Guidelines.
Deletion of data associated with a Biometric Class ID (BCID or a “user”) is effective immediately after triggering the corresponding BWS API call. This is irreversible so access to the deleted BCID is no longer possible. On the storage systems all reference to the data is removed and the copies are then removed by a garbage collection operation.
The data stored as part of the Service, e.g. accounting data, licensing data, audit data, logging data, performance data and certificates, are kept for accounting purposes as long as the Service Term is valid or as required by local laws.
BioID will provide support to you related to our Service via email. Other support programs may be arranged separately upon request.
BioID will provide technical support to your support and technical staff for integration with the Service or for resolution of a problem using the Service. You will provide first-line support to and direct communication with your end users. At the time of opening an incident with BioID, we expect that you have used reasonable efforts to conduct initial troubleshooting of the issue.
These Terms of Service create no third party beneficiary rights. You may not assign any of your rights in these Terms of Service, but BioID may assign its rights to any of its affiliates or subsidiaries, or to any successor in interest of any business associated with the Service. BioID and you are not legal partners or agents; instead, our relationship is that of independent contractors.
In case of conflict between these Terms of Service and your Service Plan, your Service Plan takes precedence.
Unless otherwise defined in your Service Plan, these Terms of Service shall be governed and interpreted according to each of the following laws, respectively, without regard to its conflicts of law provisions: (a) the laws of the State of New York, if you are located in North America or Latin America; or (b) the laws of Switzerland, if you are located in Europe, Middle East or Africa; or (c) the laws of Singapore, if you are located in Asia Pacific including Japan.
BioID’s failure to exercise any provision in these Terms of Service is not a waiver of prior or subsequent rights. If any part of these Terms of Service is found to be illegal, unenforceable, or invalid, the remaining portions of these Terms of Service will remain in full force and an enforceable provision will be substituted reflecting our intent as closely as possible.