Terms of Service

1. Agreement to Terms

These Terms of Service (“Terms”) constitute a binding agreement between AffixIO (“AffixIO,” “we,” “us”) and the entity or person registering for or using our Services (“Customer,” “you”). By creating an account, accessing our APIs or SDKs, or using any part of the AffixIO platform, you agree to these Terms, our Privacy Policy, Acceptable Use Policy, and any order form, statement of work, or enterprise agreement (“Order”) executed between the parties.

If you use the Services on behalf of an organisation, you represent that you have authority to bind that organisation. If you do not agree, do not use the Services.

2. Definitions

• Services: AffixIO’s stateless yes/no eligibility verification platform, including hosted verifiers, policy engines, signed proof issuance and verification, dashboards, documentation, APIs, SDKs, and related updates.
• Verdict: The boolean or enumerated outcome of an eligibility evaluation (e.g., yes/no) returned to the Customer.
• Signed Proof: A cryptographically signed artefact attesting to a Verdict, policy reference, and timestamp, verifiable without re-processing underlying personal data at AffixIO.
• Customer Data: Data submitted by or on behalf of the Customer to the Services, including configuration, tokens, and eligibility inputs.
• Verifier Boundary: The AffixIO processing layer at which, by default, personally identifiable information from upstream sources is not retained after Verdict issuance.
• Documentation: Technical specifications, integration guides, and security materials we publish or provide to Customers.

3. Description of Services

AffixIO enables Customers to define eligibility circuits and policies that evaluate submitted attributes or tokens and return a Verdict. The Services are designed for payments authorisation assistance, government entitlement checks, licensed agent compliance gates, and similar workflows where minimised data exposure and auditability matter.

3.1 Stateless verification

Unless otherwise agreed in writing, AffixIO operates verifiers in a stateless manner: each request is evaluated against configured rules without building a persistent profile of data subjects at the verifier. Customers remain responsible for systems upstream and downstream of AffixIO.

3.2 No verifier PII retention by default

Default configurations do not retain personally identifiable information at the Verifier Boundary after a Verdict is returned. Optional features that store additional artefacts require explicit enablement and applicable DPA terms.

3.3 Changes to Services

We may modify features, deprecate endpoints, or introduce new capabilities. Material adverse changes to paid tiers will be announced with reasonable notice where practicable. Continued use after the effective date of changes constitutes acceptance for self-serve tiers unless otherwise stated in an Order.

4. Accounts and Security

You must provide accurate registration information and keep credentials confidential. You are responsible for all activity under your account, including use of API keys by your personnel and contractors. Notify us promptly through the contact page of any suspected compromise.

We may suspend or terminate accounts that violate these Terms, the Acceptable Use Policy, or present security risk. Multi-factor authentication and IP allowlisting are strongly recommended for production environments.

5. License and Restrictions

Subject to these Terms and payment of applicable fees, AffixIO grants Customer a non-exclusive, non-transferable, revocable license to access and use the Services during the subscription term for internal business purposes and to offer integrated products to end users as described in the Order.

Customer shall not:

• reverse engineer, decompile, or attempt to extract source code except where statutory rights cannot be waived;
• sublicense, resell, or provide the Services as a standalone verification bureau without written authorization;
• circumvent rate limits, authentication, or technical restrictions;
• use the Services to develop a competing eligibility engine that replicates AffixIO’s proprietary rule compilation or proof formats;
• remove proprietary notices from Documentation or SDKs;
• submit malicious code or unlawful content.

6. API and SDK Usage

Access to APIs and SDKs requires valid credentials. Customer must implement secure storage of secrets, TLS for all production traffic, and idempotent retry logic where appropriate. Usage is subject to published or Order-specified rate limits; excessive use may be throttled or require upgraded capacity.

6.1 Integration standards

Customer integrations must:

1. pass only data elements necessary for the defined policy;
2. handle Verdicts and Signed Proofs according to Documentation;
3. not log full eligibility inputs in cleartext in client-side browsers or mobile apps unless strictly necessary and lawful;
4. honour proof verification key rotation schedules.

6.2 Beta and preview features

Features labelled beta, preview, or experimental are provided as-is, may change without notice, and are excluded from service level commitments unless expressly included in an Order.

7. Customer Data and Privacy

Customer retains ownership of Customer Data. Customer grants AffixIO a limited license to process Customer Data solely to provide the Services, prevent abuse, and comply with law. AffixIO’s processing of personal data is described in the Privacy Policy and, for processor activities, the DPA.

Customer warrants that it has all rights, notices, and lawful bases required to submit Customer Data and to obtain Verdicts. Customer is solely responsible for its relationship with data subjects, including transparency about yes/no checks and any automated decision-making.

8. Signed Proofs

Where Signed Proofs are enabled, AffixIO will sign Verdicts using keys managed according to our security practices. Customer may verify proofs offline or via verification endpoints. Proofs are evidentiary tools; they do not replace Customer’s obligation to maintain authoritative records where regulation requires.

AffixIO may rotate signing keys. Customer must distribute updated trust material to relying parties. AffixIO is not liable for verification failures caused by Customer’s failure to update keys or clocks skewed beyond documented tolerance.

9. Fees and Payment

Fees are set forth in the Order or commercial proposal. Unless otherwise stated, fees are billed in advance monthly or annually, non-refundable except where required by law or expressly stated. Late payments may incur interest and suspension after notice. Customer is responsible for taxes excluding AffixIO’s income taxes.

Usage-based components (verifications, proof issuances, premium circuits) are metered according to Documentation. Disputes must be raised within thirty days of invoice.

10. Availability and Service Levels

Self-serve tiers are offered on a commercially reasonable efforts basis without guaranteed uptime. Enterprise Orders may include a service level agreement specifying monthly uptime targets, service credits, and maintenance windows. Scheduled maintenance will be communicated through status channels where feasible.

Customer acknowledges that upstream identity, payment, and government data sources are outside AffixIO’s control and may affect end-to-end latency or availability.

11. Support

Documentation and community resources are available to all Customers. Paid support tiers, dedicated channels, and incident response targets are defined in the Order. Security vulnerabilities should be reported according to our Security page.

12. Warranties and Disclaimers

Each party warrants that it has authority to enter these Terms. AffixIO warrants that the Services will materially conform to applicable Documentation during the subscription term. Exclusive remedy for breach of this warranty is re-performance or termination and refund of prepaid fees for the unused portion of the term.

Except as stated above, the Services are provided “as is.” AffixIO disclaims all other warranties, express or implied, including merchantability, fitness for a particular purpose, and non-infringement. AffixIO does not warrant that Verdicts will satisfy regulatory outcomes in every jurisdiction or that Customer’s use cases are lawful.

13. Indemnification

Customer will defend and indemnify AffixIO against claims arising from Customer Data, Customer’s products or policies, violation of law, or breach of these Terms. AffixIO will defend Customer against third-party claims that the Services, when used as authorized, infringe intellectual property rights, excluding claims arising from Customer Data, combinations, or modifications not supplied by AffixIO.

The indemnified party must provide prompt notice, cooperation, and sole control of defence to the indemnifying party, subject to reasonable consent on settlements.

14. Limitation of Liability

To the maximum extent permitted by law, neither party is liable for indirect, incidental, special, consequential, or punitive damages, or loss of profits, revenue, data, or goodwill, even if advised of the possibility.

Except for breaches of confidentiality, indemnification obligations, or Customer’s payment duties, each party’s aggregate liability arising from these Terms is capped at the fees paid or payable by Customer to AffixIO in the twelve months preceding the claim.

Nothing limits liability for death or personal injury caused by negligence, fraud, or liabilities that cannot be limited by applicable law.

15. Term and Termination

These Terms commence upon account creation or Order effective date and continue until terminated. Either party may terminate for material breach not cured within thirty days of written notice. AffixIO may suspend immediately for security emergencies or Acceptable Use violations.

Upon termination, Customer’s license ends and credentials are revoked. AffixIO will delete or return Customer Data per the DPA and retention schedules. Sections that by nature should survive (fees owed, confidentiality, liability limits, governing law) survive termination.

16. Confidentiality

Each party may receive non-public information from the other. The receiving party will use the same care it uses for its own confidential information, but not less than reasonable care, and will disclose only to personnel and advisers with a need to know. Confidentiality obligations do not apply to information that is public, independently developed, or rightfully received without restriction.

17. Regulatory Compliance

Customer is responsible for compliance with financial services, government transparency, insurance, data protection, export control, and sector-specific rules applicable to its use of yes/no verification and Signed Proofs. AffixIO provides tooling intended to support privacy-by-design; Customer determines whether its deployment meets legal requirements.

17.1 Export

Customer may not use the Services in embargoed jurisdictions or for prohibited end users under applicable export and sanctions laws.

17.2 Government terms

Public-sector Orders may incorporate additional flow-down provisions; contact us through the contact page for government contracting packs.

18. Governing Law and Disputes

These Terms are governed by the laws of England and Wales, excluding conflict-of-law rules, unless an Order specifies otherwise. Courts in London have exclusive jurisdiction, subject to either party’s right to seek injunctive relief in any competent forum. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

19. Insurance

During the term, AffixIO will maintain commercially reasonable cyber liability and professional liability coverage, or self-insured equivalents, appropriate to the nature of the Services. Upon written request from an enterprise Customer with an active Order, AffixIO will provide certificates of insurance where available. Customer is responsible for its own insurance related to its products, regulatory exposures, and use of Verdicts and Signed Proofs in its workflows.

20. Publicity

Neither party may use the other’s name, logo, or trademarks in marketing without prior written consent, except that AffixIO may list Customer as a customer by name and logo where Customer has opted in through the dashboard or Order. Customer may accurately describe its use of AffixIO in technical documentation and regulatory filings without implying endorsement beyond the factual integration.

21. Dispute Resolution Detail

Before initiating litigation, the parties will attempt in good faith to resolve disputes through escalation to operational and executive contacts identified in the Order or contact page. If not resolved within thirty days, either party may proceed in the courts specified in Section 18. Nothing prevents either party from seeking interim injunctive relief for misuse of intellectual property, breach of confidentiality, or security emergencies.

For enterprise Customers, an Order may substitute arbitration seated in London under rules agreed in writing. Class or collective actions are waived to the extent enforceable for B2B contracts.

22. General Provisions

Assignment: Customer may not assign these Terms without AffixIO’s consent, except to a successor in a merger or sale of substantially all assets. AffixIO may assign to an affiliate or acquirer.

Force majeure: Neither party is liable for delay caused by events beyond reasonable control, excluding payment obligations.

Notices: Notices to AffixIO must be submitted through the contact page or postal address published in the Order. Notices to Customer may be sent to account contacts or dashboard announcements.

Severability: Invalid provisions are modified to the minimum extent necessary; the remainder remains in effect.

Waiver: Failure to enforce a provision is not a waiver of future enforcement.

Third-party rights: No person other than the parties and their permitted successors has rights under the Contracts (Rights of Third Parties) Act 1999.

Entire agreement: These Terms, policies incorporated by reference, and the Order constitute the entire agreement and supersede prior discussions on the subject matter.