Terms of Service

Last updated: September 29, 2025

These Terms of Service ("Terms") govern your access to and use of Identis ("we," "our," or "us"), including our identity verification services, consent management, profile management, APIs, websites, and related features (collectively, the "Services"). By creating an account, using our Services, or otherwise indicating acceptance, you agree to these Terms. If you do not agree, you must not use our Services.

1. Overview of Services

Identis provides identity verification, profile management, and consent-based data sharing solutions that allow users ("Users") to:

Verify their identity once and share verified identity attributes with third-party businesses ("Partners").
Build and manage a basic profile (such as contact information, preferences, and marketing consent).
Control via consent which information is shared, with whom, and for what purpose.

Identis integrates with verification providers (such as Stripe Identity) to perform the actual KYC (Know Your Customer) verification checks.

2. Eligibility

You may use our Services only if:

You are at least 18 years old (or the age of majority in your jurisdiction);
You provide accurate and complete information during registration;
You comply with applicable laws, including AML (Anti-Money Laundering), CTF (Counter-Terrorist Financing), and GDPR.

3. User Responsibilities

You must provide truthful and accurate information during verification and profile setup.
You are responsible for maintaining the confidentiality of your account.
You must not use our Services for unlawful activities, including fraud, money laundering, or identity theft.
You are responsible for managing your consent settings in the Identis dashboard.

4. Partner Responsibilities

Partners must use verification and profile data from Identis only for compliance, user account management, or marketing (where consent is explicitly given).
Partners must not request or store raw identity documents unless explicitly required by law.
Partners must implement appropriate technical and organizational measures to safeguard any user data shared by Identis.

5. Data Processing & GDPR Compliance

Identis is committed to GDPR compliance:

Data Controller / Processor: Identis acts as a data controller for user profiles and as a data processor when providing data to Partners based on consent.
Data Minimization: Identis only stores and shares the minimum data necessary to fulfill each purpose (KYC, profile management, marketing).
Basic Profile Data: Users can store and update personal details such as email, phone number, avatar, preferences, and marketing consent. These are only shared with Partners when the user gives consent.
Sensitive Data: Copies of identity documents, biometric checks, and other sensitive PII are processed and stored by Verification Providers (e.g., Stripe Identity), not by Identis.
Consent Management: Users must explicitly consent before their verified attributes, profile data, or marketing preferences are shared with Partners.
Data Subject Rights: Users can request access, rectification, deletion, or restriction of processing by contacting privacy@identis.com.
Retention: Identis retains user profile and consent data as long as necessary for the relationship, and KYC data for 5 years as legally required under AML regulations.

6. Data Sharing

With Partners

For KYC: name, date of birth, nationality, address, verification status, and verification date.
For profile management: user's chosen profile fields (email, phone, avatar, preferences) shared only with explicit consent.
For marketing: only where the user has granted marketing consent.

With Authorities

Full verification data (including identity documents and biometrics) may be shared by Verification Providers with competent authorities (e.g., FIU, DNB, AFM, tax authorities) in case of lawful requests or compliance checks.

With Third-Party Services

Identis may use subprocessors (e.g., hosting, cloud services) under GDPR-compliant agreements.

7. Security

Identis applies industry-standard encryption, access controls, and auditing to protect user data.
Users must also take reasonable steps to secure their accounts (e.g., enabling multi-factor authentication).

8. Service Availability

Identis provides the Services on an "as is" and "as available" basis.
We may suspend or limit Services for maintenance, security, or legal compliance.
We do not guarantee uninterrupted or error-free operation.

9. Limitations of Liability

Identis is not responsible for the accuracy of verification decisions made by third-party Verification Providers.
Identis is not liable for losses arising from a Partner's misuse of user data.
Our total liability is limited to the maximum extent permitted by law.

10. Termination

Users may delete their Identis account at any time.
Identis may suspend or terminate accounts in cases of fraud, unlawful use, or breach of these Terms.
Some data may be retained as legally required under AML/KYC regulations.

11. Changes to Terms

We may update these Terms from time to time. Material changes will be communicated in advance. Continued use of the Services after changes constitutes acceptance of the new Terms.

12. Contact Information

For any questions about these Terms or your data rights, contact us:

Identis B.V.

Keizersgracht 123, 1015 CJ Amsterdam, The Netherlands

privacy@identis.com

Privacy & Compliance Summary

Users control consent: Data sharing is fully consent-driven.
Minimal data to Partners: Only attributes necessary for KYC, profile management, or marketing are shared.
Verification Providers handle sensitive PII: Stripe Identity stores documents and biometrics.
Compliance ensured: GDPR, Wwft (NL), AMLD5/6 (EU) requirements covered.