Legal Hub
Last updated: 14 March 2024
1. Definitions
Add-On Service(s) | means the provision of services related to the use of [•]. |
Effective Date | means the date of commencement of the Services which shall only take place upon receipt or upon settlement of the payment subject to the Order Agreement. |
Identity License(s) | means an identification pursuant to the Order Agreement, that permits one (1) Identity to be managed by the software during the Subscription Term. |
Signing Date | means the signing date of the Order Agreement. |
Screening API | means the Provider’s usage of the API for the purpose of conducting PEPs Screening and Sanctions Screening. |
Subscription Term | means minimum contract term as specified in the Order Agreement. |
Aggregated Statistics | means data and information related to Customer’s use of the Services that is used by Provider in an aggregate and anonymized manner, including to compile statistical and performance information related to the provision and operation of the Services. |
Adverse Media Screening | means scanning adverse news, blogs, and other media sources for derogatory information. |
API | means a specific set of protocols and tools provided by Uqudo, which allow for the integration and interaction of the Services with the Client’s existing systems or applications. |
Authorized User | means Customer’s employees, consultants, contractors, and agents (i) who are authorized by Customer to access and use the Services under the rights granted to Customer pursuant to this Agreement and (ii) for whom access to the Services has been purchased hereunder. |
Batch Screening | means ability to upload lists for bulk background checks. |
Case Management | means workflows to review and manage screening alerts. |
Confidential Information | means all information provided by either Party to the other Party, including all information in written, oral, or other tangible or intangible forms which may include, but is not limited to, discoveries, ideas, concepts, know-how, techniques, designs, financial models, financial solutions, business plans, specifications, drawings, blueprints, tracings, diagrams, models, samples, flow charts, data, marketing plans, clients names, and other technical, financial or business information. |
Customer Data | means, other than Aggregated Statistics, information, data, and other content, in any form or medium, that is submitted, posted, or otherwise transmitted by or on behalf of Customer or an Authorized User through the Services. |
Custom Lists | means customer-provided watchlists screened against. |
Disclosing Party | has the meaning ascribed thereto in Clause 8.1 in the Legal Framework Agreement. |
Documentation | means Provider’s user manuals, handbooks, and guides relating to the Services provided by Provider to Customer either electronically or in hard copy form/end user documentation relating to the Services available at [https://docs.uqudo.com]. |
Facial Recognition | means the process by which the KYC Product uses a smartphone’s camera to capture a photo of the user’s face, assesses the quality of the image, and verifies identity against the provided identification document. |
Fuzzy Logic Matching | means use of phonetic algorithms to identify name variations. |
ID Document Scanning | signifies the capability of the KYC Product to scan and extract data from identification documents such as passports, national ID cards, and driving licenses using AI-powered document scanning and OCR technology. |
KYC | means the customer due diligence process known as know your customer. |
KYB | means the business due diligence process known as know your business. |
KYC Product | means the software solution provided by Uqudo, designed to facilitate Know Your Customer (KYC) and digital onboarding processes, which includes document scanning, biometric onboarding, and screening against various databases. |
Licence | means the identity verification licence as set out in clause 2.1. |
Liveness Detection | refers to the method employed by the KYC Product to determine if the individual present is the legitimate holder of the ID and is physically present, using a passive liveness detection system that operates without user action. |
NFC Chip Reading | indicates the functionality within the KYC Product that allows for the reading of encrypted data from NFC chips embedded in identification documents. |
Order Agreement | means the order agreement, in the agreed form, which include the Services, concluded between Uqudo and the Customer further to this Agreement. |
PEPs Screening | means screening names against database of over 1.7 million politically exposed persons (PEPs), their family members and close associates. |
Provider IP | means the Services, the Documentation, and any and all intellectual property provided to Customer or any Authorized User in connection with the foregoing. For the avoidance of doubt, this includes Aggregated Statistics and any information, data, or other content derived from Provider’s monitoring of Customer’s access to or use of the Services, but does not include Customer Data. |
Receiving Party | has the meaning ascribed thereto in Clause 8.1 in the Legal Framework Agreement. |
Sanctions Screening | means checking names against over 1,700 global sanctions and enforcement lists to detect matches. Covers lists from OFAC, UN, EU, UK, Interpol and more. |
Screening Product | means the background check product offered by Uqudo that is described herein. |
Services | means the provision of any or all of the products described in the Order Agreement, as determined by the Customer and provided by the Provider. |
User-Configurable Rules | means customizable risk scoring tuned to risk tolerance. |
Third-Party Products | means any third-party products as ascribed in Clause 3.2, and as further described and detailed in the Order Agreement provided with or incorporated into the Services. |
2. Product Descriptions
2.1 KYC
Overview
The KYC Product provides a suite of identity verification and customer screening capabilities to enable online customer onboarding and ongoing monitoring. The KYC Product is delivered as a software development kit (SDK) for integration into Customer’s applications on iOS, Android, and web platforms.
Components: The KYC Product is comprised of:
- ID Document Scanning: Capable of reading and extracting data from over 13,000 identity documents across various countries and territories.
- NFC Chip Reading: Provides verification through NFC chips in national identity cards and passports.
- Facial Recognition: Utilizes NIST-ranked algorithms for fast and accurate verification, optimized for the MEA region.
- Liveness Detection: Ensures real-time presence of the individual using passive detection techniques.
Functionality: The KYC Product’s functionality includes:
- Multi-Platform Support: Ensures compatibility with iOS, Android, and web applications.
- Real-Time Verification: Offers verification in under 30 seconds through a four-step process including document scan, NFC verification, face match, and database screening.
Service Delivery: The KYC Product is delivered as a service through the SDK, with support for no-code integration into mobile apps/websites, allowing for a personalized configuration and step-by-step onboarding control.
Compliance and Security: The KYC Product complies with relevant regulations and features enhanced security measures, including encryption of biometric data, to protect user information.
Intended Use
The Uqudo KYC Product is designed for integration into digital platforms where identity verification is critical. It is intended to be used by organisations that require reliable and efficient KYC processes as part of their customer onboarding, compliance, and fraud prevention strategies.
The KYC Product is versatile and can be integrated into various applications, including but not limited to:
- Online Retailers: For purchase of age-restricted goods or high-value items requiring identity confirmation.
- Banking Apps: For account opening, loan applications, and other banking services requiring identity verification.
- Digital Wallets and Payment Platforms: To ensure the identity of users for transactions and transfers.
- Mobile Carrier Services: For registration of SIM cards and verification of subscriber identities.
- E-Government Platforms: For citizens to access public services and perform transactions requiring identity verification.
- Voting Systems: To authenticate eligible voters in electronic voting scenarios.
- Cryptocurrency Exchanges: For KYC compliance before allowing trading and withdrawals.
Technical Specifications and Supported Platforms
Integration Process: The Uqudo SDK is designed for quick and easy integration into the Customer’s applications through the following steps:
- Importing: The SDK or plugin is imported into the Customer’s app or website, with all libraries available on public repositories for frictionless integration.
- Calling the SDK: The SDK is called from the Customer’s app or website with a simple function call, which then performs all onboarding steps interactively with the user.
- Data Retrieval: Upon completion of the onboarding process, the SDK returns all collected data to the Customer’s app or website for further processing.
Supported Platforms: The Uqudo SDK supports a variety of development environments and platforms, including:
- Android and iOS: With example code available on Uqudo’s GitHub repository.
- Web Applications: Using Uqudo’s Web SDK for seamless integration.
- Cross-Platform Frameworks: Including Capacitor, Cordova, Flutter, React Native, and Xamarin.
Documentation and Support: Comprehensive documentation and support are provided at https://docs.uqudo.com to facilitate the integration process. Customers can access example code, flow diagrams, and create support requests as needed to ensure successful implementation of the SDK.
License Consumption Definition:
It is worth mentioning that our KYC product and our identity verification services, provided by the client through our identity verification licence (the “License“), are designed to provide a comprehensive solution for seamless and secure customer onboarding. These services are available to our partners and can be resold to their clients. The onboarding process revolves around the concept of “licences,” where each licence corresponds to one successful Know Your Customer (KYC) procedure.
Components of the Licence:
- Document Verification: This step involves the user submitting a government-issued identification document, such as a driver’s licence or passport. Our advanced algorithms analyze the document for authenticity and extract relevant information.
- NFC (Near Field Communication): In cases where the user’s device supports NFC technology, our system reads and verifies data stored on the chip of an electronic ID document, enhancing the overall verification process.
- Liveness Detection: To prevent spoofing or fraud, liveness detection verifies that the user is a real person and not a static image. Users are prompted to perform specific actions, ensuring real-time presence during the verification process.
- Biometric Analysis: Biometric data, such as facial features, fingerprints, or other unique identifiers, is captured and compared to the data extracted from the identification document. This step adds an additional layer of security to the verification process.
The Licence Structure:
Each Licence corresponds to one successful KYC procedure. This means that for every individual who successfully completes the full verification process, one Licence is consumed. A Licence Is linked to a specific account, ensuring a clear record of completed verifications.
Variation in License Contents:
The contents of a Licence can vary based on what the partner has purchased. This includes the specific combination of document verification, NFC, liveness detection, and biometric analysis. This flexibility allows partners to choose the level of security and verification they need for their clients.
Single KYC:
Approach to consuming Licence:
- Single KYC: A Licence is tied to a single KYC procedure. This means that for each individual, one licence is consumed, reflecting the successful completion of the entire verification process. An entire verification process contain, Document Verification, NFC, Liveness & Biometrics.
Successful Identity Verification License Consumption:
A Licence is considered successfully consumed when the user successfully completes the entire explainer procedure, which includes document verification, NFC (if applicable), liveness detection, and biometric analysis. Once all these steps are successfully completed, the licence is used up, and the verified user is granted access to the desired service.
In conclusion, our identity verification services provide a robust and flexible solution for partner companies and their clients to ensure secure and compliant customer onboarding. The Licence-based system allows for customization, scalability, and optimal use of resources, while still maintaining a high level of identity verification accuracy and security.
2.2 Screening
Overview
The Screening Product offered by Uqudo is a comprehensive compliance solution designed to assist organizations in conducting thorough background checks against a wide array of global watchlists, including PEPs Screening, Sanctions Screening, AML (Anti-Money Laundering) databases, and adverse media lists.
Components: the Screening Product is comprised of:
- Sanctions Screening – Checks names against over 1,700 global sanctions and enforcement lists to detect matches. Covers lists from OFAC, UN, EU, UK, Interpol and more.
- PEPs Screening – Screens names against database of over 1.7 million politically exposed persons (PEPs), their family members and close associates.
- Adverse Media Screening – Scans global adverse news sources, blogs and other media for negative information on subjects. Database has over 3 billion articles.
- Continuous AML Monitoring – Ensures ongoing compliance with AML regulations to avoid potential fines.
- Fuzzy Logic Matching – Uses advanced phonetic name matching algorithms to catch name variations and reduce false positives.
- Batch Screening – Ability to upload and process bulk subject lists for continuous monitoring.
- Upload Custom Lists – Customers can upload their own watchlists not covered by standard content.
- User-Configurable Rules – Customizable risk scoring lets customers tune screening rules to their risk tolerance.
Functionality: The Background Check API allows for the initiation of a comprehensive background check by passing relevant data back to the customers application. This check is crucial for organizations that need to screen individuals against various watchlists.
Service Delivery: The Screening Product is delivered as a service through Uqudo SDK. Also the Screening API can be also called from customer systems with a name and identifier to check against all configured watchlists. Results are returned immediately showing matches, risk scores and supporting details.
Compliance and Security: The Screening Product complies with relevant regulations and features enhanced security measures, including encryption of biometric data, to protect user information.
Intended Use
The Screening Product is intended for use by organizations across various sectors that require rigorous background checks as part of their compliance and risk management programs. This includes financial institutions, law firms, healthcare providers, government agencies, and any entity that needs to perform due diligence on individuals or companies.
Technical Specifications and Supported Platforms
Integration Process: The Uqudo SDK is designed for quick and easy integration into the Customer’s applications through the following steps:
- Importing: The SDK or plugin is imported into the Customer’s app or website, with all libraries available on public repositories for frictionless integration.
- Calling the SDK: The SDK is called from the Customer’s app or website with a simple function call, which then performs all onboarding steps interactively with the user.
- Data Retrieval: Upon completion of the onboarding process, the SDK returns all collected data to the Customer’s app or website for further processing.
Supported Platforms: The Uqudo SDK supports a variety of development environments and platforms, including:
- Android and iOS: With example code available on Uqudo’s GitHub repository.
- Web Applications: Using Uqudo’s Web SDK for seamless integration.
- Cross-Platform Frameworks: Including Capacitor, Cordova, Flutter, React Native, and Xamarin.
Documentation and Support: Comprehensive documentation and support are provided at https://docs.uqudo.com to facilitate the integration process. Customers can access example code, flow diagrams, and create support requests as needed to ensure successful implementation of the SDK.
2.3 KYB (Know your Business/Company Onboarding)
Overview
The KYB product by Uqudo is a comprehensive solution designed to streamline and enhance the process of verifying businesses’ identities and ensuring compliance with regulatory requirements. KYB enables businesses to swiftly verify the identity of their corporate clients or partners, assess risks associated with potential business relationships, and ensure adherence to anti-money laundering (AML) and Know Your Customer (KYC) regulations.
Intended Use
KYB is a service composed of the following modules that can be purchased separately and/or together and are consumed through API:
- Company API: Get detailed information on the company
Data Matching API: Check that specific data exists in the document - Fast Screening API: Perform Fast screening on the individuals related to the company.
- KYB Session API: Retrieve data from the onboarding process of the company in a single call.
Customer Responsibilities
It is the customer’s responsibility to integrate with the APIs.
Warranties & Guarantees
Company information
Uqudo selects the exact data source to be used assuming that we would do all that is possible to deliver the most complete information.
Uqudo is acting on best efforts and therefore cannot guarantee that:
- Information will be available for all the companies (if there is no information on the company, then there is no financial charge);
- The data set provided for each company will be consistent across (for some companies there might be less information than for others);
- NB! Even if we do receive a limited set of data we will need to charge our customer as we will be charged by our provider.
Screening results
This service is procured from a single data source provider and our customer signs a separate agreement with this provider and we just provide a platform for a more convenient information delivery. Therefore, no adjustments are made to the received data as well as we are not responsible for the content.
Data matching
- We can guarantee only that the information provided in the document exists or is not inside the document.
- Therefore, we do not:
- Check the document type of the provided document;
- Check document authenticity/validity;
- Extract any structured data from the document.
Regulatory & Compliance Requirements
It is the Customer’s responsibility to be compliant with the regulatory requirements of your sector and geography.
3. Support
3.1 Uqudo shall provide technical support and assistance to the Customer in relation to the Products and Add-On Services outlined in the Order Agreement which shall be chargeable in accordance with [Exhibit A of the Order Agreement], without prejudice to clause 3.2 below.
3.2 Uqudo shall provide up to five (5) hours of technical support, free of charge, during the integration phase, provided that any additional hours of support shall be charged at our hourly rate in accordance with clause 3.1 above.
3.3 The Customer hereby accepts that the support referred to in clause 3, may be subject to changes and modifications (the “Support Changes”) by Uqudo. Such Support Changes shall be subject to a prior written notification to the Customer before 30 days of its implementation.
Packages
Basic | Premium | Enterprise | |
Customer Success | |||
Customer Portal Access | Yes | Yes | Yes |
Ticket System Support | Yes | Yes | Yes |
Office hours Support | Yes | Yes | Yes |
24/7 Support | Yes | Yes | |
Account Management | |||
Monthly Reporting | Yes | Yes | Yes |
Weekly Reporting | Yes | ||
Monthly KPI Workshop | Yes | Yes | |
Quarterly Business Review | Yes | Yes | |
Named Contact Person | Yes | Yes | |
Conversion Workshop Industry Best Practices |
Yes |
4. Professional Services
As defined in the Order Agreement.
5. Third-Party Service Providers
5.1 Uqudo hereby agrees by concluding with the Customer the Order Agreement and the Legal Framework Agreement, that the Customer while providing the Services, may be assisted by third party service provider(s). The T&Cs of such Third Party Products will be referred to in clause 3.2 of the Legal Framework Agreement, or sent and notified on Uqudo Legal Hub: Third-Party Service Providers.
6. On-premise
This feature shall exclusively be available and applicable to the Customer if opted for a package set out in an Order Agreement concluded between Uqudo and the Customer as follows:
6.1 Uqudo shall provide detailed installation procedures, encompassing hardware and software setup, if the Customer subscribed for on-premises installation. These procedures include software setup guidelines and recommended hardware requirements. However, it is important to note that these hardware specifications are estimations and serve as a starting point. Due to potential performance variations caused by distinct factors within each customer organization’s infrastructure, it is strongly advised that Customer perform its own performance testing. This ensures that the provided hardware estimations adequately meet their specific operational needs. The responsibility for procuring and maintaining the hardware lies with the Customer. Uqudo shall offer consultative support to assist the Customer in making informed decisions and can guide them through the performance testing process to optimize system functionality and security.
6.2 Moreover, Uqudo shall offer tailored maintenance and support services for on-premises components to the Customer. The specifics of these services are determined on an individual basis to meet the unique requirements of each client. While our standard cloud-based offerings have pre-defined service level agreements (SLAs). Due to the on-premises deployments that may have distinctive needs and challenges. Uqudo shall provide a range of options to the Customer, from remote support to on-site assistance, with the aim of promptly resolving critical issues.
6.3 For the on-premises components, the Customer shall provide the necessary hardware, container management software, and network infrastructure. The Customer is also responsible for ensuring that all components meet the estimated hardware requirements provided by Uqudo and to establish and maintain a secure and operational network environment. Additionally, the Customer is obligated to maintain the security of the on-premises components by implementing appropriate firewalls, access controls, and other security measures in accordance with best practices and regulatory requirements. For the effective implementation and ongoing support of our on-premises solution, the Customer is required to grant Uqudo full access to the relevant hardware and container management software, as per the Customer’s instructions to Uqudo.
6.4 While Uqudo is committed to delivering a high-quality service and offers extensive support and maintenance options, Uqudo shall not provide additional warranties beyond what is legally required regarding the software’s performance. Any remedies for non-compliance or software defects will strictly adhere to legal stipulations.
6.5 The Customer hereby accepts that On Premise referred to herein, may be subject to changes and modifications (the “On Premise Changes”) by Uqudo. Such On Premise Changes shall become applicable after Uqudo serves a thirty-day prior written notice to the Customer. Further, such On Premise Changes shall be available on Uqudo Legal Hub: On-Premise.
7. Technical and Organizational Measures
Uqudo shall aim to ensure the utmost security and protect all Data processed and managed by it by applying the following:
7.1 Encryption and Key Management Practices. Uqudo shall employ the following encryption methods or any other encryption providing equivalent protection as may be updated from time to time:
7.1.1 in respect of securing Data in transit, Uqudo shall employ transport layer security (TLS) encryption; and
7.1.2 For Data at rest, advanced encryption standard (AES) with a 256-bit key length shall be utilized.
7.2 Access Controls, User Authentication, and Authorization Protocols. Uqudo shall implement the following authorization protocols and user identification:
7.2.1 in order to validate users’ identities, Uqudo shall implement multi-factor authentication (MFA), in the aim of reducing the risk of unauthorized access;
7.2.2 in order to provide better management for users accesses based on responsibilities, the role-based access control (RBAC) system OAuth 2.0 and OpenID Connect protocols shall be utilized for secure delegation of authentication and authorization between Services.
7.3 Data backup and recovery procedures, including data retention periods. Uqudo shall regularly back up the Customer Data to geographically dispersed data centers, to ensure redundancy and minimizing potential Data loss scenarios.
7.3.1 Uqudo shall ensure that the backups are encrypted and subjected to the same rigorous security protocols as Uqudo’s primary data stores.
7.4 Disaster recovery plans, including off-site backups and redundancy. Uqudo shall utilize dispersed data centers to provide redundancy for critical data, enabling swift recovery in the event of a localized failure or other catastrophic events.
7.5 Uqudo shall operate the data centers and adhere to strict security standards, are compliant with industry certifications.
7.6 Incident response and management procedures for data breaches and security incidents. Upon detection of an incident, Uqudo’s team(s) shall promptly respond by mobilizing to assess the situation and take immediate measures to contain such incident, preventing any further exposure to the Customer.
7.6.1 Uqudo shall ensure that internal and external communication protocols are activated to ensure timely notification to the Customer and all relevant Stakeholders, subject to the applicable data protection laws.
7.6.2 Uqudo shall conduct, post incident, forensic investigation to ascertain the nature and extent of such breach, identifying remediation steps to prevent future occurrences. Furthermore, the insights gained from each incident shall be utilized to enhance ongoing risk assessment and management practices, leading to periodic updates to security policies and training programs.
7.7 The Customer hereby accepts that this technical and organizational clause, may be subject to changes and modifications (the “Technical and Organizational Changes”) by Uqudo. Such Technical and Organizational Changes shall become applicable after Uqudo’s provision of a thirty-day prior written notification to the Customer. Further, such Technical and Organizational Changes shall be available on Uqudo Legal Hub: Technical and Organizational Measures.
8. Platform Description
8.1 Hardware specifications, including server configurations, storage capacity, and networking equipment. The Customer shall be responsible for providing the necessary hardware as per the following specified requirements [•].
8.2 Software components, versions, and licensing information. Uqudo shall offer a Software Development Kit (SDK) and Application Programming Interface (API) for integration of Uqudo’s digital onboarding solutions. This SDK is designed to ensure ease of implementation, security, and functionality, also it comes with built-in features like identity verification and multi-factor authentication, all wrapped in a user-friendly interface. Uqudo’s API, on the other hand, offers a more customisable solution, allowing the Customer’s developers to tailor the onboarding process according to its specific business needs.
8.3 Network architecture, data center locations, and hosting facilities used for service delivery. Uqudo’s Services are currently hosted on Microsoft Azure in the Netherlands. However, Uqudo shall, at all times, reserve the right to change the hosting provider in order to ensure scalability, performance, and security.
8.4 Security measures implemented at the platform level, such as firewalls, intrusion detection systems, and anti-virus software. Uqudo shall implement next-generation firewalls to manage and filter both inbound and outbound network traffic, preventing unauthorized access and data exfiltration.
8.5 Service availability and performance metrics, including uptime guarantees and service level agreements. Uqudo typically offers high uptime guarantees, aiming for around 99.9% availability. These uptime guarantees ensure that the Services provided by Uqudo are accessible whenever required by the Customer or their customers.
8.6 The Customer hereby accepts that this technical and organizational clause may be subject to changes and modifications (the “Platform Description Changes”) by Uqudo. Such Platform Description Changes shall become applicable subject to providing the Customer with a prior thirty-day written notice. Further, such Platform Description Changes shall be available on Uqudo Legal Hub: Platform Description.
9. End Of Life Policy
9.1 Uqudo shall provide the Customer with a prior written notice of any discontinuation of its current digital onboarding solutions. Typically, this notice shall be served at least three months prior to the discontinuation taking place, allowing ample time (i.e., three months) for the Customer to transition to an alternative solution or an updated version of the Services (the “Transition Period”), if available. During the Transition Period, Uqudo shall continue to offer reasonable support and guidance to ensure the Customer’s seamless migration to a service provider other than Uqudo.
9.2 Following the Subscription Term of any product or Service, Uqudo may provide, upon the prior written request of the Customer, an “Extended Support Phase” for a specified period subject to the mutual agreed upon between the Customer and Uqudo which may involve additional financial compensation other than the Fees which will be due to Uqudo.
9.3 Uqudo shall, as practically possible, collaborate closely with the Customer to identify suitable migration or replacement options when any product or Service reaches its Subscription Term.
9.4 [Uqudo shall also offer Data migration or Data portability services through its robust API. This shall allow for securing downloading of Data for transition to another service or for archival purposes].[1]
9.5 The Customer hereby accepts that this technical and organizational clause may be subject to changes and modifications (the “End of Life Policy Changes”) by Uqudo. Such End of Life Policy Changes shall become applicable subject to providing the Customer with a thirty-day prior written notice of its implementation and furthermore, such End of Life Policy Changes shall be available on Uqudo Legal Hub: End Of Life Policy.
10. Privacy Policy
You may access our Uqudo’s privacy policy here: https://uqudo.com/privacy-policy/
11. Terms & Conditions
- Provided by Uqudo as per current website here: https://uqudo.com/terms-conditions/.
- Upon signing the Legal Framework Agreement with Uqudo, the terms of the Legal Framework Agreement will override and prevail over the existing terms and conditions outlined herein which shall be void of any effect.