1. Definitions

2. Product Descriptions

2.1 KYC

Overview

The KYC Product provides a suite of identity verification and customer screening capabilities to enable online customer onboarding and ongoing monitoring. The KYC Product is delivered as a software development kit (SDK) for integration into Customer’s applications on iOS, Android, and web platforms.

Components: The KYC Product is comprised of:

• ID Document Scanning: Capable of reading and extracting data from over 13,000 identity documents across various countries and territories.
• NFC Chip Reading: Provides verification through NFC chips in national identity cards and passports.
• Facial Recognition: Utilizes NIST-ranked algorithms for fast and accurate verification, optimized for the MEA region.
• Liveness Detection: Ensures real-time presence of the individual using passive detection techniques.

Functionality: The KYC Product’s functionality includes:

• Multi-Platform Support: Ensures compatibility with iOS, Android, and web applications.
• Real-Time Verification: Offers verification in under 30 seconds through a four-step process including document scan, NFC verification, face match, and database screening.

Service Delivery: The KYC Product is delivered as a service through the SDK, with support for no-code integration into mobile apps/websites, allowing for a personalized configuration and step-by-step onboarding control.

Compliance and Security: The KYC Product complies with relevant regulations and features enhanced security measures, including encryption of biometric data, to protect user information.

Intended Use

The Uqudo KYC Product is designed for integration into digital platforms where identity verification is critical. It is intended to be used by organisations that require reliable and efficient KYC processes as part of their customer onboarding, compliance, and fraud prevention strategies.

The KYC Product is versatile and can be integrated into various applications, including but not limited to:

• Online Retailers: For purchase of age-restricted goods or high-value items requiring identity confirmation.
• Banking Apps: For account opening, loan applications, and other banking services requiring identity verification.
• Digital Wallets and Payment Platforms: To ensure the identity of users for transactions and transfers.
• Mobile Carrier Services: For registration of SIM cards and verification of subscriber identities.
• E-Government Platforms: For citizens to access public services and perform transactions requiring identity verification.
• Voting Systems: To authenticate eligible voters in electronic voting scenarios.
• Cryptocurrency Exchanges: For KYC compliance before allowing trading and withdrawals.

Technical Specifications and Supported Platforms

Integration Process: The Uqudo SDK is designed for quick and easy integration into the Customer’s applications through the following steps:

• Importing: The SDK or plugin is imported into the Customer’s app or website, with all libraries available on public repositories for frictionless integration.
• Calling the SDK: The SDK is called from the Customer’s app or website with a simple function call, which then performs all onboarding steps interactively with the user.
• Data Retrieval: Upon completion of the onboarding process, the SDK returns all collected data to the Customer’s app or website for further processing.

Supported Platforms: The Uqudo SDK supports a variety of development environments and platforms, including:

• Android and iOS: With example code available on Uqudo’s GitHub repository.
• Web Applications: Using Uqudo’s Web SDK for seamless integration.
• Cross-Platform Frameworks: Including Capacitor, Cordova, Flutter, React Native, and Xamarin.

Documentation and Support: Comprehensive documentation and support are provided at https://docs.uqudo.com to facilitate the integration process. Customers can access example code, flow diagrams, and create support requests as needed to ensure successful implementation of the SDK.

License Consumption Definition:

It is worth mentioning that our KYC product and our identity verification services, provided by the client through our identity verification licence (the “License“), are designed to provide a comprehensive solution for seamless and secure customer onboarding. These services are available to our partners and can be resold to their clients. The onboarding process revolves around the concept of “licences,” where each licence corresponds to one successful Know Your Customer (KYC) procedure.

Components of the  Licence:

1. Document Verification: This step involves the user submitting a government-issued identification document, such as a driver’s licence or passport. Our advanced algorithms analyze the document for authenticity and extract relevant information.
2. NFC (Near Field Communication): In cases where the user’s device supports NFC technology, our system reads and verifies data stored on the chip of an electronic ID document, enhancing the overall verification process.
3. Liveness Detection: To prevent spoofing or fraud, liveness detection verifies that the user is a real person and not a static image. Users are prompted to perform specific actions, ensuring real-time presence during the verification process.
4. Biometric Analysis: Biometric data, such as facial features, fingerprints, or other unique identifiers, is captured and compared to the data extracted from the identification document. This step adds an additional layer of security to the verification process.

The  Licence Structure:

Each Licence corresponds to one successful KYC procedure. This means that for every individual who successfully completes the full verification process, one Licence is consumed. A Licence Is linked to a specific account, ensuring a clear record of completed verifications.

Variation in License Contents:

The contents of a Licence can vary based on what the partner has purchased. This includes the specific combination of document verification, NFC, liveness detection, and biometric analysis. This flexibility allows partners to choose the level of security and verification they need for their clients.

Single KYC:

Approach to consuming Licence: 

1. Single KYC: A Licence is tied to a single KYC procedure. This means that for each individual, one licence is consumed, reflecting the successful completion of the entire verification process. An entire verification process contain, Document Verification, NFC, Liveness & Biometrics.

Successful Identity Verification License Consumption:

A Licence is considered successfully consumed when the user successfully completes the entire explainer procedure, which includes document verification, NFC (if applicable), liveness detection, and biometric analysis. Once all these steps are successfully completed, the licence is used up, and the verified user is granted access to the desired service.

In conclusion, our identity verification services provide a robust and flexible solution for partner companies and their clients to ensure secure and compliant customer onboarding. The Licence-based system allows for customization, scalability, and optimal use of resources, while still maintaining a high level of identity verification accuracy and security.

2.2 Screening

Overview

The Screening Product offered by Uqudo is a comprehensive compliance solution designed to assist organizations in conducting thorough background checks against a wide array of global watchlists, including PEPs Screening, Sanctions Screening, AML (Anti-Money Laundering) databases, and adverse media lists.

Components: the Screening Product is comprised of:

• Sanctions Screening – Checks names against over 1,700 global sanctions and enforcement lists to detect matches. Covers lists from OFAC, UN, EU, UK, Interpol and more.
• PEPs Screening – Screens names against database of over 1.7 million politically exposed persons (PEPs), their family members and close associates.
• Adverse Media Screening – Scans global adverse news sources, blogs and other media for negative information on subjects. Database has over 3 billion articles.
• Continuous AML Monitoring – Ensures ongoing compliance with AML regulations to avoid potential fines.
• Fuzzy Logic Matching – Uses advanced phonetic name matching algorithms to catch name variations and reduce false positives.
• Batch Screening – Ability to upload and process bulk subject lists for continuous monitoring.
• Upload Custom Lists – Customers can upload their own watchlists not covered by standard content.
• User-Configurable Rules – Customizable risk scoring lets customers tune screening rules to their risk tolerance.

Functionality: The Background Check API allows for the initiation of a comprehensive background check by passing relevant data back to the customers application. This check is crucial for organizations that need to screen individuals against various watchlists.

Service Delivery: The Screening Product is delivered as a service through Uqudo SDK. Also the Screening API can be also called from customer systems with a name and identifier to check against all configured watchlists. Results are returned immediately showing matches, risk scores and supporting details.

Compliance and Security: The Screening Product complies with relevant regulations and features enhanced security measures, including encryption of biometric data, to protect user information.

Intended Use

The Screening Product is intended for use by organizations across various sectors that require rigorous background checks as part of their compliance and risk management programs. This includes financial institutions, law firms, healthcare providers, government agencies, and any entity that needs to perform due diligence on individuals or companies.

Technical Specifications and Supported Platforms

Integration Process: The Uqudo SDK is designed for quick and easy integration into the Customer’s applications through the following steps:

• Importing: The SDK or plugin is imported into the Customer’s app or website, with all libraries available on public repositories for frictionless integration.
• Calling the SDK: The SDK is called from the Customer’s app or website with a simple function call, which then performs all onboarding steps interactively with the user.
• Data Retrieval: Upon completion of the onboarding process, the SDK returns all collected data to the Customer’s app or website for further processing.

Supported Platforms: The Uqudo SDK supports a variety of development environments and platforms, including:

• Android and iOS: With example code available on Uqudo’s GitHub repository.
• Web Applications: Using Uqudo’s Web SDK for seamless integration.
• Cross-Platform Frameworks: Including Capacitor, Cordova, Flutter, React Native, and Xamarin.

Documentation and Support: Comprehensive documentation and support are provided at https://docs.uqudo.com to facilitate the integration process. Customers can access example code, flow diagrams, and create support requests as needed to ensure successful implementation of the SDK.

2.3 KYB (Know your Business/Company Onboarding)

Overview

The KYB product by Uqudo is a comprehensive solution designed to streamline and enhance the process of verifying businesses’ identities and ensuring compliance with regulatory requirements. KYB enables businesses to swiftly verify the identity of their corporate clients or partners, assess risks associated with potential business relationships, and ensure adherence to anti-money laundering (AML) and Know Your Customer (KYC) regulations.

Intended Use

KYB is a service composed of the following modules that can be purchased separately and/or together and are consumed through API:

1. Company API: Get detailed information on the company
   Data Matching API: Check that specific data exists in the document
2. Fast Screening API: Perform Fast screening on the individuals related to the company.
3. KYB Session API: Retrieve data from the onboarding process of the company in a single call.

Customer Responsibilities

It is the customer’s responsibility to integrate with the APIs.

Warranties & Guarantees

Company information

Uqudo selects the exact data source to be used assuming that we would do all that is possible to deliver the most complete information.

Uqudo is acting on best efforts and therefore cannot guarantee that:

• Information will be available for all the companies (if there is no information on the company, then there is no financial charge);
• The data set provided for each company will be consistent across (for some companies there might be less information than for others);
• NB! Even if we do receive a limited set of data we will need to charge our customer as we will be charged by our provider.

Screening results

This service is procured from a single data source provider and our customer signs a separate agreement with this provider and we just provide a platform for a more convenient information delivery. Therefore, no adjustments are made to the received data as well as we are not responsible for the content.

Data matching

• We can guarantee only that the information provided in the document exists or is not inside the document.
• Therefore, we do not:
  • Check the document type of the provided document;
  • Check document authenticity/validity;
  • Extract any structured data from the document.

Regulatory & Compliance Requirements

It is the Customer’s responsibility to be compliant with the regulatory requirements of your sector and geography.

3. Support

3.1 Uqudo shall provide technical support and assistance to the Customer in relation to the Products and Add-On Services outlined in the Order Agreement which shall be chargeable in accordance with [Exhibit A of the Order Agreement], without prejudice to clause ‎3.2 below.

3.2 Uqudo shall provide up to five (5) hours of technical support, free of charge, during the integration phase, provided that any additional hours of support shall be charged at our hourly rate in accordance with clause ‎3.1 above.

3.3 The Customer hereby accepts that the support referred to in clause ‎3, may be subject to changes and modifications (the “Support Changes”) by Uqudo. Such Support Changes shall be subject to a prior written notification to the Customer before 30 days of its implementation.

Packages

4. Professional Services

Setup Packages

Basic

• Integration Credentials (Sandbox & Production)
• One 1 hour session:
  • Solutions(s) deep dive
  • Process flow implementation for Uqudo results
  • Launch readiness
• Check Results – review and actions

Premium

• Initiate
• Kick-off session with Uqudo
• Design and Build:
  • Documentation walkthrough and review
  • Testing approach, assurance and validation
  • Create high-level Solution Document
• Launch:
  • User Acceptance Testing and early beta support
  • Deployment planning
• Training
  • Integration review and go/no-go

Enterprise

• Initiate:
  • Kick-off session
  • Define success criteria, resources and timelines
  • Create high-level ‘to-be process’
• Design and Build:
  • Documentation walkthrough and review
  • Testing approach, assurance and validation
  • Launch
  • User Acceptance Testing and early beta support
  • Deployment planning
• Training:
  • Integration review and go/no-go
  • Review of Customer process by a Uqudo expert
  • Comparison with best practices in the industry
  • Development of suggestions for improvement of conversion
• Early Life Support:
  • Priority support as determined by Uqudo on a case by case basis
  • Regular and frequent reporting
  • Optimisation and improvement support
• Adoption:
  • Regular Management Information reporting
  • Service Improvement Planning

5. Third-Party Service Providers

5.1 Uqudo hereby agrees by concluding with the Customer the Order Agreement and the Legal Framework Agreement, that the Customer while providing the Services, may be assisted by third party service provider(s). The T&Cs of such Third Party Products will be referred to in clause 3.2 of the Legal Framework Agreement, or sent and notified on Uqudo Legal Hub: Third-Party Service Providers.

6. On-premise

This feature shall exclusively be available and applicable to the Customer if opted for a package set out in an Order Agreement concluded between Uqudo and the Customer as follows:

6.1 Uqudo shall provide detailed installation procedures, encompassing hardware and software setup, if the Customer subscribed for on-premises installation. These procedures include software setup guidelines and recommended hardware requirements. However, it is important to note that these hardware specifications are estimations and serve as a starting point. Due to potential performance variations caused by distinct factors within each customer organization’s infrastructure, it is strongly advised that Customer perform its own performance testing. This ensures that the provided hardware estimations adequately meet their specific operational needs. The responsibility for procuring and maintaining the hardware lies with the Customer. Uqudo shall offer consultative support to assist the Customer in making informed decisions and can guide them through the performance testing process to optimize system functionality and security.

6.2 Moreover, Uqudo shall offer tailored maintenance and support services for on-premises components to the Customer. The specifics of these services are determined on an individual basis to meet the unique requirements of each client. While our standard cloud-based offerings have pre-defined service level agreements (SLAs). Due to the on-premises deployments that may have distinctive needs and challenges. Uqudo shall provide a range of options to the Customer, from remote support to on-site assistance, with the aim of promptly resolving critical issues.

6.3 For the on-premises components, the Customer shall provide the necessary hardware, container management software, and network infrastructure. The Customer is also responsible for ensuring that all components meet the estimated hardware requirements provided by Uqudo and to establish and maintain a secure and operational network environment. Additionally, the Customer is obligated to maintain the security of the on-premises components by implementing appropriate firewalls, access controls, and other security measures in accordance with best practices and regulatory requirements. For the effective implementation and ongoing support of our on-premises solution, the Customer is required to grant Uqudo full access to the relevant hardware and container management software, as per the Customer’s instructions to Uqudo.

6.4 While Uqudo is committed to delivering a high-quality service and offers extensive support and maintenance options, Uqudo shall not provide additional warranties beyond what is legally required regarding the software’s performance. Any remedies for non-compliance or software defects will strictly adhere to legal stipulations.

6.5 The Customer hereby accepts that On Premise referred to herein, may be subject to changes and modifications (the “On Premise Changes”) by Uqudo. Such On Premise Changes shall become applicable after Uqudo serves a thirty-day prior written notice to the Customer. Further, such On Premise Changes shall be available on Uqudo Legal Hub: On-Premise.

7. Technical and Organizational Measures

Uqudo shall aim to ensure the utmost security and protect all Data processed and managed by it by applying the following:

7.1 Encryption and Key Management Practices. Uqudo shall employ the following encryption methods or any other encryption providing equivalent protection as may be updated from time to time:

7.1.1     in respect of securing Data in transit, Uqudo shall employ transport layer security (TLS) encryption; and

7.1.2     For Data at rest, advanced encryption standard (AES) with a 256-bit key length shall be utilized.

7.2  Access Controls, User Authentication, and Authorization Protocols. Uqudo shall implement the following authorization protocols and user identification:

7.2.1     in order to validate users’ identities, Uqudo shall implement multi-factor authentication (MFA), in the aim of reducing the risk of unauthorized access;

7.2.2     in order to provide better management for users accesses based on responsibilities, the role-based access control (RBAC) system OAuth 2.0 and OpenID Connect protocols shall be utilized for secure delegation of authentication and authorization between Services.

7.3  Data backup and recovery procedures, including data retention periods. Uqudo shall regularly back up the Customer Data to geographically dispersed data centers, to ensure redundancy and minimizing potential Data loss scenarios.

7.3.1   Uqudo shall ensure that the backups are encrypted and subjected to the same rigorous security protocols as Uqudo’s primary data stores.

7.4 Disaster recovery plans, including off-site backups and redundancy.  Uqudo shall utilize dispersed data centers to provide redundancy for critical data, enabling swift recovery in the event of a localized failure or other catastrophic events.

7.5 Uqudo shall operate the data centers and adhere to strict security standards, are compliant with industry certifications.

7.6  Incident response and management procedures for data breaches and security incidents. Upon detection of an incident, Uqudo’s team(s) shall promptly respond by mobilizing to assess the situation and take immediate measures to contain such incident, preventing any further exposure to the Customer.

7.6.1  Uqudo shall ensure that internal and external communication protocols are activated to ensure timely notification to the Customer and all relevant Stakeholders, subject to the applicable data protection laws.

7.6.2  Uqudo shall conduct, post incident, forensic investigation to ascertain the nature and extent of such breach, identifying remediation steps to prevent future occurrences. Furthermore, the insights gained from each incident shall be utilized to enhance ongoing risk assessment and management practices, leading to periodic updates to security policies and training programs.

7.7 The Customer hereby accepts that this technical and organizational clause, may be subject to changes and modifications (the “Technical and Organizational Changes”) by Uqudo. Such Technical and Organizational Changes shall become applicable after Uqudo’s provision of a thirty-day prior written notification to the Customer. Further, such Technical and Organizational Changes shall be available on Uqudo Legal Hub: Technical and Organizational Measures.

8. Platform Description

8.1 Hardware specifications, including server configurations, storage capacity, and networking equipment. The Customer shall be responsible for providing the necessary hardware as per the following specified requirements [•].

8.2 Software components, versions, and licensing information. Uqudo shall offer a Software Development Kit (SDK) and Application Programming Interface (API) for integration of Uqudo’s digital onboarding solutions. This SDK is designed to ensure ease of implementation, security, and functionality, also it comes with built-in features like identity verification and multi-factor authentication, all wrapped in a user-friendly interface. Uqudo’s API, on the other hand, offers a more customisable solution, allowing the Customer’s developers to tailor the onboarding process according to its specific business needs.

8.3 Network architecture, data center locations, and hosting facilities used for service delivery. Uqudo’s Services are currently hosted on Microsoft Azure in the Netherlands. However, Uqudo shall, at all times, reserve the right to change the hosting provider in order to ensure scalability, performance, and security.

8.4 Security measures implemented at the platform level, such as firewalls, intrusion detection systems, and anti-virus software. Uqudo shall implement next-generation firewalls to manage and filter both inbound and outbound network traffic, preventing unauthorized access and data exfiltration.

8.5 Service availability and performance metrics, including uptime guarantees and service level agreements. Uqudo typically offers high uptime guarantees, aiming for around 99.9% availability. These uptime guarantees ensure that the Services provided by Uqudo are accessible whenever required by the Customer or their customers.

8.6 The Customer hereby accepts that this technical and organizational clause may be subject to changes and modifications (the “Platform Description Changes”) by Uqudo. Such Platform Description Changes shall become applicable subject to providing the Customer with a prior thirty-day written notice. Further, such Platform Description Changes shall be available on Uqudo Legal Hub: Platform Description.

9. End Of Life Policy

9.1 Uqudo shall provide the Customer with a prior written notice of any discontinuation of its current digital onboarding solutions. Typically, this notice shall be served at least three months prior to the discontinuation taking place, allowing ample time (i.e., three months) for the Customer to transition to an alternative solution or an updated version of the Services (the “Transition Period”), if available. During the Transition Period, Uqudo shall continue to offer reasonable support and guidance to ensure the Customer’s seamless migration to a service provider other than Uqudo.

9.2 Following the Subscription Term of any product or Service, Uqudo may provide, upon the prior written request of the Customer, an “Extended Support Phase” for a specified period subject to the mutual agreed upon between the Customer and Uqudo which may involve additional financial compensation other than the Fees which will be due to Uqudo.

9.3 Uqudo shall, as practically possible, collaborate closely with the Customer to identify suitable migration or replacement options when any product or Service reaches its Subscription Term.

9.4 [Uqudo shall also offer Data migration or Data portability services through its robust API. This shall allow for securing downloading of Data for transition to another service or for archival purposes].[1]

9.5 The Customer hereby accepts that this technical and organizational clause may be subject to changes and modifications (the “End of Life Policy Changes”) by Uqudo. Such End of Life Policy Changes shall become applicable subject to providing the Customer with a thirty-day prior written notice of its implementation and furthermore, such End of Life Policy Changes shall be available on Uqudo Legal Hub: End Of Life Policy.

10. Privacy Policy

You may access our Uqudo’s privacy policy here: https://uqudo.com/privacy-policy/

11. Terms & Conditions

• Provided by Uqudo as per current website here: https://uqudo.com/terms-conditions/.
• Upon signing the Legal Framework Agreement with Uqudo, the terms of the Legal Framework Agreement will override and prevail over the existing terms and conditions outlined herein which shall be void of any effect.