My-K
/

Terms and Conditions

MY-K Platform – MyBioPass FZ-LLC
Last updated: 03-03-2026

INTRODUCTORY CLAUSE

The MY-K platform is operated by MyBioPass FZ-LLC (“MBP”), owner of the technology and system infrastructure. In certain jurisdictions, the Services may be commercially distributed through affiliated entities or authorized commercial partners. Where the Services are contracted through such entities, the local partner may act as the contractual provider towards the Customer, while MBP remains the owner and technical operator of the MY-K platform.

1. DEFINITIONS AND INTERPRETATION

1.1 For the purposes of these Terms:

  • “MBP” means MyBioPass FZ-LLC, the sole owner and operator of the MY-K platform.
  • “Services” means the identity verification services provided by MBP through the MY-K platform in Software-as-a-Service (SaaS) mode.
  • “System” means the MY-K software platform, including APIs, SDKs, infrastructure, biometric processing components, and related documentation.
  • “Customer” means the legal entity accessing or subscribing to the Services.
  • “Authorized Commercial Reseller” means an independent third-party entity appointed by MBP under a separate commercial agreement to promote or distribute the Services in specific jurisdictions. Such reseller acts as an independent contractor and is not an affiliate, agent or joint venture partner of MBP.
  • “Applicant” means an end user whose identity is subject to verification through the Services.
  • “Authorized Users” means employees, contractors or representatives authorized by the Customer to access the System.
  • “Fees” means the fees payable for the Services as set forth in the applicable commercial offer or pricing schedule.
  • “DPA” means the Data Processing Agreement entered into pursuant to Article 28 of Regulation (EU) 2016/679.
  • “TOM” means the Technical and Organizational Measures implemented by MBP as referenced in the DPA.

1.2 MBP may appoint independent commercial resellers in certain jurisdictions for the promotion and contractual distribution of the Services. Such resellers operate under separate agreements and act independently. The appointment of a reseller does not create any partnership, joint venture or agency relationship. Where the Services are acquired through an authorized reseller, the reseller may act as the contractual counterparty of the Customer for commercial purposes, while MBP remains the owner and technical operator of the MY-K platform.

1.3 Headings are for convenience only and shall not affect interpretation.

1.4 References to applicable laws include amendments and successor legislation.

2. ACCEPTANCE AND TERM

2.1 These Terms become binding upon the earlier of:
(a) execution of a commercial agreement;
(b) acceptance of a commercial offer;
(c) first access to or use of the Services.

2.2 By accessing or using the Services, the Customer acknowledges that it has read, understood and agreed to be bound by these Terms.

3. SERVICES

3.1 MBP provides a technical identity verification service delivered through secure API and SDK integrations.

3.2 The Services may include:

  • identity document validation, including NFC reading where enabled;
  • liveness detection;
  • biometric face comparison;
  • SMS OTP verification;
  • email verification;
  • SPID-based onboarding integration where activated;
  • transmission of structured verification output via secure callback.

3.3 The Services generate a technical verification output only. MBP:
(a) does not perform anti-money laundering (AML) checks;
(b) does not conduct sanctions, PEP or watchlist screening;
(c) does not generate risk scores;
(d) does not make onboarding or compliance decisions;
(e) does not act as a regulated financial institution or identity provider;
(f) does not certify or guarantee the identity of any Applicant.
All regulatory, onboarding, risk assessment and compliance decisions remain solely under the responsibility of the Customer.

3.4 The Services constitute an obligation of means and not of result.

3.5 Personal data processed through the Services are retained only for the time strictly necessary to generate and transmit the verification output. Such data are automatically deleted within twenty-four (24) hours, except for limited technical logs that do not contain biometric templates.

3.6 Biometric data are processed exclusively for real-time technical comparison and are not persistently stored by MBP.

3.7 Where SPID integration is enabled, MBP provides only technical integration and does not issue, manage or control SPID credentials.

4. ACCESS AND LICENSE

4.1 Subject to payment of applicable Fees, MBP grants the Customer a limited, non-exclusive, non-transferable, non-sublicensable license to access and use the System solely for its internal business purposes.

4.2 The Customer shall not:
(a) copy, modify, decompile, reverse engineer or create derivative works from the System;
(b) resell, sublicense or otherwise commercialize the Services without prior written authorization;
(c) use the Services for unlawful purposes;
(d) attempt to gain unauthorized access to the System or other customers’ environments.

4.3 All intellectual property rights in the System, including software, biometric algorithms, APIs, SDKs, infrastructure and documentation, remain the exclusive property of MBP or its licensors.

4.4 The Customer is responsible for the secure integration of the API and protection of its access credentials.

5. CUSTOMER OBLIGATIONS

5.1 The Customer shall use the Services strictly in accordance with these Terms and all applicable laws and regulations.

5.2 The Customer is solely responsible for:
(a) determining the purposes and legal basis for any processing of personal data carried out through the Services, including compliance with Articles 6 and 9 of Regulation (EU) 2016/679 (GDPR);
(b) providing Applicants with all required privacy notices pursuant to Articles 13 and 14 GDPR;
(c) obtaining any required consents or other lawful bases for processing biometric data where applicable;
(d) complying with all applicable anti-money laundering (AML), counter-terrorism financing (CTF), sanctions, financial services, consumer protection and regulatory obligations applicable to its business;
(e) all onboarding, customer due diligence, fraud prevention, compliance and risk assessment decisions.

5.3 The Customer acknowledges that MBP:
(a) does not act as Data Controller in relation to identity verification data processed on behalf of the Customer;
(b) does not assume any regulatory obligations of the Customer;
(c) does not provide legal, compliance or regulatory advice;
(d) does not validate the Customer’s compliance with any regulatory framework.

5.4 The Customer shall not use the Services:
(a) in violation of any applicable law or regulation;
(b) in connection with any unlawful, fraudulent or discriminatory activity;
(c) to conduct surveillance, profiling, or automated decision-making producing legal or similarly significant effects without independently ensuring compliance with applicable laws;
(d) in relation to sanctioned jurisdictions, restricted parties, or embargoed territories in violation of applicable sanctions laws.

5.5 The Customer shall ensure that all Authorized Users:
(a) access the System solely for legitimate business purposes;
(b) comply with these Terms;
(c) are subject to appropriate confidentiality obligations;
(d) are granted access in accordance with the principle of least privilege.

5.6 The Customer shall not use the Services:
(a) for mass surveillance or unlawful monitoring of individuals;
(b) for discriminatory practices or profiling in violation of applicable laws;
(c) to build or operate social scoring systems or similar automated evaluation mechanisms;
(d) for purposes that may infringe fundamental rights, privacy rights or human dignity;
(e) in any manner that could reasonably be expected to cause reputational, legal or regulatory harm to MBP or its partners. MBP reserves the right to suspend or terminate the Services where it reasonably determines that the Customer’s use of the Services violates this clause.

5.7 The Customer remains fully liable for all acts and omissions of its Authorized Users, contractors, affiliates or integration partners.

5.8 The Customer shall implement appropriate technical and organizational measures within its own systems to ensure secure API integration, protection of credentials and prevention of unauthorized access.

6. REPRESENTATIONS AND WARRANTIES

6.1 The Customer represents and warrants that it will use the Services exclusively for lawful business purposes and in compliance with all applicable laws and regulations.

6.2 The Customer remains solely responsible for ensuring that its use of the Services complies with all applicable regulatory, data protection, and compliance requirements relevant to its activities.

6.3 MBP operates the System in accordance with appropriate technical and organizational security measures as referenced in the applicable Data Processing Agreement.

6.4 Except as expressly set forth in these Terms, the Services are provided “as is” and “as available”, and MBP makes no additional representations or warranties, express or implied.

7. COMPLIANCE WITH LAWS AND SANCTIONS

7.1 The Customer shall comply with all applicable laws and regulations in connection with its use of the Services, including but not limited to data protection, financial services, AML, CTF, export control and sanctions laws.

7.2 The Customer shall not access or use the Services:
(a) in any jurisdiction subject to comprehensive trade embargoes or sanctions in violation of applicable laws;
(b) for the benefit of any person or entity listed on sanctions or restricted party lists issued by the European Union, United Nations, United States or other applicable authorities;
(c) in a manner that would cause MBP to violate applicable sanctions or export control laws.

7.3 The Customer shall promptly notify MBP if it becomes subject to any investigation, enforcement action or sanction that may affect its use of the Services.

7.4 MBP may suspend or terminate access to the Services immediately, without liability, if MBP reasonably determines that continued provision of the Services may expose it to sanctions, export control violations or other regulatory risk.

7.5 The Customer acknowledges that MBP may implement compliance screening procedures to assess regulatory or sanctions risks associated with provision of the Services.

8. FEES AND PAYMENT

8.1 Fees and payment conditions are defined in the applicable commercial agreement or commercial offer agreed between the parties.

9. INTELLECTUAL PROPERTY

9.1 All intellectual property rights in and to the System, including software, source code, biometric algorithms, APIs, SDKs, documentation, infrastructure and related materials, are and shall remain the exclusive property of MBP or its licensors.

9.2 Nothing in these Terms shall be construed as transferring any ownership rights to the Customer.

9.3 The Customer shall not:
(a) copy, reproduce, distribute or create derivative works of the System;
(b) decompile, reverse engineer or attempt to extract source code;
(c) remove or alter any proprietary notices;
(d) use the System to develop competing products or services.

9.4 Any feedback, suggestions or improvement proposals provided by the Customer may be used by MBP without restriction or compensation.

9.5 The Customer retains ownership of its own data, subject to the processing rights granted to MBP under the DPA.

9.6 Neither Party shall use the name, trademarks, logos or branding of the other Party in any public communication, press release, marketing material or customer reference without the prior written consent of the other Party. This limitation shall not restrict factual references required by law or regulatory authorities.

9.7 The Customer shall not conduct, publish or disclose any performance or benchmark tests of the Services or the System without the prior written consent of MBP.

10. DATA PROTECTION

10.1 In relation to personal data processed through the Services:
(a) The Customer acts as Data Controller;
(b) MBP acts as Data Processor pursuant to Article 28 of Regulation (EU) 2016/679.

10.2 The processing of personal data is governed by the DPA, which forms an integral part of these Terms.

10.3 MBP processes personal data exclusively for the purpose of providing the Services and strictly in accordance with the documented instructions of the Customer.

10.4 The Customer acknowledges that it remains solely responsible for determining the lawful basis for processing and for responding to data subject rights requests.

11. SUB-PROCESSORS

11.1 A list of Sub-Processors is available on the Sub-Processors page.

12. SECURITY

12.1 MBP implements appropriate technical and organizational measures as referenced in the applicable Data Processing Agreement (DPA). More information here.

12.2 The Customer shall implement and maintain appropriate technical and organizational measures within its own systems to ensure:
(a) secure integration of the API;
(b) protection of access credentials and API keys;
(c) prevention of unauthorized access to the System.

12.3 The Customer shall promptly notify MBP of any suspected or actual security incident affecting its integration with the Services.

12.4 MBP shall not be liable for security incidents arising from the Customer’s systems, integrations, or failure to implement adequate safeguards.

12.5 Any security or compliance audit requested by the Customer shall be subject to MBP’s prior written approval and reasonable confidentiality safeguards.

12.6 The Customer shall not conduct penetration testing, vulnerability scanning, or other security testing of the System without MBP’s prior written authorization.

13. SERVICE MODIFICATIONS

13.1 MBP may from time to time update, enhance, modify, or discontinue certain features or functionalities of the Services, provided that such modifications do not materially reduce the core functionality of the Services.

13.2 MBP may deploy updates, patches, security fixes, or new releases without prior notice where necessary for security, compliance, or operational integrity.

13.3 The Customer acknowledges that proper functioning of the Services may depend on correct implementation and maintenance of the Customer’s own systems and integrations.

13.4 MBP shall not be liable for disruptions resulting from the Customer’s systems, integrations, or failure to maintain compatible environments.

14. SERVICE AVAILABILITY

14.1 The Services are provided in Software-as-a-Service (SaaS) mode and hosted in secure infrastructure environments.

14.2 MBP uses commercially reasonable efforts to maintain a level of availability consistent with generally accepted industry standards.

14.3 Temporary interruptions of the Services may occur due to:
(a) scheduled maintenance;
(b) emergency security interventions;
(c) force majeure events;
(d) failures of third-party infrastructure or services beyond MBP’s reasonable control.

14.4 Unless expressly agreed in a separate written Service Level Agreement (SLA), availability targets constitute operational objectives and do not give rise to automatic penalties or service credits.

14.5 MBP shall not be liable for downtime caused by third-party infrastructure providers, telecommunications networks, internet services, or the Customer’s systems and integrations.

15. DISCLAIMER OF WARRANTIES

15.1 Except as expressly provided in these Terms, the Services are provided on an “as is” and “as available” basis.

15.2 To the maximum extent permitted by applicable law, MBP disclaims all warranties, whether express or implied, including but not limited to warranties of:
(a) fitness for a particular purpose;
(b) merchantability;
(c) uninterrupted or error-free operation;
(d) compatibility with the Customer’s systems;
(e) regulatory compliance of the Customer’s business activities.

15.3 MBP does not warrant that:
(a) the Services will detect all fraudulent activity;
(b) the verification output will be sufficient to satisfy regulatory or compliance obligations;
(c) the Services will prevent all identity misuse or fraud.

15.4 The Customer acknowledges that the Services constitute a technical tool and that all onboarding, risk assessment, and regulatory compliance decisions remain under the sole responsibility of the Customer.

16. LIMITATION OF LIABILITY

16.1 To the maximum extent permitted by applicable law, MBP’s total aggregate liability arising out of or in connection with the Services shall not exceed the total Fees paid by the Customer for the Services during the three (3) months preceding the event giving rise to the claim.

16.2 MBP shall not be liable for any indirect, incidental, consequential, special, or punitive damages, including but not limited to:
(a) loss of profits, revenue, business, or goodwill;
(b) reputational damage;
(c) regulatory fines or penalties imposed on the Customer;
(d) decisions taken by the Customer based on verification outputs.

16.3 Nothing in these Terms shall exclude or limit liability for fraud or willful misconduct where such limitation is not permitted by applicable law.

17. INDEMNIFICATION

17.1 The Customer shall indemnify, defend and hold harmless MBP, its directors, officers, employees and affiliates from and against any claims, demands, investigations, proceedings, fines, penalties, damages, losses or expenses arising out of or relating to:
(a) unlawful or improper use of the Services;
(b) violation of applicable laws or regulations by the Customer;
(c) absence or invalidity of the lawful basis for processing personal data;
(d) non-compliance with AML, sanctions or regulatory obligations applicable to the Customer;
(e) discriminatory, unlawful or improper decisions taken by the Customer based on verification outputs.

17.2 MBP shall promptly notify the Customer of any indemnifiable claim and shall reasonably cooperate in the defense of such claim.

18. SUSPENSION

18.1 MBP may suspend access to the Services, in whole or in part, without liability, where:
(a) the Customer breaches these Terms;
(b) Fees are overdue;
(c) MBP reasonably determines that continued provision of the Services may pose a security, legal or regulatory risk;
(d) such suspension is required by law or by a governmental authority;
(e) the Customer’s use of the Services threatens the integrity, security or performance of the System.

18.2 MBP shall use reasonable efforts to notify the Customer of the suspension, where legally permitted.

18.3 Suspension of the Services shall not relieve the Customer of its payment obligations.

19. TERMINATION

19.1 Either Party may terminate these Terms for a material breach by the other Party, provided that such breach remains uncured thirty (30) days after written notice.

19.2 MBP may terminate the Services immediately where:
(a) continued provision of the Services would violate applicable law;
(b) the Customer becomes subject to sanctions or regulatory enforcement affecting the Services;
(c) the Customer engages in unlawful use of the Services.

19.3 Upon termination:
(a) the Customer’s access to the System shall immediately cease;
(b) any outstanding Fees shall become immediately due and payable;
(c) personal data shall be deleted in accordance with the applicable Data Processing Agreement (DPA).

19.4 Termination shall not affect any rights or obligations accrued prior to the effective date of termination.

20. FORCE MAJEURE

20.1 Neither Party shall be liable for any delay or failure in performance resulting from events beyond its reasonable control, including but not limited to acts of government, war, terrorism, civil unrest, natural disasters, widespread cyberattacks, internet or telecommunications failures, or power outages.

20.2 The affected Party shall notify the other Party as soon as reasonably practicable and shall use reasonable efforts to mitigate the effects of the force majeure event.

21. ASSIGNMENT

21.1 The Customer may not assign or transfer any of its rights or obligations under these Terms without the prior written consent of MBP.

21.2 MBP may assign or transfer these Terms to an affiliate, or in connection with a merger, acquisition, or corporate reorganization, provided that the successor entity assumes MBP’s obligations under these Terms.

21.3 Any attempted assignment or transfer by the Customer in violation of this Section shall be null and void.

22. NO PARTNERSHIP OR AGENCY

22.1 Nothing in these Terms shall be deemed to create any partnership, joint venture, agency, fiduciary or employment relationship between the Parties.

22.2 Neither Party shall have the authority to bind or act on behalf of the other Party.

23. AMENDMENTS

23.1 MBP may amend these Terms from time to time.

23.2 Material amendments shall be notified to the Customer in advance.

23.3 Continued use of the Services after the effective date of the amendment constitutes acceptance of the updated Terms.

24. SEVERABILITY

24.1 If any provision of these Terms is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall remain in full force and effect.

24.2 The invalid or unenforceable provision shall be replaced by a valid provision that most closely reflects the original intent and economic effect of the provision.

25. ENTIRE AGREEMENT

25.1 These Terms, together with any applicable commercial agreement and the Data Processing Agreement (DPA), constitute the entire agreement between the Parties regarding the Services.

25.2 Where the Services are acquired through a separate written commercial agreement with a local entity or authorized distributor, such agreement shall prevail over these Terms to the extent of any inconsistency.

25.3 These Terms supersede all prior agreements, negotiations, representations, or understandings relating to the subject matter hereof.

26. NOTICES

26.1 Any notices under these Terms shall be made in writing.

26.2 Notices may be delivered by email or other written communication to the contact details provided by the Parties in connection with the Services.

26.3 Notices sent by email shall be deemed received on the date of transmission, provided that no delivery failure notification is received.

27. GOVERNING LAW AND JURISDICTION

27.1 Where the Services are contracted directly with MyBioPass FZ-LLC (“MBP”), these Terms shall be governed by and construed in accordance with the laws of the United Arab Emirates.

27.2 Any dispute arising out of or in connection with such direct contractual relationship with MBP shall be subject to the exclusive jurisdiction of the competent courts of Dubai, United Arab Emirates.

27.3 Where the Services are acquired through a separate written commercial agreement with an affiliated entity or authorized commercial partner, the governing law and jurisdiction applicable to the relationship between the Customer and such entity shall be determined exclusively by the terms of that separate agreement.

27.4 For the avoidance of doubt, nothing in this Section shall be construed as creating any joint liability, partnership, or agency relationship between MBP and any affiliated entity or authorized commercial partner.

Other Legal Documents