The TypingDNA Authentication API Standard Service Terms is a Software-as-a-Service agreement between TypingDNA, henceforth called the Company,
and You, the user of the typing biometrics authentication services, in the Free Tier or Pro Tier, henceforth called the Customer, (each called a “party” and together, the “parties”).
BY CLICKING ON THE “I AGREE” BUTTON, REGISTERING TO USE THE SERVICE, OR USING THE SERVICE, (1) YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY THESE TERMS, AND (2) YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO ENTER INTO THESE TERMS, PERSONALLY AND ON BEHALF OF THE COMPANY YOU HAVE NAMED AS THE CUSTOMER, AND TO BIND THAT COMPANY TO THESE TERMS. IF YOU DO NOT AGREE TO THESE TERMS, OR IF YOU DO NOT HAVE SUCH AUTHORITY, YOU SHOULD NOT USE THE SERVICE.
1.1. Affiliate: any company or other entity, which directly or indirectly controls, is controlled by or is under joint control with a party of this agreement. For this purpose, a party is deemed to control a company or entity if it (a) owns, directly or indirectly, at least 50 percent of the capital of the other company, or (b) in the absence of such ownership interest, substantially has the power to direct or cause the direction of the management and set the policies of such company or entity.
1.2. Agreement: these Standard Service Terms and any other TypingDNA document/material incorporated herein.
1.3. API Request: a digital call addressed to the Service made by the Customer’s servers to the Company’s servers for the purpose of: i) matching two or more typing patterns, ii) saving a typing pattern in the database of the Service, iii) verifying a new typing pattern against previously saved records, iv) checking the status of saved users, and v) deleting saved users. The API Request is the most granular digital call offered by the Service.
1.4. Authentication Requests: are the API Requests to facilitate matching or verifying typing patterns.
1.5. Claim: any claim, suit, action, proceeding, losses, liabilities, damages, settlements as per art. 8.1 below.
1.6. Confidential Information: information that may be disclosed or made available by the Disclosing Party to the Receiving Party, including, but not limited to: technical and 1 business information relating to proprietary ideas, patentable ideas and/or trade secrets, existing and/or contemplated products and services, research and development, production, costs, profit and margin information, finances and financial projections, customers, clients, potential clients, marketing strategies, and current or future business plans and models, regardless of whether such information is designated as “Confidential Information” at the time of its disclosure.
1.7. Company’s Website: https://www.typingdna.com/
1.8. Disclosing Party: the party or its Affiliates who discloses any Confidential Information.
1.9. End-Users: a natural person whose typing patterns may be compared through the Service and whose identity may otherwise be authenticated through your systems. One Typing Pattern belongs to one End-User.
1.10. Free Tier: the free subscription service, limited at 100 users and 1000 monthly Authentication Requests.
1.11. Service: the online service developed and provided by the Company, in the form of an API, for the purpose of assisting in personal authentication using typing biometrics (a technology also called Keystroke Dynamics Authentication). This Agreement covers only the Service offered in the Free Tier and Pro Tier, and other agreements will be necessary for other Company offerings.
1.12. Pro Tier: the paid subscription service - payment per user, as per the prices stated on the Company’s Website.
1.13. Personal Data: any information describing or relating to an identified or identifiable individual (where an identifiable individual is an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual).
1.14. Receiving Party: the party or its Affiliates who receives or otherwise obtains any Confidential Information.
1.15. TypingDNA: means (i) TypingDNA Inc. a US, Delaware company, headquartered in 81 Prospect Street, Brooklyn, NY, 11201, or (ii) TypingDNA S.R.L. with its registered office in Romania, 32 Vasile Conta Str., Oradea, Office 22, EUID ROONRC. J05/1153/2016, fiscal identification code RO 36172414, as per Section 13 - Contracting party and Specific Legislation.
1.16. Typing Pattern: an array of numbers and statistics about the keys that are used most frequently.
2.1. By using the Service, the Customer agrees to be bound by the latest version of the Standard Service Terms, all applicable laws and regulations, and agrees to be responsible for compliance with any applicable local laws or regulations. If the Customer does not agree with any of these terms, the Customer is prohibited from using or accessing the Service.
2.3. The Company may update, revise or amend this Agreement and/or any other policies, terms or conditions applicable to the use of the Website and/or our Service, at any time.
The Company will notify the Customer of any material changes to this Agreement by posting a notice on the Company’s Website and shall take effect immediately when posted . Continuing use of the Website, or any TypingDNA Service signifies the Customer’s agreement to be bound by the current version of such Agreement. The Customer is exclusively responsible and liable for keeping up to date of the latest applicable version of these documents. If the Customer does not agree with this Agreement, then the Customer should immediately stop using the Service.
2.4. The Company licenses a non-exclusive, non-transferable, non-sublicensable right of use of its Service to the Customer, conditioned by the compliance with this Agreement.
2.5. The Customer will use the Service only for its own purpose and refrain from reselling, distributing, renting or leasing the Service to third parties. A separate agreement to be executed between the parties is required for Customer to use the Service in connection with third parties, such as its customers.
2.6. The Service should be used as a second-factor authentication and the Company does not recommend using it as a single factor authentication. The Company does not guarantee perfect correctness or accurate authentication or verification of any End User -- no biometrics-system can ever provide that. Using different devices, keyboards or health conditions (such as: a broken arm or any action that is substantially different than normal) can affect the accuracy of the Service.
2.7. The Customer is responsible to obtain the consent to record, store and process typing biometrics data from its End-Users, in accordance with the applicable laws and regulations regarding Personal Data, as necessary for Company and its Affiliates to provide the Service.
2.8. The Customer shall not send/transfer/disclose to the Company any sensitive personal information (like passwords, OTP secret keys, user ID) of its End-Users. If it is necessary for Customer to share/disclose/transfer such personal information to the Company, it shall always be de-personalised, anonymised and/or otherwise encrypted (or hashed) so as to no longer constitute Personal Data within the meaning of the General Data Protection Regulation 2016/67 or any other legislation regarding personal data before disclosure/transfer to the Company.
2.9. If Customer is unable to comply with such pre-disclosure encryption / de-personalisation / anonymisation / hashing requirement and sends the Company personal data of its End- Users, the Customer is exclusively responsible to inform about, and to obtain the consent to record, store and process typing biometrics data from its End-Users, in accordance with the applicable laws. The Customer hereby undertakes to procure that such End-User consent extends also to the Company and its Affiliates, to allow the latter to record, store and process this information on behalf of the Customer. The relationship between Customer, on one hand, and Company on the other hand, in relation to such data processing will be governed by the Data Processing Addendum available at https://www.typingdna.com/legal/TypingDNA_DataProcessing_Addendum.pdf, which shall become an integral part of this Agreement.
2.10. The Company reserves the right to delete any End-User data: (i) not legally obtained, or (ii) obtained without the End-Users consent, or (iii) legally obtained with the End-User's consent, but on the explicit request from the End-User, after an identification process.
2.11. The Company reserves the right to use the Typing Patterns collected or processed by the Customer, to improve its services and products, or create new services and products.
2.12. The Customer will not try to (or permit any of its employees or contractors to) copy or reverse-engineer the typing biometrics technology offered by the Company or otherwise use or reference the Service to develop or have developed a similar technology, expect to the extent (and only to the extent) such reverse-engineering or other activity cannot be restricted under applicable laws.
2.13. The Customer agrees not to create multiple free accounts.
2.14. The Customer will not interfere with or disrupt the integrity or performance of the Service or attempt to gain unauthorized access to the Service.
2.15. The Customer must notify the Company of any defect of the Service immediately after its detection. The Company will try to repair the defect within a reasonable period.
2.16. The intellectual property over the know-how, the software and design that runs the Service (source code and binaries) belongs exclusively to the Company. All modifications that may be made to it as a result of the cooperation between the parties, even suggestions of improvements made by the Customer, which may be developed by the Company (at the Company’s option) and will belong to the Company. The Customer will have no ownership, not even partial, over the intellectual property in or to the Service, including the algorithms, software and systems of the Service.
2.17. The Company manages and maintains all the servers, including proprietary or third-party software. No direct access to the infrastructure or software is provided to the Customer.
2.18. The Company is entitled to carry out maintenance work that can disrupt the Service on weekends. The planned maintenance work may be notified in advance by email (sent to the email address specified in Customer’s account) or by means of a notice on the Company’s Website.
3.1. The Customer shall pay the Company for the use of the Service a monthly remuneration as per the tier and usage plan subscribed to, and all amounts paid are non-refundable except as otherwise provided in this Agreement or required by law. The payment shall be made through a payment platform chosen by the Company and the Customer shall be charged each calendar month on or about the 1st day of the following calendar month. Company may change pricing, tiers, and usage plans by publishing the change on its website; however, if Customer has an active Pro Tier Service subscription in effect, the change will not apply until that current subscription period expires or is terminated.
3.2. For invoicing purposes, the Customer shall also provide the VAT ID (if applicable) or other tax identification as and if requested.
3.3. The Customer shall pay all Invoices issued by the Company within thirty (30) days of the date of the invoice. For payments delayed more than 5 business days, the Company will charge an additional 0.5% per delayed business day. Failure to pay an invoice for more than 10 (ten) business days can lead to Service discontinuation and immediate termination of the Agreement.
3.4. In case the Customer requests to change its current Pro Tier subscription with another Pro Tier subscription or with the Free Tier subscription, the current Pro Tier subscription shall be changed only after its usage calculation and after the Customer shall be invoiced accordingly, in case its usage exceeds its subscription.
4.1. THE SERVICE IS PROVIDED AS-IS AND WITHOUT WARRANTY OF ANY KIND; TO THE EXTENT PERMITTED BY LAW, COMPANY DISCLAIMS ALL WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR AN INTENDED
PURPOSE, INTEGRATION, AVAILABILITY, NON-INFRINGEMENT, AND PERFECT SECURITY OR ACCURACY. However, the Company will use commercially reasonable efforts to make the Service available 99% of the time during each monthly billing cycle, with the mention that Company will not be liable for the consequences of any interruptions or errors.
4.2. The Customer understands that a service of such volumes cannot guarantee response times. The Customer understands that the Service will aim to always provide a response to all API Requests even if some responses are slower during peak times.
4.3. Any anticipated increase in the volume of API Requests, that increase the amount of daily API Requests with at least 300,000 API Requests per day, compared to the average number of API Requests in the previous 30 days, must be immediately notified by the Customer, so that the Company allocates the necessary hardware resources.
4.4. The Company reserves the right to clean or archive the database of the Service of inactive saved End-Users, or inactive Customers. An inactive saved End-User is an End-User for which no related API Request has been made to verify their typing biometrics for more than 12 months. An inactive Customer is a Customer that did not make an API Request for more than 12 months.
4.5. The Service commitment does not apply to any unavailability, suspension or termination of Agreement, or any other performance issues:
5.1. The Customer may request technical support, by using the channels provided on the Company’s Website or by emailing email@example.com.
5.2. The Company does not guarantee any specific response time for technical support. The Company may limit or deny Customer access to support if it determines, in Company’s reasonable discretion, that the Customer is acting, or has acted, in a way that results or has resulted in misuse of support or abuse of Company’s representatives.
6.1. The Customer grants to the Company the right to use the Customer’s name and logo on marketing materials (including, but not limited to the Company’s Website and presentations). To object to this use, the Customer can send an email to firstname.lastname@example.org.
7.1. The Receiving Party shall keep the Confidential Information in strict confidence and shall not use or disclose any of the Confidential Information to any third party in any manner whatsoever other than to perform its obligations or exercise its rights under this Agreement; provided, however, that the Receiving Party may make a disclosure of information contained in the Confidential Information to which the Disclosing Party gives its prior written consent; Company may engage subcontractors and disclose information to them to facilitate the provision of the Service.
7.2. This Agreement imposes no obligation upon the parties with respect to any Confidential Information (a) that was possessed before receipt; (b) is or becomes a matter of public knowledge through no fault of the Receiving Party; (c) is rightfully received from a third party not owing a duty of confidentiality; (d) is disclosed without a duty of confidentiality to a third party by, or with the authorization of the Disclosing Party; or (e) is independently developed by the other party.
8.1. The Customer will indemnify, defend and hold the Company and its Affiliates and successors (and the officers, directors, employees, agents, service providers, licensors) harmless, at Customer’s expense, against any claim, suit, action, proceeding losses, liabilities, damages, settlements which may arise out of or relate to: (a) unauthorized or illegal use of the Service by the Customer, (b) Customer’s noncompliance with or breach of this Agreement, (c) the unauthorized use of the Service by any other person using the Customer’s End User or other information, (d) the unauthorized disclosure or use of the Personal Data, or (e) reliance on the accuracy of the Service, including the usage of the Service by the Customer as a sole authentication factor.
8.2. The Company will notify the Customer in writing within thirty (30) days of its becoming aware of any such Claim; give the Customer sole control of the defense or settlement of such a Claim; and provide to the Customer (at his/her/its expense) with any and all information and assistance reasonably requested by to handle the defense or settlement of the Claim. The Customer shall not accept any settlement that (i) imposes an obligation on the Company; (ii) requires the Company to make an admission; or (iii) imposes liability not covered by these indemnifications or places restrictions on the Company without its prior written consent.
8.3. The obligations of the Agreement shall extend to all entities that constitute “Customer,” including all Affiliates, even though each such entity is not specifically named as a party to this Agreement. As such, Customer and its successors and assigns will be and remain liable for all of the obligations of all entities that constitute “Customer” under the Agreement, including all Affiliates, and the Company will look to Customer and its successors and assigns for enforcement of Company’s rights under the Agreement.
9.1. The force majeure protects against liability to the extent and for the period that the party is prevented, hindered, or delayed to fulfil its obligation because of the force majeure event. The party that invokes the force major will communicate in writing, to the other party, the proof of the force major event, in maximum 5 days from its appearance. The same procedure of notification will apply in case of cessation of the force majeure event. If due to the force majeure event one of the parties is hindered to fulfil, totally or partially, its contractual obligations for a period longer than 30 (thirty) days, then the other party will have the right, to cancel the Agreement, through a written notification sent to the other party.
10.1. The term of this Agreement is one (1) year from the date the Customer agrees with the terms of this Agreement and shall renew automatically with one (1) year periods, unless either party provides the other party with a written notice, at least sixty (60) days prior to the end of the then-current term, of its intent to not renew.
Both parties may terminate the Agreement as follows:
10.2. Notwithstanding the above, the Company may automatically suspend and cease providing Service without any notification in the event that the Customer violates, or is suspected of violating, this Agreement.
10.3. The Company may also terminate the agreement without giving notice for any breaches of the Agreement.
10.4. Upon termination the Customer is prohibited from using the Service.
11.1. IN NO EVENT SHALL THE COMPANY OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF DATA, PRODUCTIVITY, OPPORTUNITY OR PROFIT, OR DUE TO BUSINESS INTERRUPTION), UNDER ANY LEGAL THEORY OR CLAIM EVEN IF ADVISED OF THE POSSIBILITY THEREOF, INCLUDING WITHOUT LIMITATION LIABILITY ARISING OUT OF BREACH OF CONTRACT, TORT, OR THE USE, INABILITY TO USE, POOR PERFORMANCE, OR DEFECTS OF THE SERVICE.
11.2. The Company is not liable for any use of the Service by the Customer or End-Users in violation of any laws and regulations, including the European Union or U.S laws, the Customer’s local laws or regulations, or the End-Users local laws or regulations.
11.3. In any case, the Company is not liable, per claim or in the aggregate, for an amount greater than it was paid by the Customer during the last 12 months.
11.4. The Customer’s liability will not be an amount greater than the amount paid already to the Company, except for liability relating to Company’s intellectual property or breaching the following articles of this Agreement: 2.5, 2.7, 2.8, 2.12, 2.13, 2.14, 3., 7, or 8
12.1. If any provision of this Agreement shall be held or made invalid or unenforceable for any reason, such invalidity shall not affect the remainder of this Agreement, and the invalid or unenforceable provisions shall be replaced by a mutually acceptable provision, which being valid, legal and enforceable comes closest to the original intentions of the parties hereto and has like economic effect.
13.1. Customer’s address determines which TypingDNA entity is the contracting party and invoicing the Customer.
13.2. If the Customer is domiciled in the European Economic Area (EEA), then the Customer is contracting with TypingDNA SRL and this Agreement shall be governed by the laws of Romania. For contracts with TypingDNA SRL, both parties’ consent to the exclusive jurisdiction and venue of the courts in Bucharest, Romania, for all disputes arising out of or relating to this Agreement or the use of the Service. Provided however, if the Customer is domiciled outside the EEA, the Customer is contracting with TypingDNA Inc. and this Agreement shall be governed by the laws of the State of New York and the United States of America without reference to conflict of law principles. For contracts with TypingDNA Inc., both parties’ consent to the exclusive jurisdiction and venue of the courts in New York, United States of America, for all disputes arising out of or relating to this Agreement or the use of the Service.
Last modified July 16, 2020
Document version 2