TypingDNA Verify 2FA Standard Service Terms
The TypingDNA Verify 2FA Standard Service Terms is a Software-as-a-Service
agreement between TypingDNA, henceforth called the Company, and You, the
company that has implemented the Service on its websites and/or platforms
for its End-User's authentication activities performed on such
websites/platforms henceforth called the Customer, (each called a
"party" and together, the "parties").
BY CLICKING ON THE "I AGREE" BUTTON, REGISTERING TO USE THE
SERVICE, OR USING THE SERVICE, (1) YOU ACKNOWLEDGE THAT YOU HAVE READ,
UNDERSTAND, AND AGREE TO BE BOUND BY THESE TERMS, AND (2) YOU REPRESENT
THAT YOU HAVE THE AUTHORITY TO ENTER INTO THESE TERMS, PERSONALLY AND ON
BEHALF OF THE COMPANY YOU HAVE NAMED AS THE CUSTOMER, AND TO BIND THAT
COMPANY TO THESE TERMS. IF YOU DO NOT AGREE TO THESE TERMS, OR IF YOU DO
NOT HAVE SUCH AUTHORITY, YOU SHOULD NOT USE THE SERVICE.
This Agreement takes effect when you click an "I Agree" button
or checkbox presented with these terms or, if earlier, when you use any of
the Services (the "Effective Date").
Affiliate: any company or other entity, which
directly or indirectly controls, is controlled by or is under joint
control with a party of this agreement. For this purpose, a party is
deemed to control a company or entity if it (a) owns, directly or
indirectly, at least 50 percent of the capital of the other company,
or (b) in the absence of such ownership interest, substantially has
the power to direct or cause the direction of the management and set
the policies of such company or entity.
Agreement: these Standard Service Terms and any
other TypingDNA document/material incorporated herein.
Service Request: a digital call addressed to the
Service made by the Customer's servers to the Company's
Claim: any claim, suit, action, proceeding, losses,
liabilities, damages, settlements as per art. 8.1 below.
Confidential Information: information that may be
disclosed or made available by the Disclosing Party to the Receiving
Party, including, but not limited to: technical and business
information relating to proprietary ideas, patentable ideas and/or
trade secrets, existing and/or contemplated products and services,
research and development, production, costs, profit and margin
information, finances and financial projections, customers, clients,
potential clients, marketing strategies, and current or future
business plans and models, regardless of whether such
information is designated as "Confidential Information"
at the time of its disclosure.
Disclosing Party: the party or its Affiliates who
discloses any Confidential Information.
End-User: a natural person who uses the Service
when accessing a service, logging into an account, performing a
transaction, or any other authentication activities performed on the
OTP: means each One-Time Password or other such
code or tool that the Company may provide to the Customer's
End-Users via SMS, email, or another channel upon the
End-User's first enrolment in the TypingDNA Verify 2FA, or anytime
subsequently when the End-User's typing pattern cannot be
verified by the Service, or when the Service is bypassed by End-User
request or use of an unsupported device, or when the End-User
requests that its TypingDNA account details be reset.
Personal Data: any information describing or
relating to an identified or identifiable individual (where an
identifiable individual is an individual who can be identified,
directly or indirectly, in particular by reference to an identifier
such as a name, an identification number, location data, an online
identifier or to one or more factors specific to the physical,
physiological, genetic, mental, economic, cultural or social
identity of that individual).
Receiving Party: the party or its Affiliates who
receives or otherwise obtains any Confidential Information.
Service: the End User's identity
verification/authentication software/application and TypingDNA
typing biometrics authentication technology that uses an
individual's typing biometrics to verify such user's
authenticity, also called TypingDNA Verify 2FA.
TypingDNA: means (i) TypingDNA Inc. a US, Delaware
company, headquartered in 77 Sands Street, Brooklyn, NY, 11201, or
(ii) TypingDNA S.R.L. with its registered office in Romania, 32
Vasile Conta Str., Oradea, Office 22, EUID ROONRC. J05/1153/2016,
fiscal identification code RO 36172414, as per Section 14 -
Contracting party and Specific Legislation.
Typing Pattern: behavioral patterns and data that
can be related to typing, touch and pointer input (including, but
not limited to, speed of typing, the pressure applied, intervals
between keystrokes, telemetry information, typing rhythms, device
movement and positioning data, mouse, touch and swipe data, etc.).
Terms of Service
By using the Service, the Customer agrees to be bound by the latest
version of the Standard Service Terms, all applicable laws and
regulations, and agrees to be responsible for compliance with
any applicable local laws or regulations. If the Customer does not
agree with any of these terms, the Customer is prohibited from using
or accessing the Service.
The Company collects, stores and further processes personal data as
a result of, or in the course of, providing the TypingDNA products
https://www.typingdna.com/legal/website-privacy-policy, which regulates how we process personal data. Continuing use of
the TypingDNA products and/or services shall be considered as
time to time to reflect changes regarding information practices. If
the Company makes any material changes, the Company will notify the
Customer by email (sent to the email address specified in
Customer's account) or by means of a notice on the
Company's Website prior to the change becoming effective.
Continuing use of any TypingDNA products and/or services shall be
considered as consent/agreement to such updated terms of the Privacy
The Company may update, revise or amend this Agreement and/or any
other policies, terms or conditions applicable to the use of the
Website and/or our Service, at any time by posting a revised version
on the Website. The Company will make reasonable efforts to notify
the Customer of any material changes to this Agreement by posting a
notice on the Company's Website and shall take effect
immediately when posted. Continuing use of the Website, or any
TypingDNA Service signifies the Customer's agreement to be
bound by the current version of such Agreement. The Customer is
exclusively responsible and liable for keeping up to date of the
latest applicable version of these documents. If the Customer does
not agree with this Agreement, then the Customer should immediately
stop using the Service.
The Customer will ensure that all its End-Users comply with the
Customer's obligations under this Agreement and that the terms
of the Customer's agreement with each End-User are consistent
with this Agreement. If the Customer becomes aware of any violation
of its obligations under this Agreement caused by an End-User, it
will immediately suspend access to the Service by such End-User to
the applicable extent. The Company reserves the right to suspend or
restrict the End-User's access to the Service in case of any
violations. Normally that means a fall back to Root of Trust (ROT)
authentication (e.g. SMS OTP).
The Company licenses a non-exclusive, non-transferable,
non-sublicensable right of use of its Service to the Customer,
conditioned by the compliance with this Agreement.
The Customer will use the Service only for its own purpose and
refrain from reselling, distributing, renting or leasing the Service
to third parties. A separate agreement to be executed between the
parties is required for the Customer to use the Service in
connection with third parties, other than its End-Users.
The Service should be used only as a second-factor authentication
and never as a first factor of authentication. Before using the
Service, there must be a gated system in place such as password
protection. The Company does not guarantee perfect correctness or
accurate authentication or verification of any End User -- no
biometrics-system can ever provide that. Using different devices,
keyboards or health conditions (such as: a broken arm or any action
that is substantially different than normal) can affect the accuracy
of the Service.
The Service uses sophisticated fraud prevention algorithms meant to
prevent potential attackers from conducting targeted and/or mass
scale attacks, as a result some users may experience fall back to
ROT authentication (e.g. SMS OTP) for extra safety.
The Customer is responsible to verify the End-User's Root of Trust
(RoT), the phone and/or email address of the End-User before using
the Service for typing verification. Not doing so may result in an
abnormal level of unsuccessful verifications/registrations and
potential breaches of security in which case TypingDNA may suspend
any or all typing verifications, falling back to ROT
authentication/verification for all End-Users until the cause is
identified and fixed.
The Customer expressly acknowledges that if the End-User fails to
provide the correct information when enrolling on the Service, the
End-User may not be able to use the Service.
The Customer acknowledges that the End-User may be verified by the
Company on other Customer's websites and/or platforms.
The Customer is responsible to obtain ROT information from its
End-Users (e.g. phone number and/or email), in accordance with the
applicable laws and regulations regarding Personal Data, as
necessary for the Company and its Affiliates to provide the Service.
The relationship between the Company and the Customer's
End-Users in relation to TypingDNA Verify is governed by the
End User Agreement.
The Customer will not try to (or permit any of its employees or
contractors to) copy or reverse-engineer the typing biometrics
technology offered by the Company or otherwise use or reference the
Service to develop or have developed a similar technology, expect to
the extent (and only to the extent) such reverse-engineering or
other activity cannot be restricted under applicable laws.
The Customer will not interfere with or disrupt the integrity or
performance of the Service or attempt to gain unauthorized access to
The Customer must notify the Company of any defect of the Service
immediately after its detection. The Company will try to repair the
defect within a reasonable period.
The intellectual property over the know-how, the software and design
that runs the Service (source code and binaries) belongs exclusively
to the Company. All modifications that may be made to it as a result
of the cooperation between the parties, even suggestions of
improvements made by the Customer, which may be developed by the
Company (at the Company's option) and will belong to the
Company. The Customer will have no ownership, not even partial, over
the intellectual property in or to the Service, including the
algorithms, software and systems of the Service.
The Company manages and maintains all the servers, including
proprietary or third-party software. No direct access to the
infrastructure or software is provided to the Customer.
The Company is entitled to carry out maintenance work that can
disrupt the Service. The planned maintenance work may be notified in
advance by email (sent to the email address specified in
Customer's account) or by means of a notice on the
The Company reserves the right to modify, suspend or terminate the
Service or its use by the Customer or as a whole at any time without
giving prior notice or reason where the Company reasonably considers
necessary or advisable to do so. These cases may include actual or
suspected breach of security, or where the Company reasonably
believes that the information the Customer or its End-Users provided
to the Company is untrue, inaccurate, outdated or incomplete.
The Customer shall pay the Company for the use of the Service a
monthly remuneration as per the tier and usage plan subscribed to,
and all amounts paid are non-refundable except as otherwise provided
in this Agreement or required by law. The payment shall be made
through a payment platform chosen by the Company and the Customer
shall be charged each calendar month on or about the 1st day of the
following calendar month. Company may change pricing, tiers, and
usage plans by publishing the change on its Website.
For invoicing purposes, the Customer shall also provide the VAT ID
(if applicable) or other tax identification as and if requested.
The Customer shall pay all Invoices issued by the Company within
thirty (30) days of the date of the invoice. If any Customer payment
is more than thirty (30) days past due, interest at the rate of
eighteen percent (18%) per annum (or, if lower, the maximum rate
permitted by applicable law) will accrue, unless the non-payment is
subject to a good faith dispute by Customer of certain amounts
invoiced under this Agreement. In this situation, the Company also
reserves the right to suspend the Service.
The fees and other amounts payable by Customer to the Company do not
include any taxes of any jurisdiction that may be assessed or
imposed upon the Services, including sales, use, excise, value
added, personal property, export, import and withholding taxes,
excluding only taxes based upon Company's net income. The Customer
will provide to the Company relevant information to reasonably
assist the Company in determining taxes. The Customer will promptly
reimburse the Company for any taxes payable or collectable by the
Company (other than taxes based upon Company's net income),
unless the Customer is exempt from taxes and provides valid
documentation regarding its tax exempt status within 10 days from
the Effective Date.
Service Commitment & Availability
THE SERVICE IS PROVIDED AS-IS AND WITHOUT WARRANTY OF ANY KIND; TO
THE EXTENT PERMITTED BY LAW, COMPANY DISCLAIMS ALL WARRANTIES,
INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR AN INTENDED
PURPOSE, INTEGRATION, AVAILABILITY, NON-INFRINGEMENT, AND PERFECT
SECURITY OR ACCURACY. However, the Company will use commercially
reasonable efforts to make the Service available 99% of the time
during each monthly billing cycle, with the mention that Company
will not be liable for the consequences of any interruptions or
The Customer understands that a service of such volumes cannot
guarantee response times. The Customer understands that the Service
will aim to always provide a response to all ServiceRequests even if
some responses are slower during peak times.
Any anticipated increase in the volume of Service Requests, that
increase the amount of daily Service Requests with at least 50% or a
minimum of 300,000 Service Requests per day, compared to the average
number of Service Requests in the previous 30 days, must be
immediately notified by the Customer, so that the Company allocates
the necessary hardware resources.
The Company reserves the right to clean or archive the database of
the Service of inactive saved End-Users, or inactive Customers. An
inactive saved End-User is an End-User for which no related Service
Request has been made to verify their typing biometrics for more
than 12 months. An inactive Customer is a Customer that did not make
an Service Request for more than 12 months.
The Service commitment does not apply to any unavailability,
suspension or termination of Agreement, or any other performance
that result from a suspension / termination of this Agreement;
- maintenance work on the Service;
caused by factors outside Company's reasonable control,
including any force majeure event, host provider's
service, or related problems beyond Company's demarcation
that result from any Customer's actions or inactions or
any related third party;
that result from Customer's equipment, software or other
technology and/or third-party equipment, software or other
technology (other than Customer's infrastructure under
Company's direct control).
The Customer may request technical support, by using the channels
provided on the Company's Website or by emailing
The Company does not guarantee any specific response time for
technical support. The Company may limit or deny Customer access to
support if it determines, in Company's reasonable
discretion, that the Customer is acting, or has acted, in a way that
results or has resulted in misuse of support or abuse of
The Customer grants to the Company the right to use the
Customer's name and logo on marketing materials (including,
but not limited to the Company's Website and presentations).
To object to this use, the Customer can send an email to
The Receiving Party shall keep the Confidential Information in
strict confidence and shall not use or disclose any of the
Confidential Information to any third party in any manner whatsoever
other than to perform its obligations or exercise its rights under
this Agreement; provided, however, that the Receiving Party may make
a disclosure of information contained in the Confidential
Information to which the Disclosing Party gives its prior written
consent; Company may engage subcontractors and disclose information
to them to facilitate the provision of the Service.
This Agreement imposes no obligation upon the parties with respect
to any Confidential Information (a) that was possessed before
receipt; (b) is or becomes a matter of public knowledge through no
fault of the Receiving Party; (c) is rightfully received from a
third party not owing a duty of confidentiality; (d) is disclosed
without a duty of confidentiality to a third party by, or with the
authorization of the Disclosing Party; or (e) is independently
developed by the other party.
The Customer will indemnify, defend and hold the Company and its
Affiliates and successors (and the officers, directors, employees,
agents, service providers, licensors) harmless, at Customer's
expense, against any claim, suit, action, proceeding losses,
liabilities, damages, settlements which may arise out of or relate
to: (a) unauthorized or illegal use of the Service by the Customer,
(b) Customer's noncompliance with or breach of this Agreement,
(c) the unauthorized use of the Service by any other person using
the Customer's End User or other information, (d) the
unauthorized disclosure or use of the Personal Data, or (e) reliance
on the accuracy of the Service, including the usage of the Service
by the Customer as a sole authentication factor.
The Company will notify the Customer in writing within thirty (30)
days of its becoming aware of any such Claim; give the Customer sole
control of the defense or settlement of such a Claim; and provide to
the Customer (at his/her/its expense) with any and all information
and assistance reasonably requested by to handle the defense or
settlement of the Claim. The Customer shall not accept any
settlement that (i) imposes an obligation on the Company; (ii)
requires the Company to make an admission; or (iii) imposes
liability not covered by these indemnifications or places
restrictions on the Company without its prior written consent.
The obligations of the Agreement shall extend to all entities that
constitute "Customer," including all Affiliates, even
though each such entity is not specifically named as a party to this
Agreement. As such, Customer and its successors and assigns will be
and remain liable for all of the obligations of all entities that
constitute "Customer" under the Agreement, including all
Affiliates, and the Company will look to Customer and its successors
and assigns for enforcement of Company's rights under the
The force majeure protects against liability to the extent and for
the period that the party is prevented, hindered, or delayed to
fulfil its obligation because of the force majeure event. The party
that invokes the force major will communicate in writing, to the
other party, the proof of the force major event, in maximum 5 days
from its appearance. The same procedure of notification will apply
in case of cessation of the force majeure event. If due to the force
majeure event one of the parties is hindered to fulfil, totally or
partially, its contractual obligations for a period longer than 30
(thirty) days, then the other party will have the right to cancel
the Agreement, through a written notification sent to the other
Term & Termination
The term of this Agreement is one (1) year from the date the
Customer agrees with the terms of this Agreement and shall renew
automatically with one (1) year periods, unless either party
provides the other party with a written notice, at least sixty (60)
days prior to the end of the then-current term, of its intent to not
The Customer may terminate this Agreement for cause if the Company
is in material breach of this Agreement and the material breach
remains uncured for a period of 30 days from receipt of notice by
The Company may terminate the Agreement with a 30 days' notice
sent by email to the Customer
Notwithstanding the above, the Company may automatically suspend and
cease providing Service without any notification in the event that
the Customer violates, or is suspected of violating, this Agreement.
The Company may also terminate the Agreement without giving notice
for any breaches of the Agreement.
Upon termination the Customer is prohibited from using the Service.
Limitations of Liability
IN NO EVENT SHALL THE COMPANY, ITS AFFILIATES, OR ITS SUPPLIERS BE
LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL
DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF DATA,
PRODUCTIVITY, OPPORTUNITY OR PROFIT, OR DUE TO BUSINESS
INTERRUPTION), UNDER ANY LEGAL THEORY OR CLAIM EVEN IF ADVISED OF
THE POSSIBILITY THEREOF, INCLUDING WITHOUT LIMITATION LIABILITY
ARISING OUT OF BREACH OF CONTRACT, TORT, OR THE USE, INABILITY TO
USE, POOR PERFORMANCE, OR DEFECTS OF THE SERVICE.
The Company is not liable for any use of the Service by the Customer
or its End-Users in violation of any laws and regulations, including
the European Union or U.S laws, the Customer's local laws or
regulations, or the End-Users local laws or regulations.
The Company is not liable for any loss, damages or expenses of any
kind incurred or suffered by the Customer or its End Users arising
from or in connection with any failure, delay or interruption in
transmitting OTPs or any suspension or unavailability of the Service
due to any failure of the mobile service network or any other
circumstance beyond our reasonable control.
The Company is not liable for any loss, damages or expenses of any
kind incurred or suffered by the Customer or its End-Users arising
from or in connection with their use of or inability to use the
Service, or any failure of the Service, including errors in
verifying users' Typing Patterns or errors in transmitting
The Company bears no responsibility or liability whatsoever in the
event that the End-User's phone, email address or other device
is stolen or hacked, and there is unauthorized use or access by a
third party of End-User's phone number and/or email address or
any other devices.
No action or claim of any type relating to this Agreement may be
brought or made by Customer more than one (1) year after Customer
first has knowledge of the basis for the action or claim. If any
Services are provided on or for an evaluation, trial, or proof of
concept basis, then Customer's sole remedy in connection
therewith will be termination of the evaluation, trial or proof of
In any case, the Company is not liable, per claim or in the
aggregate, for an amount greater than it was paid by the Customer
during the last 12 months.
The Customer's liability will not be an amount greater than
the amount paid already to the Company, except for liability
relating to Company's intellectual property or breaching the
following articles of this Agreement: 2.6, 2.14, 2.17, 3, 7, or 8.
If any provision of this Agreement shall be held or made invalid or
unenforceable for any reason, such invalidity shall not affect the
remainder of this Agreement, and the invalid or unenforceable
provisions shall be replaced by a mutually acceptable provision,
which being valid, legal and enforceable comes closest to the
original intentions of the parties hereto and has like economic
The failure by us to enforce any provision of this Agreement will
not constitute a present or future waiver of such provision nor
limit our right to enforce such provision at a later time. All
waivers by us must be in writing to be effective.
Contracting Party and Specific Legislation
Customer's address determines which TypingDNA entity is the
contracting party and invoicing the Customer.
If the Customer is domiciled in the European Economic Area (EEA),
then the Customer is contracting with TypingDNA SRL and this
Agreement shall be governed by the laws of Romania. For contracts
with TypingDNA SRL, both parties' consent to the exclusive
jurisdiction and venue of the courts in Bucharest, Romania, for all
disputes arising out of or relating to this Agreement or the use of
the Service. Provided however, if the Customer is domiciled outside
the EEA, the Customer is contracting with TypingDNA Inc. and this
Agreement shall be governed by the laws of the State of New York and
the United States of America without reference to conflict of law
principles. For contracts with TypingDNA Inc., both parties'
consent to the exclusive jurisdiction and venue of the courts in New
York, United States of America, for all disputes arising out of or
relating to this Agreement or the use of the Service.
Date April 12, 2021
Document version 1