Terms of Service
Effective Date: February 2, 2026
Last Updated: February 2, 2026
These Terms of Service ("Agreement") constitute a legally binding agreement between the entity or individual accepting these terms ("Customer," "you," or "your") and TrustGate Inc., a Delaware corporation ("TrustGate," "we," "us," or "our").
By accessing or using the TrustGate platform, APIs, SDKs, dashboard, or related services (collectively, the "Services"), you acknowledge that you have read, understood, and agree to be bound by this Agreement. If you are entering into this Agreement on behalf of a company or other legal entity, you represent that you have the authority to bind such entity to this Agreement.
If you do not agree to these terms, do not access or use the Services.
1. Definitions and Interpretation
1.1 Definitions
In this Agreement, the following terms have the meanings set forth below:
"Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a party, where "control" means ownership of more than 50% of the voting securities or equivalent voting interest.
"Applicant" means an end user whose identity is being verified through the Services on behalf of Customer.
"API" means the application programming interface(s) provided by TrustGate that enable Customer to integrate the Services into Customer's applications.
"Biometric Data" means data resulting from specific technical processing relating to the physical, physiological, or behavioral characteristics of a natural person, including facial geometry and facial recognition data.
"Check" or "Verification" means a single identity verification transaction processed through the Services, including but not limited to document verification, biometric verification, liveness detection, or sanctions screening.
"Confidential Information" means any non-public information disclosed by one party to the other that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and circumstances of disclosure.
"Customer Data" means all data, including Personal Data, submitted by Customer or Applicants to the Services for processing.
"Dashboard" means the web-based administrative interface accessible at app.bytrustgate.com through which Customer can manage their account, view verification results, and configure Services.
"Documentation" means the technical documentation, user guides, API references, and other materials made available by TrustGate describing the functionality and use of the Services.
"Effective Date" means the date on which Customer first accepts this Agreement or begins using the Services, whichever is earlier.
"Fees" means the amounts payable by Customer for the Services as set forth in the applicable pricing plan or Order Form.
"Order Form" means any ordering document, statement of work, or online subscription form executed by the parties that references this Agreement.
"Personal Data" means any information relating to an identified or identifiable natural person, as defined by applicable Data Protection Laws.
"SDK" means the software development kit(s) provided by TrustGate that enable Customer to integrate the Services into mobile or web applications.
"Services" means TrustGate's identity verification, document verification, biometric verification, liveness detection, AML/sanctions screening, fraud prevention, and related services, including the API, SDK, Dashboard, and Documentation.
"Subscription Term" means the period during which Customer is authorized to use the Services, as specified in the applicable pricing plan or Order Form.
"System" means the computer programs, databases, servers, and infrastructure operated by TrustGate to provide the Services.
1.2 Interpretation
- References to "days" mean calendar days unless otherwise specified.
- References to statutes include any amendments or successor legislation.
- Headings are for convenience only and do not affect interpretation.
- "Including" means "including without limitation."
2. Service Description
2.1 Services Provided
TrustGate provides identity verification and fraud prevention services, including:
(a) Identity Document Verification: Automated verification of government-issued identity documents (passports, driver's licenses, national ID cards) using optical character recognition (OCR), document authenticity checks, and fraud detection.
(b) Biometric Verification: Facial recognition technology to compare selfie images against document photos and verify that the person presenting the document is the document holder.
(c) Liveness Detection: Technology to confirm that the individual is physically present and not using photographs, videos, or deepfake technology.
(d) AML/Sanctions Screening: Screening of individuals against sanctions lists, politically exposed persons (PEP) databases, and adverse media sources.
(e) Fraud Prevention: Device fingerprinting, IP analysis, velocity checks, and risk scoring to detect and prevent fraudulent verification attempts.
(f) Dashboard and Reporting: Web-based interface for reviewing verification results, managing workflows, and generating compliance reports.
2.2 Service Availability
TrustGate will use commercially reasonable efforts to maintain the availability of the Services in accordance with the Service Level Agreement set forth in Annex A. Scheduled maintenance will be communicated in advance when practicable.
2.3 Modifications to Services
TrustGate may modify the Services from time to time. If we make a material change that negatively impacts the functionality of the Services, we will provide at least thirty (30) days' notice. Customer's continued use of the Services after such notice constitutes acceptance of the modifications.
2.4 Beta Services
TrustGate may offer beta or preview features. Such features are provided "as is" without warranty and may be discontinued at any time. Customer's use of beta features is at Customer's sole risk.
3. Account Registration and Access
3.1 Account Creation
To access the Services, Customer must create an account by providing accurate and complete registration information. Customer agrees to keep this information current throughout the Subscription Term.
3.2 Account Security
Customer is responsible for:
(a) Maintaining the confidentiality of account credentials and API keys;
(b) All activities that occur under Customer's account;
(c) Implementing appropriate security measures to prevent unauthorized access;
(d) Promptly notifying TrustGate of any unauthorized use or security breach.
3.3 API Keys and Credentials
API keys are confidential and must be protected. Customer must not share API keys publicly (e.g., in client-side code, public repositories) or with unauthorized parties. Compromised keys must be rotated immediately.
3.4 Authorized Users
Customer may authorize employees, contractors, or agents to access the Services on Customer's behalf. Customer remains responsible for their compliance with this Agreement.
4. Customer Obligations
4.1 Lawful Use
Customer will use the Services only for lawful business purposes and in compliance with all applicable laws, including but not limited to:
(a) Anti-money laundering (AML) and counter-terrorism financing (CFT) laws;
(b) Know Your Customer (KYC) regulations;
(c) Data protection and privacy laws (including GDPR, CCPA, and applicable state biometric privacy laws);
(d) Consumer protection laws;
(e) Export control and sanctions laws.
4.2 End User Consent
Customer is responsible for obtaining all necessary consents from Applicants before submitting their data to the Services, including:
(a) Informed consent for identity verification processing;
(b) Explicit consent for biometric data processing where required by law;
(c) Notice regarding data handling practices.
Customer must provide Applicants with access to TrustGate's Service Privacy Policy or equivalent disclosures.
4.3 Acceptable Use
Customer will comply with the Acceptable Use Policy set forth in Annex B. Without limiting the foregoing, Customer will not:
(a) Use the Services for any illegal purpose;
(b) Submit fraudulent, falsified, or stolen identity documents;
(c) Attempt to reverse engineer, decompile, or disassemble the Services;
(d) Interfere with or disrupt the Services or attempt to gain unauthorized access;
(e) Resell or sublicense the Services without prior written consent;
(f) Use the Services in a manner that violates the rights of third parties.
4.4 Compliance Responsibility
Customer acknowledges and agrees that:
(a) Customer is solely responsible for determining the suitability of the Services for Customer's compliance needs;
(b) TrustGate does not provide legal, regulatory, or compliance advice;
(c) Customer should seek independent legal counsel regarding regulatory requirements.
4.5 Integration Requirements
Customer will implement the Services in accordance with the Documentation and any integration guidelines provided by TrustGate. Customer is responsible for the security and functionality of Customer's own applications and systems.
5. Fees and Payment
5.1 Pricing Plans
TrustGate offers the following pricing plans:
(a) Developer Plan (Free Tier): Limited free Verifications for development and testing purposes, subject to usage limits.
(b) Growth Plan: Per-Verification pricing with monthly billing, designed for scaling businesses.
(c) Enterprise Plan: Custom pricing with negotiated terms, volume discounts, and dedicated support.
Detailed pricing is available at https://bytrustgate.com/pricing or as specified in the applicable Order Form.
5.2 Payment Terms
(a) Fees are due and payable as specified in the applicable pricing plan or Order Form.
(b) For Growth Plans, Customer will be billed monthly in arrears based on usage.
(c) For Enterprise Plans, payment terms are as specified in the Order Form.
(d) All Fees are stated in United States Dollars (USD) unless otherwise specified.
(e) Fees are exclusive of taxes. Customer is responsible for all applicable taxes, excluding taxes based on TrustGate's net income.
5.3 Late Payment
If Customer fails to pay any Fees when due:
(a) TrustGate may charge interest at the rate of 1.5% per month or the maximum rate permitted by law, whichever is less;
(b) TrustGate may suspend access to the Services upon 10 days' written notice;
(c) Customer will be responsible for reasonable collection costs, including attorneys' fees.
5.4 Pre-Paid Credits
If Customer purchases pre-paid Verification credits:
(a) Credits are non-refundable except as required by law;
(b) Credits expire 9 months after purchase unless otherwise specified;
(c) Unused credits are forfeited upon termination.
5.5 Disputes
Customer must notify TrustGate in writing of any disputed charges within thirty (30) days of the invoice date. The parties will work in good faith to resolve disputes. Undisputed amounts must be paid when due.
6. Data Handling and Privacy
6.1 Data Processing Roles
(a) Customer as Controller: With respect to Applicant data submitted to the Services, Customer is the data controller and determines the purposes and means of processing.
(b) TrustGate as Processor: TrustGate processes Customer Data on behalf of Customer as a data processor, acting only on Customer's documented instructions.
(c) TrustGate as Controller: TrustGate acts as an independent controller for certain limited purposes, including service improvement (using anonymized data), fraud pattern detection, and legal compliance.
6.2 Data Processing Agreement
The Data Processing Agreement set forth in Annex C is incorporated by reference and governs TrustGate's processing of Personal Data on behalf of Customer.
6.3 Data Security
TrustGate implements and maintains appropriate technical and organizational measures to protect Customer Data, including:
(a) Encryption at rest (AES-256) and in transit (TLS 1.3);
(b) Access controls and authentication;
(c) Regular security assessments and penetration testing;
(d) Employee security training.
6.4 Data Retention
(a) Customer Data is retained in accordance with Customer's configuration settings and applicable law.
(b) Default retention periods may vary by jurisdiction (e.g., 3 years for Illinois residents, 1 year for Texas residents for biometric data).
(c) Upon termination, Customer may request deletion of Customer Data, subject to legal retention requirements.
6.5 Subprocessors
TrustGate uses third-party subprocessors to provide the Services. A current list of subprocessors is available upon request by contacting legal@bytrustgate.com. TrustGate will notify Customer of new subprocessors at least 30 days before they begin processing Customer Data.
6.6 Data Breach Notification
In the event of a personal data breach affecting Customer Data, TrustGate will notify Customer without undue delay (and in any event within 72 hours of becoming aware) and provide information necessary for Customer to fulfill its notification obligations.
7. Intellectual Property
7.1 TrustGate IP
TrustGate and its licensors retain all right, title, and interest in and to the Services, System, Documentation, and all related intellectual property rights. Nothing in this Agreement transfers ownership of TrustGate IP to Customer.
7.2 License Grant to Customer
Subject to Customer's compliance with this Agreement, TrustGate grants Customer a limited, non-exclusive, non-transferable, revocable license to:
(a) Access and use the Services during the Subscription Term;
(b) Integrate the API and SDK into Customer's applications;
(c) Use the Documentation for internal business purposes.
7.3 Customer Data
Customer retains all right, title, and interest in Customer Data. Customer grants TrustGate a limited license to process Customer Data solely as necessary to provide the Services and as otherwise described in this Agreement.
7.4 Feedback
If Customer provides suggestions, ideas, or feedback regarding the Services ("Feedback"), TrustGate may use such Feedback without restriction or obligation to Customer.
7.5 Restrictions
Customer will not:
(a) Copy, modify, or create derivative works of the Services;
(b) Reverse engineer, decompile, or disassemble the Services;
(c) Remove or alter any proprietary notices;
(d) Use TrustGate's trademarks without prior written consent.
8. Confidentiality
8.1 Confidential Information
Each party agrees to protect the other party's Confidential Information using the same degree of care it uses to protect its own confidential information, but not less than reasonable care.
8.2 Permitted Disclosures
A party may disclose Confidential Information:
(a) To employees, contractors, and advisors who need to know and are bound by confidentiality obligations;
(b) As required by law, regulation, or court order (with prompt notice to the disclosing party where permitted);
(c) With the prior written consent of the disclosing party.
8.3 Exclusions
Confidential Information does not include information that:
(a) Is or becomes publicly available without breach;
(b) Was known to the receiving party before disclosure;
(c) Is independently developed without use of Confidential Information;
(d) Is rightfully obtained from a third party without restriction.
8.4 Survival
Confidentiality obligations survive termination for 3 years.
9. Representations and Warranties
9.1 Mutual Representations
Each party represents and warrants that:
(a) It has the legal power and authority to enter into this Agreement;
(b) This Agreement constitutes a valid and binding obligation;
(c) Its performance will not violate any other agreement or applicable law.
9.2 TrustGate Warranties
TrustGate warrants that:
(a) The Services will perform materially in accordance with the Documentation;
(b) TrustGate will provide the Services in a professional and workmanlike manner;
(c) TrustGate will implement commercially reasonable security measures.
9.3 Customer Warranties
Customer represents and warrants that:
(a) Customer has obtained all necessary consents from Applicants;
(b) Customer's use of the Services complies with applicable laws;
(c) Customer Data does not violate the rights of any third party.
9.4 Disclaimers
EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE." TRUSTGATE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
9.5 FCRA Disclaimer
IMPORTANT: TRUSTGATE IS NOT A CONSUMER REPORTING AGENCY ("CRA") AS DEFINED BY THE FAIR CREDIT REPORTING ACT, 15 U.S.C. SECTION 1681 ET SEQ. ("FCRA"). THE SERVICES DO NOT CONSTITUTE "CONSUMER REPORTS" AS DEFINED BY FCRA.
TrustGate does not:
(a) Collect or maintain information for the purpose of furnishing consumer reports;
(b) Provide consumer reports to third parties;
(c) Act as a reseller of consumer reports.
Customer agrees not to use the Services for any purpose that would require FCRA compliance, including employment screening, tenant screening, credit eligibility, insurance eligibility, or any other purpose covered by FCRA.
9.6 Not Sole Basis Disclaimer
THE SERVICES ARE INTENDED TO PROVIDE INFORMATION TO ASSIST CUSTOMER IN MAKING VERIFICATION DECISIONS. THE SERVICES ARE NOT INTENDED TO BE, AND SHOULD NOT BE USED AS, THE SOLE BASIS FOR ANY DECISION REGARDING AN APPLICANT.
Customer acknowledges that:
(a) Verification results are probabilistic assessments, not definitive determinations;
(b) Customer should consider additional factors when making decisions;
(c) Customer is solely responsible for decisions made based on verification results;
(d) TrustGate does not guarantee the accuracy of information provided by Applicants or third-party data sources.
9.7 No Guarantee of Results
TrustGate does not guarantee that:
(a) The Services will detect all instances of fraud or identity theft;
(b) The Services will be error-free or uninterrupted;
(c) Verification results will satisfy Customer's regulatory requirements.
10. Limitation of Liability
10.1 Exclusion of Damages
TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY WILL BE LIABLE FOR ANY:
(a) Indirect, incidental, special, consequential, or punitive damages;
(b) Loss of profits, revenue, goodwill, or anticipated savings;
(c) Loss of data or data breach damages (except as set forth below);
(d) Business interruption;
(e) Damages arising from Customer's decisions based on verification results.
These exclusions apply regardless of the theory of liability and even if a party has been advised of the possibility of such damages.
10.2 Liability Cap
SUBJECT TO SECTION 10.3, EACH PARTY'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT WILL NOT EXCEED THE LIABILITY CAP APPLICABLE TO CUSTOMER'S PLAN:
| Plan | Liability Cap |
|---|---|
| Developer (Free) | $0 (Services provided at Customer's sole risk) |
| Starter | The lesser of: (i) total Fees paid during the three (3) months preceding the claim, or (ii) $5,000 USD |
| Professional | The lesser of: (i) total Fees paid during the three (3) months preceding the claim, or (ii) $5,000 USD |
| Enterprise | The lesser of: (i) total Fees paid during the three (3) months preceding the claim, or (ii) $5,000 USD |
10.3 Exceptions to Limitations
The limitations in Sections 10.1 and 10.2 do not apply to:
(a) A party's breach of confidentiality obligations (Section 8);
(b) A party's indemnification obligations (Section 11);
(c) Customer's payment obligations;
(d) Liability arising from gross negligence or willful misconduct;
(e) Liability that cannot be limited by applicable law.
10.4 Basis of the Bargain
The limitations of liability in this Section 10 reflect the allocation of risk between the parties and are an essential element of the basis of the bargain between the parties. The Services would not be provided without such limitations.
11. Indemnification
11.1 Customer Indemnification
Customer will indemnify, defend, and hold harmless TrustGate and its officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from:
(a) Customer's breach of this Agreement;
(b) Customer's violation of applicable laws;
(c) Customer's failure to obtain required consents from Applicants;
(d) Customer's misuse of the Services or verification results;
(e) Any claim by an Applicant or third party relating to Customer's use of the Services;
(f) Customer Data infringing the rights of a third party.
11.2 TrustGate Indemnification
TrustGate will indemnify, defend, and hold harmless Customer and its officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from claims that the Services, as provided by TrustGate and used in accordance with this Agreement, infringe the intellectual property rights of a third party.
Exclusions: TrustGate's indemnification obligations do not apply to claims arising from:
(a) Customer's modification of the Services;
(b) Customer's combination of the Services with other products or services;
(c) Customer's use of the Services in violation of this Agreement.
11.3 Indemnification Procedure
The indemnified party must:
(a) Provide prompt written notice of the claim;
(b) Give the indemnifying party sole control of the defense and settlement;
(c) Provide reasonable cooperation and assistance.
The indemnifying party may not settle any claim that imposes liability on the indemnified party without prior written consent.
12. Term and Termination
12.1 Term
This Agreement begins on the Effective Date and continues until terminated as provided herein.
(a) Developer Plan: Month-to-month, terminable at any time.
(b) Growth Plan: Monthly subscription, automatically renewing unless terminated.
(c) Enterprise Plan: As specified in the Order Form.
12.2 Termination for Convenience
Either party may terminate this Agreement for convenience upon thirty (30) days' prior written notice to the other party.
12.3 Termination for Cause
Either party may terminate this Agreement immediately upon written notice if:
(a) The other party commits a material breach and fails to cure within thirty (30) days of receiving notice;
(b) The other party becomes insolvent, files for bankruptcy, or ceases operations;
(c) The other party violates applicable law in connection with this Agreement.
12.4 TrustGate Suspension Rights
TrustGate may immediately suspend Customer's access to the Services if:
(a) Customer fails to pay Fees when due;
(b) Customer's use poses a security risk;
(c) Customer violates the Acceptable Use Policy;
(d) Required by law or government authority.
TrustGate will provide notice of suspension when practicable.
12.5 Effect of Termination
Upon termination:
(a) Customer's right to access and use the Services terminates immediately;
(b) Customer will pay all Fees accrued through the termination date;
(c) Each party will return or destroy the other party's Confidential Information;
(d) Upon request, TrustGate will delete Customer Data within 30 days, subject to legal retention requirements;
(e) TrustGate will provide Customer with a reasonable opportunity (not less than 30 days) to export Customer Data before deletion.
12.6 Survival
The following sections survive termination: Section 1 (Definitions), Section 5.3-5.4 (Late Payment, Pre-Paid Credits), Section 6 (Data Handling - as applicable), Section 7.1 (TrustGate IP), Section 8 (Confidentiality), Section 9.4-9.7 (Disclaimers), Section 10 (Limitation of Liability), Section 11 (Indemnification), Section 12.5-12.6 (Effect of Termination, Survival), and Section 13 (General Provisions).
13. General Provisions
13.1 Governing Law
This Agreement is governed by the laws of the State of Delaware, United States, without regard to conflict of laws principles.
13.2 Dispute Resolution
(a) Negotiation: The parties will attempt to resolve any dispute through good faith negotiation for at least thirty (30) days.
(b) Arbitration: Any dispute not resolved through negotiation will be resolved by binding arbitration administered by the American Arbitration Association (AAA) in accordance with its Commercial Arbitration Rules. The arbitration will be conducted in Miami, Florida.
(c) Injunctive Relief: Nothing in this section prevents either party from seeking injunctive or other equitable relief in any court of competent jurisdiction.
(d) Class Action Waiver: Each party waives any right to participate in a class action lawsuit or class-wide arbitration.
13.3 Assignment
Neither party may assign this Agreement without the prior written consent of the other party, except that either party may assign to an Affiliate or in connection with a merger, acquisition, or sale of all or substantially all of its assets. Any purported assignment in violation of this section is void.
13.4 Notices
Notices must be in writing and sent to:
To TrustGate:
TrustGate Inc.
700 NE 25th St APT 1902
Miami, FL 33137
Email: legal@bytrustgate.com
To Customer:
The address or email on file in Customer's account.
Notices are effective upon receipt (or the next business day if received after business hours).
13.5 Force Majeure
Neither party is liable for failures or delays resulting from circumstances beyond its reasonable control, including natural disasters, war, terrorism, labor disputes, government actions, or internet disruptions. This section does not excuse Customer's payment obligations.
13.6 Entire Agreement
This Agreement, including all Annexes and any Order Forms, constitutes the entire agreement between the parties regarding its subject matter and supersedes all prior agreements and understandings.
13.7 Amendments
TrustGate may modify this Agreement by posting the revised terms on its website. For material changes, TrustGate will provide at least thirty (30) days' notice. Customer's continued use of the Services after the effective date of modifications constitutes acceptance. Enterprise customers with executed Order Forms may have different amendment procedures as specified therein.
13.8 Severability
If any provision of this Agreement is held invalid or unenforceable, the remaining provisions remain in full force and effect. The invalid provision will be modified to the minimum extent necessary to make it valid and enforceable.
13.9 Waiver
A party's failure to enforce any right under this Agreement is not a waiver of that right. Waivers must be in writing and signed by the waiving party.
13.10 Independent Contractors
The parties are independent contractors. Nothing in this Agreement creates a partnership, joint venture, or agency relationship.
13.11 Third-Party Beneficiaries
This Agreement is for the benefit of the parties and their permitted successors and assigns. There are no third-party beneficiaries, except that TrustGate's indemnified parties are intended beneficiaries of Section 11.1.
13.12 Export Compliance
Customer will comply with all applicable export control and sanctions laws. Customer will not export or provide the Services to any prohibited destination, entity, or individual.
13.13 Government Use
If Customer is a U.S. government entity, the Services are provided as "commercial items" under 48 C.F.R. Section 2.101, with rights limited to those granted to non-government customers.
13.14 Counterparts
Order Forms may be executed in counterparts, each of which is an original and all of which together constitute one instrument.
Annex A: Service Level Agreement
A.1 Availability Commitment
TrustGate targets 99.9% monthly uptime for the Services, calculated as:
Uptime % = ((Total Minutes in Month - Downtime Minutes) / Total Minutes in Month) x 100A.2 Exclusions
The following are not counted as Downtime:
(a) Scheduled maintenance (with at least 48 hours advance notice);
(b) Emergency maintenance necessary to preserve security or stability;
(c) Issues caused by Customer's systems, networks, or third-party services;
(d) Force majeure events;
(e) Suspension due to Customer's breach.
A.3 Service Credits (Growth and Enterprise Plans Only)
If TrustGate fails to meet the availability commitment, Customer may request service credits:
| Monthly Uptime | Credit (% of Monthly Fees) |
|---|---|
| 99.0% - 99.9% | 10% |
| 95.0% - 99.0% | 25% |
| Below 95.0% | 50% |
Credit Request: Customer must request credits in writing within thirty (30) days of the end of the affected month. Credits are applied to future invoices and do not exceed 50% of monthly Fees.
A.4 Support
| Plan | Support Level |
|---|---|
| Developer | Community/documentation only |
| Growth | Email support (response within 24 business hours) |
| Enterprise | Dedicated support, phone, custom SLA |
A.5 Remedies
Service credits are Customer's sole and exclusive remedy for failure to meet the availability commitment.
Annex B: Acceptable Use Policy
The full Acceptable Use Policy is available as a standalone document and is incorporated by reference into this Agreement.
B.1 Prohibited Uses
Customer will not use the Services to:
(a) Verify identities for illegal activities or to facilitate fraud;
(b) Discriminate against individuals on the basis of race, color, religion, sex, national origin, age, disability, or other protected characteristics;
(c) Harass, stalk, or threaten any individual;
(d) Process data of individuals under the age of 18;
(e) Submit false, fabricated, or stolen identity documents;
(f) Probe, scan, or test the vulnerability of the Services without authorization;
(g) Interfere with or disrupt the Services or servers;
(h) Attempt to gain unauthorized access to the Services or related systems;
(i) Resell or redistribute the Services without authorization;
(j) Violate any applicable law or regulation.
B.2 Fair Use and Rate Limiting
(a) The Services are intended for legitimate business use. Usage that materially exceeds typical patterns or places undue burden on infrastructure may require an Enterprise agreement.
(b) TrustGate may implement rate limiting (requests per second) to protect the stability and performance of the Services. Current rate limits are documented in the API documentation.
(c) TrustGate will provide reasonable notice before taking action on unusual usage patterns, except where immediate action is required to protect the Services or other customers.
B.3 Content Standards
Customer will ensure that Customer Data:
(a) Does not contain malware, viruses, or harmful code;
(b) Does not violate intellectual property rights;
(c) Is accurate to the best of Customer's knowledge.
B.4 Monitoring
TrustGate may monitor use of the Services to ensure compliance with this Policy. TrustGate reserves the right to investigate and take appropriate action, including suspension or termination, for violations.
B.5 Reporting Violations
To report violations of this Policy, contact: legal@bytrustgate.com
Annex C: Data Processing Agreement
This Data Processing Agreement ("DPA") is incorporated into and forms part of the Terms of Service.
C.1 Scope
This DPA applies to TrustGate's processing of Personal Data on behalf of Customer in connection with the Services.
C.2 Definitions
(a) "Data Protection Laws" means all applicable laws relating to data protection and privacy, including GDPR, CCPA, and other applicable laws.
(b) "GDPR" means the General Data Protection Regulation (EU) 2016/679.
(c) "CCPA" means the California Consumer Privacy Act, as amended.
(d) "Data Subject" means an identified or identifiable natural person whose Personal Data is processed.
C.3 Processing Details
| Element | Description |
|---|---|
| Subject Matter | Identity verification services |
| Duration | The Subscription Term |
| Nature | Collection, analysis, storage of identity data |
| Purpose | Providing verification Services to Customer |
| Categories of Data | Identity data, document data, biometric data, technical data |
| Categories of Data Subjects | Applicants (individuals being verified) |
C.4 Processor Obligations
TrustGate will:
(a) Process Personal Data only on Customer's documented instructions;
(b) Ensure personnel are bound by confidentiality obligations;
(c) Implement appropriate technical and organizational security measures;
(d) Engage subprocessors only with Customer's authorization and binding them to equivalent obligations;
(e) Assist Customer in responding to Data Subject requests;
(f) Assist Customer with data protection impact assessments if required;
(g) Delete or return Personal Data upon termination, at Customer's election;
(h) Make available information necessary to demonstrate compliance;
(i) Allow and contribute to audits conducted by Customer or its authorized representative.
C.5 Customer Obligations
Customer will:
(a) Ensure it has a lawful basis for processing (including explicit consent for biometric data where required);
(b) Provide clear instructions to TrustGate regarding processing;
(c) Ensure Personal Data is accurate and relevant;
(d) Inform TrustGate of any Data Subject requests requiring TrustGate's assistance.
C.6 Data Subject Rights
TrustGate will assist Customer in fulfilling Data Subject requests for access, rectification, erasure, restriction, portability, and objection. TrustGate will notify Customer promptly of any Data Subject requests received directly.
C.7 Subprocessors
(a) Customer grants general authorization for TrustGate to engage subprocessors. The current list is available upon request by contacting legal@bytrustgate.com.
(b) TrustGate will notify Customer at least 30 days before adding new subprocessors.
(c) Customer may object to new subprocessors by notifying TrustGate within 14 days. If the objection cannot be resolved, Customer may terminate the affected Services.
(d) TrustGate remains liable for subprocessor compliance.
C.8 International Transfers
(a) TrustGate may transfer Personal Data outside the EEA where necessary to provide the Services.
(b) For transfers to countries without adequacy decisions, TrustGate will use appropriate safeguards (Standard Contractual Clauses or other approved mechanisms).
(c) The Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) are incorporated by reference where applicable.
C.9 Security Measures
TrustGate implements security measures including:
(a) Encryption of Personal Data at rest and in transit;
(b) Pseudonymization and anonymization where appropriate;
(c) Access controls and authentication requirements;
(d) Regular testing and evaluation of security measures;
(e) Employee training on data protection;
(f) Incident response procedures.
C.10 Data Breach Notification
TrustGate will notify Customer without undue delay (and within 72 hours where feasible) of any Personal Data breach. Notification will include:
(a) Nature of the breach, including categories and approximate number of Data Subjects affected;
(b) Contact point for more information;
(c) Likely consequences of the breach;
(d) Measures taken or proposed to address the breach.
C.11 Audits
(a) Customer may audit TrustGate's compliance with this DPA with 30 days' notice, no more than once per year, during business hours.
(b) TrustGate may satisfy audit requests by providing SOC 2 reports or equivalent third-party certifications.
(c) Audit costs are borne by Customer unless the audit reveals material non-compliance.
C.12 CCPA Compliance
For purposes of the CCPA:
(a) TrustGate is a "service provider" as defined by CCPA;
(b) TrustGate will not sell Personal Information;
(c) TrustGate will not retain, use, or disclose Personal Information for any purpose other than providing the Services;
(d) TrustGate will comply with applicable CCPA requirements.
C.13 Biometric Data
Where TrustGate processes Biometric Data:
(a) Customer is responsible for obtaining required consents under BIPA, CUBI, and other applicable biometric privacy laws;
(b) TrustGate will retain Biometric Data in accordance with applicable law (e.g., 3 years for Illinois, 1 year for Texas) unless Customer specifies shorter retention;
(c) TrustGate will destroy Biometric Data when the purpose for collection has been satisfied or upon Customer's request.
Contact Information
TrustGate Inc.
Website: https://bytrustgate.com
Dashboard: https://app.bytrustgate.com
Legal & Privacy: legal@bytrustgate.com
Support: support@bytrustgate.com
Security: security@bytrustgate.com
700 NE 25th St APT 1902
Miami, FL 33137
This document should be reviewed by qualified legal counsel before use. TrustGate does not provide legal advice.