These Terms and Conditions (“Terms and Conditions”) contain the main provisions of the Agreement between “aIDentix” ltd. and its corporate clients (“Partners”) (together “the Parties” and each one “a Party”).

“aIDentix” ltd. (“aIDentix” or “Provider”) is Bulgarian company registered in the Commercial Register at the Registry Agency under UIC 204788710, with mailing address: 5A Baku str, floor 6, 1700 Sofia, Bulgaria.

I.     Definitions

Except to the extent expressly provided otherwise, in the Agreement:

“aIDentix” or “Provider” means the party offering the Services, identified as such in the applicable Agreement, and acting as a Processor in this context

“Affiliate” means an entity that controls, is controlled by, or is under common control with the relevant entity, where “control” is understood as the ability to exercise decisive influence on an undertaking, in particular by ownership or the right to use all or part of the assets of an undertaking, or by rights or contracts which confer decisive influence on the composition, voting or decisions of the organs of an undertaking.

“Agreement” means a document, regardless of its title, that outlines the details of Services to be provided, the duration of the Agreement, payment terms, and the Charging Method, incorporating these Terms and Conditions and signed by both parties.

“Appendix” means any document attached to these Terms and Conditions or to the Agreement, forming an integral part of the Agreement.

“Application” means a mobile or web interface developed by aIDentix that can be installed on a User’s Device or accessed via a browser, enabling the User to access and use the services provided by aIDentix.

“Business Day” and “Business Hours” means any weekday other than a bank or public holiday in Bulgaria. Business Hours are from 09:00 to 17:00 EET (or EEST during summer) on a Business Day.

“Client” and “Corporate Client” means the client listed in the applicable Agreement, specifically referring to a business entity such as a corporation, limited liability company, partnership, or any other form of legally recognized business organization, acting as a Controller herein. The Corporate Client is a legal entity that enters into the Agreement with the Provider during its business operations or commercial activities.

“Client Data” means all data, works, and materials uploaded or stored on the Platform by the Client or its Customers; transmitted by the Platform at the Client’s direction; provided by the Client to the Provider for processing, uploading to, transmission by or storage on the Platform; or generated by the Platform as a result of the use of the Services by the Client.

“Client Personal Data” means any Personal Data that is processed by the Provider on behalf of the Client in relation to the Agreement.

“Charges” means the following amounts:

• • a) Amounts specified in the applicable Agreement for Services.
  • b) Amounts mutually agreed upon in writing by the parties charged from time to time.

“Charging Method” means the agreed payment method for Charges, specified in the applicable Agreement, which can be:

• • a) Pre-paid billing: The Client pays upfront for an agreed amount of Services usage.
  • b) Cyclic billing: The Client pays periodically for agreed usage of Services after a billing cycle; excess usage is paid per actual usage; unused commitment is neither rolled over, refunded, nor adjusted in the following month.

“Confidential Information” means the information disclosed by either party, in writing, orally or otherwise, marked as confidential or which should have been reasonably understood to be confidential by the party in receipt of such disclosure. This may include, but is not limited to, trade secrets, computer programs and code, scripts, algorithms, operational features and modes, inventions (whether or not patentable), techniques, processes, methodologies, schematics, testing procedures, software design and architecture, design and function specifications, analysis and performance data, documentation, product and service details, and information related to vendors, employees, consultants, customers, prospects, know-how, ideas, technical data, business strategies, pricing information, financial data, and marketing plans.

“Controller” has the meaning given to it under the GDPR.

“Customer” means end user, a natural person, who utilizes the services provided on the Platform to the Client. Customer may be an employee, customer, agent or otherwise for the Client, as well as a third party.

“Customization(s)” means a customization of the Services, whether made through the development, configuration or integration of software or otherwise.

“Data Protection Laws” means all applicable laws relating to the processing, privacy, and/or use of Personal Data including the Data Protection, Privacy, and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019, the Data Protection Act 2018, the GDPR, and the Privacy and Electronic Communications (EC Directive), Regulations 2003, including any laws that replace, extend, re-enact, consolidate, or amend any of the foregoing.

“Defect” refers to any error, flaw, or deficiency in the Services that causes them to fail to perform in accordance with the agreed specifications or standards, resulting in a material disruption or degradation of the intended functionality or performance of the services.

“Devices” means hardware products, or parts thereof, designed to connect to the interfaces of public electronic communications networks. These devices typically include mobile phones or other smart devices that meet the technical requirements for the normal installation and operation of the Application and the Platform.

“Documentation” means any and all API documentation detailing the functions, classes, return types, arguments or any other information provided to effectively use the Services.

“EEA” means the European Economic Area including the UK.

“Effective Date” means the date of execution of the applicable Agreement by the parties incorporating these Terms and Conditions.

“Electronic Identification,” “Digital Identification,” “Trust Services,” and all other terms used in these Terms and Conditions shall have the meanings set forth in the respective applicable regulations such as, but not limited to, Regulation (EU) No. 910/2014, unless otherwise expressly provided in the Terms and Conditions or the Agreement.

“Force Majeure Event” means any event beyond the reasonable control of a party (including a party’s Affiliates and/or subcontractors) including, but not limited to, the following: acts, events, omissions, or accidents beyond its reasonable control, including, without limitation, strikes, lock-outs, or other industrial disputes, failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation, or direction, accident, breakdown of plant or machinery, fire, flood, storm, epidemic or pandemic, or default of sub-contractors, to the extent that such event has materially affected the ability of the party relying on the Force Majeure Event to perform its obligations in accordance with the terms of the Agreement.

“GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679), including the version of the same transposed into the UK law pursuant to the European Union (Withdrawal) Act 2018.

“Intellectual Property Rights” refers to the legal rights granted to individuals or entities over their creations, inventions, and works, which include, but are not limited to, copyrights, trademarks, patents, trade secrets, design rights, services, software and other proprietary rights. These rights protect the use, reproduction, and distribution of intellectual property, and specifically cover software, algorithms, models, and machine learning (ML) models.

“Malicious Actions” means any deliberate actions or behaviours intended to cause harm, damage, or unauthorized access to systems, data, or services. This includes, but is not limited to, hacking, introducing malware, phishing, data breaches, and other forms of cyberattacks or fraudulent activities.

“Notice” means any notice, request, consent, approval, or other communication required or permitted under these Terms and Conditions and any applicable Agreement.

“Personal Data” has the meaning given to it under the GDPR.

“Platform” means the system managed by the Provider to deliver the Services, which includes the Application and database software, system and server software, and the computer hardware where these software components are installed.

“Processor” had the meaning give to it under the GDPR, the entity that processes Personal Data on behalf of the Controller.

“Product(s)” means any or all the Services specified in the Agreement, which may include onsite or offsite verification services, business checks, AML checks, and similar services.

“Services” means the Digital Identification, Business Verification, and Anti-Money Laundering (AML) checks of natural persons using a Passport, National ID card, or Driving License. These Services are provided under these Terms and Conditions and any applicable Agreement. The Services may be accessed via the internet or hosted on the Client’s own infrastructure.

“Support Services” means assistance related to using the Services and identifying and resolving errors, in accordance with the Provider’s support policy, but excluding training services.

“Supported Web Browser” means the browsers specified by the Provider for onsite or offsite verifications, which may include the current or latest versions of Mozilla Firefox, Google Chrome, Apple Safari, or any other web browser notified in writing to the Client.

“Term” means the duration of the Agreement as specified in the applicable Agreement.

“Termination for Cause” means the termination of the Agreement if either party (i) commits an act of dishonesty or breach of trust; (ii) engages in conduct in bad faith that is materially harmful to the other party, including misappropriation of Confidential Information, fraud, or embezzlement; or (iii) commits a material breach of the Agreement.

“Third Party Services” means any Products or Services ancillary to the Services, which may include Products or Services provided by the Provider’s sub-processors.

“Update” means a hotfix, patch or version update to any Platform software.

“Upgrade” means a major version upgrade of any Platform software.

II.     Services

1. 1. An order for Services must be placed using an Agreement. aIDentix will prepare Agreement to include a description of the type and details of the Service(s) being purchased, the applicable fees, the Charging Method, and any other relevant terms or conditions.
   2. An Agreement will only be considered effective and binding once it has been signed by both parties.
   3. In accordance with the terms of the Agreement, aIDentix grants the Client a limited, non-exclusive, non-transferable, non-sublicensable, revocable, and term-limited license to access the Services via a Supported Web Browser. This license solely is for the purpose of identity and document verification of the Client’s customers, as detailed in the Agreement, during the Term.
   4. The Client must implement reasonable security measures to prevent unauthorized access to the Services.
   5. The Client acknowledges that aIDentix is not responsible for any data communicated to or transmitted through the Services. The Client agrees to use the Services solely for authorized and lawful purposes, in compliance with all applicable laws, regulations, and any acceptable use policies that aIDentix may include in these Terms and Conditions from time to time.
   6. When, at the Client’s request, electronic identification and trust services are provided to the Client’s customers – such as its employees, suppliers, and others for their interactions with the Client, aIDentix will enter into separate agreements with these individuals. However, the services will be invoiced to and paid for by the Client in accordance with the provisions these Terms and Conditions.
   7. The Client acts as a relying party concerning the Services provided by aIDentix to its (client’s) Customers.

III.     Rights and obligations of the parties

aIDentix shall be responsible for the following:

1. 8. Fulfilling the terms outlined in the Agreement and providing services to the Client and its customers in good faith and in compliance with applicable laws.
   9. Informing the Client in advance about planned events or changes to its systems that could impact the performance of the Agreement.
   10. Promptly notifying the Client of any technical issues or other factors within its systems that could hinder or prevent the normal provision of aIDentix’s services to the Client and/or its customers, or otherwise affect the performance of the Agreement, as well as providing timelines for their resolution.
   11. Providing the Client with the necessary assistance, information, and documents needed to fulfil its legal obligations and/or protect its rights and legitimate interests in the event of a dispute with a Customer related to an agreement with the Client or the use of the Client’s services through the Application.

aIDentix shall have the following rights:

1. 12. To receive from the Client the necessary information and assistance required to fulfil its obligations under the Agreement.
   13. To be compensated for the services provided to the Client or its users in accordance with Section “Payments” of these Terms and Conditions.
   14. To implement preventive measures aimed at improving the functionality of the Services and/or related integrations, connections, launching new or improved versions for service consumption, etc., in accordance with the service level agreements (SLAs) and with prior notice.

The Client shall be required to:

1. 15. Fulfill all obligations stipulated in the Agreement and conduct activities in good faith, complying with the terms of the Agreement and any applicable laws.
   16. Provide aIDentix with the necessary assistance, information, and documents required for aIDentix to meet its legal obligations or to protect its rights and legal interests.

The Client shall have the following rights:

1. 17. To receive from aIDentix the necessary information and assistance needed to fulfil its obligations under these Terms and Conditions and relevant Agreement.
   18. To be promptly informed of any technical issues in aIDentix’s systems (related to the use of the Application and the Platform) or any factors that could impede or prevent the normal functioning of the Application and the Platform, along with the expected timelines for resolving such issues when they are within aIDentix’s control.

Additional Obligations and Restrictions

1. 19. The Client must not use the Services in any manner that could damage the Services or Platform, or impair their availability or accessibility. Specifically, the Client must not use the Services:
       
       1. For any unlawful, illegal, fraudulent, or harmful purposes; or
       2. In connection with any unlawful, illegal, fraudulent, or harmful activities.
   20. Except as explicitly permitted in the Agreement, the Client’s license to access and use the Services is subject to the following restrictions:
       
       • The Client must not sublicense its rights to access or use the Services.
       • The Client must not permit any unauthorized individuals to access or use the Services.
       • The Client must not republish or redistribute any content or material from the Services.
       • The Client must not alter or attempt to alter the Platform or the Application.

1. 21. The Provider cannot be held responsible for any data changes performed by Client’s employees, customers or other people with granted access to the Platform.
   22. The Client shall have no right to access any software code, including object code, intermediate code, or source code, either during or after the Term.

IV.     Payments

1. 23. The Client agrees to pay the Charges and fees specified in the Tariff according to the payment terms outlined. The Charges will be invoiced as detailed in the Agreement based on the agreed Charging Method, and the Client shall pay aIDentix within fourteen (14) days of receiving an invoice.
   24. The use of services under the Agreement will be reported to the Client and billed when a billing event occurs.
   25. The Tariff is subject to periodic updates, for which aIDentix will notify the Client at least one month before the changes take effect. During this period, the Client has the right to terminate the Agreement with two weeks’ written notice if the changes impact their operations and are unacceptable to them.
   26. Changes to the Tariff will not affect any agreed packages during their validity period.
   27. All prices listed in the Tariff and/or the Agreement are exclusive of VAT, withholding tax, import and export taxes, customs duties, excise duties, and any other similar taxes that may be applicable in connection with the provision of the Services under the Agreement, except for aIDentix’s profit tax in the country of its registration.
   28. A billing event occurs when a service request is received in aIDentix’s systems from the Client, regardless of the outcome of the service or the actions of the end user (e.g., identification completed, document delivered, identification denied, document withdrawn, deadline expired, etc.).
   29. The Client acknowledges that, in the case of pre-paid billing, any unused or unprocessed balance in the Client’s account at the end of each Term will automatically expire. The Client will (i) not be entitled to a refund or credit for the unused balance and (ii) will not be able to roll over any unused or unprocessed balance into any extended Term or any future agreement with aIDentix unless the Client pays twenty-five percent (25%) of the unused balance. This percentage will not be added to the rolled-over amount.
   30. If any invoice remains unpaid past its due date, access to the services may be suspended until all outstanding amounts have been settled.
   31. In the case of deferred payment or in case Agreement is terminated, Client must additionally pay for any services actually used from the period start date to the cancellation or termination date, if these services exceed the amounts paid to date. This payment must be made by the 15th of the month following the month in which the cancellation or termination occurred.
   32. In the case when Client fails to make any payment due to the Provider under these Terms and Conditions and/or relevant Agreement by the due date, the Provider reserves the right to charge interest on the overdue amount at the rate of 10% per annum, accruing daily from the due date until the date of actual payment, whether before or after judgment. The Client shall also be responsible for any costs incurred by the Provider in recovering the overdue amounts, including legal fees and collection agency charges.

V.     Terms and Termination

1. 33. Unless otherwise agreed in writing, these Terms and Conditions shall commence on the Effective Date of the Agreement and shall continue in effect for the period specified in the Agreement.
   34. Either party may terminate the Agreement for any reason or no reason at all by providing at least 30 days written notice to the other party.
   35. Either party may terminate the Agreement immediately by written notice to the other party if:
       
       1. The other party commits a material breach of any term of these Terms and Conditions or any applicable Agreement. A material breach shall include, but is not limited to, breaches of Sections “Rights and obligations of the parties”, “Confidentiality obligations”, “Data Protection” and, in the case of a breach capable of being remedied, fails to remedy the breach within fifteen (15) days of receiving written notice requiring it to do so.
       2. The other party becomes insolvent, enters bankruptcy, receivership, or any similar proceeding, or makes an assignment for the benefit of creditors.
   36. The Provider may terminate the Agreement immediately upon written notice if the Client fails to pay any amounts due under the Agreement within fifteen (15) days after such amounts are overdue.
   37. Upon termination or expiration of the Agreement for any reason:
       
       1. All licenses and rights granted to the Client under the Agreement shall immediately terminate.
       2. The Client shall immediately cease using the Provider’s services and return or destroy all Confidential Information of the Provider in its possession within ten (10) business days, unless otherwise instructed by the Provider in writing.
       3. The provisions of these Terms and Conditions and any applicable Agreement that by their nature are intended to survive termination, including but not limited to confidentiality, data protection, and limitation of liability, shall survive and remain in effect.

1. 38. Termination of the Agreement shall not prejudice any rights or remedies that either party may have under the Agreement or at law.
   39. Within 30 days following the termination of the Agreement, the parties shall settle any outstanding obligations, including the payment of any remaining fees, costs, or expenses due under the Agreement.
   40. The license to use the Provider Trademarks granted with the Agreement and/or Terms and Conditions shall automatically terminate upon the expiration or termination of the Agreement. Upon termination of the license, the Client shall immediately cease all use of the Provider Trademarks.

VI.     Confidentiality obligations

1. 41. The parties acknowledge that, during the negotiation and performance of the Services, each party may have access to or be exposed to the other party’s private or Confidential Information. Both parties agree to:
       
       1. Keep the other party’s Confidential Information strictly confidential, using the same level of care to protect it as they would for their own Confidential Information of a similar nature.
       2. Not disclose the other party’s Confidential Information to any person without prior written consent from the other party, and even then, only under confidentiality conditions approved in writing by the party whose Confidential Information is being disclosed.
       3. Act in good faith always with regard to the other party’s Confidential Information; and
       4. Not use any of the other party’s Confidential Information for any purpose other than for which it was disclosed to the receiving party.

1. 42. A party’s Confidential Information may be disclosed by the receiving party to its officers, employees, professional advisers, insurers, agents, and subcontractors who need access to the Confidential Information to perform their duties related to the Agreement. These individuals must be bound by a written agreement or a non-disclosure agreement to protect the confidentiality of the disclosed information.
   43. The provisions of this Section “Confidentiality obligations” will remain in effect indefinitely, even after the termination of the Agreement.
   44. Confidential Information does not include information that:
       
       1. Was already in the public domain before its disclosure or later enters the public domain through no fault of the Recipient,
       2. Was known to the Recipient before the effective date of these Terms and Conditions or any applicable Agreement without any obligation to keep it confidential,
       3. Is lawfully obtained by the Recipient from a third party who has no obligation to keep it confidential,
       4. Is independently developed by the Recipient without violating any applicable laws or provisions herein, or
       5. Is generally known to the public.

VII.     Data protection

1. 45. Each party shall adhere to all applicable Data Protection Laws concerning the processing of Personal Data under these Terms and Conditions.
   46. The Provider shall process Client Data only according to the documented instructions provided by the Client as outlined in the Agreement or any other written document mutually agreed upon by the parties, however the Provider may use Client Data to improve its services or enhance its processing algorithms, provided that such use is in compliance with Data Protection Laws and does not compromise the confidentiality or security of the Client Data.
   47. The Client guarantees that it has the legal authority to disclose all Personal Data to the Provider under or in connection with these Terms and Conditions and any applicable Agreement. The Client shall only provide, and the Provider shall only process, the Personal Data of data subjects that fall within the categories and types specified in the Agreement.
   48. The Provider shall process Client Data solely during the Term of the Agreement and shall delete or return all Client Data to the Client within thirty (30) days following the end of the Term, except where applicable law requires retention of such data for compliance with legal or regulatory obligations.
   49. The Provider shall ensure that any individuals authorized to process Personal Data have committed to confidentiality or are legally bound by an appropriate statutory confidentiality obligation.
   50. Both the Provider and the Client shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk associated with the Client Data.
   51. The Client authorizes the Provider, as of the Effective Date, to engage third-party processors for the processing of Client Data. The Provider shall inform the Client at least fourteen (14) days prior to any planned changes involving the addition or replacement of any third-party processor. If the Client objects to such changes before their implementation, the Client may terminate the Agreement with seven (7) days’ written notice to the Provider, provided that such notice is given within seven (7) days following the date of the Provider’s notification. The Provider shall ensure that each third-party processor is subject to equivalent legal obligations as those imposed on the Provider.
   52. The Provider shall assist the Client in ensuring compliance with obligations related to the security of Personal Data processing, notification of Personal Data breaches to the supervisory authority, communication of Personal Data breaches to data subjects, data protection impact assessments, prior consultation concerning high-risk processing, and fulfilment of the Client’s obligation to respond to data subject rights requests under Data Protection Laws.
   53. At the Client’s discretion, the Provider shall either delete or return all the Client’s Personal Data to the Client and delete existing copies, except to the extent that applicable law requires retention of the said Personal Data. The Client may also delete any such data at any time via the Platform.
   54. If changes or anticipated changes to Data Protection Laws result in either party becoming non-compliant with such laws in relation to the processing of Personal Data under these Terms and Conditions, the parties shall promptly cooperate to amend the Agreement to ensure compliance.

VIII.     Warranties

1. 55. Each party represents and warrants to the other party that, to the best of its knowledge and belief:
       
       1. The signatory signing these Terms and Conditions and any Agreement on its behalf has the legal authority to do so.
       2. These Terms and Conditions and any Agreement does not and will not conflict with any other agreement or legal obligation entered by it.
       3. The signatory signing these Terms and Conditions and any Agreement has all necessary rights, permissions, and licenses to perform its obligations under these Terms and Conditions and any applicable Agreement.

1. 56. Except for the warranties explicitly provided above, and to the fullest extent permitted by applicable law, the Provider disclaims all other representations and warranties, express or implied, including but not limited to implied warranties of satisfactory quality, fitness for a particular purpose, and reasonable care and skill. Some jurisdictions do not allow the exclusion of certain warranties, so the above exclusions may not apply to all Clients. The Provider does not warrant, guarantee, or make any representations regarding the use, results, or benefits of the Services provided under these Terms and Conditions and any applicable Agreement, except as expressly stated herein. No personnel of the Provider are authorized to expand, modify, or add to the warranties and representations set forth in these Terms and Conditions. In the event of a breach of the warranties provided in these Terms and Conditions (except for any fraudulent misrepresentation), the sole and exclusive remedy shall be for the breaching party to use commercially reasonable efforts to promptly correct such breach.
   57. The Provider warrants to the Client that:
       
       1. The Provider will comply with all applicable legal and regulatory requirements related to the exercise of its rights and the fulfilment of its obligations under these Terms and Conditions.
       2. The Platform will include security features consistent with good industry practices.
       3. The Services, when used by the Client in accordance with these Terms and Conditions, will not violate any applicable laws or infringe upon the Intellectual Property Rights of any third party.

1. 58. The Client acknowledges that:
       
       1. The use of the Services is at the Client’s sole risk, and the Provider does not guarantee that the Services will meet all Client requirements or that the services will be uninterrupted or error-free.
       2. The Services and any related content are provided “as is” and “as available,” with all faults and without warranty of any kind, and the Provider expressly disclaims all warranties and conditions, whether express, implied, or statutory, including but not limited to warranties of satisfactory quality, fitness for a particular purpose, accuracy, quiet enjoyment, and non-infringement of third-party rights. No oral or written information or advice given by the Provider shall create any warranty.
       3. The Client acknowledges that complex software is never completely free from defects or vulnerabilities, and the Provider does not warrant that the Services will be entirely secure or free from defects, errors, or bugs. However, the Provider commits to using commercially reasonable efforts to identify and address such defects in a timely manner.
       4. The Services are designed to be compatible only with specified software and systems, and the Provider does not warrant compatibility with any other software or systems.
       5. The Provider may not guarantee 100% accuracy in results or adherence to specific time frames, as these may vary due to factors like heavy website traffic or document clarity.
       6. The payment of Charges is not dependent on the use or non-use of the Services, and all Charges, once committed, are non-refundable, non-cancellable, and irrevocable, except as otherwise provided in the applicable Agreement.
       7. It has had the opportunity to seek independent legal advice and fully understands the terms and conditions, which it is signing freely and voluntarily.

1. 59. The Client warrants that it will obtain all necessary consents from its Customers or end-users before providing their Personal Data to the Provider for processing, in compliance with applicable Data Protection Laws. The Client shall maintain and enforce a privacy policy consistent with these laws.
   60. All warranties and representations related to the subject matter of these Terms and Conditions are expressly set out in these Terms and Conditions or in an Agreement.
   61. The Client shall indemnify and hold the Provider harmless against any and all liabilities, damages, losses, costs, and expenses (including legal fees and amounts reasonably paid in settlement) that the Provider incurs as a direct or indirect result of any breach by the Client. The Client agrees to:
       
       1. provide reasonable assistance to the Provider upon request, where “reasonable assistance” includes, but is not limited to, providing relevant information, documentation, and access to personnel necessary for the defence or resolution of the claim;
       2. grant the Provider exclusive control over all disputes, proceedings, negotiations, and settlements with third parties when requested; and
       3. refrain from admitting liability or settling any third-party disputes or proceedings without the Provider’s prior written consent.

IX.     Liability limitations

1. 62. In connection with these Terms and Condition, Agreements and use of the Services, the Provider shall not be liable for:
       
       1. any loss of profits, business, anticipated savings, business opportunity, depletion of goodwill, loss or corruption of data or information, or similar losses (whether direct or indirect); or
       2. any special, direct or indirect, or consequential loss, costs, damages, charges, or expenses.
   63. The Provider’s total aggregate liability (for any event or series of related events) in contract (including under any indemnity), tort (including negligence or breach of statutory duty), misrepresentation, restitution, or otherwise in connection with these Terms and Conditions shall not exceed the lesser of:
       
       1. 2,500 euro; or
       2. the total amount paid or payable by the Client to the Provider under the Agreement in the 3-month period preceding the commencement of the event or events.
   64. The Client shall not be liable to the Provider for any losses arising from a Force Majeure Event, loss of profits, income, revenue, or business opportunities, or for any special, indirect, or consequential losses or damages, provided that the Client uses all reasonable efforts to mitigate such losses.

X.     Force Majeure

1. 65. The affected party shall not be liable for any failure or delay in performing its obligations under these Terms and Conditions to the extent that such failure or delay is due to a Force Majeure Event, provided that the affected party:
       
       1. promptly notifies the other party in writing of the occurrence of the Force Majeure event and its expected duration, and in any case no later than five (5) business days after the occurrence of the Force Majeure event.
       2. takes all reasonable steps to mitigate the effects of the Force Majeure event.
       3. resumes performance of its obligations as soon as reasonably possible after the cessation of the Force Majeure event.

1. 66. If the Force Majeure event continues for a period exceeding thirty (30) days, either party may terminate these Terms and Conditions and any or all Agreements upon written notice to the other party, without liability for any damages or penalties arising from such termination.
   67. No Force Majeure Event shall relieve the Client of its obligation to pay the Charges agreed herein, provided that the Services remain available and accessible in some form to the Client.

XI.     SLA

1. 68. This Service Level Agreement (SLA) outlines the expected level of service, performance metrics, support response times, and responsibilities of the Provider and the Client regarding the Services provided under these Terms and Conditions.
   69. This SLA applies to the services provided by the Provider as described in these Terms and Conditions and any associated Agreement. This SLA does not cover performance issues caused by factors beyond the Provider’s reasonable control, including but not limited to Force Majeure events, Client’s acts or omissions, Internet outages, or any other event as outlined in the Agreement.
   70. The Provider guarantees that the Services will be available 98% of the time, averaged over a last 12-month period, excluding scheduled maintenance.
   71. The Provider reserves the right to conduct scheduled maintenance that may affect the availability of the Services. The Provider will notify the Client at least forty eight (48) hours in advance of any scheduled maintenance. Scheduled maintenance will typically occur outside of peak usage hours.
   72. In the event of an emergency that requires immediate action to protect the integrity or security of the Services, the Provider may perform maintenance without prior notice. The Provider will endeavour to inform the Client as soon as possible and minimize any disruption.
   73. Provider shall provide technical support of the services in Bulgarian and English during Business Days and Business Hours.
   74. The Provider will respond to support requests based on the severity of the issue, according to the following response and resolution times:

1. 75. If the Provider fails to meet the Service Availability or Response Time commitments outlined in this SLA, the Client may be eligible for Service Credits.
   76. Service Credits will be calculated as a percentage of the monthly service fee based on the amount of downtime or delayed response time beyond the SLA commitment. For every full hour of downtime beyond the availability specified in Clause 70 or failure to meet response times, the Client will be eligible for a Service Credit of 0.1% of the monthly fee, up to a maximum of 15%.
   77. To receive Service Credits, the Client must submit a request in writing within fifteen (15) days of the downtime or incident. The Provider will review the claim and respond within thirty (30) days.
   78. Service Credits will not be provided for issues caused by factors outside of the Provider’s control, including Force Majeure Events, actions by the Client, its Customers and end clients, or third-party services.
   79. The Provider is not responsible for the performance or reliability of third-party services integrated with the Provider’s platform. Any service levels applicable to third-party services are governed by the agreements between the Client and those third-party providers.
   80. Service disruptions caused by Force Majeure Events, as defined in these Terms and Conditions, are excluded from the Service Availability calculations and the Provider’s SLA obligations.
   81. The Client must ensure that all technical requirements and responsibilities outlined in these Terms and Conditions and in any relevant Agreement are met to support the proper operation of the Services. Failure to meet these responsibilities may impact the performance of the Services and will not be considered a breach of the SLA by the Provider.
   82. Downtime caused directly or indirectly by any of the following shall not be considered when calculating whether the Provider has met the uptime guarantee given in Clause 70:
       
       1.  a Force Majeure Event;
       2.  a fault or failure of the Provider’s hosting infrastructure;
       3.  a fault or failure of the Client’s computer systems or networks;
       4.  any breach by the Client of the Agreement; or
       5.  scheduled maintenance carried out in accordance with the Agreement.

XII.     Intellectual Property

1. 83. All intellectual property rights provided under these Terms and Conditions (“Provider IP”) are and shall remain the sole and exclusive property of the Provider. The Client acknowledges that it does not acquire any rights, title, or interest in the Provider IP except as expressly granted under these Terms and Conditions.
   84. Subject to the terms and conditions of these Terms and Conditions, the Provider hereby grants the Client a limited, non-exclusive, non-transferable, revocable license to use the Provider IP solely for the purposes of accessing and using the services as specified in these Terms and Conditions. The Client shall not use the Provider IP for any purpose other than as expressly permitted by these Terms and Conditions or any applicable Agreement.
   85. The Client shall not, and shall not permit any third party to:
       
       1. copy, modify, adapt, translate, reverse engineer, decompile, disassemble, or create derivative works based on the Provider IP;
       2. sell, lease, sublicense, distribute, or otherwise transfer any rights in the Provider IP to any third party;
       3. remove, alter, or obscure any proprietary notices or labels on or within the Provider IP; or
       4. use the Provider IP in any manner that infringes, misappropriates, or violates the intellectual property rights of the Provider or any third party.

1. 86. If the Client provides any suggestions, ideas, enhancement requests, recommendations, or other feedback regarding the Provider IP (“Feedback”), the Provider shall be free to use, disclose, reproduce, license, and otherwise distribute and exploit the Feedback without any obligation or restriction. The Client hereby assigns all rights, title, and interest in and to the Feedback to the Provider.

XIII.     Trademark

1. 87. The Provider retains all rights, title, and interest in and to its trademarks, trade names, service marks, logos, and any other branding elements (“Provider Trademarks”). The Client acknowledges that it does not acquire any rights, title, or interest in the Provider Trademarks under the Agreement.
   88. Subject these Terms and Conditions and any applicable Agreement, the Provider grants the Client a limited, non-exclusive, non-transferable, revocable license to use the Provider Trademarks solely in connection with the use of the services provided under the Agreement and solely in accordance with the Provider’s trademark usage guidelines, as may be provided and updated by the Provider from time to time.
   89. The Client shall not, and shall not permit any third party to:
       
       1. use the Provider Trademarks in any manner that is likely to cause confusion, mistake, or deception as to the affiliation, connection, or association of the Client with the Provider;
       2. use the Provider Trademarks in any manner that disparages or discredits the Provider or the Provider’s services;
       3. alter, modify, or create derivative works of the Provider Trademarks; or
       4. register, attempt to register, or assist any third party in registering any trademark, trade name, service mark, logo, or domain name that is confusingly similar to the Provider Trademarks.

1. 90. The Client agrees to promptly notify the Provider of any actual or suspected infringement or unauthorized use of the Provider Trademarks by any third party of which the Client becomes aware. The Provider shall have the sole right to determine whether to act against any such infringement, and the Client shall cooperate fully with the Provider in any enforcement or protection of the Provider Trademarks.

XIV.     Notices

1. 91. Any Notice shall be in writing and shall be delivered by one of the following methods:
       
       1. personal delivery.
       2. courier service.
       3. electronic mail (email)
   92. Notices shall be sent to the respective parties at the addresses specified in these Terms and Conditions, any applicable Agreement or to such other address as a party may designate by Notice to the other party.
   93. Notices to the Provider shall be sent to either of following addresses:
       
       1. for Personal delivery and Courier services to: 5A Baku str., floor 6, 1700 Sofia, Bulgaria
       2. for email to sales@aidentix.com
   94. Notices shall be deemed to have been duly given and received as follows:
       
       1. if delivered personally or by courier, on the date of delivery.
       2. if sent by email, on the date of transmission, provided that no delivery failure notice is received by the sender.
   95. Each party shall promptly notify the other party of any change in its address or contact information for the purposes of receiving Notices under these Terms and Conditions. Until such Notice of change is provided, Notices shall be sent to the last known address or contact information.
   96. All Notices under these Terms and Conditions shall be in Bulgarian or English language, or another language mutually agreed upon by the parties in writing.

XV.     Subcontracting

1. 97. Neither party shall have the right to subcontract, delegate, or assign any of its obligations or duties under these Terms and Conditions to any third party without the prior written consent of the other party. Any attempt to subcontract, delegate, or assign without such consent shall be void and of no effect.
   98. If either party is granted consent to subcontract any of its obligations under these Terms and Conditions, that party shall remain fully responsible for the performance of those obligations as if they were performed by the party itself. The subcontracting party shall also ensure that any approved Subcontractor complies with all applicable terms and conditions of these Terms and Conditions and any Agreement.

XVI.     Severability

1. 99. If any provision of these Terms and Conditions or in any applicable Agreement is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction or any other legal authority, such provision shall be deemed to be severed from the Terms and Conditions and shall not affect the validity, legality, or enforceability of the remaining provisions. The parties agree to negotiate in good faith to replace any invalid, illegal, or unenforceable provision with a valid provision that most closely approximates the intent and economic effect of the invalid, illegal, or unenforceable provision.

XVII.     Applicable Law and Jurisdiction

1. 100. These Terms and Conditions and any Agreement shall be governed by and construed in accordance with the laws of Bulgaria, without regard to its conflict of law principles. The parties agree that any disputes arising out of or in connection with these Terms and Conditions and any Agreement shall be subject to the exclusive jurisdiction of the courts located in Bulgaria. Each party irrevocably submits to the personal jurisdiction of such courts and waives any objection to the venue or jurisdiction of such courts, including any claim that such venue is an inconvenient forum.

XVIII.     General Provisions

1. 101. These Terms and Conditions are subject to review and may be updated or revised by the Provider from time to time. Any updates will be communicated to the Client at least fifteen (15) days before taking effect.

Exhibit A – Scope of Services

I.     Services Overview

1. The Provider agrees to deliver one or more the following services (collectively referred to as the “Services”) to the Client in accordance with the terms and conditions set forth in the Agreement and the incorporated Terms and Conditions:
   
   1. Document Verification Services involve the examination and authentication of various identification documents provided by customers during the verification process. This service leverages advanced technology to verify the authenticity of documents such as passports, national IDs and driving licenses. The platform checks for security features, validates data against official sources (when possible), and ensures that the documents are not fraudulent or tampered with. Some key features may include:
      • Multi-layered verification including OCR (Optical Character Recognition) and data extraction.
      • Support for a wide range of document types and formats from various countries.
      • Integration with Liveness and KYC services for a comprehensive identity verification solution.
   2. Liveness Verification Services ensure that the individual undergoing verification is a real, live person and not a static image or pre-recorded video. This service uses advanced biometric algorithms to detect facial movements, eye blinks, or other subtle human responses in real-time. It helps prevent fraud by confirming that the person is physically present during the identity verification process, thus enhancing the security and reliability of digital onboarding and authentication processes. Some key feature may include
      • Real-time facial movement detection.
      • Prevention of spoofing attacks using photos, videos, or masks.
      • Seamless integration with existing biometric verification systems.
      • Available for use on web, mobile, and desktop platforms.
   3. Know Your Customer (KYC) Questionnaire is an essential component of the KYC Services, designed to gather detailed information about a customer’s identity, financial background, and business activities. This information is crucial for assessing the risk associated with each customer and ensuring compliance with regulatory requirements. The KYC Questionnaire is typically completed during the customer onboarding process and may be updated periodically as part of ongoing due diligence. Some key feature may include:
      • Ability to maintain multiple KYC Questionnaires
      • Ability to create different types of questions to collect relevant information
      • Ability to perform reporting and extracting data from the Platform
   4. Database Check Services are a critical component of Anti-Money Laundering (AML) and Know Your Customer (KYC) compliance processes. These services involve scanning and cross-referencing customer information against a variety of databases to detect potential risks such as money laundering, terrorism financing, association with Politically Exposed Persons (PEPs), or involvement in adverse media content. Some key features may include:
      • Anti-Money Laundering (AML) Screening
      • Politically Exposed Persons (PEPs) identification
      • Adverse Media Screening

II.     Delivery Method

1. 2. The Services shall be delivered as follows:
      
      1. Online Platform: The Services shall be accessible via the Provider’s secure online platform, where the Client can perform/use the Services.
      2. REST API Integration: The Client may integrate the Provider’s API into their own infrastructure to directly access the Services. The integration shall be conducted in accordance with the technical documentation provided by the Provider.
      3. Web SDK: The Client may integrate using Web SDK to allow use of the Services in web or mobile application (in-app web view).
      4. Mobile SDK: The Client May integrate using Mobile SDK to allow use of the Services in existing Client’s mobile application.

III.     Client Responsibilities

1. 3. To enable the Provider to deliver the Services effectively and securely, the Client shall:
      
      1. Provide Accurate Data: Ensure that all data provided for verification purposes is accurate, complete, and up-to-date.
      2. Maintain API Security: Implement appropriate security measures to protect the API integration and prevent unauthorized access to the Services.
      3. Cooperate with the Provider: Cooperate with the Provider’s support team to resolve any issues that may arise during the delivery of the Services.
      4. Restrict administrator access: Grant administrator and non-administrator access to limited number of people (preferably own employees), to avoid data leaks or other security issues.

IV.     Additional Services

1. 4. The Client may request additional services or customizations not listed in this Scope of Services. Such services will be subject to additional fees and shall be outlined in a separate addendum to this Exhibit A, signed by both parties.