Verifyo

Terms & Conditions

Please read these terms carefully before using our services.

Effective Date: July 25, 2025 (or the date you accept these Terms)

PLEASE READ THESE TERMS CAREFULLY. By accessing or using the Services (as defined below), you agree to be bound by this Agreement. If you do not agree, you must not use the Services.

1. Introduction

These Terms & Conditions (this "Agreement") set forth the terms under which HIPS Payment Group Ltd, an Irish company with company number 639131 and registered office at 77 Sir John Rogerson's Quay, Block C, Grand Canal Docklands, Dublin 2, D02 VK60, Ireland ("Verifyo", "we", "us", or "our"), provides access to its compliance and identity verification technology.

This Agreement constitutes a binding contract between Verifyo and (i) natural persons who complete a Know Your Customer ("KYC") verification through Verifyo and obtain a reusable zero‑knowledge credential ("zk‑KYC") for use across supported platforms ("Individual Users"), and (ii) legal entities that integrate Verifyo's application programming interfaces (APIs), dashboards or related tools to conduct compliance checks on their own users, clients or transactions ("Business Customers"). Individual Users and Business Customers are referred to collectively as "Customers" or "Users."

By creating an account, connecting a wallet, obtaining API keys, or otherwise accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by this Agreement. This Agreement takes effect on the date you first accept it or first use the Services, whichever occurs earlier (the "Effective Date").

Verifyo may update these Terms from time to time in accordance with Section 14.2. If you continue to use the Services after changes take effect, you will be deemed to have accepted the updated Terms.

2. Definitions

For purposes of this Agreement:

  • "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a party, where "control" means ownership of more than fifty percent (50%) of the voting interests.

  • "API" means Verifyo's application programming interface(s), SDKs and related developer materials enabling programmatic access to the Services.

  • "Applicable Laws" means all laws, statutes, regulations, directives, rules and binding requirements that apply to a party or to activities under this Agreement, including the EU General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Irish Data Protection Act 2018, the EU Anti‑Money Laundering Directives (including AMLD5/6) and any implementing legislation, the Markets in Crypto‑Assets Regulation ("MiCA"), the Financial Action Task Force (FATF) recommendations, consumer protection laws, and EU sanctions and export control laws.

  • "Authorised User" means any employee, contractor or agent of a Business Customer whom the Business Customer authorises to access or use the Services on its behalf.

  • "Business Customer" means any legal entity that contracts with Verifyo to use the Services for compliance purposes in relation to its own customers, users, counterparties, or transactions.

  • "Confidential Information" means any non‑public information disclosed by a party ("Discloser") to the other party ("Recipient") that is identified as confidential or should reasonably be understood to be confidential given the nature of the information and circumstances of disclosure, including business plans, pricing, technology, security information, Customer Data and non‑public aspects of the Services. Confidential Information excludes information that (i) is or becomes public without breach of this Agreement, (ii) was lawfully known to the Recipient without confidentiality obligations, (iii) is independently developed by the Recipient without use of the Discloser's information, or (iv) is rightfully obtained from a third party without confidentiality obligations.

  • "Customer Data" means any data, content or information provided to Verifyo by or on behalf of a Customer (including identity documents, photographs, wallet addresses, transaction metadata and other personal data), as well as results generated from processing such data. Customer Data does not include Verifyo's proprietary algorithms, models, analytics or de‑identified/aggregated data derived from service usage.

  • "End User" means a natural person whose information is submitted by a Business Customer to the Services for verification, screening or compliance purposes.

  • "Fees" means, for Individual Users: no monetary fees; for Business Customers: the requirement to hold and maintain the required tier of Merchant Tokens (MTO) as described in Section 5 (the "Token Requirement").

  • "Individual User" means a natural person who uses the Services to complete KYC verification and obtain a zk‑KYC credential.

  • "MTO Tokens" or "MTO" means the Merchant Token used as a proof-of-stake access condition for Business Customers. The Token Requirement is satisfied solely by the Business Customer holding the required balance of MTO in a self-custodied, non-custodial wallet address registered with Verifyo. Verifyo does not hold, control, transfer, or have access to any MTO Tokens at any time. Verifyo's role is limited to verifying, through blockchain-based or cryptographic means, that the Customer's registered wallet maintains the minimum balance required for the applicable access tier.

  • "Order Form" means any ordering document, online sign‑up, or digital subscription flow referencing these Terms and specifying Services, access tiers, and Token Requirements.

  • "Services" means the products and services made available by Verifyo under this Agreement, including: (a) decentralised reusable KYC for Individual Users; (b) zero‑knowledge proof based attestations; (c) APIs and dashboards enabling KYC/AML/Travel Rule/MiCA checks; and (d) related support, integration and reporting tools.

  • "zk‑KYC" means a reusable, privacy‑preserving credential indicating that an Individual User has successfully completed identity verification, conveyed via zero‑knowledge proofs without disclosure of underlying personal data to relying parties.

3. Provision of Services

3.1 Service Availability and Changes. Verifyo will provide the Services using reasonable skill and care consistent with industry standards. The Services are provided via secure online platforms, APIs and dashboards. From time to time Verifyo may update, improve or modify features to enhance security, performance or legal compliance; such changes will not materially diminish the core functionality purchased by the Customer.

3.2 Services for Individual Users. Individual Users may complete a one‑time identity verification and receive a zk‑KYC credential. This credential can be presented to supported third‑party platforms (e.g., exchanges, payment processors, wallets, casinos, or financial service providers) that choose to accept zk‑KYC. Verifyo does not guarantee that any particular third party will accept zk‑KYC at any time.

3.3 Services for Business Customers. Business Customers may query Verifyo's APIs and dashboards to validate whether an Individual User or End User holds a valid zk‑KYC credential or satisfies specified compliance checks. Verifyo provides technical outputs (for example, "verified / not verified," risk flags or attestations). Business Customers remain solely responsible for all regulatory decisions, onboarding, monitoring and reporting obligations.

3.4 No Financial Services or Custody. Verifyo does not hold or transmit fiat or digital assets, act as custodian, or provide legal, tax, accounting or investment advice. Outputs from the Services are informational and must not be treated as legal advice.

3.5 Maintenance and Support. Verifyo may perform routine or emergency maintenance. Where practicable, advance notice will be provided. Temporary unavailability during maintenance or due to force majeure does not constitute a breach. Verifyo will provide reasonable technical support to Business Customers via documented channels.

3.6 Beta Features. Verifyo may label certain features as beta, preview, or experimental. Such features are provided "as is," may be suspended at any time, and are excluded from any uptime or performance commitments.

4. Licence and Restrictions

4.1 Licence Grant. Subject to this Agreement: (a) Verifyo grants Individual Users a personal, non‑exclusive, non‑transferable licence to use their zk‑KYC credential for lawful purposes; and (b) Verifyo grants Business Customers a limited, non‑exclusive, non‑transferable licence to access and use the APIs, dashboards and outputs internally for compliance purposes during the term and within agreed usage limits.

4.2 Use Restrictions. Customers shall not, and shall not permit any third party to: (i) license, sublicense, sell, resell, rent, lease, assign, distribute or otherwise make the Services available to an unauthorised third party; (ii) copy, modify, translate, reverse engineer, decompile, disassemble or otherwise attempt to derive source code, underlying ideas or algorithms from the Services; (iii) use the Services in violation of Applicable Laws, including for identity theft, fraud, sanctions evasion or onboarding prohibited persons; (iv) submit data that is irrelevant to compliance or that the Customer has no lawful basis to process; (v) interfere with or disrupt the integrity or performance of the Services, including attempting to circumvent security or usage limits; (vi) use the Services to develop or enhance a competing product or for unauthorised benchmarking; or (vii) remove or obscure any proprietary notices on the Services or outputs.

4.3 Enforcement; Suspension. Verifyo may suspend or restrict access immediately if it reasonably believes a Customer's use is unlawful, harmful, or in breach of this Agreement. Verifyo will notify the Customer and work in good faith to resolve the issue. Repeated or serious violations may result in termination under Section 12.

5. Fees and Token Requirements

5.1 Individuals. Access for Individual Users is provided without monetary Fees.

5.2 Businesses -- Business Customers must hold and maintain the required minimum balance of MTO Tokens in their own non-custodial wallet, registered with Verifyo, as a condition for accessing the Services. Tokens remain entirely under the Customer's control. Verifyo has no custody of, or access to, the tokens and does not transfer, debit, or freeze them. Verifyo's role is limited to verifying, via blockchain-based methods, whether the Customer's designated wallet meets the Token Requirement.

5.3 Tiers. Verifyo may establish different access tiers (for example, a free tier of up to thirty (30) queries per month, and higher tiers requiring larger token balances). A Business Customer's tier is continuously determined based on the balance verifiably held in its registered non-custodial wallet. If the wallet balance falls below the required threshold, the Customer's access will automatically be limited to the lower tier without further action by Verifyo.

5.4 Proof of Holdings. Verification of compliance with the Token Requirement is performed solely by blockchain query, cryptographic proof, or similar non-custodial verification methods. Verifyo never requires Customers to transfer tokens to Verifyo or to any third-party custodian. At no time will Verifyo request, require, or accept control over the Customer's tokens or wallet private keys.

5.5 Taxes. Customers are responsible for all taxes, levies or duties arising from their use of the Services (excluding taxes on Verifyo's income). Where VAT applies, it will be added as required by law.

5.6 No Repurchase or Refund. MTO Tokens are market-traded assets. Verifyo does not at any time hold, receive, repurchase, refund, or manage tokens for Customers. Because Verifyo never has custody of tokens, it cannot provide refunds, repurchases, or compensation related to their acquisition, holding, or disposal. Customers are solely responsible for acquiring, managing, and securing their MTO Tokens in accordance with their own risk appetite.

5.7 Changes to Tiers. Verifyo may revise the minimum token balance thresholds associated with each access tier at any time, with their sole discretion. Verifyo will with its best effort, notify such change at an appropriated such announcements will be made available in the business portal. It is the clients responsibility to keep themselves updated to upcoming changes.

6. Customer Obligations

6.1 Compliance with Laws. All Customers must use the Services in compliance with Applicable Laws, including AML/CFT requirements, GDPR and national data protection laws, MiCA and EU sanctions.

6.2 Individual Users. Individual Users must (a) provide true, accurate and current information; (b) safeguard their wallet credentials, passkeys and zk‑KYC artefacts; (c) not share credentials unlawfully or impersonate others; and (d) promptly update information that becomes inaccurate. Business Customers are solely responsible for custody and security of their designated wallet used to meet the Token Requirement. Verifyo has no access to Customer wallets, private keys, or tokens and accepts no responsibility for their safekeeping.

6.3 Business Customers. Business Customers must (a) ensure a lawful basis (e.g., consent or legitimate interests) to submit End User data; (b) configure risk thresholds and decisioning rules appropriate to their business and regulatory obligations; (c) not rely solely on Verifyo outputs as a substitute for their compliance programme; (d) maintain required records and audit trails; (e) keep API keys secure and restrict access to Authorised Users; and (f) notify Verifyo promptly of suspected unauthorised use.

6.4 Cooperation. Customers shall cooperate reasonably with Verifyo to facilitate the provision of the Services, including responding to reasonable requests for information required to troubleshoot or improve verification accuracy.

6.5 Audit and Records. Verifyo may provide logs or data demonstrating checks performed. Business Customers remain responsible for retaining records necessary to satisfy their regulatory obligations.

7. Data Protection and Privacy

7.1 Roles. For data protection purposes, Verifyo acts as: (a) controller in relation to Individual Users whose data Verifyo collects directly; and (b) processor in relation to End User data processed on behalf of Business Customers.

7.2 GDPR Compliance; DPA. Each party shall comply with GDPR and the Irish Data Protection Act 2018. Where Verifyo acts as processor, the parties shall enter into a Data Processing Addendum ("DPA") incorporating the Controller's instructions, security measures and, where relevant, the EU Standard Contractual Clauses. The DPA forms part of this Agreement when executed.

7.3 Security Measures. Verifyo shall implement appropriate technical and organisational measures to protect Customer Data against unauthorised or unlawful processing and accidental loss, destruction or damage, including encryption in transit and at rest, access controls, least‑privilege principles, monitoring, vulnerability management and regular security assessments.

7.4 Zero‑Knowledge Proofs. Verifyo's zk‑KYC architecture minimises the sharing of raw personal data. Where feasible, relying parties receive only attestations (e.g., "verified") without the underlying documents. Raw data may be processed by Verifyo or its vetted sub‑processors solely to produce such attestations and to meet legal obligations.

7.5 International Transfers. Where Customer Data is transferred outside the European Economic Area, Verifyo shall ensure appropriate safeguards (e.g., Standard Contractual Clauses or an adequacy decision).

7.6 Sub‑processors. Verifyo may engage sub‑processors to support the Services. Verifyo shall enter into written agreements imposing data protection obligations no less protective than those set out in this Agreement and any DPA. A list of current sub‑processors may be provided upon request, and Verifyo will notify the Customer of material changes as required by the DPA.

7.7 Breach Notification. Upon becoming aware of a personal data breach affecting Customer Data, Verifyo will notify the relevant Customer without undue delay and provide information necessary to meet the Customer's breach notification obligations.

7.8 Retention and Deletion. Verifyo will retain Customer Data only for as long as necessary to provide the Services, comply with legal obligations, resolve disputes and enforce agreements. Upon termination or at the Controller's documented request, Verifyo will delete or return personal data, unless retention is required by law or backup limitations, in which case data will be securely isolated and deleted in the ordinary course.

7.9 Data Subject Rights. Verifyo will, where applicable, forward data subject requests (access, rectification, erasure, restriction, portability, objection) to the appropriate Controller and will provide reasonable assistance to enable compliance, in accordance with the DPA.

7.10 Privacy Notice. Additional information on Verifyo's data practices is available in Verifyo's Privacy Policy at verifyo.com/privacy. As between the parties, this Agreement and any DPA prevail in the event of conflict.

8. Confidentiality and Intellectual Property

8.1 Confidentiality. Each party (Recipient) shall keep confidential and not use the other party's (Discloser's) Confidential Information except to perform this Agreement or as otherwise permitted herein. Recipient shall protect Confidential Information with at least the same degree of care it uses for its own confidential information and no less than reasonable care.

8.2 Permitted Disclosures. Recipient may disclose Confidential Information to its personnel, Affiliates, professional advisers and sub‑contractors who have a need to know and are bound by confidentiality obligations, and to the extent required by law or a competent authority (provided Recipient, where legally permitted, gives prompt notice and cooperates to seek protective measures).

8.3 IP Ownership. As between the parties, Verifyo retains all right, title and interest in and to the Services, software, algorithms, models, data sets, documentation, designs, interfaces and trademarks, together with all improvements and derivatives. Customers retain ownership of their Customer Data. No rights are granted except as expressly stated.

8.4 Outputs Licence. Verifyo grants Business Customers a non‑exclusive, royalty‑free licence to use compliance outputs and reports internally for legitimate compliance purposes. Public disclosure of detailed reports or re‑publication of Verifyo content requires Verifyo's prior written consent.

8.5 Aggregate/Anonymised Data. Verifyo may collect and use aggregated or de‑identified data derived from service usage to operate, maintain, secure and improve the Services and to produce analytics that do not identify any Customer or End User.

8.6 Feedback. Customers may provide feedback or suggestions. Verifyo may use such feedback without restriction or obligation.

9. Warranties and Disclaimers

9.1 Mutual Warranties. Each party warrants that it has full power and authority to enter into and perform this Agreement and will comply with Applicable Laws in doing so.

9.2 Verifyo Warranties. Verifyo warrants that the Services will be provided with reasonable skill and care consistent with industry standards and that it will implement appropriate security measures as set out in Section 7.3.

9.3 Customer Warranties. Customers warrant that (a) they have all rights and lawful bases to submit Customer Data; (b) Customer Data is accurate and lawful; and (c) they will use the Services only in accordance with this Agreement and Applicable Laws.

9.4 Disclaimers. Except as expressly provided in this Section 9, the Services are provided "as is" and "as available." Verifyo disclaims all warranties, express, implied or statutory, including merchantability, fitness for a particular purpose, non‑infringement and any warranties arising from course of dealing. Verifyo does not warrant that the Services will detect all fraud, ensure compliance outcomes, or be error‑free or uninterrupted.

10. Indemnification

10.1 Indemnity by Business Customers. Business Customers shall defend, indemnify and hold harmless Verifyo and its Affiliates, officers, directors, employees and agents from and against any claims, damages, fines, penalties, costs and expenses (including reasonable legal fees) arising out of or relating to: (a) the Business Customer's breach of this Agreement or Applicable Laws; (b) Customer Data submitted by or on behalf of the Business Customer (including allegations of unlawful processing or violation of third‑party rights); (c) reliance on outputs as the sole basis for regulatory decisions; or (d) misuse of the Services by Authorised Users.

10.2 Indemnity by Verifyo. Verifyo shall defend, indemnify and hold harmless Business Customers against third‑party claims alleging that the Services, when used in accordance with this Agreement, infringe a valid EU or UK patent, copyright or trademark, or misappropriate a trade secret, and shall pay any final damages awarded (or settlement sums approved by Verifyo), subject to the limitations in this Agreement.

10.3 Exclusions. Verifyo's indemnity does not apply to claims arising from (a) combinations of the Services with items not provided by Verifyo; (b) use contrary to documentation or this Agreement; (c) modifications not made by Verifyo; or (d) Customer Data or materials supplied by the Customer.

10.4 Mitigation. If the Services are alleged to infringe, Verifyo may (i) modify the Services to be non‑infringing while substantially preserving functionality; (ii) replace the Services with functionally equivalent services; or (iii) terminate the affected Services and, if applicable, provide a pro‑rata refund of any prepaid amounts for unused Services.

10.5 Procedure. The indemnified party must (a) promptly notify the indemnifying party of the claim; (b) grant sole control of the defence and settlement to the indemnifying party; and (c) provide reasonable cooperation. The indemnifying party will not settle any claim admitting fault or imposing non‑monetary obligations on the indemnified party without its prior written consent.

10.6 Exclusive Remedy. This Section 10 states the indemnified party's exclusive remedy for the claims described.

11. Limitation of Liability

11.1 Exclusion of Indirect Damages. To the maximum extent permitted by law, neither party shall be liable for any indirect, incidental, special, consequential, punitive or exemplary damages, including loss of profits, revenue, savings, business opportunities or data, even if advised of the possibility of such damages.

Verifyo's total aggregate liability arising out of or in connection with this Agreement shall not exceed EUR €100,000. References to MTO Tokens elsewhere in this Agreement are solely for the purpose of describing Customer access requirements and do not create any obligation on Verifyo in relation to the value, custody, or management of tokens.

11.3 Carve‑outs. The exclusions and cap in this Section 11 do not apply to: (i) death or personal injury caused by negligence; (ii) fraud or fraudulent misrepresentation; (iii) the Customer's payment obligations and indemnities under Section 10; or (iv) any liability that cannot be limited under Applicable Laws.

11.4 Allocation of Risk. The parties agree that these limitations allocate risk and form a fundamental basis of the bargain under which the Services are provided.

12. Term and Termination

12.1 Term. This Agreement commences on the Effective Date and continues until terminated in accordance with this Section 12.

12.2 Termination by Customer. Individual Users may terminate by deleting their account and ceasing use of the Services. Business Customers may terminate by ceasing API use and disabling integrations.

12.3 Termination for Cause. Either party may terminate this Agreement for material breach that remains uncured thirty (30) days after written notice (fifteen (15) days for non‑payment of any agreed monetary amounts, if any).

12.4 Suspension. Verifyo may suspend the Services immediately if necessary to address security risks, unlawful activity, breach of this Agreement, failure to meet Token Requirements, or to comply with law or a governmental order.

12.5 Effects of Termination. Upon termination: (a) all rights and licences cease; (b) the Customer shall stop using the Services and delete any API keys; (c) Verifyo will delete or return personal data in accordance with Section 7 and any DPA; and (d) Sections which by their nature should survive (including 2, 6, 7, 8, 9, 10, 11, 13 and 14) shall survive.

12.6 Insolvency. Either party may terminate immediately upon written notice if the other party becomes insolvent, enters liquidation or has a receiver appointed over its assets.

13. Governing Law and Dispute Resolution

13.1 Governing Law. This Agreement and any dispute or claim (including non‑contractual disputes or claims) arising out of or in connection with it shall be governed by and construed in accordance with the laws of Ireland, without regard to conflict‑of‑law rules.

13.2 Jurisdiction. The parties irrevocably submit to the exclusive jurisdiction of the courts of Dublin, Ireland, to settle any dispute or claim arising out of or in connection with this Agreement or its subject matter or formation.

13.3 Good‑Faith Resolution; Mediation. The parties shall first seek to resolve disputes in good faith through discussions between senior representatives. If unresolved within thirty (30) days, either party may propose mediation under rules of a reputable Irish mediation body. Participation in mediation is voluntary and does not prejudice either party's right to litigate.

13.4 Injunctive Relief. Nothing in this Section shall prevent either party from seeking urgent injunctive, equitable or similar relief in any competent court to protect Confidential Information, intellectual property or data security.

14. Miscellaneous

14.1 Entire Agreement. This Agreement (including any Order Forms, documentation referenced herein and any executed DPA) constitutes the entire agreement between the parties and supersedes all prior agreements relating to its subject matter.

14.2 Amendments. Except as otherwise provided herein, any amendment or modification to this Agreement must be in writing and signed by authorised representatives of both parties. Notwithstanding the foregoing, Verifyo may modify these Terms from time to time by posting an updated version on its website or through the Services and updating the "Effective Date" at the top. Verifyo will use reasonable efforts to notify Customers (e.g., via email or in-service notice) of any material changes. If a Customer objects to any such change, the Customer's sole remedy is to notify Verifyo of its objection within thirty (30) days of the effective date of the updated Terms. If no resolution is reached, the Customer may terminate the Agreement by providing written notice to Verifyo. Because Verifyo does not charge monetary fees and does not hold or manage Customer tokens, no refund or reimbursement shall be due upon termination. If the Customer does not object within thirty (30) days of the update or continues to use the Services after the updated Terms take effect, the Customer will be deemed to have accepted the changes. This right to modify Terms applies only to online, standard Terms. If the parties have executed a separate negotiated agreement or Order Form that overrides this process, then changes must follow the process in that document.

14.3 Assignment. Customers may not assign or transfer this Agreement without Verifyo's prior written consent, except to an Affiliate or successor in interest in the context of a merger or sale of substantially all assets, provided the assignee agrees to be bound by this Agreement. Verifyo may assign this Agreement to an Affiliate or successor without restriction.

14.4 Force Majeure. Neither party shall be liable for delays or failures (other than payment obligations) due to events beyond its reasonable control, including natural disasters, epidemics, labour disputes, cyberattacks, utility failures, acts of government, war or terrorism. The affected party will notify the other and use reasonable efforts to mitigate.

14.5 Notices. Formal notices must be in writing and delivered by hand, courier or email with confirmation of receipt to the addresses provided by the parties (or as updated in writing). Notices are deemed received upon delivery.

14.6 Severability. If any provision of this Agreement is held invalid or unenforceable, it will be enforced to the maximum extent permissible and the remaining provisions will remain in full force and effect.

14.7 Waiver. No failure or delay in exercising any right shall constitute a waiver. A waiver must be in writing and is effective only for the specific instance.

14.8 Relationship. The parties are independent contractors. Nothing creates a partnership, joint venture or agency relationship. Neither party may bind the other.

14.9 Export Controls and Sanctions. Customers shall not use the Services in violation of EU export control laws or applicable sanctions regimes and represent they are not subject to EU restrictive measures or located in comprehensively sanctioned jurisdictions.

14.10 Third‑Party Rights. Except as expressly provided, no person other than a party has any rights under or in connection with this Agreement.

14.11 Counterparts; Electronic Signatures. This Agreement may be executed in counterparts and by electronic means. Electronic acceptance constitutes execution.

14.12 Language. This Agreement is in English. Translations are for convenience only.

14.13 Area of Operation. We operate all over the world except within the United States of America. There's another entity, brand and agreement for business customers who operate within the United States of America. Please contact support for further information!

15. Contact Information

All legal notices and communications to Verifyo should be addressed to:

HIPS Payment Group Ltd
Attn: Legal Department
77 Sir John Rogerson's Quay, Block C, Grand Canal Docklands, Dublin 2, D02 VK60
Dublin, Ireland

Email: support@verifyo.com