PLEASE READ THESE TERMS CAREFULLY.
The Civic Customer Product Specific Terms are intended to highlight some of the important things about using our different Services. The Customer Product Specific Terms form part of the Civic Customer Services Agreement and are hereby incorporated therein.
If you are using any of the Services described below, the terms corresponding to those product(s) apply to your use. We periodically update this page, so please check back here for current information.
1. Civic CAPTCHA Pass
1.1. Customer acknowledges and agrees that CAPTCHA Pass works by collecting hardware and software information, such as device and application data, and sending this data to Civic for analysis. The information collected in connection with Customer's use of the CAPTCHA Pass service will be used for providing, maintaining, and improving CAPTCHA Pass and for general security purposes. It will not be used for personalized advertising by Civic.
1.2. Privacy Policy. Customer will comply with all applicable privacy laws and regulations, including those applying to personal data. Customer will provide and adhere to a privacy policy for its software that clearly and accurately describes to applicable Customer’s End Users what user information Customer collects and how Customer uses and shares such information (including for advertising) with Civic and third parties. Customer will be responsible for providing any necessary notices or consents for the collection and sharing of this data with Civic.
1.3. Terms. Customer agrees to explicitly inform applicable Customer’s End Users that Customer has implemented CAPTCHA Pass on its properties and that Customer End Users' use of CAPTCHA Pass is subject to the Privacy Policy and General Terms. CAPTCHA Pass may only be used to fight spam and abuse on Customer's Properties.
2. Civic Liveness Pass, Civic Uniqueness Pass, and Civic ID Verification Pass
2.1. These terms (“Civic Identity Terms”) apply to the Customer’s use of the Civic Liveness Pass, Civic Uniqueness Pass, and Civic ID Verification Pass.
2.2. Use of the Civic Identity Services
2.2.1. Permitted Uses. You may use the Civic Identity Services only: (a) to verify the identity of Verifiable Individuals to the extent necessary to satisfy your compliance obligations under Law; (b) to prevent fraud as related to your services; (c) to prevent misuse of your services; and (d) to improve the safety or security of your business, operations and services.
2.2.2. Restricted Uses. Without limiting the unsupported or prohibited use cases identified herein, you must not, and must not enable or allow any other party to: (a) modify the Civic Identity Services in any way, including by changing (i) the branding, appearance or user experience of the Civic Identity Services; or (ii) the manner or language used to obtain consent from Verifiable Individuals; (b) represent or imply that Civic is acting as your agent or appointed by you for the purpose of conducting or meeting your Due Diligence Requirements; (c) disclose the Civic Data you receive in connection with the Civic Identity Services to any third party, except as Law requires; (d) use the Civic Identity Services, any Civic Data you receive in connection with the Civic Identity Services, or any Verification Data to create or support a product that competes with the Civic Identity Services; (e) use the Civic Identity Services, the Civic Data you receive in connection with the Civic Identity Services, or Verification Data in a manner that would violate any Law; (f) reuse, sell, rent, transfer, make available, or communicate orally or through other means the Civic Data you receive in connection with the Civic Identity Services (including as the term “sell” is defined in the CCPA, as applicable); (g) use the Civic Identity Services to verify the identity of an individual who is incompetent to provide legally binding consent because of their age or for any other reason; or (h) use the Civic Identity Services as a factor in determining any person’s eligibility for credit, insurance, housing or employment, or in a manner that would cause Civic to be a “consumer reporting agency” or cause Civic Data you receive to constitute a “consumer report”, each as described in the FCRA (as applicable).
2.2.3. Unsupported Use Cases. You may not use Civic Identity Services for any of the following purposes: (a) Reselling as an independent ID verification service or selling or renting the data you receive from Civic Identity Services. (b) Verification or storage of Personal Health Information (PHI) protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This only applies for businesses that are sharing data covered by the US HIPAA. (c) Conducting ID verification to determine if an individual is eligible for credit, housing, employment, insurance—or other purposes under the US Fair Credit Reporting Act (FCRA). This only applies to businesses that are using Identity for an activity that is covered by the US FCRA. (d) Government or law enforcement use. (e) Verifying anyone considered a minor or who is under the age of 16. (f) Verifying anyone who is linked directly or indirectly with jurisdictions Civic has deemed high risk, as may be updated from time to time: Cuba, Iran, North Korea, Syria, Russia, and Ukraine, or persons Civic has deemed high risk, such as those individuals or entities named to a restricted person or party list of the sanctions lists maintained by the U.S. Office of Foreign Assets Control.
2.3. Use of Data.
2.3.1. Civic’s Use of Verification Data. Verification Data is Protected Data for purposes of this Agreement. As part of the Civic Identity Services, unless the Civic Identity Services Documentation specifies otherwise, or you instruct Civic not to do so, Civic may generate and provide to you verification results and Optical Character Recognition (OCR) results from any documents submitted through the Civic Identity Services, which results are Civic Data for the purposes of this Agreement.
2.3.2. Your Use of Verification Data and Civic Data. You may use the Civic Data that Civic makes available to you in connection with the Civic Identity Services solely for the underlying purpose you disclosed to Civic when you were onboarded to use the Civic Identity Services. You may use Verification Data solely for the purposes described in your agreements with Verifiable Individuals.
2.4. Representations and Warranties; Disclaimers
2.4.1. No Warranty. Civic does not represent or warrant that the Civic Identity Services will enable you to fulfill your obligations under Law, including with respect to Due Diligence Requirements. You are solely responsible for complying with Law, including with respect to Due Diligence Requirements.
2.4.2. Disclaimer. (a) Civic does not guarantee that the Civic Identity Services will detect or prevent all fraudulent activities or correctly verify the identity of any individual. (b) Civic makes no representation or warranty that the Civic Identity Services will enable you to comply with Law, and you remain solely responsible for ensuring that you meet your legal obligations. (c) You are responsible and liable for your actions and decisions in connection with the Civic Identity Services, including your decisions to enter, or not enter, into business relationships with any persons. (d) Civic and its Affiliates are not liable for any losses, damages, or costs that you suffer in connection with any fraudulent activities that the Civic Identity Services did not detect or prevent. (e) Civic and its Affiliates are not liable for any losses, damages, or costs caused by your failure to meet any of your Due Diligence Requirements, or by the Civic Identity Services failing to correctly verify the identity of any individual
2.5. Privacy and Data Protection
2.5.1. Disclosing Your Privacy Policy. In connection with each verification request that is submitted to the Civic Identity Services, you must disclose your privacy policy to the Verifiable Individual.
2.5.2. Requirements for Your Privacy Policy. If you receive access to any Verification Data as part of the Civic Identity Services, your privacy policy must, at a minimum: (a) state that you and Civic are each independent controllers of Verification Data, and that Civic will process Verification Data in accordance with Civic’s privacy policy and these Civic Identity Terms, in addition to acting as a service provider to you; (b) state the process through which Verifiable Individuals can submit data subject requests (including data deletion and data access) to you, and provide your contact information for this purpose; (c) state the ways in which you will use Verification Data, including, if Law requires, whether you will sell or disclose Verification Data (including as the term “sell” is defined in the CCPA); and (d) include all other information Law requires you to include.
2.5.3. No Inconsistent Terms. Your Privacy Policy must not contain any terms that contradict Civic’s rights to use Verification Data for the purposes described in these Civic Identity Terms or as otherwise authorized by the Verifiable Individual.
2.5.4. Civic may Notify or Obtain Consent. Depending upon your implementation of the Civic Identity Services, Civic may provide notice to or obtain consent from Verifiable Individuals as described in the Civic Identity Services Documentation for the purpose of enabling Civic to provide the Civic Identity Services.
2.5.5. Your Obligation to Obtain Consent. You must obtain all consents from Verifiable Individuals that are required for (a) your use of Verification Data; and (b) Civic’s use of any Personal Data that you submit to Civic in connection with your use of the Civic Identity Services.
2.5.6. Security Controls. You must implement and maintain safeguards and security controls that are reasonable for the size, nature and maturity of your business and industry to protect Verification Data and Civic Data against unauthorized access, use and disclosure. If you fail to do so, in addition to all other remedies available to Civic, Civic may suspend or restrict your access to the Civic Identity Services and Verification Data.
2.5.7. Assistance to Notify. If Civic is required to send a data subject notification to any Verifiable Individuals related to your use of the Civic Identity Services, you must assist Civic in notifying Verifiable Individuals.
2.6. Audit
2.6.1. Obligation to Provide Information. You must provide information that Civic requests for the purpose of ensuring that you comply with this Agreement, including information verifying: (a) that your use of the Civic Identity Services complies with these Civic Identity Terms and Law; (b) that your receipt and use of the Civic Data and Verification Data complies with these Civic Identity Terms and Law; (c) that you have not modified the Civic Identity Services without Civic’s consent; (d) your industry, business activities, licensing and regulatory standing; and (e) your purpose for using the Civic Identity Services.
2.6.2. Obligation to Respond Promptly. You must respond to Civic’s requests for information promptly, but no later than 14 days after Civic’s request. Civic may suspend or terminate your access to the Civic Identity Services immediately if you fail to provide information Civic requests under this Section.
2.7. Retention and Deletion of Data
2.7.1. Data Civic Stores on Your Behalf. (a) You instruct Civic to store on your behalf a copy of Verification Data for a period of 3 years following verification, or a shorter period as you may instruct according to the Civic Identity Services Documentation. You are responsible for (i) determining how long Law requires you to store copies of Verification Data; and (ii) storing (either yourself or through Civic) the Verification Data for the time period Law requires. (b) Upon termination of these Civic Identity Terms, Civic may delete copies of Verification Data that Civic has stored on your behalf.
2.7.2. Data Civic Stores for its Own Purposes. Notwithstanding Section 2.7.1 of these Civic Identity Terms, Civic may retain a copy of Verification Data as long as Law permits.
2.8. Representation and Warranty. You represent and warrant at all times during the Term, that you do not use the Civic Identity Services for any “permissible purpose” under (and as defined in) the FCRA, or in a manner that would violate the GLBA, the United States Driver's Privacy Protection Act, the United States Health Insurance Portability and Accountability Act, or other substantially similar Law.
3. Civic Auth
3.1. Civic Auth is powered in part by Turnkey. If you are using Civic Auth to provide End Users with embedded wallets, your use of Civic Auth is governed by and subject to Turnkey’s Terms of Service and Privacy Policy. You should review Turnkey’s Terms of Service and Privacy Policy before using Civic Auth if you are using Civic Auth for this purpose. By using Civic Auth to provide embedded wallets to End Users, you agree and accept Turnkey’s Terms of Service and Privacy Policy. If you do not agree to Turnkey’s Terms of Service and Privacy Policy, you should not use Civic Auth to provide embedded wallets to End Users.
3.2. If you are using Civic Auth as a developer, you agree to: (i) include in your end-user application terms of service (x) that such user’s use of the application must comply with applicable law, (y) restrictions and obligations and acknowledgement of risks applicable to end-users that are consistent with those restrictions and obligations and acknowledgement of risks contained in Turnkey’s Terms of Service, including without limitation, responsibilities and risks related to authentication credentials, email recovery, key import and key export, (z) indemnify, defend, and hold harmless Civic and Turnkey from and in connection with any and all responsibility or liability related to the risks set forth in Turnkey’s Terms of Services, including without limitation, exported private keys and seed phrases or access credentials related to imported private keys stored outside Turnkey’s services; (ii) require end-users to agree to such end-user application terms of service prior to being able to use the application; (iii) monitor the activity of end-users within the application for their compliance with such end-user application terms of service; (iv) use commercially reasonable efforts to enforce such end-user application terms of service after you become aware of such non-compliance by an end-user; and (v) screen each end-user in accordance with your applicable compliance policies (including without limitation the minimum compliance policy requirements set forth in Turnkey’s Terms of Service). Furthermore, you will engage in commercially reasonable efforts, in good faith, to ensure that the implementation and/or use of the application by each end-user is in accordance with all applicable laws, rules and regulations, Turnkey’s Terms of Services, the foregoing requirements and the Turnkey’s documentation.
3.3. To the fullest extent permitted by applicable law, Civic provides Civic Auth on an “AS IS” and “AS AVAILABLE” basis, without any warranties of any kind, express or implied, including but not limited to, implied warranties of merchantability, fitness for a particular purpose, non-infringement, or any warranties arising from a course of performance, dealing, or usage of trade. Civic makes no representation or warranty that Civic Auth will be secure, uninterrupted, error-free, or free from harmful components.
3.4. Furthermore, to the maximum extent allowed by law, You agree to indemnify, defend, and hold harmless Civic, along with its officers, directors, employees, and agents, from and against any and all claims, liabilities, damages, losses, and expenses (including reasonable attorneys’ fees and costs) arising out of or related to Your use of Civic Auth. This indemnification obligation shall apply regardless of whether such claims arise from Your actions or from the actions of third parties using Civic Auth under Your account.
Definitions
“Civic API” means all instances of the Civic application programming interfaces, including all endpoints that enable Civic users to use Civic services.
“Civic Data” means data that you obtain via the Services, including (a) information relating to Civic API interactions via the Civic Technology; (b) information Civic uses for security or fraud prevention; and (c) all aggregated information Civic generates from the Services.
“Civic Dashboard” means the interactive user interface through which a Civic user may view information about and manage a Civic account.
“Documentation” means the sample code, instructions, requirements and other documentation (a) available at www.docs.civic.com; and (b) included in the Civic SDKs.
“Civic Identity Services Documentation” means the Documentation, along with other documentation that Civic makes available to you (including via email and the Civic Dashboard), relating to the Civic Identity Services.
“Civic SDK” means a software development kit listed on www.docs.civic.com.
“Civic Technology” means all hardware, software (including software in the Civic SDKs), application programming interfaces (including the Civic API), user interfaces (including the Civic Dashboard), and other technology that Civic uses to provide and make available the Civic services.
“Due Diligence Requirements” means requirements imposed by Law that govern, are related to, or are similar to Anti-Money Laundering (AML), Know Your Customer (KYC), Know Your Business (KYB) and Customer Due Diligence (CDD).
“Law” means all applicable laws, rules, regulations and other binding requirements of any regulator or other governmental agency or entity with jurisdiction over the Services, Civic or you, as applicable.
“Personal Data” means any information relating to an identifiable natural person that is Processed (as defined in the Data Processing Agreement) in connection with the Services, and includes “personal data” as defined in the GDPR and “personal information” as defined in the CCPA.
“Protected Data” means (a) all Personal Data that you provide to Civic; and (b) any Personal Data that Civic uses when acting as a “Data Processor” (as defined in the Data Processing Agreement) when providing the Services.
“Verifiable Individual” means an individual whose Verification Data is submitted through the Civic Identity Services.
“Verification Data” means all data, information, photos, videos, ID Images, and documents (including copies of documents) submitted through the Civic Identity Services.