Terms of Service

These Terms of Service ("Terms") form a binding agreement between you ("you", "your", or the "Customer") and DocVerify ("DocVerify", "we", "us", or "our"), governing your access to and use of the DocVerify website at docverify.app, the DocVerify REST API, the Model Context Protocol (MCP) endpoints, the AI Agent Workflows platform, the ID verification workflow, any software development kits we publish, and any related documentation, dashboards, or support channels (together, the "Service").

By creating an account, obtaining an API key, invoking an AI Agent Workflow, or otherwise accessing the Service you confirm that (a) you have read and accept these Terms and our Privacy Policy; (b) you are legally able to enter into a binding contract; and (c) if you are accepting on behalf of an organization, you have authority to bind that organization.

If you do not agree, you must not access or use the Service.

• —"Content" means any document, image, PDF, data, text, prompt, configuration, or other material submitted to, processed by, or produced through the Service.
• —"Customer Content" means Content you upload, transmit, or otherwise make available through the Service.
• —"Console" means the DocVerify web interface used by logged-in users.
• —"API" means our REST API and the MCP endpoints.
• —"AI Agent Workflow" means a DocVerify-hosted agent that you configure or invoke, including verification agents you create through the Console and any agent exposed as a REST or A2A endpoint.
• —"ID Verification" means the workflow that compares an ID-document portrait with a live video challenge to provide a probabilistic pass/fail verification signal.
• —"Operator" means the user who creates, configures, or deploys a AI Agent Workflow — typically the account owner whose credentials configured the agent.
• —"End User" means any person who invokes an AI Agent Workflow, whether directly or through an integration the Operator has built.
• —"Free Tier" means use of the Service without an active paid subscription or purchased credits being applied to the request.
• —"Paid Tier" means use of the Service where a subscription credit or purchased credit is applied to the request.

You must be at least the age of digital consent in your jurisdiction to use the Service (13 in the United States; 16 in the European Economic Area unless a member state sets a lower age down to 13; 18 in India, and in any event the age of majority where required by local law). If you are a minor, your parent or legal guardian must accept these Terms on your behalf.

Account credentials, API keys, and recovery keys are personal to you. You are responsible for keeping them confidential and for every action taken under your account or with your API key. You agree to notify us promptly at security@docverify.app of any suspected unauthorized access.

Information you provide during registration must be accurate and kept up to date. We may suspend or terminate accounts for materially false information, sanctions-list matches, or repeated violations of these Terms.

The Service performs algorithmic and machine-learning-based analysis of documents and images to produce probabilistic signals about potential tampering, manipulation, or AI generation. Outputs may include numerical scores, verdicts, heatmaps, metadata summaries, signature-validation results, and free-text explanations.

The Service is delivered through (a) the Console, (b) the REST API, (c) MCP endpoints used by AI assistants, and (d) AI Agent Workflows you create or invoke. Feature sets, quotas, and pricing for each channel are described in-product and may change from time to time subject to Section 20 (Changes).

Not a legal or financial determination. Outputs of the Service are computational signals, not legal findings, expert witness testimony, or financial advice. See Section 14 (Accuracy & Limitations).

DocVerify lets you create and host verification agents that run on our infrastructure ("AI Agent Workflows") and that can be invoked via REST or exposed to other agent frameworks. The following terms apply in addition to the rest of these Terms.

5.1 Operator role. You are the "Operator" of every AI Agent Workflow you create. You determine the agent's purpose, prompt logic, tools, data sources, thresholds, and output schema. DocVerify is a neutral infrastructure provider that executes the configuration you supply. You are solely responsible for the agent's outputs and for ensuring its purpose and configuration are lawful in every jurisdiction where the agent is invoked.

5.2 End Users. If you expose an AI Agent Workflow to third parties (directly or through an integration), those third parties are your End Users. You are responsible for (a) informing End Users that DocVerify processes Content on your behalf, (b) obtaining any consents required for their data to be processed by our ML models (including any large-language-model sub-processors), (c) publishing your own privacy notice and terms governing their use, and (d) handling any data-subject requests End Users make about their Content.

5.3 Data processing. For Customer Content you submit when invoking or configuring an AI Agent Workflow, DocVerify processes that Content as a data processor / service provider on your instructions. For End-User Content passing through your AI Agent Workflow, you are the controller and DocVerify is your processor. A data-processing addendum ("DPA") is available on request at legal@docverify.app and automatically applies to accounts subject to the GDPR, UK GDPR, or India's Digital Personal Data Protection Act, 2023 ("DPDP Act").

5.4 Sub-processors. AI Agent Workflows may rely on third-party model providers, cloud infrastructure, and tool integrations (e.g. search engines, code execution sandboxes, email, or workflow APIs) you configure. You authorize us to engage those sub-processors as necessary to execute the configuration you provide. A current list of core sub-processors is maintained in the DPA.

5.5 High-risk uses. AI Agent Workflows must not be configured for — and must not be relied on as the sole decision-maker in — high-stakes automated decisions that produce legal or similarly significant effects on individuals without meaningful human review. Examples include sole-basis credit decisions, insurance pricing, hiring, university admissions, visa or immigration decisions, medical diagnosis, and criminal justice. You are responsible for complying with the EU AI Act, the US Equal Credit Opportunity Act, India's DPDP Act (automated decision-making provisions), and any other applicable laws.

5.6 Agent isolation & reliability. We make commercially reasonable efforts to isolate Operator configurations, but the Service is provided on an "as is" basis subject to Sections 14 and 15. AI Agent Workflows may use shared compute capacity, and throughput, latency, and availability are not guaranteed absent a separate enterprise service-level agreement.

5.7 Removal & suspension. We may suspend, disable, or remove any AI Agent Workflow that we reasonably believe violates these Terms (including Section 6) or applicable law, that is being used to abuse or impersonate the Service, or that poses a material risk to other users or to the integrity of the platform. Where practicable we will notify the Operator.

You agree not to, and not to permit any third party to:

• —Use the Service to produce, facilitate, or conceal fraud, forgery, misrepresentation, identity theft, money-laundering, terrorism financing, sanctions evasion, or any other illegal act.
• —Use ID Verification to process another person's identity document, likeness, voice, or biometric data without a valid legal basis, required notice, and required consent.
• —Generate, refine, distribute, or evaluate synthetic identity documents, deepfakes of real persons without their verifiable consent, non-consensual intimate imagery, or material depicting sexual abuse of minors.
• —Submit Content you do not have the legal right to process, or whose processing would violate third-party privacy, confidentiality, intellectual-property, or contractual obligations.
• —Submit Content whose sole purpose is to train or benchmark a competing detection or generation system without our prior written consent.
• —Reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code, weights, or training data of our models, or to circumvent rate limits, quotas, metering, or authentication mechanisms.
• —Use the Service to create or operate a product, service, or API that materially replicates or competes with the Service, or to white-label, resell, or sublicense the Service without a written enterprise agreement.
• —Upload any malware, exploit, or payload intended to harm the Service or other users; interfere with or degrade the Service; or attempt to gain unauthorized access to accounts, infrastructure, or data.
• —Use the Service in violation of US export-control laws (including EAR and OFAC sanctions), UK export-control laws, EU dual-use regulations, or the laws of any other jurisdiction from which you access the Service. You represent that you are not located in, and will not use the Service from, a jurisdiction subject to comprehensive US trade sanctions, and that you are not on any restricted-party list.

Violations may result in suspension, termination, forfeiture of unused credits, and where warranted, reports to law-enforcement and regulatory authorities.

7.1 Ownership. You retain all rights in Customer Content. These Terms do not transfer any ownership of your Content to DocVerify.

7.2 License to operate the Service. You grant DocVerify a worldwide, non-exclusive, royalty-free licence to host, copy, transmit, process, display, and otherwise use Customer Content solely to (a) provide, secure, and improve the Service, (b) comply with law, and (c) where applicable under Section 9, use Free Tier document-analysis submissions to train and improve our detection models. This training licence does not apply to ID Verification media.

7.3 Representations. You represent and warrant that (a) you own or have all rights necessary to submit the Content and to grant the licences in these Terms; (b) processing the Content by the Service will not infringe the rights of any third party or violate any law; and (c) you have obtained any consents required from individuals whose personal data is contained in the Content.

7.4 Removal. We may remove or refuse to process Content that we reasonably believe violates these Terms, applicable law, or the rights of any third party.

Free-Tier quotas, paid per-request pricing, and subscription plans are described in the Console and on the pricing page. You authorize us (and our payment processor) to charge the payment method on file for the plan you select and for any purchased credits.

• —Purchased credits are non-refundable once consumed, except where refunds are required by applicable consumer-protection law.
• —Subscriptions renew automatically for successive periods until cancelled. Cancellation takes effect at the end of the current paid period.
• —Unused subscription credits do not roll over into the next period.
• —We may change pricing with at least 30 days' notice to active subscribers, to take effect at the next renewal.
• —You are responsible for all taxes (VAT, GST, sales tax, withholding tax, or similar) imposed on your use of the Service other than taxes on our net income.
• —EEA / UK consumers — right of withdrawal. By clicking "subscribe" or "buy credits" and receiving access to the Service immediately, you expressly request immediate performance of the contract and acknowledge that, to the extent you are a consumer, you lose the 14-day right of withdrawal for digital content that has already been supplied (Article 16(m) Consumer Rights Directive 2011/83/EU as amended; corresponding UK law).

9.1 Training-dataset retention (Free Tier only). When you submit document-analysis Content on the Free Tier — whether through the Console, the API, the MCP endpoints, or an AI Agent Workflow you invoke without a paid credit — you grant DocVerify the right to retain a copy of that Content together with the resulting analysis metadata (score, verdict, flags, heatmap, detected content type) in an access-controlled training corpus. The copy is used to train, evaluate, red-team, and improve our detection models and AI Agent Workflow infrastructure.ID Verification media is excluded from this training-dataset retention, even when the attempt uses free credits.

9.2 Access controls. Retained samples are stored in restricted cloud infrastructure that is inaccessible to any end user or customer. No sign-in flow, dashboard, or API surface exposes retained Content. Only authorized DocVerify engineering and model-training processes can read the store, and access is audited.

9.3 Paid Tier — no training retention. Content submitted on the Paid Tier is processed in memory and is not added to the training corpus. We do not retain the file, heatmap, or derived features beyond the lifetime of the analysis response, other than the operational metadata described in Section 10.2.

9.4 Console history (independent of 9.1). For logged-in users, the Console also stores an end-to-end encrypted copy of each scan under your personal history. That copy is encrypted in your browser with a key held in your browser's local storage — DocVerify cannot decrypt it — and is automatically deleted within approximately 24 hours. The Free-Tier dataset copy described in Section 9.1 is a separate, unencrypted copy used only for model training and is not exposed to any user interface.

9.5 Deletion requests. You may request deletion of a Free-Tier retained sample by writing to privacy@docverify.app with enough information to identify the sample (approximate upload date, filename, and if available the sampleId from the response). We will delete matching records, remove them from back-ups within the normal back-up-rotation cycle, and confirm completion within 30 days (subject to Sections 9.6 and 10.3).

9.6 Sensitive data — do not upload on Free Tier. Do not submit on the Free Tier any document-analysis Content that contains special-category personal data under the GDPR (Article 9) or the UK GDPR, "sensitive personal data" under the DPDP Act, protected health information under HIPAA, personal data of children, government-issued identity documents of third parties, or any Content whose retention in a training corpus would breach a confidentiality obligation you owe. The dedicated ID Verification workflow is handled separately: ID Verification media is not retained for training on any tier, but you still must not submit another person's identity document, likeness, voice, or biometric data without a valid legal basis, required notice, and required consent.

9.7 Model outputs. Anonymised document-analysis model outputs (numerical scores, heatmaps, verdicts) may be used in aggregate to measure and improve accuracy regardless of the tier, provided they cannot be linked back to an identifiable individual. This does not permit retention of ID Verification media for training.

10.1 Privacy Policy. Our Privacy Policy describes how we collect, use, disclose, transfer, and protect personal data. It forms part of these Terms.

10.2 Operational logs. We retain minimal request metadata — timestamp, HTTP status code, cost type, hashed account / API-key reference, file size, and computed verdict — for billing, quota enforcement, abuse prevention, tax and accounting compliance, and security incident response. These logs do not contain Customer Content on the Paid Tier or ID Verification media.

10.3 International transfers. DocVerify processes data in the United States and other jurisdictions. Where data originates in the EEA, UK, or Switzerland, we rely on the European Commission's standard contractual clauses and equivalent UK and Swiss mechanisms; where data originates in India, we apply the cross-border transfer provisions of the DPDP Act. Details are in our Privacy Policy and DPA.

10.4 Data-subject rights. Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or port personal data about you, and to withdraw consent or opt out of certain processing. Section 22 (Regional Addenda) summarises specific rights for EEA/UK residents, California residents, and Indian residents. To exercise a right, write to privacy@docverify.app.

10.5 Security. We apply technical and organisational measures appropriate to the risk, including encryption in transit, encryption at rest for back-ups, strict access controls on restricted data paths, per-tenant isolation, and documented incident-response procedures. No system is perfectly secure, and you are responsible for keeping your credentials and recovery keys safe.

DocVerify and its licensors retain all right, title, and interest in and to the Service, including the ML models, model weights, training pipelines, algorithms, user interfaces, documentation, trademarks, logos, and any derivative works. No rights are granted to you by implication, estoppel, or otherwise beyond the limited, revocable, non-transferable, non-sublicensable right to access and use the Service in accordance with these Terms.

Third-party open-source components used in the Service are made available under their respective licences, which are listed in our documentation.

If you send us suggestions, ideas, or feedback about the Service, you grant DocVerify a perpetual, irrevocable, royalty-free, worldwide licence to use, modify, and incorporate that feedback into the Service without obligation to you.

The Service may link to or integrate with third-party services (for example, LLM providers, payment processors, email senders, or tool APIs you configure for a AI Agent Workflow). DocVerify is not responsible for those third-party services, which are governed by their own terms. Your use of a third-party service is at your own risk.

14.1 Probabilistic outputs. Outputs of the Service are probabilistic, heuristic, and model-based. They are not a substitute for professional forensic examination, legal advice, financial advice, medical advice, or a definitive determination by a qualified expert.

• —Outputs may include false positives (authentic content flagged as suspicious) and false negatives (manipulated content that is not detected).
• —Outputs must not be used as the sole basis for legal, financial, employment, insurance, immigration, clinical, or safety-critical decisions.
• —Outputs are not admissible as standalone expert evidence in any legal proceeding; they are computational aids to human judgment.
• —Signature validation results reflect the state of the file at the moment of analysis and depend on the authenticity of trust anchors at that time.

14.2 Disclaimer of warranties. Except as expressly stated in a written agreement signed by an authorized DocVerify representative, the Service is provided "as is" and "as available". To the maximum extent permitted by applicable law, DocVerify disclaims all warranties and conditions, express, implied, or statutory, including warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, uninterrupted operation, and error-free performance. Some jurisdictions do not allow the exclusion of implied warranties, so some of these exclusions may not apply to you.

15.1 Exclusion of indirect damages. To the maximum extent permitted by applicable law, DocVerify will not be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, or for lost profits, lost revenue, lost data, loss of goodwill, or business interruption, arising out of or related to the Service, whether in contract, tort (including negligence), strict liability, or otherwise, and whether or not DocVerify has been advised of the possibility of such damages.

15.2 Liability cap. DocVerify's aggregate liability arising out of or related to the Service in any 12-month period shall not exceed the greater of (a) the fees you paid to DocVerify for the Service during that period or (b) one hundred US dollars (US$100).

15.3 Consumer-law carve-out. Nothing in these Terms limits liability that cannot be limited under applicable law, including liability for (i) gross negligence, wilful misconduct, fraud, or fraudulent misrepresentation; (ii) death or personal injury caused by negligence; (iii) liability under mandatory consumer-protection statutes (including the UK Consumer Rights Act 2015 and EU member-state consumer laws); or (iv) infringement of statutory data-subject rights.

You will defend, indemnify, and hold harmless DocVerify, its affiliates, officers, directors, employees, and agents from and against any third-party claim, loss, liability, damage, or expense (including reasonable legal fees) arising out of or related to (a) your Customer Content, (b) your configuration, deployment, or operation of an AI Agent Workflow, (c) your breach of these Terms or applicable law, (d) your violation of any third-party right, and (e) your End Users' use of a AI Agent Workflow.

Nothing in this Section limits rights you may have as a consumer under applicable law.

We may suspend or terminate your access to the Service, or to any component of it (including any AI Agent Workflow), immediately and without notice if we reasonably believe you have violated these Terms, applicable law, or the rights of any third party, or if required by law or by a governmental or regulatory authority.

You may terminate your account at any time by deleting it from the Console or by writing to privacy@docverify.app. On termination, (a) your right to access the Service ends, (b) provisions that by their nature should survive (Sections 6, 7, 11, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, and 24) will survive, and (c) we will delete or return personal data as required by applicable law and our Privacy Policy.

18.1 Default. These Terms are governed by the laws of the State of Delaware, USA, excluding its conflict-of-law rules and the United Nations Convention on Contracts for the International Sale of Goods.

18.2 EEA, UK, Switzerland. If you are a consumer resident in the EEA, the UK, or Switzerland, you also benefit from any mandatory provisions of the consumer law of the country where you habitually reside, and you may bring proceedings in the courts of that country.

18.3 India. If you are resident in India, these Terms shall be construed in accordance with the laws of India, subject to the exclusive jurisdiction of the courts of Bengaluru, Karnataka, and without prejudice to the non-waivable rights you have under the DPDP Act and the Consumer Protection Act, 2019.

19.1 Informal resolution. Before filing any formal claim, you agree to contact us at legal@docverify.app describing the dispute in reasonable detail. The parties will negotiate in good faith for at least 30 days before escalating.

19.2 US users — binding arbitration. If you are resident in the United States, you and DocVerify agree to resolve any dispute not resolved informally by final, binding arbitration administered by the American Arbitration Association under its Consumer Arbitration Rules (for individuals) or its Commercial Arbitration Rules (for entities), seated in Wilmington, Delaware, conducted in English, by a single arbitrator. Either party may bring an individual claim in a small-claims court of competent jurisdiction instead of arbitration. You and DocVerify waive any right to a jury trial.

19.3 Class-action waiver. To the fullest extent permitted by law, disputes must be brought in an individual capacity only, and not as a plaintiff or class member in any purported class, collective, consolidated, or representative proceeding. If this waiver is found unenforceable as to a particular claim, that claim must be severed and heard in court, and the remaining claims will proceed in arbitration.

19.4 EEA, UK, Switzerland. Sections 19.2 and 19.3 do not apply to consumers resident in the EEA, UK, or Switzerland, who may bring proceedings in the courts of their country of residence as provided in Section 18.2.

19.5 India — grievance procedure. If you are resident in India, you may contact our Grievance Officer (see Section 22.B) in accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the DPDP Act. Nothing in this Section requires Indian consumers to arbitrate or waives any right of access to the courts.

19.6 Injunctive relief. Either party may seek injunctive or other equitable relief in any court of competent jurisdiction to protect its intellectual-property rights, confidential information, or security of the Service.

We may modify the Service or these Terms from time to time. For material changes that adversely affect you, we will give at least 30 days' prior notice by email or by an in-product notice. Continued use after the effective date of an update constitutes acceptance; if you do not accept, your sole remedy is to stop using the Service and, where applicable, request cancellation and a pro-rata refund of any prepaid fees for the period after the effective date.

Entire agreement. These Terms, our Privacy Policy, any DPA or order form signed between us, and any product-specific terms referenced in-product, are the entire agreement between us about the Service, and supersede all prior agreements and communications.

Severability. If any provision of these Terms is held invalid or unenforceable, it will be modified to the minimum extent necessary to be valid and enforceable, and the remaining provisions will remain in full force.

No waiver. Our failure to enforce any right or provision is not a waiver of that right or provision.

Assignment. You may not assign or transfer these Terms without our prior written consent. We may assign these Terms in connection with a merger, acquisition, reorganization, or sale of all or substantially all of our assets.

Force majeure. Neither party is liable for delay or failure in performance (other than payment obligations) caused by events beyond its reasonable control, including acts of God, war, terrorism, civil disturbance, labour action, pandemic, internet or electricity outage, or acts of a government authority.

Independent contractors. The parties are independent contractors; no agency, partnership, joint venture, or employment is created by these Terms.

Notices. Notices to DocVerify must be sent to legal@docverify.app. We may provide notices to you by email to the address on file, by an in-product notice, or by posting on our website.

US Government users. The Service is a "Commercial Item" as defined at FAR 2.101, consisting of "Commercial Computer Software" and "Commercial Computer Software Documentation" as defined at FAR 12.212 and DFARS 227.7202. Use, modification, reproduction, release, performance, display, or disclosure by US Government end users is governed solely by these Terms.

DMCA / copyright complaints. Send notices of claimed copyright infringement to our designated agent at copyright@docverify.app. Notices must include the elements required by 17 U.S.C. § 512(c)(3).

The following provisions apply in addition to the rest of these Terms for users located in the listed regions. In the event of a conflict with other provisions, the regional provisions prevail for users in that region.

A. European Economic Area, United Kingdom & Switzerland

• —Under the GDPR / UK GDPR you have the rights of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21), and to lodge a complaint with your local supervisory authority.
• —Where DocVerify acts as a processor on your behalf (including for AI Agent Workflows), the Data Processing Addendum governs our role as processor.
• —The statutory-rights preservation in Section 15.3 and the consumer-law preservation in Section 18.2 apply.
• —Our EU representative and UK representative contact details are listed in the Privacy Policy.

B. India (Digital Personal Data Protection Act, 2023)

• —DocVerify is a Data Fiduciary in respect of personal data we collect about you as an account holder, and a Data Processor (or Data Fiduciary acting for the principal) in respect of personal data processed through AI Agent Workflows and API calls on your instructions.
• —As a Data Principal you have the rights to access, correction, erasure, grievance redressal, and to nominate a person to exercise rights in the event of your death or incapacity.
• —You may withdraw consent at any time by emailing privacy@docverify.app; withdrawal does not affect lawful processing done before the withdrawal, and continuing to use the Service may be impossible without the consent.
• —Grievance Officer. Email grievance@docverify.app. The Grievance Officer will acknowledge your grievance within 24 hours and respond substantively within the statutory period (currently 15 days under the IT Rules, 2021) or such shorter period as the DPDP Act or rules prescribe.
• —Content of children (under 18) must not be submitted without verifiable consent of a parent or lawful guardian.

C. California (CCPA / CPRA)

• —You have the right to know the categories of personal information we collect, the sources, and the purposes; to request deletion; to correct inaccurate personal information; to opt out of "sale" or "share" of personal information (we do not "sell" personal information as that term is defined); and to limit the use of sensitive personal information.
• —We do not discriminate against you for exercising these rights.
• —Submit requests via the "Do Not Sell or Share My Personal Information" link in the footer or by emailing privacy@docverify.app; you may authorize an agent to act on your behalf.
• —"Shine the Light" (Cal. Civ. Code § 1798.83): California residents may request a list of personal information disclosed to third parties for their direct-marketing purposes; we do not currently disclose personal information for such purposes.

D. Brazil (LGPD), Canada (PIPEDA / Quebec Law 25), and others

• —Where you are located in a jurisdiction whose data-protection law grants specific rights (including Brazil's LGPD, Canada's PIPEDA and Quebec's Law 25, Australia's Privacy Act, and comparable statutes), those rights apply and can be exercised by emailing privacy@docverify.app.

The DocVerify contracting entity, its registered address, and company-registration details are published in the footer of the Console and in our Privacy Policy. All references to "DocVerify", "we", "us", or "our" are to that entity.

• —General / legal: legal@docverify.app
• —Privacy, data rights, deletions: privacy@docverify.app
• —Security incidents & vulnerability reports: security@docverify.app
• —DMCA / copyright: copyright@docverify.app
• —India Grievance Officer: grievance@docverify.app