0. Acceptance of the Agreement
By (i) clicking "Register," "I Accept," or another similar button on the Business Console or Hypersign Website, (ii) signing an Order Form that references these Terms, or (iii) otherwise accessing or using the Services, you (the "Client") legally accept and agree to be bound by this Agreement on behalf of the legal entity or organization you represent.
By accepting this Agreement, the Client represents and warrants that it has the full legal authority to bind such entity or organization to these Terms and any related Annexes or Order Forms. If you do not have such authority, or if you do not agree with these Terms, you must not use or access the Services.
CONTINUED USE OF THE HYPERSIGN PLATFORM CONSTITUTES UNEQUIVOCAL AND BINDING ACCEPTANCE OF THIS AGREEMENT IN ITS ENTIRETY.
1. Parties to the Agreement
The following parties are involved in this Agreement:
Service Provider ("Hypersign," "we," "us," "our")
The Hypersign entity contracting with the Client. The applicable contracting entity is determined by Section 16.6 (Governing Law and Jurisdiction):
| Entity | Registered Address | Serves |
|---|---|---|
| Hypermine Labs UG | 21 Wasserturmstrasse, Trudering-Reim, Munich, Germany | Clients established in the European Union, European Economic Area, United Kingdom, and Switzerland |
| Hypermine Technologies Private Ltd | 2214, 21st Floor, Tower 2, Sobha City, Bengaluru, India | Clients established in Asia-Pacific (including India) |
| Hypermine MEA FZCO | A2, Building 2, Dubai Silicon Oasis, Dubai, UAE | Clients established in the Middle East and Africa |
| Hypermine Labs UG | 21 Wasserturmstrasse, Trudering-Reim, Munich, Germany | Clients established in the United States, Canada, Latin America, and all other jurisdictions not allocated above |
Client ("you," "your")
The legal entity or person registering for an account on the Hypersign Platform or using the Services. The Client will be Hypersign's contracting party.
Notices
All formal notices and communications related to this Agreement must be addressed to legal@hypermine.de or to the physical address of the applicable contracting entity above.
2. Structure and Order of Precedence
This Agreement is composed of the following documents, which shall be interpreted jointly. In case of conflict between the provisions of any of these documents, they shall prevail in the following descending order:
- Order Forms (Client-specific commercial documents detailing the acquisition of Services, volumes, and pricing).
- Annex 2, Data Processing Agreement (DPA) (governing the processing of Personal Data).
- These Terms and Conditions of Service.
- Annex 1, Service Level Agreement (SLA) (establishing the availability commitments for the Services).
4. Definitions and Interpretations
For the purposes of this Agreement, the following terms shall have the meanings ascribed to them below:
Interpretation
- Section titles are for convenience only and shall not affect the interpretation of this Agreement.
- Words in the singular include the plural and vice versa.
- The word "including" or "includes" means "including, without limitation."
- Any reference to a law or regulation refers to that law or regulation as in force from time to time, including its amendments or replacements.
5. Term of the Agreement
5.1 Agreement Term
This Agreement shall commence on the Effective Date and shall continue in full force and effect until terminated by either Party in accordance with Section 15 hereof.
5.2 No Minimum Commitment (unless specified in Order Form)
Unless otherwise specified in an Order Form signed by the Client (e.g., for Enterprise plans with volume commitments), the Client may cease using the Services at any time. However, unused Credits shall not be refundable under any circumstances, as set forth in Section 8.4. Order Forms stipulating a minimum consumption commitment shall prevail over this clause.
6. Access and Use of the Services
6.1 Account Creation and Security
To access and use the Services, the Client must create an account in the Business Console. The Client is solely responsible for maintaining the confidentiality and security of its Access Credentials (including passwords and API keys) and for all activities that occur under its account, whether authorized or not. The Client must immediately notify Hypersign of any unauthorized use or suspected unauthorized use of its Access Credentials or account. Hypersign will not be liable for any loss or damage arising from the Client's failure to comply with this obligation.
6.2 License
Subject to the Client's continuous compliance with this Agreement and timely payment of all applicable fees, Hypersign grants the Client a non-exclusive, worldwide license, during the term of the Agreement, to access and use the Services and Documentation for its business purposes, specifically to:
- (i) Verify the identity of its End-Users.
- (ii) Assist in the prevention and detection of fraud.
- (iii) Comply with applicable legal and regulatory obligations (e.g., KYC/AML).
6.3 Resale and Sublicensing Rights
The Client may resell, sublicense, or otherwise make the Services available to third parties, provided that:
- (i) The Client ensures that such third parties comply with all applicable terms of this Agreement.
- (ii) The Client remains fully responsible and liable to Hypersign for any acts or omissions of such third parties.
- (iii) The Client enters into written agreements with such third parties that include terms no less protective of Hypersign than those contained in this Agreement.
- (iv) The Client notifies Hypersign of any significant sublicensing arrangements upon request.
6.4 Use Restrictions
The Client agrees not to, and will not permit third parties to, perform any of the following actions:
- Copy, modify, adapt, translate, reverse engineer, decompile, disassemble, or attempt to discover the source code or algorithms of the Services or any part thereof, except to the extent that such activity is expressly permitted by applicable and non-waivable law.
- Build or attempt to build a competing identity verification service using the Services or any information obtained therefrom.
- Use the Services for any unlawful, discriminatory, fraudulent, misleading, defamatory, obscene, abusive, harmful purpose, or in a manner that infringes the rights of third parties or applicable laws.
- Use the Verification results or any Client Data obtained through the Services to train, develop, or improve machine learning (ML) or artificial intelligence (AI) models, or any other similar algorithm or technology, without Hypersign's prior written consent.
- Interfere or attempt to interfere with the proper operation of the Services, including, without limitation, introducing viruses, trojans, worms, logic bombs, or any other malicious or technologically harmful material.
- Attempt to gain unauthorized access to the Services, computer systems, or networks connected to the Services.
- Remove, alter, or obscure any intellectual property rights notices or trademarks of Hypersign or third parties contained in the Services or Documentation.
- Use the Services in a manner that exceeds the usage limits or Credit volumes purchased, or that imposes an unreasonable or disproportionately large load on Hypersign's infrastructure.
- Abuse or circumvent the limitations of any free or trial plan by creating multiple organizations or accounts in the Business Console, whether directly or indirectly, using the same or different identities, for the purpose of obtaining additional free-tier benefits beyond what is intended for a single Client. Where Hypersign has reasonable evidence that a person or entity has created or is operating multiple organizations to exploit the free plan, Hypersign may suspend or terminate the affected organizations and accounts, with notice where practicable.
6.5 Client Responsibilities
The Client shall be solely responsible for:
Legal Compliance
Ensuring that its use of the Services, including the collection, processing, and use of Client Data and End-User Personal Data, fully complies with all applicable laws, regulations, and norms in its jurisdiction, including, but not limited to, data protection laws, anti-money laundering (AML), and combating the financing of terrorism (CFT) laws.
End-User Notices and Consents
Obtaining, and maintaining records of, all necessary notices, explicit consents, and authorizations from End-Users for the collection, processing, and transfer of their Personal Data (including biometric data, if applicable) to Hypersign and its sub-processors, as required by applicable data protection laws.
Client Security
Implementing and maintaining reasonable and appropriate security measures to protect Client Data before it is submitted to Hypersign and to secure its Access Credentials. This includes, without limitation, using secure connections (HTTPS), implementing signed webhooks, and other information security best practices.
Data Accuracy
Ensuring the accuracy, integrity, and legality of the Client Data submitted to Hypersign through the Services.
6.6 Data Management and Deletion
Verification results and associated Client Data will be delivered to the Client via webhooks or Hypersign's API. The Client will have the ability to permanently delete any Verification record or Client Data via the API or the Business Console at any time, subject to Hypersign's retention policies and legal obligations as a data processor, as detailed in Annex 2 (DPA).
7. Intellectual Property Rights
7.1 Hypersign's Ownership
Hypersign (and its licensors, where applicable) retain all rights, title, and interest in and to the Services (including software, code, APIs, SDKs, models, algorithms, underlying technology), Documentation, Hypersign's trademarks, as well as any improvements, modifications, updates, derivatives, or developments thereof. Nothing in this Agreement shall be construed as a transfer of Intellectual Property ownership from Hypersign to the Client. The rights granted to the Client are solely licenses, and no implied licenses are granted under this Agreement.
7.2 Client Data
The Client is and shall remain the sole owner of all rights, title, and interest in and to the Client Data. The Client grants Hypersign a worldwide, non-exclusive, royalty-free, sublicensable, and transferable license to process Client Data solely for the purpose of providing the Services to the Client and improving the Services, in accordance with Annex 2 (Data Processing Agreement) and Hypersign's Privacy Policy.
7.3 Feedback
In the event that the Client or any of its Authorized Users provide Hypersign with any suggestions, ideas, enhancement requests, comments, recommendations, or other information related to the Services ("Feedback"), the Client hereby grants Hypersign a worldwide, perpetual, irrevocable, royalty-free, fully paid, transferable, sublicensable license to use, exploit, copy, modify, create derivative works, distribute, publicly display, publicly perform, and otherwise commercialize such Feedback for any purpose and in any manner, without any obligation or compensation to the Client.
8. Fees and Payment Terms
8.1 Prepaid Credits and Non-Expiry
Hypersign's Services are based on a prepaid Credits model. Credits purchased by the Client do not expire and can be used as long as the Agreement is in effect.
8.2 Payment for Completed Verification Features
The Client will be charged for each Verification Feature that is successfully completed by the End-User during the verification flow, according to the applicable rates. This means:
- (i) If an End-User completes the ID Document Verification step, the Client will be charged for that feature.
- (ii) If an End-User completes the Liveness Detection step, the Client will be charged for that feature.
- (iii) Each additional Verification Feature completed (such as AML Screening, Proof of Address, NFC Verification, etc.) will incur its respective charge.
- (iv) No charges will apply for Verification Features that fail to complete due to a system failure on Hypersign's part.
The specific pricing for each Verification Feature is set forth in Hypersign's pricing page or in the applicable Order Form.
8.3 Pricing
The applicable prices for the Services are published on Hypersign's pricing page or, for customized or Enterprise plans, in the corresponding Order Form. Hypersign reserves the right to modify its prices at any time, which will be notified in advance in accordance with Section 16.2.
8.4 Payment Process and Non-Refundability
The purchase of Credits will be made through the payment platform designated by Hypersign (currently Stripe or payment methods agreed upon in the Order Form). All payments are final, and purchased Credits are non-refundable, unless expressly stated otherwise in this Agreement or an Order Form. The prices indicated do not include taxes (such as VAT) or banking or processing fees, which will be the Client's responsibility.
8.5 Failed Payments / Reversals and Account Suspension
In the event of three consecutive failed automatic payment attempts (for automatic Credit replenishment, if configured) or in case of non-payment of invoices issued for Enterprise plans, Hypersign may, at its sole discretion, suspend the Client's access to the Services or terminate this Agreement in accordance with Section 15. Hypersign reserves the right to charge interest on overdue payments at the maximum rate permitted by applicable law, calculated daily from the due date until the date of full payment.
8.6 Enterprise Plans
For Clients who have contracted an Enterprise or customized plan through a signed Order Form, the specific pricing conditions, payment terms, minimum consumption commitments, and billing set forth in such Order Form shall supersede or complement the provisions of this Section 8.
9. Confidentiality
Each Party ("Receiving Party") agrees to protect the Confidential Information of the other Party ("Disclosing Party") with at least the same degree of care it uses to protect its own information of a similar nature, but never less than reasonable care. The Receiving Party will only use the Disclosing Party's Confidential Information to fulfill its obligations under this Agreement or as permitted by applicable law.
9.1 Exclusions from Confidential Information
Confidential Information shall not include any information that: (a) is or becomes publicly known without the Receiving Party's fault; (b) was lawfully in the Receiving Party's possession prior to its disclosure by the Disclosing Party, without an obligation of confidentiality; (c) is disclosed to the Receiving Party by a third party without restriction or violation of any confidentiality obligation; (d) is independently developed by the Receiving Party without reference to the Disclosing Party's Confidential Information; or (e) is Client Data processed by Hypersign in aggregated or pseudonymized form for the improvement of its algorithms, as set forth in Annex 2 (DPA).
9.2 Compelled Disclosure
The Receiving Party may disclose Confidential Information if required by law, court order, or a competent governmental authority, provided that, to the extent legally permissible, the Receiving Party gives the Disclosing Party sufficient prior notice to allow the Disclosing Party to seek a protective order or waiver.
9.3 Personnel Obligation
Each Party shall ensure that its employees, agents, and contractors who have access to the other Party's Confidential Information are subject to confidentiality obligations that are at least as restrictive as those set forth in this Section 9.
9.4 Survival
The confidentiality obligations set forth in this Section 9 shall remain in effect during the term of this Agreement and for a period of five (5) years from the date of its termination, except with respect to trade secrets, for which the confidentiality obligation shall be indefinite as long as such information maintains its trade secret status.
10. Data Protection and Security
The processing of Personal Data by Hypersign on behalf of the Client shall be governed by Annex 2, Data Processing Agreement (DPA), which forms an integral part of this Agreement. The DPA details each Party's obligations regarding compliance with data protection laws, security measures, and the responsibilities of the data processor and data controller.
11. Disclaimer of Warranties
HYPERSIGN'S SERVICES, INCLUDING THE PLATFORM, APIS, SDKS, AND DOCUMENTATION, ARE PROVIDED "AS IS" AND "AS AVAILABLE," WITHOUT WARRANTIES OF ANY KIND. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, HYPERSIGN EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT OF THIRD-PARTY RIGHTS, DATA ACCURACY, UNINTERRUPTED OR ERROR-FREE AVAILABILITY.
HYPERSIGN DOES NOT WARRANT THAT THE SERVICES WILL OPERATE UNINTERRUPTED, SECURELY, OR ERROR-FREE, THAT DEFECTS WILL BE CORRECTED, OR THAT THE SERVICES OR THE SERVERS THAT MAKE THEM AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. HYPERSIGN MAKES NO WARRANTIES REGARDING THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE SERVICES OR THE ACCURACY, RELIABILITY, OR COMPLETENESS OF ANY INFORMATION OBTAINED THROUGH THE SERVICES. THE CLIENT ASSUMES ALL RISKS ASSOCIATED WITH THE USE OF THE SERVICES.
IN PARTICULAR, THE CLIENT ACKNOWLEDGES THAT IDENTITY VERIFICATIONS ARE COMPLEX PROCESSES BASED ON VARIOUS DATA SOURCES AND ALGORITHMS. HYPERSIGN DOES NOT WARRANT THE IDENTITY OF ANY END-USER, THE TRUTHFULNESS OR AUTHENTICITY OF ANY IDENTITY DOCUMENT, OR THE ABSENCE OF FRAUD. THE RESULTS PROVIDED BY HYPERSIGN'S SERVICES ARE FOR INFORMATIONAL PURPOSES ONLY AND SUPPORT THE CLIENT'S DECISION-MAKING PROCESS. THE CLIENT IS SOLELY RESPONSIBLE FOR ITS FINAL DECISIONS BASED ON OR NOT BASED ON HYPERSIGN'S RESULTS, AND HYPERSIGN ASSUMES NO LIABILITY WHATSOEVER FOR SUCH DECISIONS OR THE CONSEQUENCES THEREOF.
12. Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL HYPERSIGN, ITS AFFILIATES, DIRECTORS, EMPLOYEES, AGENTS, SUPPLIERS, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR DAMAGES FOR LOSS OF PROFITS, REVENUE, DATA, USE, OR GOODWILL, INCURRED BY THE CLIENT OR ANY THIRD PARTY, WHETHER IN AN ACTION IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, EVEN IF HYPERSIGN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
HYPERSIGN'S TOTAL AND CUMULATIVE LIABILITY UNDER THIS AGREEMENT FOR ANY CAUSE AND UNDER ANY THEORY OF LIABILITY SHALL BE LIMITED TO THE AMOUNT OF CREDITS OR SERVICE FEES ACTUALLY PAID BY THE CLIENT TO HYPERSIGN IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM.
The limitations set forth in this Section shall not apply to liability arising from Hypersign's gross negligence or willful misconduct, reciprocal indemnification obligations set forth in Section 13, or in cases where applicable law does not allow the exclusion or limitation of certain damages.
13. Indemnification
13.1 Indemnification by Client
The Client shall defend, indemnify, and hold harmless Hypersign, its affiliates, directors, employees, agents, and suppliers ("Hypersign Indemnified Parties") from and against any and all claims, demands, damages, liabilities, losses, costs, and expenses (including reasonable attorneys' fees) arising out of or related to:
- (i) The Client's breach of any of its obligations, representations, or warranties under this Agreement, including, but not limited to, those related to security, data protection, or use restrictions.
- (ii) Any claim by an End-User or a third party related to the Client's collection or processing of Personal Data (including failure to obtain necessary consents), or the Client's decisions based on Verification results.
- (iii) The Client's use of the Services in a manner that does not comply with applicable laws or regulations.
- (iv) The Client's or its Client Data's infringement of any third-party Intellectual Property or privacy rights.
13.2 Indemnification by Hypersign
Hypersign shall defend, indemnify, and hold harmless the Client, its affiliates, directors, employees, and agents from and against any and all claims, demands, damages, liabilities, losses, costs, and expenses (including reasonable attorneys' fees) arising out of or related to a third-party claim that the Services, as provided by Hypersign to the Client and used in accordance with this Agreement, directly infringe a patent, copyright, or trademark of such third party.
Exclusions: Hypersign's indemnification obligation shall not apply to claims arising from: (a) the Client's use of the Services in combination with any software, hardware, or data not provided by Hypersign; (b) modification of the Services by a party other than Hypersign; or (c) use of outdated versions of the Services if a newer, non-infringing version has been provided by Hypersign.
13.3 Indemnification Procedure
The Party seeking indemnification ("Indemnified Party") shall: (i) promptly notify the indemnifying party ("Indemnifying Party") in writing of any claim; (ii) allow the Indemnifying Party exclusive control of the defense and settlement of the claim (provided that the settlement does not impose a non-monetary obligation on the Indemnified Party or admit liability on the part of the Indemnified Party without its prior written consent); and (iii) provide the Indemnifying Party with all reasonable assistance and cooperation, at the Indemnifying Party's expense.
14. Representations and Warranties
14.1 Client's Representations and Warranties
The Client represents and warrants to Hypersign that:
- (i) It has full legal capacity and authority to enter into and perform this Agreement.
- (ii) It will comply with all applicable laws, regulations, and norms in its use of the Services and in the collection, processing, and transfer of Client Data and Personal Data.
- (iii) It has obtained and will maintain all necessary consents, permissions, and authorizations from End-Users and any other natural person for Hypersign to process their Personal Data in accordance with this Agreement and the DPA.
- (iv) All Client Data provided to Hypersign is accurate, complete, and lawful, and the Client has the right to provide such data to Hypersign for processing.
14.2 Hypersign's Representations and Warranties
Hypersign represents and warrants to the Client that:
- (i) It has full legal capacity and authority to enter into and perform this Agreement.
- (ii) The Services will be provided in a professional manner and in accordance with industry standards.
- (iii) The Services will substantially conform to the descriptions contained in the Documentation.
15. Suspension and Termination
15.1 Termination for Convenience
By the Client
The Client may close its account and terminate this Agreement at any time, which will result in the forfeiture of unused Credits.
By Hypersign
Hypersign may terminate this Agreement and the Client's access to the Services for convenience, without cause, upon thirty (30) days' prior written notice. In such a case, Hypersign will refund the Client the value of any unused Credits.
15.2 Termination for Cause
Either Party may terminate this Agreement immediately by written notice to the other Party if: (i) The other Party materially breaches any of its obligations under this Agreement and fails to cure such breach within thirty (30) days of receiving written notice specifying the breach. (ii) The other Party becomes bankrupt, insolvent, liquidates, dissolves, enters into a creditors' voluntary arrangement, or any similar proceeding.
Hypersign may immediately suspend or terminate the Client's access to the Services, without prior notice or cure period, in the following cases:
- Serious or repeated breach of Section 6.4 (Use Restrictions) or 6.5 (Client Responsibilities).
- Unlawful, fraudulent, or abusive use of the Services.
- Non-payment or repeated breach of payment terms.
- When Hypersign determines, in its sole discretion, that the security or integrity of the Services or Client Data may be compromised.
- In compliance with a court order or legal requirement.
- Abuse of the free or trial plan through the creation of multiple organizations or accounts, as described in Section 6.4.
15.3 Effects of Termination
Upon termination of this Agreement for any reason:
- (i) All licenses and rights granted to the Client under this Agreement shall immediately cease.
- (ii) The Client shall cease all use of the Services and Documentation.
- (iii) Any outstanding amounts owed by the Client to Hypersign on the termination date shall become immediately due and payable.
- (iv) If the termination is for cause attributable to the Client, unused Credits will be forfeited and non-refundable.
- (v) Client Data retention and deletion obligations shall be governed by Annex 2 (DPA).
- (vi) The sections of this Agreement that, by their nature, should survive termination — including, without limitation, those relating to Intellectual Property, Confidentiality, Disclaimer of Warranties, Limitation of Liability, Indemnification, Governing Law and Jurisdiction, and General Provisions — shall remain in full force and effect.
16. General Provisions
16.1 Force Majeure
Neither Party shall be liable for any delay or failure to perform its obligations under this Agreement if such delay or failure is caused by Force Majeure. The affected Party shall notify the other Party of the Force Majeure event as soon as possible and shall make reasonable efforts to mitigate its effects.
16.2 Modifications to the Agreement
Hypersign reserves the right to modify or update these Terms and Conditions, Annexes, or service policies at any time. Hypersign will notify the Client of such modifications at least thirty (30) days in advance by publishing the revised Terms on its Website or Business Console, or by sending direct notification to the Client. If the Client does not agree with the modifications, it may terminate the Agreement by written notice prior to the effective date of the new terms. The Client's continued use of the Services after the effective date of the modifications shall constitute binding acceptance of the revised terms.
16.3 Assignment
The Client may not assign or transfer its rights or obligations under this Agreement, in whole or in part, without Hypersign's prior written consent. Any attempted assignment or transfer that does not comply with this provision shall be null and void. Hypersign may freely assign or transfer this Agreement, in whole or in part, to an affiliate or in connection with a merger, acquisition, corporate restructuring, or sale of all or substantially all of its assets.
16.4 Severability
If any provision of this Agreement is held to be invalid or unenforceable by a court of competent jurisdiction, such provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions of this Agreement shall remain in full force and effect.
16.5 No Waiver
The failure of either Party to exercise or delay in exercising any right or remedy under this Agreement shall not operate as a waiver of that right or remedy, nor shall it preclude any subsequent exercise of that right or remedy. An express waiver of any breach shall not constitute a waiver of any subsequent breach.
16.6 Governing Law and Jurisdiction
The governing law and exclusive jurisdiction depend on the Client's place of establishment, which also determines the contracting Hypersign entity (see Section 1):
| Client Region | Contracting Entity | Governing Law | Jurisdiction |
|---|---|---|---|
| EU, EEA, UK, Switzerland | Hypermine Labs UG | Laws of Germany | Courts of Munich, Germany |
| Asia-Pacific (incl. India) | Hypermine Technologies Private Ltd | Laws of India | Courts of Bengaluru, India |
| Middle East & Africa | Hypermine MEA FZCO | Laws of UAE (DIFC) | DIFC Courts, Dubai |
| US, Canada, Latin America & others | Hypermine Labs UG | Laws of Germany | Courts of Munich, Germany |
This Section 16.6 does not deprive a consumer of the mandatory protections of the law of the country of its habitual residence. The United Nations Convention on Contracts for the International Sale of Goods does not apply.
16.7 Entire Agreement
This Agreement, including all Order Forms and Annexes, constitutes the entire and exclusive agreement between the Client and Hypersign with respect to its subject matter and supersedes all prior or contemporaneous communications, proposals, and agreements, whether oral or written, between the Parties.
16.8 Relationship of the Parties
The Parties are independent contractors. This Agreement does not create a partnership, joint venture, employment, franchise, or agency relationship between the Client and Hypersign. Neither Party has any authority to bind the other or to incur obligations on behalf of the other.
16.9 Notices
All notices required or permitted under this Agreement shall be in writing and shall be deemed delivered when: (a) personally delivered; (b) sent by certified or registered mail, return receipt requested; (c) sent by email to the notice addresses specified in Section 1 or in the Order Form (with confirmation of receipt); or (d) in the case of general notices from Hypersign to the Client, posted in the Business Console or on the Website.
16.10 Export Compliance Laws
The Client represents and warrants that neither it nor its Authorized Users are subject to economic sanctions or embargoes imposed by the European Union, the United States, or other competent authorities, and that it will not use the Services for purposes prohibited by such export control laws.
16.11 Publicity
The Client agrees that Hypersign may use the Client's name and logo in Hypersign's marketing materials and customer list, unless the Client notifies Hypersign in writing of its objection to such use.
16.12 Survival
Sections 7 (Intellectual Property Rights), 8 (Fees and Payment Terms, in relation to amounts owed), 9 (Confidentiality), 11 (Disclaimer of Warranties), 12 (Limitation of Liability), 13 (Indemnification), 15.3 (Effects of Termination), and 16 (General Provisions) shall survive any termination or expiration of this Agreement.
Service Level Agreement (SLA)
For Enterprise Plans, the operational conditions and service metrics signed in your Order Form will take precedence over this Annex.
1. Scope
This Service Level Agreement ("SLA") applies to the operational availability of Hypersign's core verification API, the Business Console Dashboard, and SDK endpoints directly managed by Hypersign.
2. Availability Commitment
Hypersign commits to maintaining a monthly uptime for the core Services according to the following metric:
| Metric | Commitment |
|---|---|
| Monthly Uptime (%) | ≥ 99.9% |
3. Uptime Measurement
Uptime is measured minute by minute using Hypersign's internal monitoring tools. Downtime shall be considered any minute during which the core API or Dashboard fails to respond successfully to an HTTPS request (2XX/3XX status codes), as detected by Hypersign's monitoring system or reported and validated by the Client through a support alert.
4. Uptime Exclusions
Monthly Uptime will not include downtime or service disruption resulting from:
- Force Majeure: Events beyond Hypersign's reasonable control, as defined in Section 16.1 of the main Agreement.
- Scheduled Maintenance: Periods of planned maintenance for the Services. Hypersign will endeavour to limit scheduled maintenance to a maximum of five (5) hours per month, with at least forty-eight (48) hours' prior notice provided via the Business Console or email.
- Urgent Maintenance: Unscheduled maintenance required to resolve critical security or performance issues. Hypersign will attempt to provide reasonable prior notice, but this may not be possible in all cases.
- Factors beyond Hypersign's reasonable control: Including, but not limited to, Client-side hardware or software issues, internet network outages not attributable to Hypersign, denial-of-service attacks exceeding standard mitigation thresholds, or failures of third-party service providers (such as cloud providers, unless gross negligence by Hypersign in their selection or management is demonstrated).
- Acts or omissions by the Client or its Authorized Users: Including any breach of the Agreement.
5. Service Credits (SLA Credits)
If Hypersign fails to meet the Monthly Uptime Commitment set forth in Section 2, the Client may request a credit to its Hypersign account (in the form of non-refundable Hypersign Credits) in accordance with the following table:
| Monthly Uptime (%) | % Credit on Monthly Spend (in Credits) |
|---|---|
| < 99.9% ≥ 99.0% | 10% of monthly spend |
| < 99.0% ≥ 95.0% | 25% of monthly spend |
| < 95.0% | 50% of monthly spend |
5.1 Credit Claim Process
To request a credit, the Client must submit a written request to billing@hypermine.de within thirty (30) calendar days after the end of the month in which the SLA breach occurred. The request must include the date and time of the service interruption and a brief description of the interruption. The service credit is the Client's sole and exclusive remedy for any breach of the Uptime Commitment under this SLA. The credit value will be automatically applied to the Client's account in the next billing cycle or Credit replenishment.
Data Processing Agreement (DPA)
This Data Processing Agreement ("DPA") forms an integral part of the main Agreement and is applicable whenever Hypersign processes Personal Data on behalf of the Client, in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
1. Context and Scope
This DPA sets out the rights and obligations of the Parties with respect to the processing of Personal Data by Hypersign as a Data Processor, acting on behalf of the Client as Data Controller.
2. Roles and Nature of Processing
| Role | Capacity |
|---|---|
| Client | Data Controller |
| Hypersign (in relation to the Services) | Data Processor |
| Hypersign (aggregated/pseudonymized data) | Independent Controller (for algorithm improvement) |
2.1 Details of Processing
2.2 Lawful Basis for Processing
The Client is solely responsible for determining the valid lawful basis for the collection and processing of End-Users' Personal Data, as well as for the transfer of such data to Hypersign. This may include, for example, the explicit consent of the data subject (especially for biometric data), performance of a contract, compliance with a legal obligation, or a legitimate interest. The Client undertakes to provide the necessary privacy notices and obtain the required consents from End-Users in accordance with applicable law before sending any Personal Data to Hypersign.
2.3 Anonymized / Pseudonymized Model Training and Fraud Detection (Hypersign as Independent Controller)
The Client acknowledges and agrees that Hypersign may use anonymized or pseudonymized data derived from Client Data for the following purposes as an Independent Controller:
- (i) Training and improvement of verification, biometric, and fraud-detection models, including document classifiers, liveness, face match, deepfake detection, injection-attack detection, and risk-scoring models, to enhance security, reduce fraud, and improve the accuracy of the Services for all customers.
- (ii) Cross-customer fraud-prevention safeguards, identifying and flagging known fraudulent actors, attack patterns, and attempted repeat-fraud across different Client applications using Hypersign's Services.
Hypersign processes this data based on its legitimate interest in operating safe and accurate identity and fraud infrastructure, and applies anonymization, pseudonymization, aggregation, and access controls so that the data used for these purposes cannot reasonably be linked back to an identifiable individual outside the underlying Verification record.
Opt-out. The Client (or an affected End-User) may opt out of the processing described in this Section 2.3 by (a) deleting the underlying Verification record via the API or the Business Console, which removes the record from training pipelines on the next refresh cycle, or (b) emailing privacy@hypermine.de with the relevant session identifier or account, requesting an opt-out. Opt-outs apply prospectively from the date of the request; Hypersign will also use commercially reasonable efforts to purge eligible records from active training datasets.
3. Hypersign's Obligations (Data Processor)
Hypersign undertakes to:
- (i) Process Personal Data only on documented instructions from the Client, unless required by Union or Member State law, in which case Hypersign shall inform the Client of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
- (ii) Ensure the confidentiality of Personal Data. Hypersign will ensure that persons authorized to process Personal Data undertake to respect confidentiality or are subject to an appropriate statutory obligation of confidentiality.
- (iii) Implement appropriate and strong technical and organizational measures (TOMs) to ensure a level of security appropriate to the risk, including: data encryption at rest (AES-256) and in transit (TLS 1.3), key management in a dedicated Key Management Service (KMS), role-based access control, environment separation, resilience of processing systems and services, continuous monitoring, and regular security testing.
- (iv) Assist the Client in fulfilling its obligations as Data Controller, taking into account the nature of the processing and the information available to Hypersign, including handling data subject requests and conducting Data Protection Impact Assessments where required.
- (v) Notify the Client without undue delay of any Personal Data security breach that Hypersign becomes aware of. Hypersign will provide the Client with known information about the breach and cooperate with the Client in mitigating its effects and fulfilling notification obligations.
Hypersign maintains the following security certifications:
4. Client's Obligations (Data Controller)
The Client undertakes to:
- (i) Establish and maintain an adequate lawful basis for the processing and transfer of Personal Data to Hypersign.
- (ii) Provide the necessary privacy notices and obtain the required consents from End-Users, in accordance with applicable data protection laws, before using Hypersign's Services.
- (iii) Configure data retention periods via Hypersign's Console or API in accordance with its own legal obligations and internal policies.
- (iv) Respond to requests from supervisory authorities or data subjects that Hypersign redirects to the Client.
5. Sub-processors
The Client grants Hypersign a general authorization for the engagement of sub-processors for the processing of Personal Data. Hypersign maintains an updated list of its sub-processors, which is shared with Clients and prospective Clients via email after a Non-Disclosure Agreement (NDA) is signed. To request the current list, email security@hypermine.de. Hypersign notifies subscribed Clients by email of any addition or change to the sub-processor list with sufficient advance notice to allow the Client to object. Hypersign imposes on its sub-processors data-protection obligations substantially similar to those set forth in this DPA and remains fully liable to the Client for its sub-processors' compliance with those obligations. The Client may object to a new sub-processor on reasonable data-protection grounds, in which case the Parties will work in good faith to find a solution, including the possibility of terminating the affected Service.
6. Security Breaches
In the event of a Personal Data security breach:
- (i) Hypersign will notify the Client without undue delay after becoming aware of it.
- (ii) Hypersign will provide the Client with details about the breach, including the nature of the breach, the categories of data affected, the approximate number of data subjects and data records affected, the likely consequences, and the measures taken or proposed to address it and mitigate its possible adverse effects.
- (iii) Hypersign will reasonably cooperate with the Client in the investigation of the breach and in fulfilling its notification obligations to supervisory authorities and data subjects, although the final decision on such notifications shall rest with the Client.
7. International Data Transfers
The primary data processed by Hypersign is hosted in the European Economic Area (EEA), with the default production region being AWS eu-central-1 (Frankfurt). Any transfer of Personal Data outside the EEA by Hypersign or its sub-processors will only be made on the basis of a legally recognized transfer mechanism under GDPR, such as Standard Contractual Clauses (SCCs) approved by the European Commission, an adequacy decision, or any other applicable legal mechanism to ensure an adequate level of protection.
8. Deletion / Return of Personal Data
Upon written request by the Client or termination of this Agreement, Hypersign, at the Client's choice, will delete or return all Personal Data to the Client, unless applicable law requires Hypersign to retain the Personal Data. The Client can manage the deletion of its Personal Data via Hypersign's API or Console in accordance with its own retention policy.
9. Audit and Documentation
Hypersign will make available to the Client, upon request and with reasonable prior notice (no less than 30 days), all information reasonably necessary to demonstrate compliance with the obligations set forth in this DPA. In the event the Client requires a direct audit of Hypersign's facilities or systems, such audit shall be limited and non-intrusive, subject to mutual agreement on scope and methodology, and the Client shall bear the reasonable costs associated therewith. On request and under a signed NDA, Hypersign provides its SOC 2 Type 1 report (SOC 2 Type 2 in progress), ISO/IEC 27001:2022 certificate, iBeta Level 1 PAD test report, and the published government sandbox conclusion as audit artifacts.
10. DPA Term
This DPA shall have the same term as the main Agreement. The clauses of this DPA related to confidentiality, deletion, liability, and audit shall survive the termination of the Agreement as required to comply with applicable laws.
Have questions about a specific document?
Email the right team directly — we route you to the correct contact.