1. Introduction

These Terms of Use ("Terms") govern your access to and use of the Veridox platform, API, and related services provided by Asset Protect Ltd, trading as Veridox, a company registered in England and Wales with company number 15214106 and registered office at 56 Manchester Road, Altrincham, WA14 4PJ ("we", "us", "our", or "Veridox").

By accessing or using any part of the Veridox platform, including via our website, dashboard, API, or third-party integration, you agree to be legally bound by these Terms. If you do not accept these Terms, you must not use Veridox.

These Terms apply to:

• All clients using the Veridox platform on a self-service or contracted basis;
• Developers integrating with the Veridox API;
• Resellers or partners accessing Veridox under a commercial arrangement;
• Any authorised user acting on behalf of a customer or organisation.

If you are entering into this agreement on behalf of a company or other legal entity, you represent that you have authority to bind that entity to these Terms.

2. Definitions

For the purposes of these Terms:

"Veridox" or "Platform" means the digital fraud detection service, including the Veridox API, dashboard, website, tools, underlying software, documentation, models, and any related services we provide.

"Client", "You", or "User" refers to the individual or legal entity accessing or using the Veridox Platform.

"Upload" means a single document, image, file, or record submitted to Veridox for analysis. Each file constitutes one upload, regardless of the number of pages.

"Output" means any result, report, analysis, or metadata returned by Veridox in response to an Upload.

"Client Data" means all documents, images, files, metadata, and other content provided by the Client to Veridox, including data derived from or associated with Uploads.

"API Key" means a unique identifier issued by Veridox to enable programmatic access to the Veridox API. API Keys are confidential credentials.

"Documentation" means any technical or user-facing guidance published by Veridox to explain how the Platform and API operate.

"Fair Usage" refers to the reasonable and commercially intended use of the Platform in line with Veridox's pricing model and technical constraints, as defined further in these Terms.

"Confidential Information" means any proprietary, technical, or commercial information disclosed by Veridox to the Client, either directly or indirectly, and not publicly available.

3. Access to the Platform

3.1 Account Creation

To access the Platform, you must create an account by providing accurate, complete, and current information. You are responsible for maintaining the confidentiality of your account credentials and for all activities under your account.

3.2 API Access

API Keys are provided to enable programmatic access to the Platform. You must:

• Keep your API Keys confidential and secure;
• Not share API Keys with unauthorised parties;
• Implement reasonable security measures to protect API Keys;
• Notify Veridox immediately if you suspect unauthorised access.

3.3 Eligibility

By using the Platform, you represent that:

• You are at least 18 years of age or have reached the age of majority in your jurisdiction;
• You have the legal capacity to enter into this agreement;
• If acting on behalf of an organisation, you have authority to bind that entity.

4. Licence and Permitted Use

4.1 Limited Licence

Subject to these Terms, Veridox grants you a limited, non-exclusive, non-transferable licence to access and use the Platform for your legitimate business purposes.

4.2 Restrictions

You may not:

• Reverse engineer, decompile, or disassemble any part of the Platform;
• Attempt to circumvent security measures or access controls;
• Use automated systems to access the Platform except via the provided API;
• Share, resell, or sublicense access to the Platform without prior written consent;
• Use the Platform in a manner that violates applicable laws or regulations.

4.3 Third-Party Integrations

You may integrate the Platform with third-party services, provided such integration complies with these Terms and the third party's terms of service.

5. Upload Integrity & Acceptable Use

5.1 Content Responsibility

You are solely responsible for the content of all Uploads. You represent and warrant that:

• You have the right to upload and process the submitted content;
• Your Uploads do not infringe upon third-party intellectual property rights;
• Your use complies with all applicable laws and regulations.

5.2 Prohibited Content

You may not upload content that:

• Contains malware, viruses, or other harmful code;
• Violates privacy laws or includes personal data without proper consent;
• Is defamatory, abusive, or harassing;
• Infringes copyright, trademark, or other intellectual property rights;
• Is illegal or encourages illegal activity.

5.3 Processing Accuracy

While Veridox strives for accuracy, you acknowledge that:

• No fraud detection system is 100% accurate;
• Results should be considered alongside other verification methods;
• You remain responsible for making final decisions based on Veridox outputs.

6. Pricing and Billing

6.1 Subscription Plans

Veridox offers various subscription plans and pay-per-use options. Current pricing is available on our website and may be updated from time to time with reasonable notice.

6.2 Payment Terms

Unless otherwise agreed:

• Subscription fees are payable in advance;
• Pay-per-use charges are billed monthly in arrears;
• All fees are non-refundable except as required by law;
• Prices are exclusive of applicable taxes, which you are responsible for paying.

6.3 Usage Monitoring

Veridox monitors usage to ensure compliance with your plan limits and to generate accurate billing information.

7. Data Handling and Security

7.1 Data Processing

Veridox processes Client Data solely to provide the Platform services. We do not use Client Data for any other purpose without your explicit consent.

7.2 Data Retention

Uploaded files are typically processed and deleted within 24 hours unless otherwise specified in your service agreement. Metadata may be retained for billing and analytics purposes.

7.3 Security Measures

Veridox implements industry-standard security measures including:

• Encryption in transit and at rest;
• Regular security assessments and updates;
• Access controls and monitoring;
• Incident response procedures.

7.4 Data Location

Client Data may be processed in various geographic locations to ensure optimal performance and redundancy.

8. Confidentiality and Feedback

8.1 Confidential Information

Both parties may have access to Confidential Information. Each party agrees to:

• Maintain the confidentiality of such information;
• Use it only for the purposes of this agreement;
• Not disclose it to third parties without prior written consent.

8.2 Feedback

Any feedback, suggestions, or ideas you provide regarding the Platform may be used by Veridox without restriction or compensation.

9. Service Availability and Support

9.1 Service Levels

Veridox strives to maintain high availability but does not guarantee uninterrupted service. Scheduled maintenance will be communicated in advance when possible.

9.2 Support

Support is provided according to your subscription level. Enterprise customers may have access to dedicated support channels and SLAs.

9.3 Service Updates

Veridox may update the Platform periodically to improve functionality, security, or performance. Material changes will be communicated in advance.

10. Warranties and Disclaimers

10.1 Limited Warranty

Veridox warrants that the Platform will perform substantially in accordance with the Documentation under normal use.

10.2 Disclaimer

EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE PLATFORM IS PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND. VERIDOX DISCLAIMS ALL IMPLIED WARRANTIES INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

10.3 No Guarantee of Results

Veridox does not guarantee that the Platform will detect all fraud or produce specific results. The Platform is a tool to assist in fraud detection, not a substitute for professional judgment.

11. Limitation of Liability

11.1 Liability Cap

VERIDOX'S TOTAL LIABILITY FOR ALL CLAIMS ARISING FROM OR RELATED TO THESE TERMS OR THE PLATFORM SHALL NOT EXCEED THE AMOUNT PAID BY CLIENT IN THE 12 MONTHS PRECEDING THE CLAIM.

11.2 Excluded Damages

IN NO EVENT SHALL VERIDOX BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOST PROFITS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

11.3 Exceptions

Nothing in these Terms limits liability for:

• Death or personal injury caused by negligence;
• Fraud or fraudulent misrepresentation;
• Violations of applicable data protection laws;
• Other liabilities that cannot be limited under applicable law.

12. Indemnification

12.1 Client Indemnification

You agree to indemnify and hold Veridox harmless from any claims arising from:

• Your use of the Platform in violation of these Terms;
• Content you upload to the Platform;
• Your violation of applicable laws or third-party rights.

12.2 Veridox Indemnification

Veridox will indemnify you against claims that the Platform infringes third-party intellectual property rights, provided you promptly notify us and cooperate in the defence.

13. Suspension and Termination

13.1 Suspension

Veridox may suspend your access immediately if:

• You violate these Terms;
• Your account becomes overdue;
• We reasonably believe suspension is necessary to protect our systems or other users.

13.2 Termination

Either party may terminate this agreement with 30 days' written notice. Veridox may terminate immediately for material breach that remains uncured after 7 days' notice.

13.3 Effect of Termination

Upon termination:

• Your access to the Platform will cease;
• You remain liable for any outstanding fees;
• Provisions intended to survive termination will continue in effect.

14. Publicity and Logos

Veridox may identify you as a customer in marketing materials and may use your company name and logo for this purpose, unless you opt out by written notice.

15. Amendments to the Terms

Veridox may update these Terms from time to time. Material changes will be communicated at least 30 days in advance. Continued use of the Platform after changes take effect constitutes acceptance of the updated Terms.

16. Governing Law and Jurisdiction

These Terms are governed by English law. Any disputes shall be subject to the exclusive jurisdiction of the English courts.

17. Contact and Notices

For questions about these Terms or to provide notices:

Asset Protect Ltd (trading as Veridox)
56 Manchester Road
Altrincham, WA14 4PJ
United Kingdom
Email: legal@veridox.ai

1. Introduction

Asset Protect Ltd, trading as Veridox ("we", "us", "our"), is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, and protect personal data when you use our fraud detection platform and related services.

This Policy applies to all users of the Veridox platform, including our website, API, dashboard, and any related services. For the purposes of data protection law, Asset Protect Ltd is the data controller for personal data we process about our customers and users.

Our Details:
Asset Protect Ltd (trading as Veridox)
Company Number: 15214106
Registered Office: 56 Manchester Road, Altrincham, WA14 4PJ, United Kingdom
Email: privacy@veridox.ai

2. What Personal Data We Collect

2.1 Account Information

When you create an account, we collect:

• Name and email address
• Company name and business information
• Phone number (optional)
• Payment and billing information
• Account preferences and settings

2.2 Usage Data

We automatically collect information about how you use our platform:

• API usage logs and statistics
• Upload metadata (file types, sizes, processing times)
• Platform interaction data (features used, time spent)
• Technical information (IP address, browser type, device information)
• Error logs and diagnostic information

2.3 Communications

When you contact us, we may collect:

• Content of your communications
• Support ticket information
• Feedback and survey responses

2.4 Documents and Content

We process documents you upload for analysis, which may contain personal data depending on the content you choose to analyse.

3. How We Use Personal Data

3.1 Service Provision

We use personal data to:

• Provide fraud detection and analysis services
• Manage your account and authenticate access
• Process payments and maintain billing records
• Provide customer support and respond to inquiries
• Monitor platform performance and security

3.2 Improvement and Development

We may use aggregated, anonymised data to:

• Improve our algorithms and detection capabilities
• Develop new features and services
• Conduct research and analytics
• Generate usage statistics and reports

3.3 Communications

We may use your contact information to:

• Send service-related notifications
• Provide technical support
• Share important updates about our platform
• Send marketing communications (with your consent)

4. Lawful Bases for Processing

We process personal data based on the following lawful bases under GDPR:

4.1 Contract Performance

Processing necessary to perform our contract with you, including service delivery and account management.

4.2 Legitimate Interests

Processing for our legitimate business interests, including:

• Platform security and fraud prevention
• Service improvement and development
• Customer support and communications
• Business analytics and reporting

4.3 Legal Compliance

Processing required to comply with legal obligations, such as tax and accounting requirements.

4.4 Consent

Where you have provided explicit consent, such as for marketing communications or optional features.

5. Data Sharing and Sub-Processors

5.1 Limited Sharing

We do not sell personal data. We may share personal data with:

• Service providers who help us operate our platform
• Payment processors for billing and transactions
• Cloud infrastructure providers for hosting and storage
• Analytics and monitoring services
• Professional advisors (lawyers, accountants, auditors)

5.2 Sub-Processor List

Current sub-processors include:

• Amazon Web Services (cloud infrastructure)
• Stripe (payment processing)
• Microsoft Azure (additional cloud services)
• Google Analytics (website analytics)

We maintain a complete list of sub-processors and will notify customers of any changes.

5.3 Legal Requirements

We may disclose personal data when required by law or to protect our rights and safety.

6. International Transfers

Personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules
• Certification schemes and codes of conduct

7. Data Retention

7.1 Retention Periods

We retain personal data for as long as necessary to fulfil the purposes for which it was collected:

• Account data: Until account deletion plus 7 years for legal compliance
• Usage logs: 2 years for security and analytics purposes
• Uploaded documents: Typically deleted within 24 hours after processing
• Billing records: 7 years for tax and accounting purposes
• Support communications: 3 years for quality assurance

7.2 Deletion Process

When retention periods expire, we securely delete or anonymise personal data according to our data governance procedures.

8. Your Rights as a Data Subject

Under data protection law, you have the following rights:

8.1 Access Right

You can request a copy of the personal data we hold about you.

8.2 Rectification Right

You can ask us to correct inaccurate or incomplete personal data.

8.3 Erasure Right

You can request deletion of your personal data in certain circumstances.

8.4 Restriction Right

You can ask us to restrict processing of your personal data in specific situations.

8.5 Portability Right

You can request your personal data in a portable format.

8.6 Objection Right

You can object to processing based on legitimate interests or for direct marketing.

8.7 Exercising Your Rights

To exercise these rights, contact us at privacy@veridox.ai. We will respond within one month.

9. Security Measures

We implement comprehensive security measures to protect personal data:

9.1 Technical Safeguards

• Encryption in transit and at rest
• Multi-factor authentication
• Regular security updates and patches
• Network security and firewalls
• Intrusion detection and monitoring

9.2 Organisational Measures

• Staff training on data protection
• Access controls and need-to-know principles
• Regular security assessments
• Incident response procedures
• Data protection impact assessments

10. Cookies and Analytics

10.1 Cookie Usage

We use cookies and similar technologies for:

• Essential platform functionality
• User authentication and session management
• Performance monitoring and analytics
• User preference storage

10.2 Analytics

We use Google Analytics to understand how our website is used. This involves collecting anonymised usage data.

10.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect platform functionality.

11. Marketing Communications

We may send marketing communications about our services with your consent. You can unsubscribe at any time using the link in our emails or by contacting us directly.

We do not share your personal data with third parties for their marketing purposes without your explicit consent.

12. Children's Privacy

Our platform is not intended for use by children under 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email or through our platform. The updated policy will be effective from the date specified in the notice.

14. Contact Details

For questions about this Privacy Policy or to exercise your data protection rights:

Data Protection Officer
Asset Protect Ltd (trading as Veridox)
56 Manchester Road
Altrincham, WA14 4PJ
United Kingdom
Email: privacy@veridox.ai

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal data properly.

1. Definitions

In this Data Processing Addendum ("DPA"):

• "Controller" means the entity that determines the purposes and means of processing Personal Data;
• "Processor" means the entity that processes Personal Data on behalf of the Controller;
• "Personal Data" has the meaning given in applicable Data Protection Laws;
• "Data Protection Laws" means all applicable privacy and data protection laws, including GDPR, UK GDPR, and other relevant legislation;
• "Data Subject" means an identified or identifiable natural person;
• "Sub-processor" means any Processor engaged by Veridox to process Personal Data.

2. Purpose and Scope

This DPA applies when Veridox processes Personal Data on behalf of the Client in the course of providing the Platform services. It supplements and forms part of the Terms of Use.

This DPA takes precedence over any conflicting provisions in the Terms of Use regarding data protection matters.

3. Roles of the Parties

3.1 Controller and Processor

The parties acknowledge that:

• Client acts as Controller for Personal Data contained in documents uploaded to the Platform;
• Veridox acts as Processor when processing such Personal Data to provide the services;
• Each party may also act as Controller for Personal Data they collect directly.

3.2 Independent Controllers

For account information and usage data collected directly by Veridox, each party acts as an independent Controller and is responsible for their own compliance with Data Protection Laws.

4. Details of Processing

4.1 Categories of Data Subjects

Data subjects may include individuals whose information appears in documents uploaded for analysis.

4.2 Categories of Personal Data

Personal Data may include:

• Names and contact information
• Identification numbers
• Financial information
• Any other personal information contained in uploaded documents

4.3 Processing Activities

Veridox processes Personal Data to:

• Analyse documents for fraud indicators
• Extract metadata and technical information
• Generate analysis reports and outputs
• Provide platform services as described in the Terms

5. Client Obligations

As Controller, Client warrants and undertakes to:

• Comply with all applicable Data Protection Laws;
• Have lawful basis for processing and sharing Personal Data with Veridox;
• Provide necessary notices to Data Subjects;
• Obtain required consents where necessary;
• Only upload Personal Data necessary for the intended analysis;
• Implement appropriate technical and organisational measures;
• Promptly notify Veridox of any data protection issues or Data Subject requests.

6. Veridox Obligations as Processor

Veridox undertakes to:

• Process Personal Data only on documented instructions from Client;
• Ensure processing staff are subject to confidentiality obligations;
• Implement appropriate technical and organisational security measures;
• Not engage Sub-processors without Client consent;
• Assist with Data Subject rights requests;
• Assist with security breach notifications;
• Delete or return Personal Data upon termination;
• Provide information necessary for compliance audits.

7. Security Measures

Veridox maintains appropriate technical and organisational measures including:

7.1 Technical Measures

• Encryption of Personal Data in transit and at rest
• Regular security testing and vulnerability assessments
• Access controls and authentication systems
• Secure development practices
• Network security and monitoring

7.2 Organisational Measures

• Staff training on data protection
• Clear data handling procedures
• Incident response plans
• Regular security reviews
• Third-party security certifications

8. Use of Sub-Processors

8.1 Authorised Sub-Processors

Client provides general authorisation for Veridox to engage Sub-processors for specific processing activities.

8.2 Sub-Processor Requirements

Veridox ensures that Sub-processors:

• Provide sufficient guarantees of compliance
• Are bound by data protection obligations equivalent to this DPA
• Implement appropriate security measures
• Are subject to regular compliance monitoring

8.3 Changes to Sub-Processors

Veridox will inform Client of any intended changes to Sub-processors, allowing Client to object to such changes.

9. Data Subject Rights

Veridox will assist Client in responding to Data Subject requests by:

• Providing available information about processing activities
• Implementing technical measures to facilitate rights exercise
• Promptly forwarding any direct requests from Data Subjects
• Assisting with data portability and correction requests
• Supporting deletion requests within technical capabilities

10. Data Breach Notification

10.1 Incident Response

Veridox will:

• Notify Client without undue delay upon becoming aware of a Personal Data breach
• Provide available information about the nature and scope of the breach
• Assist Client in assessing the risks and potential impact
• Cooperate in breach investigation and remediation efforts
• Implement measures to address the breach and prevent recurrence

10.2 Client Responsibilities

Client remains responsible for determining whether to notify Data Subjects and supervisory authorities as required by law.

11. Data Transfers and International Safeguards

When Personal Data is transferred outside the European Economic Area, Veridox ensures appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions where applicable
• Binding Corporate Rules for intra-group transfers
• Additional technical and organisational measures as needed

12. Audit and Inspection Rights

Veridox will provide Client with information necessary to demonstrate compliance with this DPA. Upon reasonable request and with appropriate notice, Veridox will allow audits by Client or independent auditors, subject to:

• Reasonable advance notice (at least 30 days)
• Appropriate confidentiality protections
• Minimal disruption to Veridox operations
• Client covering reasonable costs

13. Return or Deletion of Data

Upon termination of the services or upon Client request, Veridox will:

• Delete all Personal Data processed on Client's behalf
• Provide confirmation of deletion upon request
• Return Personal Data in a commonly used format if requested
• Ensure Sub-processors also delete Personal Data

Veridox may retain Personal Data if required by law, provided it continues to protect the data and limits further processing.

14. Liability and Indemnity

Each party's liability for data protection violations shall be governed by applicable Data Protection Laws. The liability limitations in the Terms of Use apply except where prohibited by law.

15. Duration and Termination

This DPA remains in effect for the duration of the Terms of Use and any period during which Veridox processes Personal Data on Client's behalf.

16. Governing Law and Jurisdiction

This DPA is governed by the same law as the Terms of Use. Data protection matters shall be governed by the applicable Data Protection Laws of the relevant jurisdiction.

17. Contact Details

For data protection matters under this DPA:

Data Protection Officer
Asset Protect Ltd (trading as Veridox)
56 Manchester Road
Altrincham, WA14 4PJ
United Kingdom
Email: dpo@veridox.ai

1. Introduction

This Acceptable Use Policy ("AUP") defines permitted and prohibited uses of the Veridox platform. It supplements our Terms of Use and applies to all users of our services.

Violation of this AUP may result in suspension or termination of your access to the Platform.

2. Permitted Use of the Platform

You may use the Veridox platform to:

• Detect fraud and authenticate documents for legitimate business purposes
• Analyse documents you own or have permission to analyse
• Integrate our API into your applications according to our documentation
• Use our platform for compliance and risk management activities
• Conduct research using your own data

3. Prohibited Conduct

3.1 Illegal Activities

You may not use the Platform to:

• Violate any applicable laws or regulations
• Facilitate fraud or other criminal activities
• Infringe intellectual property rights
• Violate privacy laws or process personal data unlawfully
• Engage in money laundering or terrorist financing

3.2 Harmful Content

Do not upload content that:

• Contains malware, viruses, or malicious code
• Is defamatory, abusive, or harassing
• Promotes violence or illegal activities
• Contains child exploitation material
• Violates export control laws

3.3 Technical Misuse

You must not:

• Attempt to reverse engineer or hack the Platform
• Use automated tools to access the Platform except via our API
• Overwhelm our systems with excessive requests
• Share API keys or credentials with unauthorised parties
• Attempt to bypass security measures or usage limits

4. Security and System Integrity

4.1 Account Security

You must:

• Keep your account credentials secure and confidential
• Use strong passwords and enable two-factor authentication
• Notify us immediately of any suspected security breaches
• Regularly review and audit account access

4.2 Responsible Use

You agree to:

• Use the Platform only for its intended purposes
• Respect other users and our systems
• Report any technical issues or vulnerabilities responsibly
• Cooperate with our security investigations

5. Fair Usage and Resource Limits

5.1 Usage Limits

Usage must comply with the limits specified in your subscription plan. Excessive use that impacts system performance or other users may result in throttling or suspension.

5.2 Commercial Use

The Platform is intended for legitimate business use. Reselling or providing Platform access to third parties requires a separate agreement.

5.3 Testing and Development

Use our sandbox environment for testing and development. Do not use production systems for testing purposes.

6. Consequences of Breach

6.1 Enforcement Actions

Violation of this AUP may result in:

• Warning notices and requests to cease prohibited activities
• Temporary suspension of Platform access
• Permanent termination of your account
• Legal action for serious violations
• Cooperation with law enforcement agencies

6.2 Investigation

We reserve the right to investigate suspected violations and may access account information and usage data as necessary for such investigations.

7. Changes to This Policy

We may update this AUP from time to time. Material changes will be communicated through email or platform notifications. Continued use of the Platform after changes constitutes acceptance of the updated policy.

For questions about this Acceptable Use Policy, contact us at support@veridox.ai.