<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1611884&amp;fmt=gif">
Skip to content
    Try Now
    Get a Demo
      Try Now
      Get a Demo

      Legal

      Terms of Service

      Legal

      Terms of Service

      Revised October 15, 2025

      Thank you for your interest in Vouched ("Vouched," "We" or "Us")!

      These Terms of Service (this “Agreement”) represent a legally binding agreement between You (or our "Customer," with the address and other applicable information specified in this Agreement) and Us governing Your access to and use of our Services. "You" in the case of an individual accepting this Agreement on his or her own behalf, means that individual, and in the case of an individual accepting this Agreement on behalf of a company or other legal entity, means the company or other legal entity for which that individual is accepting this Agreement, and affiliates of that company or entity (for so long as they remain affiliates).

      If You use Our Services, You are agreeing to the Terms of Service set forth in this Agreement. If You do not agree to the Terms of Service set forth in this Agreement, You must not access or use Our Services.

      This Agreement begins on the date on which You first access or use the Services.  We call that date the "Effective Date" of this Agreement, and Your rights and obligations begin on that specific date.

      Please note that We may decide to modify this Agreement from time to time. We have the right to make modifications under this Agreement and You should take a look at Section 10.1 to further understand Our ability to implement modifications.

      This Agreement governs Your  (i) access to and use of Vouched’s artificial intelligence identity verification technology and software (the “Vouched AI”); and (ii) any additional services provided by Vouched (the “Vouched Services”); (collectively, the “Services”). 

      Here are the specific legal rights and obligations that You and We have under this Agreement.

      1. PRODUCTS AND SERVICES

      1.1.1 Subject to this Agreement, You agree to purchase, and Vouched agrees to provide, the following Services:

      Access to Vouched AI and Provision of Services

      Vouched will provide You with an implementation of the Vouched AI that will enable You to verify data provided by third parties utilizing Your platforms, apps and other web properties (“Your Platform”). You and Vouched agree that the primary anticipated Services under this TOS will be applying the Vouched AI to match and verify information, photos and other information entered by users on Your Platform (“Verifications”). 

      Additional Services, Details and Exceptions

      Vouched will cooperate with Your engineering and/or operations team to integrate the Vouched AI described above into Your workflow. You and Vouched anticipate that such integration efforts will primarily include back-end integration of the Vouched AI into Your customer verification process through use of Vouched’s application program interface or “API” the “Vouched API”. Vouched uses artificial intelligence to provide the Services. In some instances, information, photos and other documentation provided by Your users may not be readable by the Vouched AI (for example, blurry, dark, obstructed or occluded photos or scans). In such instances You may attempt manual verification of data. In addition to utilizing artificial intelligence, Vouched may use human verification, including by Vouched AI scientists, as necessary to provide oversight and decisioning. Vouched may collect data from End Users (defined below) on Your behalf as part of the Services and You may provide data collected from End Users to Vouched, and such data may include Personal Data (defined in the Data Processing Addendum). You authorizes and instructs Vouched, or its third-party service providers,to use such data(“End User Data”)to provide the Services, including keeping Vouched AI up to date and performant; enhancing productivity, efficacy, quality, and security; and troubleshooting (preventing, detecting, investigating, mitigating, and repairing problems). You further authorize Vouched, and its Service Providers, to create aggregated or de-identified data from user information for Vouched business purposes. 

      1.1.2. You and Vouched may expand the scope of the Services provided under this TOS by entering into additional order forms (each an “Order Form”) which can be attached to and will become a part of this Agreement if such Order Form references this TOS and is signed by both Vouched and You. 

      1.1.3. You owns the relationship with its customers, patients, or employees (each an “End User”) and possesses data, which may include data from law enforcement and governmental authorities, as well as insurance providers, or credit authorities (the “Preponderance of Data”) not processed by Vouched. Using the Preponderance of Data, You may implement controls, rules, and decisioning as part of its security and compliance requirement that contrast with data Vouched processes on the End User. Based on the Preponderance of Data, You has the ultimate decision as to the End User’s identity and can override Vouched’s recommendation. You and Vouched acknowledge and agree that the Verifications provided should be construed as a recommendation of the veracity of the information provided by users on Your Platform. 

      1.1.4. You acknowledge and agree that the Services provided pursuant to this Agreement are not provided by “consumer reporting agencies,” as that term is defined in the Fair Credit Reporting Act (15 U.S.C. § 1681, et seq.) (“FCRA”) and do not constitute “consumer reports,” as that term is defined in the FCRA. You specifically acknowledge that the use of the Services may be limited by applicable law, including the Drivers Privacy Protection Act (18 U.S.C. Section 2721 et seq.) and related state laws (collectively, the “DPPA”); the Gramm-Leach-Bliley Act (15 U.S.C. Section 6801 et seq.) and related state laws (collectively, the “GLBA”); and the Health Insurance Portability and Accountability Act of 1996 and Health Information Technology for Economic and Clinical Health Act of 2009, and their implementing regulations codified at 45 C.F.R. Parts 160 and 164 (collectively, “HIPAA”). You agree to use the Services only for permissible purposes under such applicable laws (e.g., in accordance with an exception provided under the GLBA) and You must take appropriate measures so as to protect against the misuse of the Services. You agree that it will not, and will not allow its End Users to, access or use information in the Services in a manner that would violate the FCRA, GLBA, DPPA, HIPAA, or any other applicable law, regulation or rule. You understand that applicable laws may be amended at any time and/or that Vouched policies and procedures may be amended at any time to reflect changes to such applicable laws, which may have the effect of either limiting or expanding the ability of You to use the Services. 

      1.2. Permitted Uses. You may only access and use the Services for its own internal business purposes related to identity verification, security and/or fraud prevention, and in accordance with the terms set forth herein in the Agreement. 

      1.3. Restrictions on Use. You will not, and will not allow its End Users to, do any of the following: (a) reproduce, copy, distribute, modify, or reverse engineer the Services or any part thereof, (b) sublicense, resell, or make the Services, or any part thereof, available to others except to End Users in accordance with the terms of the Agreement, (c) introduce into the Services any unauthorized data, or any malware, viruses, Trojan horses, spyware, worms, or other malicious or harmful code, or any data that infringes, misappropriates, or otherwise violates the intellectual property rights or other rights of any third party or an End User, (d) use the Services or any component thereof, in the operation of a service bureau to support or process any content, data, or information on behalf of any party other than You, (e) sell, transfer, sublicense, assign, or otherwise permit any party, other than You or End Users to access the Services or any output therefrom, (f) access or use the Services, or output therefrom, to create a competing product or service, or (g) use the Services for any purpose that is unlawful, harassing, abusive, tortious, threatening, harmful, invasive of privacy, vulgar, defamatory, false, intentionally misleading, trade libelous, pornographic, obscene, patently offensive, promotes racism, bigotry, hatred, or physical harm of any kind, or is otherwise objectionable. If You or any of its End Users violate any of these terms, Vouched may, without prejudice to any other right or remedy it may have, suspend Your, or any End User’s, access to the Services and terminate the Agreement in accordance with Section 9.1. 

      1.4. Third Party Services. Vouched AI or other Services may include third-party services, technology, or software ("Third Party Services").  You acknowledge that: (a) Vouched may update, modify, add, or remove Third Party Services or functionality at any time without notice; (b) Vouched may terminate or suspend Third Party Services with reasonable notice if the underlying Service Provider terminates services to Vouched;  and (c ) Third Party Services may be subject to additional terms, conditions as provided by Vouched. 

      1. PAYMENT AND TAXES

      2.1.You agree that you will pay for all Services you purchase and you are authorized to make such purchases and that Vouch may charge your selected payment method (such as your credit card or debit card) for any products purchased and for any additional amounts (including any taxes and late fees, as applicable) that may be accrued by or in connection with your account. You are responsible for the timely payment of all fees and for providing Vouched with a valid payment method for payment of all fees. All fees will be billed to the payment method you designate during the registration process. 

      2.2 Your total price will include the price of the Services plus any applicable sales tax based on the bill-to address and the sales tax rate in effect at the time of purchase. We will charge tax only in states where software as a service is taxable. You understand and agree that you shall be responsible for determining and paying any taxes or levies resulting from Your use of the Vouched Services to your users in territories. 

      2.3. All sales are final. 

      2.4. Prices for our Service may change at any time, and the Service does not provide price protection or refunds in the event of a price reduction or promotional offering. 

      1. INTELLECTUAL PROPERTY RIGHTS

      3.1.   Vouched Intellectual Property Rights.  The Services, including without limitation the Vouched AI, and all right, title and interest in and to the Services, including but not limited to all Intellectual Property Rights therein, are and will remain the exclusive property of Vouched or its licensors. No rights to the Services, or any output of any part thereof, are granted to You, other than the license in Section 3.2. In connection with Vouched performing the Services or otherwise during the Term, Vouched may develop modifications to the Services and/or new software programs (collectively, the “Developments”). Vouched, on behalf of itself and its licensors, reserves all right, title, and interests in and to the Developments, including, but not limited to, all Intellectual Property Rights therein. Without limitation of the foregoing, You agree that Vouched will have a perpetual sublicensable and assignable right to use and incorporate any You feedback or suggestions for enhancement provided to Vouched regarding the Services, without any obligation of compensation. As between the parties, Vouched will own all data that does not relate to an identified or identifiable natural person and to personal data rendered anonymous in such a manner that the data subject is not identifiable. 

      3.2. “Intellectual Property Rights” means rights in and to any and all intellectual property whether registrable or not including names, trademarks, trade names, trade dress, service marks, insignias, designs, works of authorship, domain names, inventions, whether or not copyrightable or patentable, trade secret or confidential information, and any other intellectual and/or industrial property.

      3.3. License of Services. Subject to this Agreement, Vouched hereby grants You a limited, non-exclusive, non-transferable right for You to access and use the Services during the Term (as defined below) and within the Territory. “Territory” means the United States.

      1. DATA SECURITY

      4.1 Data Security Provisions. The parties have implemented and will maintain commercially reasonable information security policies and safeguards, which include technical and organizational measures, designed to preserve the security, integrity, and confidentiality of the Personal Data (defined in Exhibit A) and to protect it against unauthorized access and information security threats in accordance with the Data Processing Addendum, Exhibit A, attached hereto and incorporated herein by this reference. Your technical and organization measures must, at a minimum: (i) be designed to protect the security, integrity, and confidentiality of its access to and use of the Services and any output therefrom, (ii) secure Your systems using network security controls (e.g., firewalls), vulnerability management processes, and secure configuration practices, (iii) protect End User Data using industry-standard encryption techniques, and (iv) enable You to quickly become aware of any actual or suspected security incident. You agrees to notify Vouched within twenty-four (24) hours of becoming aware of any actual or suspected security incident, including without limitation any unauthorized access to or use of the Services, and will promptly cooperate with Vouched in the investigation and remediation of any such incident. 

      4.2. HIPAA Business Associate.       If You is a “covered entity” or a “business associate” and the Services includes processing of “protected health information,” as those terms are defined under HIPAA, the parties agree to execute the Business Associate Addendum, Exhibit B, attached hereto and incorporated herein by this reference.

      4.3. Data Backup. Vouched is not obligated to back up any electronic data and information that You inputs into, uploads to, or otherwise makes available to Vouched, including corporate, administrative, and firmographic data required by Vouched. 

      1. REPRESENTATIONS AND WARRANTIES

      5.1 Mutual.Each Party represents and warrants to the other Party that it has the necessary authority to enter into this Agreement and that it will comply with all applicable laws relating to or affecting this Agreement or the Services. In particular, and without limitation of the foregoing, You and Vouched will comply with all applicable state and federal laws and regulations regarding the privacy, security and confidentiality of any Personal Data, including the receipt, storage, processing, use and transmission of such information, in connection with the Services. 

      5.2 Your Representation and Warranties. You represents and warrants to Vouched that it receives, prior to utilizing the Services, all necessary End User consents, including where necessary explicit and informed consent, for (a) Vouched to collect and process End User Data in accordance with this Agreement, including, as applicable, social security numbers and biometric information, (b) collecting any End User Data from the End User, (c ) sharing End User Data with Vouched and/or its Service Providers, (d) retrieving End User Data from the Services, or (e) using any End User Data for a purpose not previously disclosed or for which consent had been previously withdrawn. If requested by Vouched, You will provide evidence of such End User consent. You represent and warrant that its use of the Service, and Vouched’s collection and processing of End User Data as part of the Services, will not violate any applicable law, including without limitation any privacy or consumer protection law. Without limiting the foregoing, with respect to any biometric data accessed or obtained by You through the Services, You represents and warrants that i) it will only use such data for ID verification consistent with the Vouched Biometric Policy (including the retention schedule included therein) and these TOS, and ii) it will keep such information confidential and secure. You further represents and warrants that it has, and will maintain through the duration of the Term, a privacy policy that is made available to End Users which complies with all applicable laws and regulations. 

      5.3. Limitation of Warranties VOUCHED PROVIDES ITS SERVICES “AS IS.” TO THE FULLEST EXTENT PERMITTED BY LAW, NEITHER VOUCHED NOR OF ANY OF ITS OFFICERS, DIRECTORS, AFFILIATES, SUPPLIERS, SERVICE PROVIDERS, AGENTS, LICENSORS OR DISTRIBUTORS MAKE ANY WARRANTY OF ANY KIND, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR ANY WARRANTY THAT THE SERVICES ARE FREE FROM DEFECTS. VOUCHED DOES NOT MAKE ANY WARRANTY AS TO ACCURACY, COMPLETENESS, DEPENDABILITY OR RELIABILITY OF THE INFORMATION THAT MAY BE DELIVERED OR PROVIDED IN CONNECTION WITH THE SERVICES. VOUCHED IS NOT RESPONSIBLE FOR ERRONEOUS, FRAUDULENT, OR SYNTHETIC DATA INTRODUCED BY You, END USER, OR OTHER THIRD PARTIES. ANY OUTPUT AND ANY OTHER DATA OR INFORMATION THAT You OR END USERS OBTAIN THROUGH THE SERVICES IS FOR INFORMATIONAL AND GENERAL REFERENCE PURPOSES ONLY. VOUCHED DOES NOT WARRANT THAT THE SERVICES WILL MEET Your REQUIREMENTS OR THAT THE OPERATION OF THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ALL ERRORS WILL BE CORRECTED. 

      1. INDEMNIFICATION

      6.1. Your Indemnification Subject to the terms and conditions set forth herein, You will indemnify, defend, and hold harmless, Vouched and its officers, directors, and employees (collectively, "VouchedIndemnified Party") against any and all losses, damages, liabilities, deficiencies, claims, actions, judgments, settlements, interest, awards, penalties, fines, costs, or expenses of whatever kind, including reasonable attorneys' fees (collectively, that are awarded against a Vouched Indemnified Party in a final non-appealable judgment, arising out of any third-party claim that results from: (a) any breach or violation by You or End User of Sections 1.2-1.3, 1.4, 3.2, 4.1, of these TOS, or Your breach of the DPA; (b) any material breach or non-fulfillment of any representation or warranty by You contained in this Agreement; (c ) any grossly negligent or more culpable act or omission of You (including any reckless or willful misconduct) in connection with the performance of its obligations under the Agreement; or (d) actual fraud by You.  

      6.2. Vouched Indemnification Subject to the terms and conditions set forth herein, Vouched will indemnify, defend, and hold harmless, You and its officers, directors, and employees (collectively, "YouIndemnified Party") against any and all Losses that are awarded against You Indemnified Party in a final non-appealable judgment arising out of any third-party claim that results from: (a) material breach or non-fulfillment of any representation or warranty by Vouched contained in this Agreement; (b) any grossly negligent or more culpable act or omission of Vouched (including any reckless or willful misconduct) in connection with the performance of its obligations under the Agreement; or (c ) actual fraud by Vouched. 

      6.3. Indemnity Procedures. The indemnified party shall promptly provide written notice of a claim to the indemnifying party and must give the indemnifying party sole control of the defense and settlement of the claim (provided that any settlement unconditionally releases the indemnified party of all liability and does not make any admissions on behalf of the indemnified party or include payment of any amounts by the indemnified party. The indemnifying party, at the indemnifying party's expense, will provide all reasonable assistance in connection with such a claim and may participate in the defense of the claim at its sole cost and expense. 

      7. LIMITATIONS ON LIABILITYTO THE FULLEST EXTENT PERMITTED BY LAW, NEITHER VOUCHED NOR ANY OF ITS OFFICERS, DIRECTORS, AFFILIATES, SUPPLIERS, SERVICE PROVIDERS, AGENTS, LICENSORS OR DISTRIBUTORS WILL BE LIABLE UNDER THIS AGREEMENT, INCLUDING ANY ORDER FORMS, FOR ANY: (A) INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES; (B) LOSS, ERROR, OR INTERRUPTION OF USE OF DATA OR OTHER INFORMATION (IN EACH CASE, WHETHER DIRECT OR INDIRECT); OR (C) COST OF COVER OR LOSS OF BUSINESS, REVENUES, OR PROFITS (IN EACH CASE WHETHER DIRECT OR INDIRECT), EVEN IF THE PARTY KNEW OR SHOULD HAVE KNOWN THAT SUCH DAMAGES WERE POSSIBLE OR FORESEEABLE. TO THE FULLEST EXTENT PERMITTED BY LAW, THE AGGREGATE LIABILITY OF VOUCHED AND ALL OTHER PERSONS REFERRED TO IN THIS SECTION 7; IN CONNECTION WITH THIS AGREEMENT WILL NOT EXCEED THE AMOUNT PAID BY You TO VOUCHED DURING THE TWELVE (12) MONTH PERIOD PRIOR TO THE EVENT GIVING RISE TO LIABILITY (PROVIDED THAT, IF NO FEES ARE PAID, SUCH AMOUNTS WILL BE LIMITED TO ONE HUNDRED DOLLARS (US $100.00)). THE EXISTENCE OF MORE THAN ONE CLAIM SHALL NOT INCREASE OR ENLARGE THE FOREGOING PAYMENT LIMITATION. THE PARTIES AGREE THAT THE WAIVERS AND LIMITATIONS SPECIFIED IN THIS SECTION 7 APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT (INCLUDING INDEMNITY CLAIMS), TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE AND WILL SURVIVE AND APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE. 

      1. CONFIDENTIALITY

      8.1. Non-Disclosure Agreement. “Confidential Information” means any non-public, proprietary information disclosed by a Party (“Disclosing Party”) to the other Party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. The Receiving Party shall not use any Confidential Information other than for the purpose of exercising its rights or performing its obligations under this Agreement. Further, the Receiving Party shall not disclose any Confidential Information of the Disclosing Party to any third party, except as may be required to its employees, agents, parent companies, shareholders, lawyers and accountants on a strict need-to-know basis, to the extent such third parties are subject to confidentiality obligations that are at least as restrictive as those in this Agreement. Notwithstanding the foregoing, Receiving Party may disclose Confidential Information pursuant to any legal proceeding or as otherwise required by law, subject to the Receiving Party providing Disclosing Party with commercially reasonable notice of any such legal request and taking all commercially reasonable steps to limit the amount of Confidential Information disclosed and to allow the Disclosing Party to seek a protective order or pursue other protective measures, in each case to the extent permitted under applicable law.  For purposes of this Agreement, Confidential Information excludes information that: (a) was known to the Receiving Party prior to disclosure by the Disclosing Party without restriction as to use or disclosure; (b) is or becomes generally available to the public other than by violation of this Agreement or another valid agreement between the parties; (c ) was independently developed by the Receiving Party without use or reliance upon the Disclosing Party’s Confidential Information; or (d) is divulged by a third party who had the right to make such disclosure without violating any confidentiality agreement with or other obligation to the Disclosing Party. 

      8.2. Limited Marketing Exception. You agree to allow Vouched to use Your name and logo on Vouched’s website and in other materials acknowledging this Agreement. Vouched and You will mutually agree on the terms of a promotional statement announcing the relationship between the parties set forth in the Agreement. 

      1. TERMINATION AND SUSPENSION OF SERVICES

      9.1.Termination and Suspension of Services. If you fail, or Vouched suspects that you have failed, to comply with any of the provisions of this Agreement, Vouched may, without notice to you: (i) terminate this Agreement and you will remain liable for all amounts due under your account up to and including the date of termination; and/or (ii) terminate your license to the software; and/or (iii) preclude your access to the Services. Vouched further reserves the right to modify, suspend, or discontinue the Services at any time with or without notice to you, and Vouched will not be liable to you or to any third party should it exercise such rights. You may terminate this agreement up to one (1) day prior to the end of the Free Testing Period by contacting Vouched via email at support@vouched.id. Thereafter, this Agreement may be terminated by either Vouched or You upon 30 days written notice to the other of such Party’s intent to terminate. All fees shall be due until termination is complete. 

      9.2. Effect of Termination. Upon termination or expiration of this Agreement for any reason: (a) the Agreement including any Order Form(s) under this Agreement will terminate; (b) all rights and obligations of the parties hereunder will cease (except as set forth in Section 9.4 (Survival)); and (c ) You will remain obligated to pay for all Services through the effective date of termination. 

      9.3 Survival. Any term of this Agreement that by its nature is intended to survive termination or expiration of this Agreement will survive, including, without limitation: 3 (Intellectual Property Rights), 4 (Data Security), 5 (Representations and Warranties), 6 (Indemnification), 7 (Limitation on Liability), 8 (Confidentiality), 9.2 (Effect of Termination), 9.3 (Survival) and 10 (Miscellaneous). 

      1. MISCELLANEOUS

      10.1 Entire Agreement. This Agreement, including this TOS and each Order Form represents the entire agreement between the parties with respect to Your use of the Services and supersedes any and all prior agreements of the parties with respect to the subject matter hereof. No change, amendment or modification of any provision of this TOS, or any Order Form will be valid unless set forth in a written instrument signed by the duly authorized representatives of both parties. 

      10.2 Notices. Any required notices under this Agreement should be sent to the addresses or email addresses noted on the Order Form. If either party changes its address or email address, that party will promptly give notice to the other party of the new address or email address. 

      10.3. Counterparts. The parties may execute this Agreement in any number of counterparts. Each counterpart is an original and all counterparts constitute one agreement binding both parties. Facsimile and electronic signatures will be binding for all purposes. 

      10.4. Applicable Law. The Agreement and the Services will be governed by and interpreted in accordance with the internal laws of the state of Washington, excluding its conflict of law rules. Exclusive jurisdiction and venue for any claims related to or arising under the Agreement will be in a court located in King County, Washington. If any action at law or in equity is necessary to enforce or interpret the terms of the Agreement, the substantially prevailing party will be entitled to reasonable attorneys’ fees and costs in addition to any other relief to which such party may be entitled. 

      10.5. Severability If any provision of the Agreement violates any law or becomes unenforceable, then that provision will be deemed modified or excluded to the extent necessary so that it is no longer in violation of law or unenforceable and the remaining provisions will remain binding on the parties. 

      10.6. Assignment. The Agreement will be binding upon and inure to the benefit of the successors and permitted assigns of the parties. Either party may assign or transfer any or all of its rights, obligations or interest under the Agreement without the written consent of the other party. 

      10.7. Waiver. The various rights and remedies given to or reserved by either party herein or allowed by law, are cumulative and the failure of either party to insist upon the performance of any provision herein or to exercise any right or privilege granted to it hereunder, will not be construed as a waiver of that provision or any other provision, and the same will continue in full force. 

      Exhibit A

      Data Processing Addendum

       

      1. Relationship of the Parties

      1.1.You appoints Vouched to process and its variants means, without limitation, access, collect, record, organize, use, store, adapt, alter, retrieve, consult, transfer, disclose or destroy (“Process”) Personal Data (as defined below) as described in the Agreement to provide the services performed by Vouched under the Agreement ("Services")to You. "Personal Data” means information relating to an identified or identifiable natural person, household or device. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Where applicable, Vouched will be considered a “service provider” or “processor” under Data Protection Laws (defined below) and You will be considered a “controller.” “Data Protection Laws” means, in each case to the extent applicable, data protection and privacy laws and regulations in any relevant jurisdiction from time to time, including, but not limited to:

        • EU Data Protection Laws: (i) the EU General Data Protection Regulation (Regulation 2016/679)(“GDPR”); (ii) the EU e-Privacy Directive (Directive 2002/58/EC); and (iii) any and all EU Member State laws made under or pursuant to any of the foregoing; in each case as amended or superseded from time to time.
      • UK Data Protection Laws:the data privacy legislation adopted by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019/419 as supplemented by the terms of the Data Protection Act 2018 and the UK GDPR (Retained Regulation (EU) 2016/679 (UK GDPR) pursuant to section 3 of the European Union (Withdrawal) Act (2018).
      • CCPA: the California Consumer Privacy Act of 2018, as amended, and, when effective, the California Privacy Rights Act of 2020, the California Civil Code § 1798.100 et seq.
      • BIPA: the Illinois Biometric Information Privacy Act, 740 ILCS 14/1 to 740 ILCS 14/99
      • MHMDA: the Washington My Health My Data Act, Chapter 19.373 RCW

      2. Processing of Your Personal Data

      2.1. Vouched will only Process Personal Data on behalf of You (“You Personal Data”) on and according to Your documented instructions and as reasonably necessary for the performance of this Agreement, unless Processing is required by applicable laws, in which case Vouched shall, to the extent permitted by Data Protection Laws, inform You of such legal requirement before the relevant Processing Your Personal Data. 

      2.2. You instruct Vouched (and authorizes Vouched to instruct each Subprocessor (defined below) to Process Your Personal data and, in particular, transfer Your Personal Data to any country or territory, as reasonably necessary for the provision of the Services and consistent with the Agreement. “Subprocessor” means any person (excluding an employee of Vouched or any of its allowed sub-contractors) appointed by or on behalf of Vouched to Process Personal Data on behalf of You under the Agreement. 

      2.3. Vouched shall not: (i) sell You Personal Data; (ii) retain, use, or disclose Your Personal Data for any purpose other than for the specific purpose of performing the Services; (iii) retain, use, or disclose Your Personal Data for a commercial purpose other than providing the Services; or (iv) retain, use, or disclose Your Personal Data outside of the direct business relationship between Vouched and You. Vouched certifies that it understands the restrictions in this Section 2.3 and will comply with them. 

      2.4. You shall comply with all Data Protection Laws, including any and all obligations to provide notice and obtain valid consent before collecting or Processing any Personal Data. Where applicable, You shall be responsible for informing its customers and/or employees regarding what information and Personal Data is collected under this Agreement in connection with the Services, how such information or Personal Data will be used by You and Vouched, and obtaining any necessary consents for Vouched and its Affiliates and Subprocessors to Process such Personal Data to provide the Services. You shall have the sole responsibility for the accuracy, quality and legality of Personal Data and the means by which You acquired Personal Data. You specifically acknowledge and agree that its use of the Services will not violate the rights of any data subject, including those that have opted-out from sales or other disclosures of Personal Data, to the extent applicable under Data Protection Laws.  “

      3. Security

      3.1.Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Vouched shall, in relation to the You Personal Data, implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk to protect Your Personal Data from (i) accidental or unlawful destruction and (ii) a Personal Data Breach.  “

      3.2. Vouched has implemented technical and organizational measures for personal data protection according to ISO 27001 and for compliance with SOC 2. You can request the most recent ISO 27001 certification or SOC 2 report by sending a request to https://trust.vouched.id

      4. Subprocessing

      4.1. You authorize Vouched to appoint (and permit each Subprocessor appointed in accordance with this Section 4 to appoint) Subprocessors in accordance with this Section 4 and any restrictions in the Agreement. 

      4.2. You may request and Vouched will provide a list of Subprocessors engaged by Vouched or any Vouched Affiliate. 

      4.3. With respect to each Subprocessor, Vouched shall impose data protection terms that require it to protect the You Personal Data to the standard required under applicable Data Protection Law. 

      4.4. Vouched shall be liable for any breach of this Data Processing Addendum that is caused by an act, error or omission of its Subprocessor. 

      5. Requests and Assistance

      5.1. Vouched shall provide reasonable assistance to You in responding to requests from an individual, consumer or data subject to exercise any rights under the applicable Data Protection Law.

      5.2. In the event that any request, correspondence, or complaint from a data subject, regulator, or other third party is made directly to Vouched, Vouched shall promptly inform You and provide full details of the same. 

      6. Data Breach

      6.1. Vouched shall notify You without undue delay upon Vouched or any Subprocessor becoming aware of an unauthorized or unlawful destruction, loss, alteration, disclosure of, or access to Your Personal Data in Vouched’s or any Subprocessor’s possession or control (“Personal Data Breach”) affecting Your Personal Data, providing You with sufficient information to allow You to meet any obligations to report or inform data subjects of the Personal Data Breach under the Data Protection Laws. 

      6.2. Vouched shall take such reasonably necessary measures and actions to mitigate the effects of the Personal Data Breach and shall keep You informed of all material developments in connection with the Personal Data Breach. 

      7. Data Protection Impact Assessment and Prior Consultation

      7.1. Taking into account the nature of the Processing, Vouched shall provide You with reasonable cooperation (at Your expense) to enable You to (i) conduct any data protection or transfer impact assessments that it is required to undertake under applicable Data Protection Laws; and (ii) consult competent regulators prior to processing where required by applicable Data Protection Law. 

      8. Retention and Deletion or return of Your Personal Data

      8.1. Subject to Sections 8.2 and 8.3, Vouched shall retain Your Personal Data only as permitted by applicable law and only for as long as necessary to fulfill the purposes of processing as set forth in the Agreement as instructed by You, including, where applicable, keeping the Services up to date and performant and fraud prevention. 

      8.2. Subject to Section 8.3, You may by written notice to Vouched within ten (10) days of cessation of any Services involving Processing of Your Personal Data, require Vouched to (a) return a complete copy of all Your Personal Data to You by secure file transfer in such format as is reasonably notified by You to Vouched; and (b) delete and use all reasonable efforts to procure the deletion of all other copies of Your Personal Data Processed by any Subprocessor. 

      8.3.Vouched may retain Your Personal Data to the extent required by applicable laws or as Vouched may deem necessary to establish, exercise, or defend legal claims. 

      9. Audit rights

      9.1. Vouched shall make available to You on request all information reasonably necessary to demonstrate compliance with this Data Processing Addendum. To the extent You cannot reasonably establish Vouched’s compliance, after payment of a reasonable fee, Vouched (or its Subprocessor) will allow its procedures and documentation to be inspected or audited as set forth in Section 9.1. 

      9.2. You shall give Vouched reasonable notice of any audit or inspection to be conducted under Section 9.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury or disruption to Vouched’s (or Subprocessor’s) premises, equipment, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Vouched (or Subprocessor) need not give access to its premises for the purposes of such an audit or inspection:

      (a) To any individual unless he or she produces reasonable evidence of identity and authority;

      (b) Outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and You has given notice to Vouched that this is the case before attendance outside those hours begins; or

      (c ) For the purposes of more than one audit or inspection in any calendar year, except for any additional audits or inspections which You is required or requested to carry out by Data Protection Law or a regulator.

      9.3. The parties agree that a third-party report or certification (e.g., a SSAE 16-Type II report) provided by Vouched (or Subprocessor) will satisfy the information requirements in 9.1. 

      10. Restricted Transfers

      10.1. To the extent Your Personal Data originates in the United Kingdom or the European Economic Area, and as required under applicable Data Protection Laws, You and Vouched will cooperate to enter into appropriate Standard Contractual Clauses.