Legal | IDComply Product Terms
IDComply Product Terms
Last Updated: October 24, 2025
Table of Contents
Customer’s access to and use of the IDComply Offering is subject to these additional Product Terms for the IDComply Offering which, along with the MSA and Order Form comprise the Agreement between Customer and Provider for the IDComply Offering.
1. Customer’s Obligations and Restrictions in the IDComply Offering
1.1 Prior to using any IDComply Offering in any jurisdiction, Customer will obtain from any competent regulatory authority for such jurisdiction all regulatory approvals, if any, that Customer may require to use the IDComply Offering for the Permitted Purpose.
1.2 In addition to, and without limiting Customer’s other obligations in the Agreement, Customer will display a consent notice clearly and conspicuously at the point it collects any data from an End User related to collecting information to be used with the IDComply Offering. The consent notice must be easy for End Users to read and understand, indicate the purpose of the collection, indicate the data will be managed pursuant to Customer’s privacy policy, and provide access to Customer’s privacy policy. Customer will also maintain records of End Users’ consent for using the IDComply Offering as may be required under the Agreement and Applicable Law. Customer acknowledges that unauthorized access to consumer reports may subject Customer to civil and criminal liability under applicable laws and regulations, punishable by fines and imprisonment.
1.3 Notwithstanding anything in the Agreement to the contrary, Customer may not sublicense the IDComply Offering, including to any Affiliate of Customer or any third party, without Provider’s prior, express written consent, and may access use the IDComply Offering solely for its internal business purposes.
1.4 Without limiting Customer’s obligations and restrictions in the Master Services Agreement, Customer will not access or use the IDComply Offering: (a) for any “permissible purpose” under the Fair Credit Reporting Act (“FCRA”) (15 U.S.C. Sec. 1681 et seq.) or use any of the information and data it receives through the IDComply Offering to take any “adverse action”, as that term is defined in the FCRA; (b) in violation of the provisions of and regulations pursuant to the Drivers Privacy Protection Act (18 U.S.C. Section 2721 et seq.); (c) other than pursuant to an exception of the privacy provisions of and regulations issued pursuant to the Gramm-Leach-Bliley Act (15 U.S.C. Sec. 6801 et seq.), to the extent that such Act is applicable to Customer’s use of the IDComply Offering; (d) in violation of the Illinois Biometric Information Privacy Act of 2008; (e) in violation of any Applicable Law, including any Applicable Data Protection Laws; (f) in violation of such other future legislation, regulation, or other Applicable Law that Customer, Provider or Provider’s Third-Party Suppliers reasonably determine limits the use of the IDComply Offering and/or End User Data; (g) for any purpose which may result in the illegal access to, or collection of, data whilst in transit, illegal access to computers or networks, spamming, flooding, or other such broadcasts; (h) to train, improve or test (directly or indirectly, and either by itself or through a third party) any machine learning or artificial intelligence technology or process; or (i) use the IDComply Offering for the design or development of nuclear, chemical, or biological weapons or missile technology, or for terrorist activity, without the prior permission of the United States government.
1.5 Customer may not access or use, or permit the access or use of the IDCompy Offering: (a) as a reseller, broker, sales agent, distributor or marketer; (b) to request bulk results without sufficient consent from each End User and without providing the data elements necessary to match to each End User; (c) for marketing purposes; (d) to cache Provider Data; (e) for personal use; (f) to distribute to any third party, including without limitation, to consumers, bail bondsmen, private investigators, private investigative agencies, credit counseling firms, financial counseling firms, credit repair clinics, pawn shops, check cashing companies, genealogical or heir research firms, dating services, massage or tattoo services, adult entertainment services of any kind, repo companies, companies seeking information in connection with subscriptions (magazines, book clubs, record clubs and the like), companies or individuals involved in spiritual counseling, any company or individual known or suspected to have been involved in credit fraud, unethical business practices, identity theft, harassment or stalking, and any company or individual listed as a Specially Designated National on the Office of Foreign Asset Control (OFAC) website; or (g) supporting directory assistance services.
1.6 If the Territory for the IDComply Offering includes Canada, then Customer represents and warrants that it is a credentialed member of Equifax and has entered into a written agreement with Equifax in a form acceptable to Equifax, and available upon request to Provider (the “Equifax Agreement”), and the Equifax Agreement remains operative and has not expired or been terminated. Customer further agrees to comply with the terms of the Equifax Agreement, including provision of any notices to Provider as may be required under the Equifax Agreement, and to immediately cease use of the IDComply Offering upon the expiration, termination, suspension or any other suspension of rights under the Equifax Agreement. If the Territory for the IDComply Offering includes Canada, Provider and Customer will dispose of Consumer Information from the IDComply Offering in compliance with procedures promulgated by the Federal Trade Commission (collectively, the “Disposal Regulations”). A copy of the Disposal Regulations is available upon request. For the purposes of this Section 1.6 only, “Consumer Information” means any record about an individual, whether in paper, electronic, or other form, that is a consumer report or is derived from a consumer report, or a compilation of such records; Consumer Information does not include information that does not identify individuals, such as aggregate information or blind data.
2. General Terms
2.1 Notwithstanding anything in the Agreement to the contrary, or in any Data Processing Addendum (or similar document) to the contrary, Provider may retain and use the Fraud Prevention Data (as hereinafter defined) for fraud prevention purposes, solely related to End Users of Customer and Customer’s use of Provider products and services, including any Customer audit of Provider Data from the IDComply Offering, until the earlier of: (a) Customer provides written notice to Provider at legal@geocomply.com to delete the Fraud Prevention Data; or (b) all operative agreements between Customer and Provider have expired or been terminated. “Fraud Prevention Data” means End User Data that includes an End User’s name, date of birth, address, social security number, IP address, and identification document information (e.g. Photo ID, ID number, issue date, expiration date). By permitting Provider to retain and use the Fraud Prevention Data in accordance with this section, Customer agrees that Provider may associate the Fraud Prevention Data with data collected by Provider through Provider’s other products and services used by Customer, and that Customer has provided sufficient notice to, and obtained sufficient consent from, its End Users, in compliance with Applicable Data Protection Laws, to permit Provider to retain and use the Fraud Prevention Data as set forth herein.
2.2 Provider reserves the right to modify the IDComply Offering, including the addition or removal of Third-Party Suppliers, in its sole and absolute discretion. Such modification will not modify Customer’s or Provider’s rights or obligations under the Agreement. Notwithstanding the foregoing, if such modification to the IDComply Offering requires a material change to these Product Terms, including without limitation, if a Third-Party Supplier requires a change to these Product Terms, then Provider reserves the right modify these Product Terms, excluding any changes to any pricing for the IDComply Offering, as necessary to reasonably accommodate such modification to the IDComply Offering. Provider will provide Customer written notice of any such modification, and if Customer does not provide a written objection to such modification within thirty (30) days of receipt, then Customer agrees to such modification.
2.3 NOTWITHSTANDING ANYTHING ELSEWHERE IN THE AGREEMENT TO THE CONTRARY, NEITHER PROVIDER NOR ANY THIRD-PARTY SUPPLIERS GUARANTEE OR WARRANT THE CORRECTNESS OR COMPLETENESS OF THE IDCOMPLY OFFERING OR THE THIRD-PARTY SERVICES. THE IDCOMPLY OFFERING ARE PROVIDED ON AN “AS IS” BASIS, AND CUSTOMER USES THE IDCOMPLY OFFERING AT ITS OWN RISK. NEITHER PROVIDER NOR ANY THIRD-PARTY SUPPLIERS MAKE ANY REPRESENTATION OR WARRANTY, EITHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, SUITABILITY, FITNESS FOR A PARTICULAR USE OR PURPOSE, NONINFRINGEMENT, TITLE, OR WARRANTIES ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE, AND NEITHER PROVIDER NOR ANY THIRD-PARTY SUPPLIER REPRESENTS OR WARRANTS THAT THE IDCOMPLY OFFERING WILL BE UNINTERRUPTED, OR ERROR-FREE, AND ALL SUCH REPRESENTATIONS OR WARRANTIES ARE EXPRESSLY DISCLAIMED. CUSTOMER ACKNOWLEDGES THAT PROVIDER AND THIRD-PARTY SUPPLIERS OBTAIN CONSUMER AND OTHER DATA FROM THIRD-PARTY SOURCES, WHOSE DATA IS NOT NECESSARILY COMPLETELY ACCURATE OR COMPLETE, AND THAT THEREFORE NEITHER PROVIDER NOR ANY THIRD-PARTY SUPPLIERS CAN, AND NEITHER DOES, WARRANT THE ACCURACY, INTEGRITY OR COMPLETENESS OF CONSUMER OR OTHER DATA UTILIZED, STORED OR TRANSMITTED AS PART OF THE IDCOMPLY OFFERING.
2.4 The IDComply Offering is a “commercial product” (as defined at Federal Acquisition Regulation (FAR) 2.101) and is “commercial computer software” (as defined at FAR 2.101). If Customer is an agency, department, or other entity of the United States Government, the use, duplication, reproduction, release, modification, disclosure, or transfer of any part of the IDComply Offering, including technical data and manuals, is restricted by the terms of Federal End User Agreement in accordance with FAR 12.212 for civilian agency use and Defense Federal Acquisition Regulation Supplement (DFARS) 227.7202 for agencies within the Department of Defense. All other use is prohibited.
3. Data Verification Services
3.1 To the extent that Customer elects to access or use Data Verification Services as part of the IDComply Offering, then the provisions of this Section 3 will apply to Customer’s access and use of the IDComply Offering.
3.2 Customer’s confidentiality obligations under the Agreement will continue for two (2) years following the expiration or termination of the Agreement, except that those obligations will continue beyond that period to the extent, and so long as, the Confidential Information comprises one or more Trade Secrets.
3.3 During the term of the Agreement, and for one (1) year following the expiration or termination of the Agreement, Provider or its Third-Party Suppliers have the right, at their sole expense to audit, directly and through independent auditors, Customer’s records to ensure compliance with the Agreement. Except to the extent additional audits are required by a Third-Party Supplier’s data providers or regulatory authority, or Provider or Third-Party Supplier reasonably suspects that Customer has breached its obligations under the Agreement and has provided Customer with documentation reasonably necessary to substantiate such suspicion and Customer has failed to provide an explanation reasonably acceptable to Provider or Third-Party Supplier within ten (10) days after Customer was notified of such suspicion, Third-Party Supplier will be limited to an audit questionnaire within the first 90 days of Customer’s live transactions, and thereafter no more than one (1) audit questionnaire in a twelve-month period. Such audits may be conducted during normal business hours upon five (5) business days’ prior written notice of intent to audit by the auditing party. The auditing party will have the right to make and retain copies of those of Customer’s records as it reasonably deems necessary or appropriate in order to complete its audit and will have the right to retain one copy of those records for its archival purposes. Except as required by law, the auditing party will treat as confidential all of Customer’s records, procedures and processes disclosed during the audit, provided that the auditing party will have the right to disclose those records as it deems reasonably necessary in order to enforce its rights under this Agreement.
3.4 Customer agrees to indemnify, defend, and hold harmless each Third-Party Supplier and its Representatives solely with respect to the Third-Party Services provided by such Third-Party Supplier, and solely to the same extent that Customer agrees to indemnify Provider for Customer’s access and use of the applicable Third-Party Services as part of the IDComply Offering under the Agreement. Further, Customer will indemnify, defend, and hold harmless each Third-Party Supplier and its Representatives from and against any and all Claims resulting from or arising out of any action brought by any third party against the Third-Party Supplier resulting from or arising out of Customer’s access or use of the Third-Party Services provided by the Third-Party Supplier as part of the IDComply Offering. Notwithstanding anything in the foregoing to the contrary, any indemnification obligation of Customer set forth in this Section 3.4 is subject to the existing limitations of liability with respect to indemnification obligations that Provider and Customer may have agreed to elsewhere in the Agreement.
3.5 Third-Party Suppliers are not a party to this Agreement, and will have no liability to Customer under this Agreement or in connection with the IDComply Offering. Should any arbitrator or judge determine that, notwithstanding the foregoing sentence, a Third-Party Supplier has liability to Customer relating to the Third-Party Services as part of the IDComply Offering, whether in contract or tort, or under any other theory, THE THIRD-PARTY SUPPLIER’S AGGREGATE LIABILITY FOR ANY OR ALL LOSSES OR INJURIES WILL BE LIMITED TO THE FEES PAID BY PROVIDER TO THE APPLICABLE THIRD-PARTY SUPPLIER FOR THE IDCOMPLY OFFERING UNDER THIS AGREEMENT DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRIOR TO THE OCCURRENCE OF THE FIRST EVENT GIVING RISE TO ALL OR PART OF THE LIABILITY.
3.6 Third-Party Suppliers and its Representatives will be third-party beneficiaries of this Agreement, including, but not limited to, with respect to the Third-Party Supplier’s right to enforce protection of its Confidential Information and Intellectual Property Rights, and its rights under this Agreement.
4. ID Verification Services
4.1. To the extent that Customer elects to use ID Verification Services as part of the IDComply Offering, then the provisions of this Section 4 will apply to Customer’s access and use of the IDComply Offering.
4.2. Without the prior written consent of Provider, to the extent Customer submits any photo identification, including driver’s license, passport, government identity card, or otherwise (each a “Photo ID”), of an End User to the IDComply Offering, Customer must ensure the following language is included in the consent screen that it presents to such End User:
IDVerse Standard Privacy Consent (IDKit)
To verify your identity we capture your personal data from your ID docs and selfie.
Our partner IDVerse will use this data to verify your identity and to prevent fraud. We match your selfie to your ID doc using your facial biometrics. IDVerse deletes your biometric data within seven days (IDKit).
If you do not want to consent then you will need to verify your identity another way.For more information see the privacy policy.
☐ I have read this notice and I provide my consent.
4.3. Without the prior written consent of Provider, to the extent Customer submits a Photo ID of an End User to the IDComply Offering, Customer must: (i) not make any changes to the End User consent screen in the IDComply Offering in any way that materially changes the required language, including the language set forth in Section 4.2 above; (ii) link Provider’s and Customer’s privacy policy on the End User consent screen; and (iii) add the following into the Customer’s privacy policy (or its equivalent), subject to change from time to time as required by applicable law:
[ CUSTOMER ] and [ PROVIDER ] customers may use an identity verification service performed by IDVerse, which is a trading name of OCR Labs. If you are resident in the USA or Canada then it is performed by OCR Labs Global (USA) Inc (a Delaware corporation), if you are resident in Europe, the Middle East or Africa then it is performed by OCR Labs Global Limited (an English company) and if you are resident anywhere else then it is performed by OCR Labs Pty Ltd (a New South Wales, Australia company).
If you are a US resident then please see IDVerse’s US biometric statement in its Privacy Policy: https://idverse.com/privacy-policy/.
IDVerse verifies your ID is genuine and then extracts all of the data on the identity document. Data extracted includes the data written on the ID doc and your picture, and also data in any barcode, machine readable zone or in the chip (if the chip is being read).
IDVerse sends that data to us. In the user flow you can correct any data extracted incorrectly. If you do correct any incorrect data then IDVerse will take just the incorrect character (and no personal data) from the ID document to make sure it does not make that mistake again.IDVerse uses your biometric data to check you are a real person, to extract your face from the ID document and to compare that against your selfie to ensure you are the right person, and for anti-fraud purposes. IDVerse deletes your biometric data within three years of initial collection. IDVerse also uses location information from your device for anti-fraud purposes.
5. Phone Verification Services
5.1 To the extent that Customer elects to use Phone Verification Services as part of the IDComply Offering, then the provisions of this Section 5 will apply to Customer’s access and use of the IDComply Offering.
5.2. Prior to each use of the Phone Verification Services with respect to any End User, Customer will obtain the consent of such End User, using the methods and language described herein, and ensure that the End User has reached the age of majority according to the applicable laws of the jurisdiction where the End User resides. Customer will create an electronic record of consent and store such consent record with the account record for auditing purposes for the duration of the Agreement plus for an additional five (5) years after the termination or expiration thereof. Upon written request, Customer will affirm consent has been obtained, by sending the appropriate indicators via an API as directed by Provider, including records that prove that the specific consent language presented to any End User is readily and clearly associated and identified with (i) such End User’s consent and (ii) the date and time such consent was given. Customer will stop passing any consent timestamps with respect to any End User to Provider upon discontinuation of Customer’s business relationship with the End User or upon the End User’s election to revoke or opt out of any consent it has previously given.
5.3. Customer will prominently display the consent language set forth below (the “MNO Consent Language”), or as may be modified by a Mobile Network Operator (“MNO”) as communicated by Provider to Customer, and obtain the End User’s consent on-screen as part of Customer’s general terms and conditions, or upon application download or update. The terms of End User consent, including the MNO Consent Language set forth below, are subject to modification by an MNO, and Provider will promptly notify Customer, in writing, if an MNO modifies the terms of consent. Upon receipt of such written notice, Customer will update the MNO Consent Language or consent methods accordingly in its next update to its terms and conditions, and, upon written request by Provider, Customer will promptly present to Provider evidence that such updates were made in order to continue to access or use the Phone Verification Services. The MNO Consent Language is as follows:
You authorize your wireless carrier/telecommunications service provider to use or disclose information about your account and your wireless device, if available, to [CUSTOMER NAME] or its service provider for the duration of your business relationship, solely to help them identify you or your wireless device and to prevent fraud. See our Privacy Policy for how to see how we treat your data.
5.4. To the extent that Customer elects to use Phone Verification Services as part of the IDComply Canada Offering, Customer will, obtain the consent referenced in Section 5.3, prior to Customer’s use of the Phone Verification Services for any End User, by either:
5.4.1 a clickbox, or similar mechanism that evidences consent, that indicates that End User agrees to the MNO Consent Language;
5.4.2 a clickbox, or similar mechanism that evidences consent, that indicates that End User agrees to Customer’s terms and conditions, or similar agreement between Customer and End User (the “Terms & Conditions”), that reads substantially similar to “[Checkbox] I have read and agree with the Terms and Conditions [link], including the exchange of certain personal information with third parties for identity verification and for fraud avoidance purposes”, and Customer also includes the MNO Consent Language within the Terms & Conditions; or
5.4.3 an email notifying an End User that Customer has updated its Terms & Conditions, which email reads substantially similar to: “Subject: Updated Service Terms; From: [Customer]; Our services terms will be updated effective [Date]. By continuing to use our services, you confirm that you have read and agree with the updated Terms and Conditions [link], including the exchange of certain personal information with third parties for identity verification and fraud avoidance purposes,” and Customer also includes the MNO Consent Language within the updated Terms & Conditions.
6. Definitions
6.1 “Data Verification Services” means that portion of the IDComply Offering that permits Customer to verify the age or identity of an End User by means of End User data submitted through the IDComply Offering, including without limitation, End User email address, knowledge-based authentication (“KBA”), but excluding ID Verification Services and Phone Verification Services.
6.2 “ID Verification Services” means that portion of the IDComply Offering that permits Customer to verify the age or identity of an End User by means of an End User photo ID submitted through the IDComply Offering, including without limitation, drivers’ license, identity card, and passport, but excluding Data Verification Services and Phone Verification Services.
6.3 “Phone Verification Services” means that portion of the IDComply Offering that permits Customer to verify the age or identity of an End User by means of End User telephone number submitted through the IDComply Offering, but excluding ID Verification Services and Data Verification Services.
6.4 “Representatives” means an entity’s affiliates, and its and its affiliates’ owners, members, directors, officers, employees, agents, independent contractors, investors, attorneys, licensees, and other representatives.
6.5 “Trade Secret” means information, without regard to form, including, but not limited to, technical or nontechnical data, a formula, a pattern, a compilation, a program, a device, a method, a technique, a drawing, a process, financial data, financial plans, product plans, or a list of actual or potential customers or suppliers which is not commonly known by or available to the public and which information (i) derives economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and (ii) Is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.
© 2025 GeoComply Solutions Inc. All rights reserved.