A new approach to cybersecurity

For Business → ProtectionGrid For Large Corporates → ProtectionGrid For Law Enforcement → Intelligence For Governments → Intelligence

Legal · Terms of Service

Terms of Service

These Terms govern the relationship between identiqa and its business and government customers — covering subscriptions, services, intellectual property, liability, and how disputes are resolved. Written for B2B and B2G use only.

Effective date: 1 May 2026 Last updated: 1 May 2026 Version: 1.0

Table of contents

01Scope & parties
02Definitions
03Contract formation
04Services & access
05Fees & payment
06Term & termination
07Service levels
08Data processing
09Intellectual property
10Confidentiality
11Warranties & disclaimers
12Liability & limitation
13Indemnification
14Force majeure
15Changes to these Terms
16Governing law & jurisdiction
17Miscellaneous
18Contact

Scope & parties

These Terms of Service ("Terms") govern your access to and use of products and services provided by Identiqa EU Ops Ltd., a private company limited by shares incorporated in Ireland with its registered office in Dublin (the "Service Provider", "identiqa", "we", "us", "our"), to its business and government customers ("Customer", "you", "your").

B2B and B2G only. These Terms are designed exclusively for business and government customers. identiqa does not offer services to consumers (within the meaning of EU consumer protection law). By entering into a contract under these Terms, you confirm that you act in your professional or commercial capacity.

Where customer-specific Master Service Agreements (MSAs), Order Forms, Data Processing Agreements (DPAs), or Statements of Work (SOWs) have been signed, those agreements take precedence over these general Terms in case of conflict.

Definitions

For the purposes of these Terms:

Affiliate means any entity that directly or indirectly controls, is controlled by, or is under common control with a party.
Customer Data means data submitted, transmitted, or processed by Customer through the Services, including security telemetry, configuration data, and account information.
Documentation means user guides, technical documentation, and product specifications made available by identiqa.
Order Form means a written or electronic order accepted by both parties specifying Services, fees, term, and other commercial terms.
Services means the products and services provided by identiqa under these Terms, including ProtectionGrid modules (SecureDomain, WebShield, AppShield, MailShield, HybridMail, WebAuth), CISO as a Service offerings, identiqa Intelligence services, and related platforms (CyberHub, identiqa.id).
Subscription means a paid right to use the Services for a defined term as set out in an Order Form.
User means an individual authorized by Customer to access the Services on Customer's behalf.

Contract formation

A binding contract under these Terms is formed when:

Customer signs an Order Form, MSA, or other commercial agreement referencing these Terms; or
Customer activates a Service through self-service channels (where available) and accepts these Terms during sign-up; or
Both parties countersign a Statement of Work for professional services.

Marketing materials, pricing pages on identiqa.com, and informal communication are non-binding offers to enter into negotiations. The actual contract terms are those agreed in writing between the parties.

Services & access

4.1 Service description

identiqa provides cybersecurity software-as-a-service products and related professional services. The specific Services subscribed to are identified in the applicable Order Form, with technical capabilities described in the corresponding Documentation.

4.2 Access & users

Customer is responsible for managing User access. Customer shall ensure Users comply with these Terms and applicable Documentation, and shall keep all access credentials confidential. Customer is liable for actions taken under its account.

4.3 Acceptable use

Customer agrees not to:

Use the Services in violation of applicable law;
Reverse-engineer, decompile, or attempt to derive source code, except as expressly permitted by mandatory law;
Use the Services to develop or train competing products;
Resell, sublicense, or otherwise transfer access to the Services without identiqa's prior written consent;
Use the Services to send unsolicited communications, transmit malware, or conduct unauthorized security testing of third-party systems;
Circumvent rate limits, security controls, or usage measurement of the Services.

4.4 Updates & changes

identiqa may update the Services from time to time to add features, improve security, address regulatory changes, or remove deprecated functionality. Material changes affecting core functionality will be communicated with reasonable advance notice. We do not guarantee permanent availability of every feature.

Fees & payment

5.1 Fees

Fees are as specified in the applicable Order Form. Unless otherwise stated, fees are quoted exclusive of value-added tax (VAT) and other applicable taxes, which are added at the rate prevailing at the time of invoicing.

5.2 Invoicing & payment terms

Subscriptions are typically invoiced monthly or annually in advance, as specified in the Order Form. Standard payment terms are 14 days net from invoice date [review — payment terms vary by Order Form and customer].

5.3 Late payment

Late payments accrue interest at the statutory rate applicable under Irish law (currently the European Central Bank reference rate plus 8 percentage points pursuant to the European Communities (Late Payment in Commercial Transactions) Regulations 2012, where applicable). identiqa reserves the right to suspend Services for accounts more than 30 days overdue, after providing written notice and reasonable opportunity to cure.

5.4 Price changes

identiqa may adjust pricing for Subscriptions on renewal, with at least 60 days' written notice prior to the renewal date. Mid-term price increases are excluded except where (i) Customer materially expands the scope of Services, (ii) regulatory or third-party costs change materially, or (iii) the parties otherwise agree in writing.

Term & termination

6.1 Term

The initial term is as specified in the Order Form. Unless otherwise agreed, Subscriptions automatically renew for successive periods equal to the initial term, unless either party provides written notice of non-renewal at least 60 days before the end of the then-current term.

6.2 Termination for cause

Either party may terminate these Terms or any specific Subscription with immediate effect for cause if:

The other party commits a material breach and fails to remedy it within 30 days of written notice;
The other party becomes insolvent, files for bankruptcy, or is subject to similar proceedings;
Termination is required by applicable law or regulator order.

6.3 Effects of termination

On termination:

Customer's right to access and use the Services ceases immediately;
Customer remains liable for fees accrued before termination;
identiqa makes Customer Data available for export for at least 30 days after termination, after which it may be deleted in accordance with the applicable DPA;
Provisions that by their nature should survive termination (confidentiality, IP, liability, dispute resolution) remain in effect.

Service levels

identiqa provides target service levels for production Services as set out in the applicable Service Level Agreement (SLA) or Order Form. Standard targets include:

Availability: 99.9% monthly uptime for ProtectionGrid production services [review — verify against operational reality];
Response times: as defined per support tier (e.g., 24 hours for Standard, 4 hours for Premium, 24/7 immediate for VIP CISO customers);
Service credits: available for sustained breaches of availability targets, as detailed in the SLA.

SLA credits are Customer's exclusive remedy for service-level failures, except in cases of gross negligence or wilful misconduct. Planned maintenance, force majeure events, and customer-caused outages are excluded from SLA calculations.

Data processing

8.1 Roles

For most Services, identiqa acts as data processor on behalf of Customer (the data controller) within the meaning of GDPR. The specific data processing arrangement is governed by the parties' Data Processing Agreement (DPA), which forms an integral part of the contractual relationship.

8.2 EU-only processing

identiqa processes personal data within the European Economic Area (EEA). Customer Data is not transferred outside the EEA in the ordinary course of operations. Where any limited transfers occur, they are subject to appropriate safeguards under Articles 44–49 GDPR, as detailed in the DPA.

8.3 Sub-processors

identiqa may engage sub-processors to deliver the Services. Customer is informed of new sub-processors with reasonable advance notice and may object on legitimate grounds, as set out in the DPA.

8.4 Customer obligations

Customer warrants that it has all rights, consents, and lawful bases necessary to provide Customer Data to identiqa for processing under these Terms.

For details of how personal data is handled, see our Privacy Policy.

Intellectual property

9.1 identiqa IP

identiqa and its licensors retain all rights, title, and interest in the Services, software, models (including Aura AI and Black Iris AI), Documentation, trademarks, and any improvements thereto. Customer is granted only a limited, non-exclusive, non-transferable right to use the Services during the Subscription term in accordance with these Terms.

9.2 Customer Data

Customer retains all rights in Customer Data. Customer grants identiqa a limited license to process Customer Data solely as needed to provide the Services and as set out in the DPA.

9.3 Feedback

If Customer provides feedback or suggestions about the Services, identiqa may use such feedback to improve its products without any obligation to Customer.

9.4 Aggregated data

identiqa may use anonymized and aggregated information derived from Customer's use of the Services for product improvement, threat intelligence, and security research, provided such information cannot reasonably be used to identify Customer or any individual.

Confidentiality

Each party will treat as confidential any non-public information disclosed by the other party that is marked confidential or that a reasonable person would understand to be confidential. Each party will protect the other party's confidential information using at least the same standard of care it uses for its own information of similar sensitivity (and no less than reasonable care).

Confidentiality obligations survive termination for a period of five (5) years, except for trade secrets and personal data, where confidentiality obligations apply for as long as such information retains its character as a trade secret or is subject to data protection law.

Warranties & disclaimers

11.1 Limited warranties

identiqa warrants that the Services will perform substantially in accordance with the Documentation under normal use. Customer's exclusive remedy for breach of this warranty is for identiqa to use commercially reasonable efforts to fix the breach or, if a fix is not feasible, to provide a pro rata refund of fees prepaid for the affected Services.

11.2 Disclaimer

Except as expressly stated in these Terms, the Services are provided "as is" and "as available". identiqa disclaims all other warranties, express or implied, including warranties of merchantability, fitness for a particular purpose, non-infringement, and that the Services will be uninterrupted or error-free, to the maximum extent permitted by applicable law.

11.3 Security disclaimer

While identiqa applies industry-leading security measures, no security solution can guarantee complete protection against all threats. Customer acknowledges that cybersecurity is a shared responsibility, and identiqa's Services are designed to reduce — not eliminate — the risk of incidents.

Liability & limitation

12.1 Liability cap

Except as set out in Section 12.3 below, each party's total aggregate liability under these Terms is limited to the lesser of (i) the fees paid by Customer to identiqa under the affected Services in the twelve (12) months preceding the event giving rise to liability, or (ii) EUR 500,000 [review — counsel decision; varies by deal size and jurisdiction].

12.2 Excluded damages

Neither party will be liable to the other for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, loss of data, business interruption, or loss of business opportunities, even if advised of the possibility of such damages.

12.3 Carve-outs

The limitations in Sections 12.1 and 12.2 do not apply to:

Liability for death or personal injury caused by negligence;
Liability for fraud or fraudulent misrepresentation;
Liability that cannot be excluded or limited under applicable mandatory law;
Customer's payment obligations;
Either party's indemnification obligations under Section 13;
Breach of confidentiality (Section 10) or intellectual property rights (Section 9).

Indemnification

13.1 By identiqa

identiqa will defend Customer against third-party claims that the Services, when used as permitted under these Terms, infringe the third party's intellectual property rights, and will pay damages finally awarded against Customer (or settlement amounts approved by identiqa). identiqa's obligations are conditional on Customer (i) promptly notifying identiqa of the claim, (ii) giving identiqa sole control of the defence and settlement, and (iii) providing reasonable cooperation.

13.2 By Customer

Customer will defend identiqa against third-party claims arising from (i) Customer's use of the Services in violation of these Terms or applicable law, (ii) Customer Data infringing third-party rights, or (iii) Customer's failure to obtain necessary consents for the processing of personal data.

Force majeure

Neither party is liable for delays or failures in performance caused by circumstances beyond its reasonable control, including natural disasters, war, civil unrest, government actions, internet or utility failures, large-scale cyberattacks against third-party infrastructure, and pandemics. The affected party will use reasonable efforts to mitigate the impact and resume performance promptly.

Changes to these Terms

identiqa may modify these Terms from time to time. Material changes will be communicated to active customers with at least 60 days' written notice via email or through the customer portal. Continued use of the Services after the effective date of the modified Terms constitutes acceptance.

If Customer does not accept material changes, Customer may terminate the affected Subscription with effect from the date the changes would otherwise take effect, by written notice given before that date. In such case, identiqa will refund any prepaid fees for unused Service periods.

Governing law & jurisdiction

Default jurisdiction. Unless the parties agree otherwise in writing in an Order Form or MSA, these Terms are governed by the laws of the Republic of Ireland, and disputes are subject to the exclusive jurisdiction of the courts of Ireland.

16.1 Default rule

These Terms and any disputes arising out of or in connection with them are governed by the laws of the Republic of Ireland, excluding its conflict-of-laws rules. The courts of Ireland have exclusive jurisdiction.

16.2 Alternative jurisdiction by agreement

For Enterprise customers and customers with specific regulatory requirements, identiqa may agree, in writing in an Order Form or MSA, to a different governing law and jurisdiction — typically the law and courts of Customer's country of registration within the EU. Such alternative jurisdictions are subject to identiqa's prior written consent and may require adjustments to other contract terms.

16.3 Arbitration option

By mutual written agreement, the parties may submit disputes to binding arbitration under rules they agree on (e.g., ICC, LCIA, DIS), with the seat of arbitration as agreed. This option is offered for international transactions and where confidentiality of disputes is preferred.

16.4 UN CISG excluded

The application of the United Nations Convention on Contracts for the International Sale of Goods (CISG) is excluded.

Miscellaneous

17.1 Entire agreement

These Terms, together with any Order Form, MSA, DPA, SOW, and Documentation referenced, constitute the entire agreement between the parties regarding the subject matter and supersede all prior agreements and understandings.

17.2 Severability

If any provision of these Terms is held invalid or unenforceable, the remaining provisions remain in full force. The invalid provision will be replaced by a valid provision that comes closest to the parties' original intent.

17.3 No waiver

Failure to enforce any provision of these Terms is not a waiver of the right to enforce it later.

17.4 Assignment

Customer may not assign these Terms without identiqa's prior written consent, except to an Affiliate or in connection with a merger, acquisition, or sale of substantially all assets. identiqa may assign these Terms to an Affiliate or in connection with a corporate reorganization, with notice to Customer.

17.5 Notices

Formal notices must be sent in writing to the addresses specified in the Order Form, by email with confirmation of receipt or by registered post. Notices to identiqa should be sent to legal@identiqa.com with a copy to the registered office.

17.6 Language

The English-language version of these Terms is the binding version. Translations are provided for convenience only.

17.7 Independent contractors

The parties are independent contractors. These Terms do not create a partnership, joint venture, agency, or employment relationship.

Contact

For questions about these Terms or contract negotiation, please contact:

Identiqa EU Ops Ltd.
[Registered office address] [review]
Dublin, Ireland

Legal: legal@identiqa.com
Sales: hello@identiqa.com
Privacy: privacy@identiqa.com