Digital ID Card Service Product Addendum
Version 1.4 • Dec 27, 2023 View Previous Versions
This Digital ID Card Product Addendum (“Product Addendum”) describes the Subscription for the Licensed Product and is fully incorporated into and made a part of the Master Services Agreement (“MSA”) as published on December 27, 2023 at https://www.id123.io/terms/, between Client and ID123 Inc (“Service Provider”), together with any other incorporated Addendums, each as they may be amended from time to time, the (“Agreement”). Nothing contained herein shall act as a waiver of either party’s rights or obligations arising from the Agreement. Capitalized terms used herein without definition shall have the meanings ascribed to them in the Agreement.
1. Licensed Product
The “Licensed Product” refers to the ID Management System (“IDMS”) and Digital ID Card Wallet App (“ID Wallet”) provided by the Service Provider through its Cloud Service. The Licensed Product enables the Client to manage ID card records that can be installed, displayed, and used by individual users (“End Users”) within their ID Wallet (“Digital ID Cards”) or printed on physical cards (“Physical ID Cards”) using compatible third-party ID card printers. The range of available actions within the Licensed Product depends on the Client’s Subscription level, and may include, but is not limited to:
(A) Designing digital and physical ID card templates,
(B) Creating, updating, and archiving ID Card records,
(C) Issuing Digital ID Cards to end users, managing installed Digital ID Cards, and
(D) Communicating with end users through in-app messaging,
(E) Printing physical ID Cards from ID card records
(F) Integration with 3rd party services,
(G) Interacting with 3rd party hardware.
2. Cloud Service Account Access and Management
The Client’s access to the IDMS shall be provided through a Cloud Services account (“Account”). Account access will commence on the Subscription Start Date and continue until the Termination of this Product Addendum or the Agreement. Each Account is designated for use by only one institution.
The Client may request multiple Accounts, and each requested Account with a Subscription will remain active for the duration of its Subscription Term. The Client is responsible for all agreed-upon costs and fees associated with the usage of each active Account. The Client must manage and monitor their Accounts to ensure compliance with the terms of the Product Addendum and applicable laws, regulations, and guidelines.
The ID Management System data is partitioned logically based on geographic regions (“Logical Region”) and each Account must be setup in the Logical Region where Client issues ID cards to End Users. Logical Regions may be hosted in the United States or may be hosted in data centers in various countries or regions (“Data Region”). Each Accounts Data Region shall be defined in the Order Form. Upon advanced notice to Client, Service Provider may migrate a Logical Region hosted in the United States to its own Data Region. The Service Provider controls all encryption keys in each Data Region and does not share or provide encryption keys with third parties.
3. Subscription Period
The Subscription period of the Licensed Product shall commence on the Effective Date of the initial order and shall continue for an initial term set forth below (the “Initial Term”). After the Initial Term, the Subscription will renew for successive periods of equal duration (each a “Renewal Term”), as set forth below, unless the Subscription is terminated by either party described below
If the Initial Term is a period of (1) one year, the Subscription will automatically renew for successive one (1) year Renewal Terms, each a Subscription Period, unless terminated by either party. To terminate the Subscription, either party must provide written notice of its intent not to renew at least thirty (30) days prior to the end of the then-current Subscription Period, unless otherwise agreed in writing. However, for the Client’s convenience, they may provide notice of termination within the first 30 days after the start of a new one (1) year Subscription Period. It’s important to note that in such cases, any pro-rated fees for usage during this period, as well as any annual fees passed through by third parties that may not be refundable, will be due.
If the Initial Term is one (1) month, the Subscription will automatically renew for successive one (1) month Renewal Terms, each a Subscription Period, unless terminated by either party prior to the next Renewal Term. The Service Provider shall provide Client 30 days’ advance written notice of its intent not to renew. The Client shall authorize an Account administrator to terminate it’s Subscription by signing into their Account and electing to terminate immediately or at the end of the current Term. For data security reasons, the Client may not cancel a monthly Renewal Term solely by providing an email notice of termination.
4. Usage-Based Pricing and Subscription Fee
The pricing for the Licensed Product comprises a subscription fee and usage fees. The Subscription fee covers the Client’s access to the account and features included within their selected Subscription tier. The usage fees are charged on a per-card basis, depending on the number of Digital ID Cards records present in the Client’s Account during each Subscription Period.
The usage fee amount may vary based on the integrations selected by the Client, as well as any additional features or services that are not included in the Subscription fee. The Subscription fee may include a pre-determined number of Digital ID Card records intended to be issued during the Subscription Period. If the Client exceeds this limit, additional usage fees will be applied for each additional Digital ID Card record.
The Client will be billed for the Subscription fee at the beginning of the Subscription Period and invoiced for applicable fees including any usage fees each subsequent monthly invoice cycle or as otherwise specified in the Order Form. The Client is responsible for paying all applicable fees in a timely manner, in accordance with the payment terms outlined in the Agreement.
5. Payment Terms
The Client agrees to adhere to the following payment terms for the Subscription fee and usage fees associated with the Licensed Product:
(A) Invoicing: The Subscription fee will be invoiced based on the Subscription tier selected Usage fees not pre-paid will be invoiced monthly thereafter or at the end of the Subscription Period.
(B) Payment Due Date: All amounts due shall be received by the Service Provider no later than 30 days from the date the invoice is made available to the Client or, if applicable, the payment schedule defined in the Order Form. Amounts not received by the due date will be considered past due.
(C) Late Payment Penalty: The Service Provider reserves the right to impose a late payment penalty of 2% per month on all past due amounts. This penalty will be applied to the outstanding balance and will accrue monthly until the past due amount is paid in full.
(D) Payment Methods: The Client must make payments using the agreed payment methods outlined in the Order Form. The Client is responsible for any fees or charges associated with their chosen payment method.
6. Issuance and Responsible Use of Digital ID Cards
The Client is responsible for the issuance of Digital ID Cards to their End Users through the Licensed Product. The Client must ensure that each Digital ID Card is issued to the correct individual and that the information contained within the card is accurate, up-to-date, and in compliance with all applicable laws, regulations, and guidelines.
The Client is also responsible for monitoring and managing the use of Digital ID Cards by their End Users. The Client must take appropriate measures to ensure that End Users do not use Digital ID Cards improperly, for fraudulent purposes, or in any manner that violates applicable laws, regulations, or guidelines. This may include, but is not limited to, providing clear usage instructions, establishing and enforcing usage policies, and implementing measures to detect and prevent unauthorized or fraudulent use of Digital ID Cards.
In the event that the Client becomes aware of any improper, unauthorized, or fraudulent use of a Digital ID Card by an End User, they must promptly take appropriate action to address the situation, including notifying the Service Provider if necessary.
The Service Provider disclaims any liability for the misuse of Digital ID Cards by Client’s End Users, as well as any consequences or damages resulting from such misuse. The Client acknowledges and agrees that they are solely responsible for the misuse of their issued Digital ID Cards by their End Users and for ensuring compliance with all applicable laws, regulations, and guidelines related to the issuance and use of their Digital ID Cards.
7. Administrator Permissions and System Emails
The Client is responsible for inviting and granting permissions to its Account administrators in accordance with data transfer and protection laws. The Client must ensure that it’s Account administrators have appropriate access rights that align with the Client’s privacy policies, contractual obligations, physical location, and the Administrators employer, physical location, role and responsibilities, and that these permissions do not contravene any applicable laws or regulations governing its data.
The Service Provider sends system emails to administrators invited by the Client to manage their Digital ID Cards. These emails may include account creation, password reset, notifications, and other Account related information necessary for the effective management of the Account by the administrators.
The Client is responsible for providing accurate email addresses for the administrators and ensuring that the invited administrators are authorized to access and manage the Client’s Account. The Client is responsible for ensuring the transfer and storage of email information received by its Account administrators adheres to all applicable laws, regulations, and guidelines. The Service Provider disclaims any liability for unauthorized access or misuse of the system resulting from email addresses provided by the Client.
While the Service Provider makes reasonable efforts to ensure the deliverability of system emails, it cannot guarantee successful delivery or prevent mishandling due to factors beyond its control, such as Client email server settings, spam filters, or use of incorrect email addresses. The Service Provider disclaims any liability for the failure to deliver or Client’s mishandling of system emails to administrators.
8. Email Invitations and Reminders
The Service Provider, on behalf of the Client, may send email invitations to end users, inviting them to install the ID Wallet App and their respective Digital ID Cards. The Client has the ability to customize the content of these email invitations as needed. If the Digital ID Card is not installed within a specified period of time, the Service Provider will also send email reminders to the End Users to complete the installation process.
The Client is solely responsible for the content of the email invitations and reminders, ensuring that they adhere to all applicable laws, regulations, and guidelines. The Client is responsible for ensuring the collection of email addresses as well as the sending of End User Personal Data through email adheres to all applicable laws, regulations, and guidelines where applicable. The Service Provider disclaims any liability for the content of these emails and any consequences that may arise from the Client’s collection of email addresses or the dissemination by email of inappropriate, offensive, or non-compliant content initiated by the Client.
While the Service Provider makes reasonable efforts to ensure the deliverability of email invitations and reminders, it cannot guarantee successful delivery or prevent mishandling of emails due to factors beyond its control, such as End User email server settings, End User email server location, spam filters, or incorrect End User email addresses. The Service Provider disclaims any liability for the failure to deliver, or the Client or End Users mishandling of, email invitations and reminders.
The Service Provider maintains logs of email invitations for a duration based on the Client’s Subscription level and settings. After this duration, the logs will be deleted in accordance with applicable data retention policies. The Service Provider shall not be responsible for retaining logs longer than the specified duration. It is the Client’s sole responsibility to purchase a Subscription level with the adequate log retention.
9. End User Registration
Upon receiving an invitation or instruction, each End Users will register with the ID Wallet directly and upon their own initiative, click the invitation or open the ID Wallet app, provide their email address to the Service Provider and agree to the End User License Agreement(“EULA”) to create an ID Wallet account. The End User may also provide their name and other profile information directly to the Service Provider when registering. The ID Wallet will also collect certain device information to identify each device used by End Users and generate pseudonymized tokens representing the device and the ID Wallet account. The ID Wallet may also collect consent for communication directly from the End User including consent to receive Push Notifications through Apple and Google Services. Consent for Push Notifications, and the transfer and storage of Push Notification data are between the End User, Apple and Google whichever is applicable.
All End User ID Wallet account information, communication consents and device information which is directly received by Service Provider during registration will be stored in the Data Region corresponding to the location where the End User registered. A Digital ID Card issued by Client to an End User will be linked to the End User’s ID Wallet account upon installation in the same Data Region. Each End User may register for an ID Wallet account in more than one Data Regions directly from Service Provider if the End User needs to install Digital ID Cards in more than one Data Region.
10. In-App Messaging and Push Notifications
The Licensed Product enables the Client to send in-app messages and use push notifications to alert their End Users of events related to a Digital ID Card’s lifecycle as well as inform End Users if a new In-App Message is available. The content contained in In-App Messages are stored and processed by Service Provider in the Account’s Data Region and all data is encrypted in transit between the Data Region and the ID Wallet. The content of a Push Notification may be transferred away from the Clients Data Region and processed by third parties with their own relationship with each End User, such as Apple and Google. Therefore, Client agrees not to send End User Personal Data in the text of a Push Notification. By utilizing these features, the Client agrees to adhere to all applicable laws, regulations, and guidelines pertaining to electronic communication and data privacy.
The Client is solely responsible for the content and frequency of the in-app messages and push notifications it sends or configures to be sent to End Users. The Service Provider disclaims any liability for the content or consequences of such messages and notifications sent by the Client, including but not limited to potential violations of privacy laws, data protection regulations, or any harm that may arise from the dissemination of inappropriate or offensive content or links.
Although the Service Provider strives to ensure the timely delivery of in-app messages and push notifications, the actual delivery time or ability to deliver may be affected by factors beyond the Service Provider’s control. The Service Provider shall not be held responsible for any delayed or undeliverable In-App Messages or Push Notifications.
The Service Provider maintains logs of in-app messages for a duration based on the Client’s subscription level and settings. After this duration, the logs will be deleted in accordance with applicable data retention policies. The Service Provider shall not be responsible for retaining logs longer than the specified duration. It is the Client’s sole responsibility to purchase a Subscription with an adequate log retention plan.
11. Physical ID Card Printing
The Licensed Product allows the Client to design and print Physical ID Cards using third-party ID card printers. The Client agrees to comply with all applicable laws, regulations, and guidelines governing the creation, use, and distribution of Physical ID Cards. The Client is responsible for selecting and maintaining the appropriate ID card printer, compatible printing materials, and any other necessary equipment or supplies for printing Physical ID Cards.
The Service Provider disclaims any liability for the quality, performance, or functionality of the Physical ID Cards, as these factors depend on the Client’s choice of printer, printing materials, and adherence to the guidelines provided by the Service Provider. Additionally, the Service Provider shall not be held responsible for any damage, loss, or issues arising from the use, distribution, or possession of Physical ID Cards by the Client or their End Users.
12. Audits & Investigations
The Client acknowledges that the Service Provider is not obliged to monitor or audit any Client Data or content. However, the Service Provider reserves the right, when there is a good cause and at its sole discretion, to audit, investigate, refuse, or remove any content that may violate the terms of this Agreement or any applicable law.
Service Provider will not monitor Client Data classified as Personal Data and will not conduct audits on such Personal Data without express permission from the Client, the Client’s authorized representative, or the End User to whom the Personal Data pertains. This condition can be unilaterally overridden in good faith by the Service Provider when required by law or when necessary for a) an investigation of suspected or reported fraud, b) an investigation a suspected or reported data breach, c) an investigation of a breach of this Agreement, d) ensuring compatibility with a software update, e) the security, health, reputation, safety or welfare of an individual or institution.
By entering into this Product Addendum, the Client gives its irrevocable consent to such monitoring, auditing and investigatory procedures during the Term. It remains the Client’s responsibility to ensure that all content it provides, transmits, or uses in connection with the Licensed Product complies with the terms of this Product Addendum, applicable laws, regulations, and guidelines. The Client must promptly address any issues or concerns raised by the Service Provider regarding the content and take appropriate action to rectify any violations or objectionable content.
13. Client Support
The Service Provider is committed to offering comprehensive support to the Client for the effective use of the Licensed Product and related services. The support options available includes, but is not limited to, the provision of documentation, training materials, troubleshooting, and direct assistance from the Service Provider’s support team, as required.
Based on the Subscription tier, the Service Provider’s support team can be contacted through the designated support channels, such as email or phone, during specified business hours. The support team will make reasonable efforts to respond to and resolve any Client inquiries or issues in a timely and efficient manner, prioritizing requests based on their urgency and impact.
The Client is encouraged to make use of the support resources provided by the Service Provider, such as knowledge bases, FAQs, and user guides, to resolve common issues and better understand the features and functionalities of the Licensed Product.
The Service Provider reserves the right to charge additional fees for support and training services that go beyond the basic support offering or require significant time and resources. Any such additional fees will be communicated to and agreed upon by the Client before the provision of the extra support or training services.
14. End User Support
Client is responsible for all End User support related to the use of the Licensed Product. Client must provide a support email address and support phone number for each Digital ID Card issued to End Users. Client may not publish or provide Service Provider’s support email address or phone number to support an End User.
In addition to the Client-provided support, End Users may occasionally contact the Service Provider directly for assistance through a contact address published in the App Store, Play Store or on the Service Provider’s website. If the Service Provider receives support requests from End Users, they will assess the nature of the request and either redirect the End User to their respective Client End User support contact address or handle the support request directly if applicable.
By handling certain app-related support requests directly, the Service Provider aims to ensure the efficient resolution of technical issues related to the ID Wallet’s functionality and prevent negative app store reviews while allowing the Client to focus on support requests specifically related to the Digital ID Card data and use.
15. Service Uptime
Service Provider shall strive at all times during the Term of the Agreement to ensure that the IDMS Account is functioning as set forth in this Product Addendum at least 99.95% of the time, or as otherwise defined in a separate Service Level Agreement (“SLA”) between the parties.
In addition to the Service Provider’s commitment to service uptime, the Digital ID Cards installed within the ID Wallet are designed to function offline once they have been successfully installed by an End User. This allows End Users to access and use their Digital ID Cards even in situations where internet connectivity is unavailable or limited. However, certain features and functionalities of the ID Wallet that require internet connectivity, such as logging in, updates or synchronization with the IDMS, may not be accessible during offline usage.
16. System Integrations
The Licensed Product may be integrated by Client with external systems, such as access control systems, door entry systems, or backend systems, to synchronize ID card data and enable seamless functionality between systems. The Client is responsible for the proper implementation, configuration, and maintenance of these integrations in accordance with the Service Provider’s guidelines and any applicable laws, regulations, and industry standards.
The Service Provider disclaims any liability for issues, malfunctions, or damages resulting from the Client’s integrations of the Licensed Product with external systems. This includes, but is not limited to, data loss, security breaches, unauthorized access, or disruptions in system operations. The Client acknowledges that any assistance provided by the Service Provider related to system integrations, including guidance, troubleshooting, or support, is provided on an “as-is” basis without any warranty, express or implied. The Service Provider shall not be held responsible for any adverse outcomes or damages resulting from the Client’s reliance on such assistance.
The Service Provider reserves the right to limit, suspend, or terminate the Client’s access to the system integration features if the Client is found to be using the feature in a manner that violates applicable laws, regulations, guidelines, or the terms of this Agreement
16. Google Play Store
The following applies to the ID Wallet which End Users download from the Google Play Store (“Google-Play Apps”): (i) Client acknowledges that the Agreement is between Client and Service Provider only, and not with Google, Inc. (“Google”); (ii) all use of Google-Play Apps must comply with Google’s current Google Play Store Terms of Service; (iii) Google is only a provider of the Google Play Store where End Users obtain the Google-Play Apps; (iv) Service Provider, and not Google, is solely responsible for its published Google-Play Apps; (v) Google has no obligation or liability to Client with respect to Google-Play Apps or this Agreement; and (vi) you acknowledge and agree that Google is a third-party beneficiary to this Agreement as relates to Service Provider’s Google-Play Apps.
17. Apple App Store
The following applies to the ID Wallet which End Users download from the App Store (“App Store-App”): You acknowledge and agree that this Agreement is solely between Client and Service Provider, not Apple, and that Apple has no responsibility for the App Store-App or content thereof. Any use of the App Store-App must comply with the App Store Terms of Service. Client acknowledges that Apple has no obligation whatsoever to furnish any maintenance and support services with respect to the App Store-App. Apple will have no other warranty obligation whatsoever with respect to the App Store-App, and any other claims, losses, liabilities, damages, costs or expenses attributable to any failure to conform to any warranty will be solely governed by this Agreement and any law applicable to Service Provider as the provider of the software. Client acknowledges that Apple is not responsible for addressing any end user claims or those of any third party relating to the App Store-App or an end user’s possession and/or use of the App Store-App, including, but not limited to: (i) product liability claims; (ii) any claim that the App Store-App fails to conform to any applicable legal or regulatory requirement; and (iii) claims arising under consumer protection or similar legislation; and all such claims are governed solely by this Agreement and any law applicable to Service Provider as provider of the software. Client acknowledge that, in the event of any third-party claim that the App Store-App or the possession and use of that App Store-App infringes that third party’s intellectual property rights, Service Provider, not Apple, will be solely responsible for the investigation, defense, settlement and discharge of any such intellectual property infringement claim. The Parties acknowledge and agree that Apple, and Apple’s subsidiaries, are third-party beneficiaries of this Agreement as relates to the App Store-App, and that Apple will have the right (and will be deemed to have accepted the right) to enforce these terms as relates to the App Store-App as a third-party beneficiary thereof.
To use the ID Wallet, each End User must have a valid email address and a mobile device operating system that is compatible with the ID Wallet. The Service Provider does not warrant that the ID Wallet is or will remain compatible with every mobile device or operating system. The Service Provider is not responsible for any data charges an End User may incur from their wireless provider for download, use or upgrading their ID Wallet. Client acknowledges that Service Provider may from time to time publish upgraded versions of the ID Wallet, and if configured by the End User, may automatically upgrade the version of the ID Wallet on their mobile device. The Service Provider also may require End Users to upgrade their version of ID Wallet for good cause in order to continue to use the Digital ID Cards, or upgrade their Operating System to remain compatible with the OS security features compatible with the ID Wallet.
19. Free Trial
If Service Provider offers, and Client registers for, a free trial of the Licensed Product, Service Provider will make the applicable Account available to Client on a trial basis free of charge until the earlier of (a) the end of the free trial period for which Client registered to use the applicable Licensed Product, or (b) the start date that Client purchases a Subscription, or (c) termination of the trial by Service Provider in Service Provider’s sole discretion. Additional trial limitations, restrictions, terms and conditions may appear on the trial registration web page, including the duration of the trial. Any such additional Free Trial terms and conditions are incorporated into this Addendum by reference and are legally binding during the Free Trial. The Service Provider reserves the right to limit, or modify the limits of the Free Trial at any time for any reason.
WITH RESPECT TO THE FREE TRIAL, CLIENT DATA AND CONTENT TRANSFERRED TO THE IDMS DURING THE FREE TRIAL MAY BE PERMANENTLY LOST UNLESS A SUBSCRIPTION IS PURCHASED TO THE SAME FEATURES AS THOSE COVERED BY THE FREE TRIAL PRIOR TO THE END OF THE FREE TRIAL PERIOD. NOTWITHSTANDING ANY SERVICE PROVIDER REPRESENTATION OR CLIENT REMEDY IN THE MASTER SERVICE AGREEMENT, INCLUDING BUT NOT LIMITED TO THE “WARRANTIES” SECTION 5, AND “INDEMNIFICATION” SECTION 9.1,9.4,9.5 , DURING THE FREE TRIAL THE LICENSED PRODUCT IS PROVIDED “AS-IS” WITHOUT ANY WARRANTY OF ANY KIND AND SERVICE PROVIDER SHALL HAVE NO INDEMNIFICATION OBLIGATIONS NOR LIABILITY OF ANY TYPE WITH RESPECT TO THE LICENSED PRODUCT USE DURING THE FREE TRIAL PERIOD UNLESS SUCH EXCLUSION OF LIABILITY IS NOT ENFORCEABLE UNDER APPLICABLE LAW IN WHICH CASE SERVICE PROVIDERS LIABILITY WITH RESPECT TO THE LICENSED PRODUCT PROVIDED DURING THE FREE TRIAL SHALL NOT EXCEED $100.00 USD. WITHOUT LIMITING THE FOREGOING, SERVICE PROVIDER AND AFFILIATED PARTIES DO NOT REPRESENT OR WARRANT TO YOU THAT: (A) YOUR USE OF THE LICENSED PRODUCT DURING THE FREE TRIAL PERIOD WILL MEET YOUR REQUIREMENTS OR THE SERVICE OBLIGATIONS, OR THAT (B) YOUR USE OF THE LICENSED PRODUCT DURING THE FREE TRIAL PERIOD WILL BE UNINTERRUPTED, TIMELY, SECURE OR FREE FROM ERRORS, OR THAT (C) SERVICE PROVIDERS PROVISION OF THE LICENSED PRODUCT WILL CONFORM WITH ALL APPLICABLE DATA PROTECTION LEGISLATION. EXCEPT FOR CLIENTS REMEDY FOR THE DISCLOSURE OF CONFIDENTIAL INFORMATION UNDER SECTION 6, THE CLIENTS SOLE REMEDY FOR ANY BREACH OF THESE TERMS BY SERVICE PROVIDER SHALL BE THE TERMINATION OF THE FREE TRIAL ACCOUNT. CLIENT SHALL BE FULLY LIABLE UNDER THIS AGREEMENT TO SERVICE PROVIDER AND END USERS FOR ANY DAMAGES ARISING OUT OF ANY BREACH OF THIS ADDENDUM OR THE USE OF THE LICENSED PRODUCT BY CLIENT DURING THE FREE TRIAL PERIOD.