Terms & Conditions

Agreement Structure

These Terms of Service (“Terms”) govern access to and use of the Verity AI product authentication platform, API, and all related services (the “Service”) provided by VerityAI Pty Ltd, ABN 80 634 474 383, a company incorporated in New South Wales, Australia (“Verity AI”, “we”, “us”, “our”).

Where an Order Form has been executed, the following hierarchy applies in the event of conflict: (a) the Order Form; (b) any Data Processing Addendum; (c) these Terms; (d) Verity AI’s Documentation. By accessing or using the Service, Client agrees to be bound by these Terms. Verity AI may update these Terms on 30 days’ written notice for material changes.

Definitions

• “Authentication Request” means a single API call submitted by Client seeking an Authentication Result.
• “Authentication Result” means the probabilistic statistical output returned by the Service, which may be Authentic, Inauthentic, Inconclusive, or expressed as a confidence score. An Authentication Result is not a guarantee, warranty, or legal determination.
• “Client” means the business entity or developer entering into these Terms.
• “Client Data” means all data submitted by Client to the Service, including Product Images and associated metadata.
• “Derived Model Data” means model weights, parameters, embeddings, and machine learning improvements generated by or derived from training on Client Data. Derived Model Data does not contain raw Client Data in identifiable form.
• “Effective Date” means the earliest of: (a) the date Client first accesses the Service; (b) the date Client accepts these Terms electronically; or (c) the date an Order Form is executed.
• “High-Value Decision” means any decision with material financial, legal, reputational, or physical consequence, including refund authorisation above $500, legal proceedings, or product destruction.
• “Order Form” means a written agreement specifying Subscription Tier, volume commitments, fees, and any special conditions.
• “Product Images” means digital images of physical goods submitted by Client to the Service for authentication. Product Images are images of objects, not persons, and are not Personal Data.
• “Verity AI” means VerityAI Pty Ltd, ABN 80 634 474 383.

Licence Grant

Subject to these Terms and payment of applicable fees, Verity AI grants Client a limited, non-exclusive, non-transferable, non-sublicensable licence to access and use the Service via the API solely for Client’s internal business purposes during the Subscription Term.

Developer sandbox access is provided for integration and testing purposes subject to volume limits specified in Documentation. The Service may not be resold, sublicensed, or provided to third parties as a service without Verity AI’s prior written consent. Client is responsible for all use of the Service under its API credentials.

Authentication Results — Nature and Limitations

The accuracy of Authentication Results is affected by: image resolution and quality; camera angle, lighting, and focus; product condition, wear, and age; product category and material complexity; and training data availability for a given brand or product type.

Client acknowledges that: (a) no authentication system is infallible; (b) Authentication Results are one input among several that should inform Client’s decisions; and (c) Client is solely responsible for all decisions made in reliance on Authentication Results. Verity AI strongly recommends human oversight for any High-Value Decision.

Service Levels

Verity AI targets 99.5% monthly uptime for the Service, excluding scheduled maintenance. API response time target is under 5 seconds median per Authentication Request under normal load conditions.

Support response targets

• P1 Critical (Service unavailable): Initial response within 2 hours; resolution target 8 hours
• P2 High (Major feature degraded): Initial response within 4 hours; resolution target 24 hours
• P3 Medium (Minor degradation): Initial response within 1 business day; resolution target 5 business days
• P4 Low (General enquiry): Initial response within 2 business days

Where monthly uptime falls below 99.5%, Client may claim a service credit equal to a pro-rata portion of the monthly platform fee per percentage point of shortfall, up to a maximum of one month’s platform fee. Credits must be claimed within 30 days of the relevant month and are Client’s sole remedy for SLA failures.

Acceptable Use

Client must not use the Service to:

• Submit images containing Personal Data, including images of persons, faces, or identifying documents;
• Reverse engineer, decompile, or attempt to extract the model architecture, training data, or algorithms underlying the Service;
• Use Authentication Results to build a competing product or service;
• Represent Authentication Results as a legal guarantee of authenticity to end consumers without appropriate qualification;
• Circumvent rate limits or access controls;
• Submit fraudulent, misleading, or manipulated images intended to produce a specific Authentication Result;
• Use the Service in connection with any activity that violates applicable law; or
• Resell or sublicense access to the Service without Verity AI’s written consent.

Verity AI reserves the right to suspend access immediately and without notice where it reasonably suspects a Prohibited Use.

Client Obligations

Client represents and warrants that:

• It is a business entity entering these Terms in the course of trade or commerce, and not as a consumer;
• It has the right to submit all images and data it provides to the Service;
• No Product Images submitted contain Personal Data;
• It will implement reasonable security measures to protect its API credentials;
• It will notify Verity AI at security@verityai.app within 72 hours of any actual or suspected breach of its API credentials;
• Its use of the Service complies with all applicable laws in the jurisdictions in which it operates; and
• It will not hold Verity AI responsible for business decisions made in reliance on Authentication Results.

Fees and Payment

Fees consist of an annual platform fee plus per-Authentication-Request charges as specified in the applicable Order Form or Verity AI’s then-current pricing schedule. Invoices are due within 30 days of issue. Late payments accrue interest at 10% per annum from the due date. Verity AI may suspend access for overdue invoices after 14 days’ written notice. All fees are exclusive of applicable taxes. Fees are non-refundable except to the extent of service credits earned under Section 5. Verity AI may increase fees on 60 days’ written notice effective from the next renewal date.

Intellectual Property

Verity AI retains all intellectual property rights in and to the Service, including its API, machine learning models, Derived Model Data, software, algorithms, Documentation, and all improvements thereto. Client acquires no ownership rights in the Service by virtue of these Terms or any Order Form. Client retains all rights in Client Data. Client grants Verity AI a non-exclusive licence to process Client Data solely as necessary to provide the Service and as set out in Section 10.

Model Retraining Licence

10.1 Licence grant

Client grants Verity AI a worldwide, non-exclusive, royalty-free, perpetual, irrevocable licence to use Product Images and Authentication Results to: retrain, fine-tune, validate, evaluate, and improve Verity AI’s machine learning models; generate Derived Model Data; and incorporate Derived Model Data into the Service.

10.2 What we use

• Product Images submitted via the API
• Authentication Results (Authentic / Inauthentic / Inconclusive)
• Confidence scores and model uncertainty signals
• Product category and brand metadata

10.3 What we do not use

• Personal Data of any kind (prohibited from submission under Section 6)
• Images of persons or faces
• Client’s business data, pricing, customer information, or commercial strategies
• Any data that could identify one client to another

10.4 Cross-client isolation

No single Client’s raw Product Images are shared with or visible to any other Client. Derived Model Data represents aggregate learnings and does not expose Client-specific data.

10.5 Security

Product Images used for retraining are stored on encrypted infrastructure (AES-256 at rest; TLS 1.2+ in transit) across Amazon Web Services (AWS) and Google Cloud Platform (GCP). Primary data residency is in Australian cloud regions. Access is restricted to authorised Verity AI engineering personnel.

10.6 Opt-out right

Enterprise Clients may opt out of the Model Improvement Licence by writing to legal@verityai.app. The opt-out must be received before Client submits any production data, or within 30 days of the Effective Date — whichever is earlier. Opt-out may affect per-call pricing. Verity AI will implement confirmed opt-outs within 30 business days.

10.7 On termination

The Model Improvement Licence ceases to apply to Product Images submitted after the termination date. Derived Model Data already incorporated into the Service is not subject to deletion and may continue to inform the Service indefinitely.

Confidentiality

Each party agrees to keep the other party’s Confidential Information confidential and not to disclose it to third parties or use it other than for the purpose of performing obligations under these Terms. “Confidential Information” includes technical specifications, pricing, business strategies, and any information marked confidential. Confidentiality obligations survive termination for five years. Trade secrets (including model architecture and training methodologies) are protected indefinitely.

Warranties and Disclaimer

THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE”. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, VERITY AI EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. VERITY AI MAKES NO WARRANTY THAT ANY INDIVIDUAL AUTHENTICATION RESULT WILL BE ACCURATE, THAT THE SERVICE WILL BE ERROR-FREE OR UNINTERRUPTED, OR THAT THE SERVICE WILL MEET CLIENT’S SPECIFIC REQUIREMENTS.

Limitation of Liability

13.1 Exclusion of consequential loss

To the maximum extent permitted by law, neither party is liable for: loss of profits; loss of revenue; loss of data; loss of goodwill; business interruption; or any indirect, special, incidental, exemplary, or consequential loss.

13.2 Aggregate liability cap

Verity AI’s total aggregate liability to Client for any and all claims is capped at the total fees paid by Client in the twelve months immediately preceding the claim.

13.3 Client indemnity

Client indemnifies Verity AI against all losses, costs, claims, and expenses arising from: (a) decisions made by Client in reliance on Authentication Results; (b) Client’s breach of these Terms; or (c) Client’s violation of applicable law in connection with its use of the Service.

13.4 Business-to-business confirmation

Client confirms it is a business entity entering this Agreement in the course of trade or commerce and not as a consumer. To the maximum extent permitted by the Australian Consumer Law, implied guarantees in sections 60–62 are excluded. If any guarantee cannot lawfully be excluded, Verity AI’s liability is limited to re-supplying the Service or paying the cost of re-supplying it.

Data Protection

14.1 Product Images are not Personal Data

Product Images are images of physical goods submitted for authentication. They are not images of natural persons and do not identify any individual. Product Images are therefore not Personal Data under the Australian Privacy Act 1988, the GDPR, the UK GDPR, or the CCPA/CPRA.

14.2 Prohibition on Personal Data submission

Client must not submit Personal Data to the Service, including images of persons, faces, or government-issued identification. If Client inadvertently submits Personal Data, it must notify Verity AI immediately at privacy@verityai.app.

14.3 GDPR clients

Clients established in the EEA or UK must execute Verity AI’s Data Processing Addendum (Schedule 2) before submitting any data to the Service. The DPA incorporates Standard Contractual Clauses for cross-border transfers to Australia.

14.4 Security

Verity AI implements: TLS 1.2+ encryption in transit; AES-256 encryption at rest across AWS and GCP; token-based API authentication; role-based access controls; regular penetration testing; and audit logging. Verity AI will notify Client within 72 hours of becoming aware of a data security incident affecting Client Data.

14.5 Subprocessors

Primary cloud infrastructure subprocessors: Amazon Web Services (AWS) — ap-southeast-2 (Sydney) primary, us-east-1 (Virginia) secondary; Google Cloud Platform (GCP) — australia-southeast1 (Sydney) primary, us-central1 (Iowa) secondary. Both are ISO 27001 and SOC 2 Type II certified. Current subprocessor list: verityai.app/legal/subprocessors.

Data Retention

On termination, Verity AI will delete or return Client Data (excluding Derived Model Data and legally required records) within 60 days. Client may request a copy of its data within 30 days of termination.

Term and Termination

The Agreement commences on the Effective Date and continues for the initial Subscription Term, automatically renewing for successive equivalent periods unless either party provides 60 days’ written notice of non-renewal. Either party may terminate for cause if the other party commits a material breach and fails to remedy it within 30 days of written notice. Verity AI may suspend access immediately where Client commits a Prohibited Use under Section 6 or fails to pay undisputed invoices after 14 days’ written notice.

Force Majeure

Neither party is liable for failure to perform obligations (other than payment obligations) caused by events beyond its reasonable control. If a force majeure event continues for more than 60 days, either party may terminate the Agreement on written notice without liability.

AI Governance

Verity AI monitors developments under the EU AI Act and will adapt the Service to comply with applicable AI obligations as they take effect. The Service will not be used for biometric identification, social scoring, manipulation of individuals, or any use prohibited under Articles 5 or 6 of the EU AI Act. Authentication Results present confidence levels and are intended to inform, not replace, human decision-making for High-Value Decisions.

Dispute Resolution

The parties will attempt to resolve disputes informally by escalating to senior management within 14 days of written notice of a dispute. If not resolved within 30 days, either party may refer the dispute to mediation administered by the Australian Disputes Centre (ADC) in Sydney. If mediation fails, disputes may be referred to binding arbitration under the ACICA Arbitration Rules (Sydney, Australia), or JAMS International Arbitration Rules (New York) where an Order Form specifies US law. Class action proceedings are waived. Nothing in this section prevents either party seeking urgent injunctive relief.

General Provisions

• Governing law: New South Wales, Australia.
• Entire agreement: These Terms (together with any Order Form and DPA) constitute the entire agreement and supersede all prior agreements relating to the subject matter.
• Severability: If any provision is held invalid, the remaining provisions continue in full force.
• Assignment: Client may not assign these Terms without Verity AI’s prior written consent. Verity AI may assign in connection with a merger or acquisition.
• Notices: Legal notices to Verity AI must be sent to legal@verityai.app.
• Independent contractors: The parties are independent contractors. Nothing in these Terms creates a partnership, employment, or agency relationship.