By accessing or using the PASSID API, SDK, or dashboard ("Services"), you agree to these Terms on behalf of your organisation ("Institution"). If you do not agree, do not use the Services.
PASSID provides credential verification infrastructure. We do not make lending decisions, institution decisions, credit bureau files, or raw-data stability signals. PASSID verifies the validity and freshness of a PASSID credential and returns structured signal claims. All lending decisions are the sole responsibility of the Institution.
API keys are issued per organisation. You may not share, resell, or sublicense API access. Rate limits apply per tier. Abuse of the API (including adversarial probing of credential claims) will result in immediate suspension.
Production tier: reliability commitments are defined in customer agreements, excluding scheduled maintenance. Enterprise tier: commercially agreed reliability commitments. Compensation for SLA breaches is limited to service credits as defined in your order form.
PASSID processes personal data as a data processor on behalf of Institutions where applicable. The Data Processing Agreement (DPA) governs these obligations and is incorporated by reference into these Terms. Both parties agree to comply with applicable data protection law.
PASSID and its licensors own all rights in the Services, APIs, and documentation. You receive a limited, non-exclusive, revocable licence to use the Services for your internal business purposes during the term.
To the maximum extent permitted by law, PASSID's aggregate liability for any claim arising from these Terms is limited to the fees paid by you in the 3 months preceding the claim. PASSID is not liable for indirect, incidental, or consequential damages.
These Terms are governed by English law. Disputes shall be resolved in the courts of England and Wales.
We may update these Terms with 30 days' notice for material changes. Continued use after the notice period constitutes acceptance.