Terms of Service
Note that if you use Danish MitID in production, a MitID-specific set of terms apply in addition to the terms in this document.
1. The Services
Criipto offers identification, authentication, and authorization services (“Services”) on a subscription basis (“Subscription”).
The Services integrate a range of independent 3rd party services not included in the Services provided by Criipto. Such 3rd party services are not covered by these terms even if such services are invoiced through the intermediary of Criipto.
Criipto collects and processes authentication and authorization data (including any personal data) for the Customer’s end users (“End User Data”) on behalf of the Customer. Criipto has no contractual relationship with the Customer’s end users whose data it processes.
The Customer owns its End User Data. The Customer hereby grants Criipto a, non-exclusive, royalty-free, sub-licensable, transferable license to use the End User Data as strictly necessary for Criipto to provide the Services.
The features and functionality of the Services available to the Customer will be based on the Subscription packages chosen by the Customer. Any new features that augment or enhance the current Services, including the Application Programming Interfaces (“API”) and/or the Subscription packages, including the release of new tools and resources, shall be subject to the Terms of Service (“Terms”).
Criipto will, from time to time, introduce changes to its APIs and Services. This may require the Customer and/or end users to modify their use of Criipto-provided APIs and/or install software updates provided by Criipto or by third parties to continue accessing the Services (such changes hereafter referred to as “Breaking Changes”). In the case of Breaking Changes, Criipto will give at least twelve (12) months prior written notice to the Customer to allow the Customer to update its API usage and/or install software updates.
Criipto shall provide the Services as per the Service Level Agreement at https://criipto.com/legal/sla
To use the Services, the Customer will need to register as a user (a “Registered User”) by creating an account. During the registration process, the Customer will have to provide either a valid email address and password, alternatively, credentials to authenticate with a third-party federated identity provider with whom the Customer has an established account (e.g., GitHub, Google, Microsoft). The third-party federated identity provider will, with the Customer’s permission, provide Criipto with a verified email address associated with the Customer’s account.
The Customer will provide a unique identifier for its account domain. The Customer may invite individuals, authorized and permitted by the Customer, to use the Services (“Authorized Users”) through the dashboard after login into the Customer’s account at the designated URL.
The Customer will be responsible towards Criipto for any and all acts or omissions of the Authorized Users and must indemnify Criipto for all resulting losses. The Customer represents and warrants that all registration information provided by the Customer and by Authorized Users is truthful and accurate and that the Customer shall maintain and preserve the accuracy of such information. The Customer is solely responsible for the confidentiality of its user accounts, including accounts of Authorized Users and their end users, as well as for use and misuse. The Customer shall promptly inform Criipto of any need to deactivate any Authorized User.
3. Fees, Subscription Period, and Automatic Renewal
The Services are provided to the Customer for such period (the “Subscription Period”) as stipulated in an invoice or in the Criipto Service Order Form (the “Order Form”), at Criipto’s applicable pricing at the time of delivery of the Services, or such other pricing agreed and set forth in the Order Form (the “Fees”).
The Customer agrees to pay any applicable Fees. Criipto may use a third-party service provider (“Third Party”) to process the Customer’s payment in connection with the use of the Services. The Customer warrants and represents to be a valid owner or authorized user of the credit card or other payment information provided to such Third Party and that all credit and payment information is accurate.
When the Customer signs up to use the Services, the Customer agrees that the Subscription Period will automatically renew on a monthly or annual basis (or such other renewal period as agreed upon in an invoice or the Order Form) until termination pursuant to these Terms of Service. If not terminated by the Customer, the Subscription Period will automatically renew.
Unless otherwise stated in an invoice or the Order Form, the Fees shall automatically be adjusted with effect from each renewal of the Subscription Period to the applicable pricing at the time of renewal. Criipto can at any time adjust the Fees or institute new or additional Fees with the same notice as Criipto may terminate the Services pursuant to the Order Form or in any case with effect at the beginning of a new Subscription Period.
4. Use of Subcontractors
Criipto may use third-party service providers to perform all or any part of the Services. Criipto is responsible for the Services performed by its third-party service providers to the same extent as if Criipto performed the Services.
5. Use of Personal Data
The Services may involve the transmission to Criipto of certain personally-identifiable information (“Personal Data”). For the processing of Personal Data under this Agreement, both the Customer and Criipto shall be considered as a data controller unless otherwise stated in the Order Form or elsewhere in writing. Criipto’s policies concerning the collection and use of such Personal Data are governed by our Data Protection Policy (located at https://criipto.com/legal/privacy/.
6. License Grant; Restrictions on Use
(a) License Grant. Subject to these Terms of Service, Criipto hereby grants the Customer and Authorized Users, only during the applicable Subscription Period, a limited, non-exclusive, worldwide, non-transferable license to use the Services.
(b) Restrictions on Use. the Customer will not (and shall ensure that any Authorized Users or third parties do not): (i) reverse engineer, decompile, disassemble, or otherwise attempt to discern the source code or interface protocols of the Services; (ii) modify, adapt, or translate the Services (unless as necessary for the performance of the Services in accordance with these Terms of Service; (iii) make any copies of Criipto (or Criipto’s third-party service providers) Intellectual Property (as defined below); (iv) remove or modify any proprietary marking or restrictive legends placed on the Criipto Management interface/UI; (v) use the Services in violation of any applicable laws or for any purpose not specifically permitted in these Terms of Service; or (vi) introduce into the Services any software, virus, worm, “back door,” trojan horse, or similarly harmful code. The Customer is allowed to monitor the usage of the Services (e.g. counting the volume usage of the Services). In addition, the Customer may access the Services for purposes of penetration testing. However, such tests should always be agreed upon with Criipto upfront (taking into account a reasonable notification period). In case of penetration testing, the parties performing such tests will comply with https://www.microsoft.com/en-us/msrc/pentest-rules-of-engagement or other applicable rules or standards.
7. Use of the Services
The Customer shall not use the Services for any unlawful purpose;
The Customer shall not upload, post, email, transmit or otherwise make available any content that infringes any copyright, trademark, right of publicity, or other proprietary rights of any person or entity.
The Customer shall not interfere with or attempt to interrupt the proper operation of the Services through the use of any virus, device, information collection or transmission mechanism, software or routine, or access or attempt to gain access to any data, files, or passwords related to the Services through hacking, password or data mining, or any other means.
The Customer shall not abuse or send excessively frequent requests to the Services. Requests are generally considered excessively frequent when the substantial volume is not driven by end-user interaction or when the volume is more than an order of magnitude above the subscribed or otherwise agreed-on volume.
8. Penetration Testing
The Customer is only allowed to perform penetration testing with prior written consent from Criipto. The details of penetration testing will be agreed upon in writing with Criipto prior to execution.
In case of penetration testing, the parties performing such tests must comply with the rules of the underlying hosting platform, Microsoft Azure (https://www.microsoft.com/en-us/msrc/pentest-rules-of-engagement), or other applicable rules or standards.
9. Disclaimer and Limitation of Liability
The Customer acknowledges and agrees that the Services merely provide connectors that allow the Customer to interact with applications created by the Customer or any third party. Criipto may or may not have any contractual relationship with such third parties. Criipto will use commercially reasonable efforts to resolving any connectivity issues that may arise from changes made by such third parties. In no event shall Criipto, its affiliates, subsidiaries, or its subcontractors (collectively the “Criipto parties”) be liable or responsible for any discontinuity related to third-party applications if such discontinuation is solely attributable to a such third party. In no event shall any party be liable for special, indirect, punitive, exemplary, or consequential damages, including without limitation lost profits, revenues, or savings, arising out of or relating to the Services or under these Terms of Service, even if such party has been advised of the possibility of such damages in advance.
In no event shall the total cumulative liability of the Criipto parties or of the Customer for direct damages arising under these Terms of Service and relating thereto, exceed (i) the total fees paid by the Customer during the Subscription Period immediately preceding such claim or (ii) the amount of one million euro (1,000,000 EUR), whichever of both amounts is the lowest.
10. Intellectual Property
As between the Customer and Criipto (and Criipto’s third-party service providers), the Customer warrants that it has the right to process data on behalf of its end users and other content submitted or transmitted by the Customer to, through, or in connection with the Customer’s use of the Services (“Customer Content”). Criipto (or Criipto’s third-party service providers) owns the Services as such, and there shall be no transfer of ownership in respect of the Services to the Customer), including but not limited to visual interfaces, interactive features, graphics, design, compilation, computer code, products, software, and all other elements and components of the Service excluding Customer Content. Criipto (or Criipto’s third-party service providers) also owns the copyrights, designs, trademarks, service marks, trade names, and other intellectual and proprietary rights throughout the world (“Intellectual Property”) associated with the Services, which are protected by copyright, design rights, trade dress, patent, trademark laws and all other applicable intellectual and proprietary rights and laws. Except as expressly and unambiguously provided in these Terms of Service, Criipto does not grant any express or implied rights, and all rights in and to the Services and Intellectual Property are retained by Criipto (and/or Criipto’s third-party service providers).
11. Infringement of third-party Intellectual Property Rights
Criipto is responsible for ensuring that the Services, excluding Customer Content, do not infringe any Intellectual Property rights held by a third party.
Criipto shall indemnify and keep the Customer harmless from any claims from third parties made on the basis that the Services infringe on the Intellectual Property Rights of a third party.
12. Force majeure
Neither party shall be liable towards the other party to the extent that the liability is incurred due to matters beyond the party’s control or matters which the party ought not to have taken into account at the time of signing of these Terms of Service or attempted to avoid or overcome, including, but not limited to, pandemics, wars, fire, strikes and lockouts, flood, explosion, civil disorder, power failure, acts of civil or military authorities, theft, vandalism, misuse, insurrection, inability to obtain the necessary supplies (“Force Majeure”). Circumstances experienced by Criipto’s third-party service providers shall be regarded as Force Majeure in cases where the third-party service provider is faced with an obstacle falling within the first sentence of the present section.
13. Audit and Inspections
Upon thirty (30) days' notice to Criipto and no more than once within any rolling twelve (12) months period, the Customer shall, at its own cost, be entitled to inspect and audit Criipto for the following reasons:
the need for the Customer’s external auditors to carry out legally required audits according to generally accepted auditing standards;
the Customer’s internal auditors need to carry out audits in accordance with procedures for internal control as well as other relevant regulatory requirements; or
the Customer’s internal or external inspectors’ or auditors’ need to carry out audits, limited, however, to verify that Criipto complies with its obligations.
Notwithstanding the above-mentioned, the Customer agrees that no information can be audited in relation to any activities that are not directly provided to the Customer and that no information relating to Criipto’s costs or any other financial information (except for sales prices agreed between the Customer and Criipto) shall be made available to the Customer or its auditors.
In the event that any external parties participate in the audit, the Customer shall ensure and provide evidence that such external parties are bound by confidentiality obligations that are reasonably acceptable to Criipto.
The Customer shall not, without the prior written consent of Criipto, assign or transfer the Agreement or any of its rights under the Agreement to any other person, firm, or company.
Criipto is entitled to mention the Customer in its marketing material, both in writing and by use of the Customer’s logo.
If any part of these Terms of Service is held to be invalid or unenforceable, then such part shall be construed in accordance with the applicable law as nearly as possible to reflect the original intentions of the parties, and the remainder of these Terms of Service shall remain in full force and effect.
This sections 9, 10, and 11 ("Disclaimer and Limitation of Liability", "Intellectual Property", and "Infringement of third-party Intellectual Property Rights" respectively), shall survive the termination of these Terms of Service.
No waiver shall be effective unless in writing and duly signed by both parties. Neither the course of conduct between parties nor trade practice shall act to modify any provision of these Terms of Service.
Any specific terms detailed in the Order Form take precedence over any conflicting terms between the Order Form and these Terms of Service.
These Terms of Service contain the entire agreement of the parties concerning its subject matter and supersedes all existing agreements and all other oral, written, or other communication between the parties concerning the subject matter.
17. Dispute resolution
The validity, interpretation, and performance of these Terms of Service shall be controlled by and construed under the laws of Denmark. The United Nations Convention on the International Sale of Goods shall not apply.
Except for proceedings commenced by Criipto to protect its Intellectual Property or confidential information which may be brought in any court of competent jurisdiction, the parties mutually agree that any dispute arising out of or relating to the Terms shall be referred to the Court of Copenhagen as first instance venue.