Effective Date: 12/1/2025

Last Updated 1/23/2026

Welcome to SendAuth (“SendAuth,” “we,” “us,” or “our”). These Terms of Service (“Terms”) govern your access to and use of the SendAuth authentication platform, APIs, websites, and related services (collectively, the “Service”).

By using the Service, you agree to these Terms. If you do not agree, you must not use the Service.

1. Overview of the Service

SendAuth provides a cloud‑based identity‑verification and authentication platform used by organizations (“Customers”) to verify the legitimacy of end‑user requests made via phone, email, or other supported communication channels.

SendAuth allows Customers to authenticate users through:

• Passkey-based authentication

• Biometric confirmation performed locally on the user’s device

• Device-binding and cryptographic challenge/response

SendAuth never stores biometric templates and does not act as a consumer login provider.

2. Parties to This Agreement

These Terms apply to:

• Customers (organizations) that license, integrate, or administer SendAuth

• End-users who perform authentication through SendAuth on behalf of a Customer

Where applicable, SendAuth acts as:

• A Service Provider / Data Processor for Customer data

• A Controller only for limited operational and service-level metadata, as described in this Privacy Policy

3. Eligibility

To use the Service:

• Customers must be authorized business entities capable of entering legally binding agreements.

• End-users must be authorized by the Customer and meet minimum age requirements defined by applicable law (typically 13+ in the U.S., 16+ in the EU).

4. Customer Responsibilities

Customers agree to:

• Use the Service only for lawful identity-verification purposes.

• Configure authentication workflows accurately and maintain secure integrations.

• Obtain all legally required end-user consents for identity verification.

• Not use SendAuth for surveillance, monitoring, harassment, or other improper purposes.

• Notify SendAuth immediately of any suspected misuse or account compromise.

5. End‑User Responsibilities

End‑users agree to:

• Use accurate information during authentication.

• Maintain the security of their mobile device and passkey or biometric credentials.

• Avoid attempting to bypass, interfere with, or manipulate the authentication process.

6. Prohibited Uses

Customers and end‑users may not use SendAuth to:

• Conduct identity theft, impersonation, or fraudulent verification.

• Target individuals based on protected characteristics.

• Break encryption, interfere with network security, or attempt to reverse-engineer the Service.

• Send spam, phishing content, or unauthorized communications.

• Collect or process biometric data outside the user’s device (SendAuth never receives it).

SendAuth reserves the right to suspend or terminate accounts violating these rules.

7. Data Handling & Privacy

SendAuth processes two categories of information:

7.1 Customer Data (Processed on Customer’s behalf)

• End-user identifiers provided by the Customer

• Authentication results (success/failure, risk flags)

• Metadata necessary for the Customer’s workflow

SendAuth acts as a Data Processor / Service Provider for this information.

7.2 Operational Data (Processed as Controller)

• Device model, OS data, and integrity signals

• IP-based region data, fraud indicators, and telemetry

• Logs required for security, troubleshooting, and compliance

All processing is detailed in the SendAuth Privacy Policy.

SendAuth never stores biometric identifiers or private passkeys.

8. Service Availability

SendAuth targets high availability of its authentication infrastructure but does not guarantee uninterrupted service.

We may temporarily suspend service for:

• Maintenance

• Security events

• Emergencies

• Circumstances beyond our control

We are not liable for downtime outside our direct control.

9. Intellectual Property

All software, APIs, user interfaces, trademarks, and documentation are the exclusive property of SendAuth or its licensors.

Customers receive a limited, non‑exclusive, non‑transferable license to access the Service.

Reverse engineering, duplication, or derivative works are strictly prohibited.

10. Billing & Payment (If applicable)

If the Customer subscribes to a paid tier:

• Charges are invoiced per the Customer’s subscription plan.

• Fees are non-refundable unless otherwise stated.

• Overages may apply if usage limits are exceeded.

• Failure to pay may result in account suspension.

11. Confidentiality

Each party agrees to protect the other’s confidential information, including:

• Customer integration details

• Authentication logs

• Security practices

• Proprietary technology

Exceptions apply for information required by law.

12. Security

SendAuth maintains a SOC‑aligned security posture, including:

• End-to-end encryption

• Strong key management

• Zero-password storage

• Hardware-backed passkey verification where available

• Incident response procedures

Customers must maintain security of their own systems and credentials.

13. Disclaimer of Warranties

The Service is provided “AS IS” and “AS AVAILABLE” without warranties of any kind, express or implied.

SendAuth disclaims:

• Merchantability

• Fitness for a particular purpose

• Non-infringement

• Error-free or uninterrupted operation

Some jurisdictions do not allow certain disclaimers; in those regions, disclaimers apply to the maximum extent allowed.

14. Limitation of Liability

To the fullest extent permitted by law:

SendAuth will not be liable for:

• Indirect, incidental, special, or consequential damages

• Lost profits, lost business, or data loss

• Damages exceeding the total amount the Customer paid in the prior 12 months

For free or trial accounts, SendAuth’s liability is limited to $100.

15. Indemnification

Customers agree to indemnify and hold SendAuth harmless from claims arising from:

• Customer misuse of the Service

• Customer’s failure to comply with applicable laws or obtain required end-user consent

• Unauthorized access or security breaches attributable to Customer systems

16. Termination

Either party may terminate use of the Service:

• With notice

• Immediately upon breach

• As required by law

Upon termination:

• Customer access and API keys will be disabled

• SendAuth may delete Customer Data in accordance with its retention policies

• Logs required for legal, security, or audit purposes may be retained

17. Governing Law

Unless otherwise agreed:

• These Terms are governed by the laws of the State of Texas, without regard to conflict-of-law rules.

• Any disputes will be resolved in courts located in Travis County, Texas.

18. Changes to These Terms

SendAuth may update these Terms periodically. Updated versions will be posted with a new Effective Date.

Continued use of the Service constitutes acceptance of the updated Terms.

19. Contact Information

For questions about these Terms:

SendAuth Legal Department
Email: [email protected]