API Agreement

1.1 About us. We’re Thirdfort Limited (“Thirdfort”) and we are a company registered in England and Wales (company no. 10757456) at Belle House, Platform 1, Victoria Station, London, England, SW1V 1JT.

1.2 Our services. We operate a web platform (“Platform”) and a mobile app (“App”), through which we offer a range of KYC, AML, Source of Funds verification and KYB services (“Services”) designed to help professional advisors understand the risks associated with verifying their individual and corporate clients. We’ll carry out their preferred verification on their clients and then provide them with reports of the verification results (“Reports”). 

1.3 You. You are either: 

(a) a client or prospective client of Thirdfort who uses, or intends to use, the Services to verify your individual and corporate client (“Thirdfort Client”); or

(b) a partner or prospective partner who makes, or intends to make, the Services available on your system to your customers, who may then use the Services to verify their individual and corporate client (“Thirdfort Partner”). 

1.4 API Agreement. We have agreed, in our sole discretion, to make available the Services to you via the API (as defined in clause 2). These are our terms and conditions for your use of the Thirdfort API (“API Agreement”). If you access the Thirdfort API to integrate our services with your systems, you will be deemed to have agreed to these terms.

1.5 Other applicable terms and conditions. This API Agreement applies solely to your use of the Thirdfort API. In addition, the following terms may also apply:

(a) “Main Agreement”, meaning either 

(i) the partnership agreement agreed between the you and us, if you are a partner of ours; 

(ii) the Thirdfort Terms of Use at https://www.thirdfort.com/terms/terms-of-use/, If you are a Thirdfort Client; or

(iii) The bespoke agreement we agreed with you that governs our service provision.

(b) Any other statement of work, pricing sheets, order forms or agreements that may be communicated to you from time to time. 

1.6 Term. This API Agreement will become effective from the earlier of (i) when you access and make use of the Thirdfort API; or (ii) when you agree to the Main Agreement. The API Agreement shall remain effective until terminated in accordance with clause 7 (“Term”). 

2.1 Access and documentation. Subject to your compliance with these terms, we shall provide you with:

(a) the relevant application programming interfaces or similar technology that facilitates communication with platforms owned and operated by Thirdfort and is used to facilitate the integration of the Platform with your systems, which comprises both production and non-production environment (including but not limited to any sandbox or testing environments) (“API”), and

(b) any documentation relating to the API such as user guides and any other relevant documentation made available to you by us, each as amended from time to time (“API Documentation”). 

2.2 Licence. Subject to your payment of any applicable fees (set out in clause 2.11) and compliance with this API Agreement, we hereby grant you a limited, non-exclusive, non-transferable, revocable, non-sublicensable licence during the Term to use the API and the API Documentation strictly as required to complete and maintain the Integration. 

2.3 Compliance with API documentation. You shall comply with the API Documentation in connection with the Integration and your use of the API.  

2.4 Integration. You will access the API and API Documentation to perform all the software and software integration work required to ensure that the Platform and your systems are fully integrated with each other and can communicate effectively with each other in accordance with the API and API Documentation and any other reasonable instructions provided by us (“Integration”); 

2.5 Completion of integration verified by Thirdfort. You must ensure the Integration is successfully completed and verified by us prior to using the Services to verify your clients or making the Services available to your customers. Both you and us acknowledge that our verification does not mean that we guarantee that the integration will be free of errors or inaccuracies, and this clause 2.5 does not limit your obligation to maintain the integration under clause 2.7.  

2.6 Enabling the provision of our Services. Following successful completion of the Integration by you (as verified by us in accordance with clause 2.5), during the Term, you shall then enable your systems to communicate with the Platform via the Integration and to: (i) receive the Services, and (ii) view and/or request a download of the Report(s); for the avoidance of doubt, any licence to use the Platform (including via the Integration) shall be in accordance with clause 5.

2.7 Maintenance. Following successful completion of the Integration by you (as verified by us in accordance with clause 2.5) you agree that you must maintain the Integration at all times during the term so that you can receive the Services. Maintenance shall include but is not limited to bug fixing, outage recovery and additional work required under clause 2.8 and 2.9. 

2.8 Upgrade and additional work. You undertake to upgrade the systems and perform any additional software integration work, as may be necessary (including following any amendment to the API, API Documentation or Platform) to ensure that the Integration is always maintained in accordance with this clause 2; and

2.9 Changes. We may, or may require you to, amend the API and API Documentation from time to time in our absolute discretion. We will endeavour to inform you of such amendments on reasonable notice, but you acknowledge that in urgent situations, such as where there are security concerns or where the Services has been or may be materially impacted, it may be necessary to for us or you to make emergency amendments to the API and/or API Documentation with little or no prior notice to you. Failure to make these amendments within the agreed time frame may result in the integration to stop working and we shall have the right to suspend your access to the API in accordance with clause 8.2;

2.10 Additional Services. If you update your integration to incorporate additional Services after the initial verification under clause 2.5, such updates must also undergo our verification process as set out in clause 2.5. 

2.11 Cost and scope. Any costs and scope of the API integration project will be communicated to you and agreed in writing between the parties as part of the Main Agreement.

3.1 Your warranties. You warrant to us that you will:

(a) take all reasonable steps to ensure you comply with all applicable legislation and laws (including data protection and privacy laws); and

(b) without prejudice to clause 3.1(c), use all reasonable endeavours to: 

(i) safeguard all secretes and credentials used to access all Services, the API and API Documentation; and 

(ii) prevent unauthorised use of your Thirdfort account or the API;

(c) tell us as soon as possible if you suspect or become aware of any: 

(i) unauthorised access or use of the Platform, Services, the API, or App and/or API Documentation; or

(ii) data or security breach.

(d) use reasonable endeavours to inform us of any information security issues that may put at risk any part the of the Services, the API or Platform and/or API Documentation as soon as you discover them, whether or not the potential issue may be considered your responsibility; and

(e) not conduct any security testing (including pentesting) or any other form of testing of the Services, the API or Platform and/or API Documentation that may affect the Services, the API or Platform and/or API Documentation (such as load testing) without our prior permission.

3.2 You won’t:

(a) use any real personal data of your clients when testing the non-production environment unless

(i) you have obtained consent from the individual to whom the personal data relates to or identified another legal basis under applicable data protection legislation; and

(ii) explicitly agreed between you and us.

(b) use the Platform, Services, the API or Reports and/or API Documentation to do anything illegal, harmful, fraudulent, or anything that may damage our and our third party product providers’ reputation. Third party products providers shall mean those listed under ‘Data Providers’ at https://www.thirdfort.com/terms/third-party-service-providers/ (“Third Party Products Providers”)

(c) use the Platform, Services, the API, or Reports and/or API Documentation to build any competing products or services (or allow anyone else to do so);

(d) attempt or allow others to adapt, alter, copy, duplicate, correct, modify, create derivative works from, derive the source codes of, decompile, commercial exploit, reverse-engineer, sublicense, resell or distribute without our permission the Platform, Services, the API, Reports, products of Third Party Providers, any of our tangible or intangible assets (including those made available to you via a partner of Thirdfort) and/or the API Documentation in whole or in part in any form;

(e) disclose credentials or session material used to access the Platform, the API or Services and/or API Documentation to any other party without our permission; 

(f) attempt to weaken, bypass or otherwise render less effective the security controls put in place by us to protect the Platform, the API or Services and/or API Documentation;

(g) act or omit to act in a way which interferes with or compromises the integrity or security of the Platform, Services, the API or Reports and/or API Documentation;

(h) attempt to access the Platform, the API or Services and/or API Documentation and any components of the Platform, the API or Services and/or API Documentation other than through the means made available to you by us; or

(i) share the Services, the API or Reports and/or API Documentation with any third party, unless permitted by us (see clause 7 of our Terms of Use). 

4.1 IP. We undertake to ensure that the Platform, the API, Services and Reports and/or API Documentation (as applicable) do not infringe any third party’s intellectual property.

4.2 API performance. We shall use our reasonable endeavours to ensure that the API performs materially in accordance with the API Documentation.

4.3 Disclaimer of warranties. We do not guarantee that the Services will be error-free and uninterrupted. Unless these terms say otherwise, we disclaim all warranties, conditions and other terms (express or implied, statutory or otherwise) in relation to the Services, Platform, the API and/or the API Documentation as far as legally possible. Furthermore, we expressly exclude any warranty or guarantee regarding the accuracy, uptime, performance, reliability or stability of our non-production environment, including but not limited to any sandbox or testing environments. These environments are provided 'as is' and are intended solely for development and testing purposes.

5.1 No unlawful exclusions. Neither you nor we limit or exclude any liability for:

(a) death or personal injury caused by negligence;

(b) fraud or fraudulent misrepresentation; or

(c) anything else which cannot be lawfully limited or excluded.

5.2 Liability cap. Each party's total liability to the other in connection with the terms in this API Agreement will be governed by the liability clause in the Main Agreement. 

5.3 Exclusions. We won't be liable for:

(a) indirect, special or consequential losses;

(b) loss of goodwill, revenue, profits, reputation, wasted management time or anticipated savings;

(c) losses arising from your use of the Platform, Services or Reports in breach of these terms or our instructions;

(d) losses arising from the data you, your users or representatives have provided; 

(e) other losses you could have reasonably predicted and prevented, including loss of your data if you haven’t kept back-ups; 

(f) losses attributable to third party system and we make no warranty or representation in relation to any third party systems or platforms; or

(g) losses caused by any Third Party Products Providers. 

5.4 Further exclusion. Without prejudice to clause 5.1, we won’t be liable for losses arising from your use of the API. 

5.5 Waiver. You waive all potential rights against us for claims arising from the Platform, Services, the API or Reports and/or the API Documentation in connection with the services you provide to your client as far as legally allowed. 

6.1 Ownership. We and our relevant licensors own all intellectual property in the Services, Platform, the API, and Reports and/or API Documentation. You (or your relevant licensors) own all intellectual property in your own data. Neither party has any rights or licences in the other’s IP except as stated in these terms.

6.2 Licence to use your data. You grant us a non-exclusive, royalty-free, revocable licence to copy and use any data you provide to us or contained within the Reports to the extent we need to provide the Services.

6.3 Licence to use your feedback. You grant us a non-exclusive, perpetual, irrevocable, royalty-free, worldwide licence to use and incorporate into the Platform, App, the API, Services or Reports and/or API Documentation any suggestion, enhancement request, recommendation, correction or other feedback you provide. This will not cover any personal data.

6.4 Restrictions. Both you and we agree not to:

(a) at any time, do, or omit to do, anything which is likely to prejudice the other party’s ownership (or the other party’s licensors’ ownership) of their intellectual property rights; and

(b) remove, suppress or modify in any way any proprietary marking, including any trade mark or copyright notice, on or in the materials of the other party and agree to incorporate any such proprietary markings in any copies it takes of such materials.

6.5 Our indemnity. We will indemnify you against any losses, damages and other liabilities arising out of or in connection with a third party claim that the Platform, Services, the API or Reports and/or API Documentation (as applicable) infringes their IP.

7.1 “Affiliates” means any entity that directly or indirectly controls, is controlled by, is under common control with or is otherwise in the same group of entities as a party to these terms.

7.2 “Confidential Information” means all information that is: 

(a) disclosed by a party (“Discloser”) or on its behalf by its authorised representatives or Affiliates before or after the parties have agreed to these terms,

(a) to the other party to these terms (“Receiver”), and

(c) relates to the Discloser’s business, products, finances and affairs that would reasonably be considered to be confidential under the circumstances in which it is shared. This also includes any third party information that a party is bound to keep confidential.

7.3 Exclusion. Confidential Information does not include information that is:

(a) in the public domain not by breach of this clause; 

(b) known by the Receiver at the time of disclosure;

(c) lawfully obtained by the Receiver from a third party;

(d) independently developed by the Receiver without access to or use of the Confidential Information; or

(e) expressly indicated by the Discloser as not confidential. 

7.4 Receiver’s obligations. The Receiver must:

(a) only use the Confidential Information to enforce its rights or perform its obligations under:

(i) these terms and other agreements entered into between the parties; and

(ii) any applicable laws or regulations;

(b) protect the confidentiality of any Confidential Information that is shared between us and not to share it unless allowed by this clause 7; 

(c) promptly notify the Discloser of any breach that the Receiver has become aware of; and

(d) destroy, erase or return any Confidential Information it holds within 30 days of the Discloser’s request. The Receiver may retain copies of the Confidential Information that are securely stored to meet legal or regulatory obligations. 

7.5 Permitted disclosure. The Receiver can share Confidential Information: 

(a) where legally required (provided the Receiver notifies the Discloser as soon as possible); or

(b) with its Affiliates and its employees, members, representatives, professional advisors, agents, sub-processors (if permitted by the relevant data processing agreement agreed between the parties) and subcontractors (“Permitted Receiver”) on a need-to-know basis, as long as they keep it confidential too. 

7.6 Liability. The Receiver is liable for breach of this clause and any act or omission by a Permitted Receiver. 

7.7 How long do the obligations last? The Receiver’s duty to protect Confidential Information starts on the date when the Confidential Information is disclosed and will continue to apply as long as the parties deem the information to be confidential. 

8.1 When we can both terminate. Unless agreed otherwise in the Main Agreement, either party may terminate these terms: 

(a) For convenience. By giving at least 30 days' written notice to the other party at any time unless agreed otherwise in the Main Agreement; or

(b) For cause. Immediately by giving written notice to the other party if the other party:

(i) commits a material breach of these terms and/or any other agreements entered into between the parties which cannot be remedied or, if remediable, has not been remedied within 30 days of being notified;

(ii) becomes unable to pay its debts as they fall due or takes any steps in any insolvency process; or

(iii) suspends or ceases to do business or is struck off the company register.

8.2 When we can suspend or terminate. If we reasonably suspect that you have breached any of these terms, we can suspend or terminate your access to the Platform, the API or the Services and/or API Documentation, or take any other action we consider necessary.

8.3 Fees payable upon termination. Unless agreed otherwise, you will pay us all outstanding fees within 7 days of termination. 

8.4 After termination. If these terms terminate:

(a) all licences granted under these terms including in respect of access to the Platform via the Integration and in respect of the API and API Documentation shall immediately terminate, and you shall cease all use of the API and API Documentation (including communication with the Platform via the Integration); 

(b) you shall delete and, in each case, make no further use of any equipment, property, materials and other items (and all copies of them) belonging to us in respect of the API and API Documentation; and

(c) any terms which are intended to survive termination will remain in full force and effect. However, all other rights and obligations will terminate upon expiry or termination.

These terms will be governed by the laws of England and Wales and the courts of England and Wales have exclusive jurisdiction to settle any disputes in relation to it.