Terms of Use
Version number: 4.1
These terms took effect on 11 April 2024.
In a hurry? No problem. Here’s a quick summary of the key points:
About us and our services. We’re Thirdfort and we offer a range of KYC, AML, Source of Funds verification and KYB services designed to help you understand the risks associated with verifying your individual and corporate clients. We’ll carry out your preferred checks on your clients and then provide you with a report of the results and the information you require.
Third Party Products. Some of our services are powered by products provided by third parties, whose terms you’ll also need to agree to access our services (see https://thirdfort.com/terms/third-party-products-and-terms/).
Fees. You’ll find the fees for using our services in the pricing sheet or order form we’ll provide to you separately. If you’ve come to us via one of our partners, either they will provide you with your pricing arrangement or we will share it with you directly.
Support. If you have any questions, you can check out our FAQs at our Support Hub at https://help.thirdfort.com/hc/en-gb. For anything else, we’re here to help—just drop us a line at [email protected].
1. What are these terms about?
1.1 About us. We’re Thirdfort Limited (“Thirdfort”) and we are a company registered in England and Wales (company no. 10757456) at Belle House, Platform 1, Victoria Station, London, England, SW1V 1JT.
1.2 These terms. These are our terms and conditions for using our services. If you use our services, we will assume you agree to these terms, unless we agree otherwise.
1.3 Effective upon acceptance. These terms will come into effect on the date that we confirm our acceptance of your Thirdfort account registration application or such other date that we may agree in writing.
2. What services do we offer?
2.1 Our services. We provide two types of services:
(a) “Platform Services”, meaning the KYC, AML, Source of Funds verification and KYB services we offer through the web platform (“Platform”) and the mobile app (“App”) owned and operated by us. We’ll produce a downloadable PDF report for you setting out the results of these verification checks (“Reports”); and
(b) “Professional Services”, meaning any integration, implementation, advising, consulting, and training services as well as any similar services communicated to you separately.
Our Platform and Professional Services are collectively referred to in these terms as “Services”.
2.2 Access. You can access the Platform Services via:
(a) the Platform at http://app.thirdfort.com/home; or
(b) if you’re using the Platform Services via one of our partners listed at https://www.thirdfort.com/terms/partners/ (“Thirdfort Partner”), a platform operated by them (“Partner Platform”).
2.3 How it works. We have two types of verification checks:
(a) App-based: this type of checks will be initiated by you and the individual being verified will receive an SMS prompt to download the App and carry out the tasks required on their mobile device.
(b) Desktop-based: this type of checks will be initiated and completed by you without any further input needed from the individual or entity being verified.
2.4 Uptime. We'll use reasonable endeavours to ensure that the Platform is available for 99.5% uptime per month. We calculate downtime from the time you inform our support team in writing that the Platform isn't working, until the time it's available again.
2.5 Support. We’re here to help! If you need anything at all, drop our support team an email at [email protected] or you can contact us via live chat at https://help.thirdfort.com/hc/en-gb. Our standard response time to acknowledge an issue or respond to a question from a client is within two hours of receipt. If you are using our Services via a Thirdfort Partner and they have made available to you alternative support channels, please contact them directly with your support queries.
3. What fees will you pay?
3.1 Fees. If you’ve come to us directly, we’ll agree pricing and payment terms with you separately. All fees are exclusive of VAT.
3.2 Fees via a Thirdfort Partner. If you're using us via a Thirdfort Partner, either they will provide you with your pricing arrangement or we will share it with you directly. The rest of this clause 3 will only apply where you are billed by us directly.
3.3 Changes. Unless we agree otherwise with you, we reserve the right to change our fees at any time. We will always give you 30 days' notice in advance of any increase in the fees and give you an opportunity to stop using the Services if you do not wish to pay the new fees.
3.4 Disputed fees. If you believe that any fees are incorrect, you should tell us within 30 days of receiving the invoice or payment by direct debit. Otherwise, we will treat the invoice or direct debit payment as accepted.
3.5 Overdue fees. Where we invoice you directly, we may suspend the Services on 7 days' notice or charge you interest if you haven't paid any overdue fees (unless they are disputed). The interest rate on overdue amounts will be 4% per annum above Barclays Bank plc's base rate.
4. Can you trial the Services?
4.1 The trial offer. We may invite you to trial the Services at our discretion for a fixed period of time where you may benefit from discounted prices (“Trial Period”). Your use of the Services and Platform during the Trial Period will be governed by these terms and any other terms provided to you by us. You can end the trial at any time and the notice requirement in clause 16.1(a) will not apply.
4.2 Trial Pricing. The fees which you will pay during the Trial Period (”Trial Pricing”) will be provided to you separately.
4.3 After the trial. There is no obligation for you to continue to use the Services after the trial. If you decide to carry on using Thirdfort after the trial, your pricing arrangement and any other relevant terms will be agreed with you at that point.
4.4 Changes. We reserve the right to terminate the trial and amend the Trial Pricing at any time.
5. What are your obligations?
5.1 Your warranties. You warrant to us that you will:
(a) take all reasonable steps to ensure:
(i) you comply with all applicable legislation and laws (including data protection and privacy); and
(ii) the personal data you provide to us are accurate, complete and provided in a form that we can process;
(b) use the Platform, Services and Reports for your internal business purposes (i.e. to perform identity verification for the prevention or detection of fraud and to assist in the prevention of money laundering) only;
(c) maintain appropriate information security measures, including anti-virus and data security controls;
(d) use all reasonable endeavours to safeguard your login credentials and prevent unauthorised use of your Thirdfort account;
(e) tell us as soon as possible if you suspect or become aware of any:
(i) unauthorised access or use of the Platform, Services or App; or
(ii) data or security breach;
(f) use reasonable endeavours to encourage your clients to update to the latest version of the App where appropriate;
(g) send to your clients the applicable Consumer Wording in Appendix 1 prior to carrying out any of the following Services:
(i) Lite screening: paragraph 1; and
(ii) Identity document verification: paragraph 2;
(h) use reasonable endeavours to inform us of any information security issues that may put at risk any part of the Services or Platform as soon as you discover them, whether or not the potential issue may be considered your responsibility; and
(i) not conduct any security testing (including pentesting) or any other form of testing of the Services or Platform that may affect the Services or Platform (such as load testing) without our prior permission.
5.2 You won’t:
(a) upload any information other than that which is strictly necessary for us to deliver the Services, particularly nothing that contravenes any laws (including the infringement of intellectual property rights), and you warrant that you have the right to share the information you provide to us;
(b) use the Platform, Services or Reports to do anything illegal, harmful, fraudulent, or anything that may damage our and our Third Party Product providers’ reputation;
(c) use the Platform, Services or Reports to build any competing products or services (or allow anyone else to do so);
(d) attempt or allow others to adapt, alter, copy, duplicate, correct, modify, create derivative works from, derive the source codes of, decompile, commercial exploit, reverse-engineer, sublicense, resell or distribute without our permission the Platform, Services, Reports, Third Party Products or any of our tangible or intangible assets (including those made available to you via a Thirdfort Partner) in whole or in part in any form;
(e) disclose credentials or session material used to access the Platform or Services to any other party without our permission;
(f) attempt to weaken, bypass or otherwise render less effective the security controls put in place by us to protect the Platform or Services;
(g) act or omit to act in a way which interferes with or compromises the integrity or security of the Platform, Services or Reports;
(h) attempt to access the Platform or Services and any components of the Platform or Services other than through the means made available to you by us or by a Thirdfort Partner; or
(i) share the Services or Reports with any third party, unless you are doing so in accordance with clause 7.
6. Our obligations
6.1 We undertake to:
(a) provide the Services with reasonable care and skill;
(b) use all commercially reasonable endeavours to ensure that the Reports are in all material respects accurate and complete; and
(c) ensure that the Platform, Services and Reports do not infringe any third party’s intellectual property.
6.2 Disclaimer of warranties. We do not guarantee that the Platform Services will be error-free and uninterrupted. Unless these terms say otherwise, we disclaim all warranties, conditions and other terms (express or implied, statutory or otherwise) in relation to the Services or Platform as far as legally possible.
7. When can you share Thirdfort Reports with third parties?
7.1 Permitted circumstances. You are only permitted to share Reports:
(a) with regulators, insurers or where it’s legally required; and
(b) with other professional advisers, provided that you’re only doing so where we enable such sharing via the Platform or Partner Platform and in line with this clause 7 as well as any further information communicated to you within the Platform.
7.2 Sharing and receiving Reports via the Platform. These terms will apply to you in full regardless of whether you request a Report or receive a prompt to access the Platform and accept a Report initiated by another party.
8. Do you still need to carry out additional client checks?
Our Services and Reports help you understand the risks and meet your compliance obligations, but you shouldn’t rely on them as the sole basis to make business decisions and you should use them alongside other information that might be appropriate in a particular case. You are solely responsible for the conclusion drawn from your use of the Services. We do not provide an opinion and make no recommendation in relation to the treatment of the results.
9. Our liability to each other
9.1 No unlawful exclusions. Neither you nor we limit or exclude any liability for:
(a) death or personal injury caused by negligence;
(b) fraud or fraudulent misrepresentation; or
(c) anything else which cannot be lawfully limited or excluded.
9.2 Liability cap. Each party's total liability to the other in connection with these terms will be limited to the higher of £25,000 or an amount equal to the fees paid or payable by you in the 12 months before the claim. This is except for any breaches of our data protection obligations covered here and in our Data Processing Agreement ("DPA") at https://thirdfort.com/terms/dpa/, which will be limited to £2.5 million in aggregate.
9.3 Exclusions. We won't be liable for:
(a) indirect, special or consequential losses;
(b) loss of goodwill, revenue, profits, reputation, wasted management time or anticipated savings;
(c) losses arising from your use of the Platform, Services or Reports in breach of these terms or our instructions;
(d) losses arising from the data you, your users or representatives have provided;
(e) other losses you could have reasonably predicted and prevented, including loss of your data if you haven’t kept back-ups;
(f) losses attributable to a Partner Platform and we make no warranty or representation in relation to the Thirdfort Partners’ systems or platforms; or
(g) losses caused by any Third Party Products.
9.4 Waiver. You waive all potential rights against us for claims arising from the Platform, Services or Reports in connection with the services you provide to your client as far as legally allowed.
10. Reports and storage
10.1 Availability of Reports. Once a Report is available, you will be able to access and download it via the Platform or Partner Platform.
10.2 Storage. We currently store the Reports in cloud storage and rely on our cloud provider, Google Cloud, to ensure the integrity and availability of the data. There is a default replication which is designed to provide geo-redundancy for 99.9% of newly written files within a target of one hour. This means your data will be replicated and stored in three data centres located in separate physical locations. Whilst this provides a very high degree of redundancy, we might not be able to recover Reports in the very unlikely scenario where there is a serious problem with our cloud storage provider.
You may want to create your own back-ups of the Reports and take other precautions to limit the risk of data loss.
11. Confidential information
11.1 “Affiliates” means any entity that directly or indirectly controls, is controlled by, is under common control with or is otherwise in the same group of entities as a party to these terms.
11.2 “Confidential Information” means all information that is:
(a) disclosed by a party (“Discloser”) or on its behalf by its authorised representatives or Affiliates before or after the parties have agreed to these terms,
(b) to the other party to these terms (“Receiver”), and
(c) relates to the Discloser’s business, products, finances and affairs that would reasonably be considered to be confidential under the circumstances in which it is shared. This also includes any third party information that a party is bound to keep confidential.
11.3 Exclusion. Confidential Information does not include information that is:
(a) in the public domain not by breach of this clause;
(b) known by the Receiver at the time of disclosure;
(c) lawfully obtained by the Receiver from a third party;
(d) independently developed by the Receiver without access to or use of the Confidential Information; or
(e) expressly indicated by the Discloser as not confidential.
11.4 Receiver’s obligations. The Receiver must:
(a) only use the Confidential Information to enforce its rights or perform its obligations under:
(i) these terms and other agreements entered into between the parties; and
(ii) any applicable laws or regulations;
(b) protect the confidentiality of any Confidential Information that is shared between us and not to share it unless allowed by this clause 11;
(c) promptly notify the Discloser of any breach that the Receiver has become aware of; and
(d) destroy, erase or return any Confidential Information it holds within 30 days of the Discloser’s request. The Receiver may retain copies of the Confidential Information that are securely stored to meet legal or regulatory obligations.
11.5 Permitted disclosure. The Receiver can share Confidential Information:
(a) where legally required (provided the Receiver notifies the Discloser as soon as possible); or
(b) with its Affiliates and its employees, members, representatives, professional advisors, agents, sub-processors (if permitted by the relevant data processing agreement agreed between the parties), and subcontractors (“Permitted Receiver”) on a need-to-know basis, as long as they keep it confidential too.
11.6 Liability. The Receiver is liable for breach of this clause and any act or omission by a Permitted Receiver.
11.7 How long do the obligations last? The Receiver’s duty to protect Confidential Information starts on the date when the Confidential Information is disclosed and will continue to apply as long as the parties deem the information to be confidential.
12. Who owns the intellectual property?
12.1 Ownership. We own all intellectual property in the Services, Platform and Reports. You (or your relevant licensors) own all intellectual property in your own data. Neither party has any rights or licences in the other’s IP except as stated in these terms.
12.2 Licence to use the Platform and Reports. We grant you a personal, non-exclusive, non-transferable and non-sublicensable licence:
(a) to use the Platform for your internal business purposes until these terms have been terminated in accordance with clause 16, and
(b) for you to use the Reports for your internal business purposes for as long as you require.
12.3 Licence to use your data. You grant us a non-exclusive, royalty-free, revocable licence to copy and use any data you provide to us or contained within the Reports to the extent we need to provide the Services.
12.4 Licence to use your feedback. You grant us a non-exclusive, perpetual, irrevocable, royalty-free, worldwide licence to use and incorporate into the Platform, App, Services or Reports any suggestion, enhancement request, recommendation, correction or other feedback you provide. This will not cover any personal data.
12.5 Restrictions. Both you and we agree not to:
(a) at any time, do, or omit to do, anything which is likely to prejudice the other party’s ownership (or the other party’s licensors’ ownership) of their intellectual property rights; and
(b) remove, suppress or modify in any way any proprietary marking, including any trade mark or copyright notice, on or in the materials of the other party and agree to incorporate any such proprietary markings in any copies it takes of such materials.
13. When must we indemnify each other?
13.1 Your indemnity. You will indemnify us against any losses, damages and other liabilities arising out of or in connection with a third party claim that your data infringes their IP.
13.2 Our indemnity. We will indemnify you against any losses, damages and other liabilities arising out of or in connection with a third party claim that the Platform, Services or Reports infringes their IP.
14. What third party products help power Thirdfort?
14.1 Third party products. Some of the Platform Services are supported by products provided by other companies, including those listed under ‘Data Providers ’ at https://www.thirdfort.com/terms/third-party-service-providers/ (“Third Party Products”). Your use of these Platform Services will be subject to clause 14.2. If we include any additional third party data as part of the Platform Services, we'll notify you of any requirements, limitations or exclusions that may apply.
14.2 Third party terms. You agree to the applicable terms and conditions for the Third Party Products set out at https://thirdfort.com/terms/third-party-products-and-terms/ (“Third Party Terms”). You will not allow any act or omission that would result in us breaching those Third Party Terms.
14.3 Third party EULAs. Our Third Party Products may require you to agree to an end user licence agreement (or EULA for short). If you do not accept those terms, we may suspend your access to the relevant part of the Services.
15. How long will these terms last?
By accessing, registering with and using any of the Services, you agree to be bound by these terms until terminated in accordance with clause 16.
16. How can either of us terminate these terms?
16.1 When we can both terminate. Either party may terminate these terms:
(a) For convenience. By giving at least 30 days' written notice to the other party at any time unless agreed and stated otherwise in your order form; or
(b) For cause. Immediately by giving written notice to the other party if the other party:
(i) commits a material breach of these terms and/or any other agreements entered into between the parties which cannot be remedied or, if remediable, has not been remedied within 30 days of being notified;
(ii) becomes unable to pay its debts as they fall due or takes any steps in any insolvency process; or
(iii) suspends or ceases to do business or is struck off the company register.
16.2 When you can terminate.
(a) Changes to terms. We'll give you at least 30 days' notice of any material changes made to:
(i) these terms;
(ii) the DPA;
(iii) the list of Third Party Products (see 'Data Providers' );
(iv) the Third Party Terms; or
(v) the API Agreement.
If you’re not happy with the changes, you should let us know in writing if you want to terminate during this 30 day period or you will be bound by the changes. The 30 day notice requirement shall not apply where it is necessary for us to make changes sooner than that in order to maintain the security and integrity of the Platform, App or Services.
(b) Changes to Services. We may apply updates and upgrades to the Platform and App which change its appearance or functionality. You may terminate these terms immediately by written notice if:
(i) any update results in the Platform Services being materially reduced or completely unavailable; and
(ii) we fail to provide a substitute service within a commercially reasonable timeframe.
16.3 When we can suspend or terminate. If we reasonably suspect that you have breached any of these terms, we can suspend or terminate your access to the Platform or the Services, or take any other action we consider necessary.
16.4 Fees payable upon termination. Unless agreed otherwise, you will pay us all outstanding fees within 7 days of termination. If you terminate for convenience or we terminate for your breach, you will be liable for all fees that would have been due under any minimum purchase commitments.
16.5 After termination. If these terms terminate:
(a) you’ll have 30 days to download your data from the Platform or Partner Platform, after which it’ll be deleted, unless agreed otherwise; and
(b) we will each securely return, delete or destroy the other's Confidential Information, and
(c) any terms which are intended to survive termination will remain in full force and effect. However, all other rights and obligations will terminate upon expiry or termination.
17. How will your personal data be processed?
Where we process personal data, we will do this in accordance with our DPA. The parties will each comply with their respective obligations set out in the DPA.
18. Audit
18.1 How you can audit us. You can audit our compliance with these terms once a year during normal business hours, provided that you:
(a) provide us with reasonable written notice;
(b) minimise any disruption;
(c) ensure you and/or your appointed representatives carrying out the audit are under the confidentiality obligations that are no less onerous than those set out in these terms; and
(d) indemnify us for any losses we incur from the audit.
18.2 Our obligations. On reasonable request and at your expense, we will:
(a) cooperate with your request to audit or inspect our records, as reasonably necessary to demonstrate our compliance with the obligations laid down in these terms; or
(b) provide you with executive summaries of our audit reports or similar and copies of our current third-party certifications evidencing our compliance with our security or other legal, regulatory or contractual obligations.
18.3 No access. This clause 18 does not obligate us to provide or permit access to our or our sub-processors’ physical data centres or information concerning:
(a) other customers of ours;
(b) any of our non-public external reports; or
(c) any information related to our or our sub-processors operations that, if disclosed, may itself be deemed to be a security vulnerability.
18.4 How we can audit you. We may be required to audit you if a Third Party Product providers reasonably believes you may have breached any Third Party Terms. In this case, you will be subject to the same obligations set out at clause 18.2 and we will:
(a) provide you with reasonable written notice;
(b) audit you during normal business hours;
(c) minimise any disruption;
(d) ensure that we and/or our appointed representatives carrying out the audit are under the confidentiality obligations that are no less onerous than those set out in these terms; and
(e) indemnify you for any losses you incur from the audit.
19. Information exchanged with Thirdfort Partners
19.1 Information provided via a Thirdfort Partner. If you have been referred to Thirdfort or access the Platform Services via a Thirdfort Partner, you agree that any personal information you collect and provide to the Thirdfort Partner may be provided to us by them so that we can carry out the Services.
19.2 Information shared with our referral partner. If you have been referred to Thirdfort by a Thirdfort Partner, we may provide ongoing information to them about your use of the Platform Services where required, for example so that they can monitor any relevant terms of a referral partnership. However, we will not share any personal data about your clients during this process.
20. The Thirdfort Accreditation Programme
By agreeing to these terms, you consent to us inviting your users to participate in the Thirdfort Accreditation Programme (“Programme”) (further details available at https://www.thirdfort.com/accreditation/). There is no obligation for your users to participate in this. You may withdraw such consent or contact us in relation to the Programme at any time by writing to [email protected].
21. API Agreement
If you access our API to build a direct integration with our Platform, your use of our API will also be governed by our API Agreement set out at https://www.thirdfort.com/terms/api-agreement.
22. Laws that we comply with
We will comply with all applicable laws including anti-slavery and human trafficking laws and regulations, such as the Modern Slavery Act 2015 and the Bribery Act 2010. Wherever possible, we will ensure that our direct sub-contractors and suppliers have similar obligations too.
23. Force Majeure
23.1 “Force Majeure Event” means any act of government or state, civil commotion, epidemic, pandemic, fire, flood, industrial action or organised protests by third parties, natural disaster, war, failure of payment systems, or any event beyond the reasonable control of the party claiming to be excused from performance of its obligations.
23.2 No breach. Neither party will be in breach of these terms nor liable or responsible for any failure to perform, or delay in the performance of, any of its obligations under these terms where such failure or delay results from a Force Majeure Event.
23.3 Suspending performance. A party's performance under these terms is deemed to be suspended for the period that the Force Majeure Event continues, and the party will have an extension of time for performance for the duration of that period.
23.4 Obligation to mitigate. The affected party will use reasonable commercial endeavours to mitigate the effect of any Force Majeure Event and to carry out its obligations under these terms in any way that is reasonably practicable despite the Force Majeure Event and to resume the performance of its obligations as soon as reasonably possible.
23.5 Termination. Where a Force Majeure Event affects a party and the affected party is unable to perform its obligations under these terms for a period longer than 30 consecutive days, the other party may terminate these terms immediately upon notice.
24. What else do you need to know?
24.1 Assignment. Neither you nor we can assign or sub-contract our rights and obligations without the other party's prior written consent.
24.2 Order of priority. If there is any inconsistency between these terms in the agreements you have with us, they will take priority in this order:
(a) any pricing sheet or order form provided to you from time to time;
(b) DPA;
(c) these Terms of Use;
(d) Third Party Terms; and
(e) any other document incorporated by reference into these terms.
24.3 Severance. If any of these terms are held invalid, illegal or unenforceable, they will be deleted without affecting the rest of the terms.
24.4 Entire agreement. These terms constitute the entire agreement between us and supersede all prior discussions and agreements relating to the subject matter and neither of us has relied on any statement or representation of any person in entering into these terms.
24.5 Notices. Notices may be in writing and delivered by email to [email protected]. Notices will be deemed to have been delivered at the time of delivery.
24.6 Third parties. No one other than you or us has the right under the Contracts (Rights of Third Parties) Act 1999 to enforce any of these terms.
24.7 No waiver. If either you or us fail to enforce a right under these terms, that is not a waiver of that right.
24.8 Governing law and jurisdiction. These terms will be governed by the laws of England and Wales and the courts of England and Wales have exclusive jurisdiction to settle any disputes in relation to it.
Appendix 1: Consumer wording
Lite screening
As part of our client due diligence process, we will be using lite screening check, a service provided by Thirdfort Limited (https://www.thirdfort.com/), to help verify your address and raise any other potential fraud warnings. This service is powered by Thirdfort’s data provider, Experian Limited (https://www.experian.co.uk/about-us/).
Your data will be processed in line with Thirdfort’s Privacy Policy (https://www.thirdfort.com/privacy/).
This message is for information only and no further action is required. If you have any questions regarding lite screening, please contact [email protected].
Identity document verification
As part of our client due diligence process, we will be using identity document verification, a service provided by Thirdfort Limited (https://www.thirdfort.com/) to verify the authenticity of an identity document.
Your data will be processed in line with Thirdfort’s Privacy Policy (https://www.thirdfort.com/privacy/),
If you have any questions regarding identity document verification, please contact Thirdfort at [email protected].
These terms took effect on 11 April 2024 and replaced the previous Terms of Use version (archived version available here).