These Platform Terms & Conditions (“Terms”) govern access to and use of the IdentityPulse Platform. They apply to all clients of IdentityPulse Pty Ltd unless a separate negotiated agreement is in effect between the parties.
By executing an Order Form that references these Terms, or by accessing or using the Platform, the Client agrees to be bound by these Terms. If the Client does not agree, the Client must not access or use the Platform.
These Terms are published by IdentityPulse Pty Ltd (ABN 88 678 817 902), of 48 Chandos Street, St Leonards, NSW 2065, Australia (“IdentityPulse”, “we”, “our”).
1.1 In these Terms, unless the context otherwise requires:
“Agreement” means these Terms together with each applicable Order Form.
“API” means the application programming interface through which the Client accesses the Platform Services.
“API Credentials” means the authentication keys, tokens, client identifiers, and any other credentials issued by IdentityPulse to enable the Client’s access to the Platform.
“Applicable Law” means all laws, regulations, codes of practice, and industry standards applicable to either party in connection with the Platform Services, including the Privacy Act 1988 (Cth), the Australian Privacy Principles, and any equivalent data protection legislation in the Client’s jurisdiction.
“Client” means the party identified in an Order Form that accesses and uses the Platform Services.
“Client Data” means the personal information submitted by the Client via the API for the purpose of an identity verification, matching, or pre-fill request. Client Data is also referred to as “Query Data”.
“Confidential Information” means all information disclosed by one party to the other in connection with the Agreement that is not publicly available, including commercial terms, technical details, pricing, business strategies, API Credentials, and the terms of any Order Form.
“Effective Date” means the date specified in the applicable Order Form, or if not specified, the date on which the Client first accesses the Platform.
“Intellectual Property” means all patents, copyrights, trade marks, trade secrets, know-how, algorithms, data models, system architectures, APIs, documentation, and any other proprietary rights in the Platform and Reference Data.
“Order Form” means a signed document or electronic agreement between IdentityPulse and the Client that specifies the Platform Services, commercial terms, permitted countries, transaction volumes, pricing, and any service-specific conditions. Each Order Form is governed by these Terms.
“Platform” means the IdentityPulse identity verification and pre-fill platform, including all APIs, documentation, and supporting infrastructure.
“Platform Services” means the identity verification, matching, and pre-fill services provided by IdentityPulse through the Platform.
“Reference Data” means the identity reference dataset maintained by IdentityPulse and used for verification and matching purposes. The Client has no right, title, or interest in the Reference Data.
“Response Data” means the verification result, match outcome, matching field indicators, coverage score, or pre-fill data returned by the Platform in response to a query.
1.2 References to legislation include amendments, re-enactments, and subordinate legislation. Headings are for convenience only and do not affect interpretation.
1.3 In the event of any inconsistency between these Terms and an Order Form, the Order Form prevails to the extent of the inconsistency.
2.1 Subject to these Terms and the applicable Order Form, IdentityPulse grants the Client a non-exclusive, non-transferable, revocable licence to access and use the Platform Services solely for the Client’s internal business purposes of identity verification, matching, or pre-fill as specified in the Order Form.
2.2 Access to the Platform is provided via authenticated API endpoints. The Client must comply with all technical requirements and API specifications published by IdentityPulse from time to time, including any rate limits, payload formats, and versioning requirements.
2.3 IdentityPulse will provide the Client with API Credentials. The Client is responsible for the security of its API Credentials and must notify IdentityPulse immediately of any suspected compromise. The Client is liable for all activity conducted using its API Credentials.
2.4 The licence granted under Clause 2.1 does not include any right to sublicense, resell, or make available the Platform Services to third parties, except where expressly authorised in an Order Form.
3.1 The Client may access Platform Services by executing an Order Form. Each Order Form forms part of the Agreement and is subject to these Terms.
3.2 The Client must pay the fees specified in the applicable Order Form. Unless the Order Form states otherwise, fees are invoiced monthly in arrears and are payable within thirty (30) days of invoice date.
3.3 All fees are exclusive of GST. If GST applies to a supply made under the Agreement, IdentityPulse will add the applicable GST to its invoice, and the Client must pay the GST amount in addition to the fees, provided IdentityPulse issues a valid tax invoice.
3.4 Late payments will accrue interest at the rate of 1.5% per month on the outstanding balance, calculated daily from the due date until paid in full.
3.5 IdentityPulse may suspend the Client’s access to the Platform if any invoice remains unpaid for more than fourteen (14) days after the due date, provided IdentityPulse gives the Client at least five (5) business days’ written notice before suspension.
3.6 IdentityPulse may vary fees on not less than thirty (30) days’ written notice, effective from the start of the next billing period following the notice. If the Client does not accept the revised fees, the Client may terminate the affected Order Form by giving written notice before the fee change takes effect.
4.1 The Client must not:
(a) reverse engineer, decompile, or attempt to access the source code, matching models, algorithms, or scoring logic of the Platform;
(b) use the Platform to build, train, or improve a competing product or derivative dataset;
(c) replicate, substitute, or imitate the Platform for commercial or competitive purposes;
(d) access the Platform for the purpose of benchmarking or competitive intelligence;
(e) attempt to extract, download, cache, or reconstruct the Reference Data, in whole or in part, through repeated queries or any other means;
(f) submit queries to the Platform that are not genuine identity verification requests, including automated enumeration, scraping, or data harvesting;
(g) share API Credentials with any third party, or allow any unauthorised person to access the Platform using the Client’s credentials;
(h) use the Platform Services for any purpose that is unlawful, or that would cause IdentityPulse to breach any Applicable Law; or
(i) use the Platform Services for credit reporting, credit scoring, credit decisioning, or any purpose regulated under the Fair Credit Reporting Act (US), the Privacy Act 1988 (Cth) Part IIIA (Credit Reporting), or equivalent legislation in any jurisdiction. The Platform is not a credit reporting body and does not provide credit information.
4.2 The Client warrants that it has obtained all necessary consents, authorisations, or lawful bases required for the submission of Client Data to the Platform for identity verification purposes.
4.3 The Client must comply with all Applicable Laws in connection with its use of the Platform Services, including data protection, anti-money laundering, anti-bribery, and sanctions laws.
4.4 The Client must ensure that any downstream use of Response Data by the Client’s own customers or end users is limited to identity verification, fraud prevention, or regulatory compliance purposes and is subject to binding terms no less restrictive than those in this Clause 4.
5.1 Processing Model. When the Client submits Client Data for verification, the Client is the data controller. IdentityPulse acts as a processor of Client Data, processing it solely for the purpose of performing the Platform Services. IdentityPulse is an independent controller of its own Reference Data.
5.2 Zero Data Retention. The Platform operates a zero data retention architecture for Client Data. Verification requests submitted by the Client are processed in real time, and no request or response payloads containing Client Data are stored after processing is complete. IdentityPulse does not retain, log, or cache the personal information submitted by the Client.
5.3 Transaction Records. IdentityPulse retains transactional metadata (including the fact, time, outcome, and country of a verification request) for the purposes of billing, audit, and service performance monitoring. This metadata does not include the underlying personal information submitted or returned.
5.4 Data Protection Compliance. Both parties must comply with all Applicable Laws relating to data protection and privacy. Where the Client submits personal data relating to individuals located in jurisdictions outside Australia, both parties must comply with applicable cross-border data transfer requirements.
5.5 Data Breach Notification. In the event of a data breach affecting Client Data or the security of the Platform, the affected party must notify the other party within 24 hours of becoming aware of the breach and must provide all reasonable cooperation to investigate and remediate the incident.
5.6 Data Processing Agreement. Where required by Applicable Law (including GDPR, UK GDPR, or equivalent legislation), the parties will enter into a Data Processing Agreement on terms consistent with these Terms.
5.7 Not a Credit Reporting Service. The Platform Services are identity verification and pre-fill services only. IdentityPulse is not a credit reporting body, does not provide credit information or credit eligibility information, and the Platform must not be used for credit reporting or credit decisioning purposes.
6.1 IdentityPulse maintains an Information Security Management System (ISMS) aligned to ISO/IEC 27001:2022 and ISO 9001, and implements technical and organisational measures appropriate to the nature and sensitivity of the data processed.
6.2 Without limiting Clause 6.1, IdentityPulse maintains:
(a) encryption of data at rest using AES-256 with keys managed through a hardware security module (HSM)-backed key management service;
(b) encryption of data in transit using TLS 1.2 or above;
(c) API authentication controls requiring dual-factor verification;
(d) rate limiting per client to prevent enumeration and abuse;
(e) monthly automated credential rotation;
(f) annual third-party penetration testing by a CREST-registered provider;
(g) deterministic, rule-based matching processes; and
(h) geographic segmentation of data across independent regional processing hubs.
6.3 IdentityPulse will notify the Client within 24 hours of becoming aware of any security incident that may affect the Client’s data or access to the Platform.
6.4 IdentityPulse maintains documented Incident Management, Business Continuity, and Disaster Recovery plans. Recovery objectives for the Platform are: Recovery Point Objective (RPO) of 15 minutes and Recovery Time Objective (RTO) of 4 hours.
7.1 IdentityPulse targets 99.95% platform availability per calendar month, calculated as the percentage of time the API endpoint is operational and responding to authenticated requests within normal parameters.
7.2 Planned maintenance will be scheduled outside business hours (AEST) where practicable, with not less than 48 hours’ advance notice to the Client.
7.3 The availability target in Clause 7.1 does not apply to: (a) periods of scheduled maintenance; (b) circumstances beyond IdentityPulse’s reasonable control, including force majeure events; or (c) issues caused by the Client’s systems, network, or misuse of the API.
7.4 Support is available via email at support@identitypulse.ai during business hours (9am – 5pm AEST, Monday to Friday, excluding public holidays). Critical incident support is available 24/7 via the designated incident contact provided to the Client during onboarding.
7.5 Specific service level commitments, including credits or remedies for service level failures, may be agreed in an Order Form. In the absence of Order Form-specific terms, this Clause 7 applies.
8.1 All Intellectual Property in the Platform, Reference Data, matching algorithms, data schemas, APIs, documentation, and all related technology remains the exclusive property of IdentityPulse. Nothing in the Agreement transfers any Intellectual Property rights to the Client.
8.2 The Client retains all rights in its own Client Data submitted to the Platform for verification purposes.
8.3 The Client must not use IdentityPulse’s name, trademarks, or branding without prior written consent, except as expressly permitted in an Order Form.
9.1 Each party must keep confidential all Confidential Information received from the other party and must not disclose it to any third party without the disclosing party’s prior written consent, except: (a) to the receiving party’s officers, employees, advisers, or contractors who need to know and are bound by equivalent confidentiality obligations; (b) as required by law, regulation, or court order; or (c) information that becomes publicly available other than through a breach of the Agreement.
9.2 The obligations in this Clause 9 survive termination of the Agreement and continue for a period of five (5) years after termination. For Confidential Information constituting trade secrets, the obligations continue for as long as the information retains its trade secret status.
10.1 Client Warranties. The Client represents and warrants that: (a) it has full authority to enter into the Agreement; (b) its use of the Platform will comply with all Applicable Laws; (c) it has obtained all necessary consents and authorisations for the submission of Client Data; and (d) it will ensure downstream use of Response Data complies with all use restrictions in these Terms.
10.2 IdentityPulse Warranties. IdentityPulse represents and warrants that: (a) it has the right to provide the Platform Services; (b) all Reference Data utilised within the Platform has been lawfully obtained in accordance with applicable laws and licensing frameworks; (c) the Platform Services will be provided with reasonable skill and care; and (d) it will maintain the security measures described in Clause 6.
10.3 No Other Warranties. Except as expressly set out in these Terms, IdentityPulse makes no representation or warranty regarding the accuracy, completeness, or currency of the Reference Data or Response Data. The Platform is provided on an “as is” basis. To the extent permitted by law, all implied warranties, conditions, and guarantees are excluded.
10.4 Consumer Guarantees. Where conditions, warranties, or other rights for the benefit of the Client are implied or given by the Competition and Consumer Act 2010 (Cth) or other laws and cannot be lawfully excluded, those rights apply to the extent required by law and IdentityPulse’s liability for breach is limited in accordance with Clause 11.
11.1 Limitation of Liability. To the maximum extent permitted by law, IdentityPulse’s total aggregate liability under or in connection with the Agreement will not exceed the total fees paid by the Client under the applicable Order Form in the twelve (12) months immediately preceding the event giving rise to the claim.
11.2 Exclusion of Consequential Loss. Neither party will be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, revenue, or business opportunity, however caused, even if advised of the possibility of such damages.
11.3 Indemnification by Client. The Client will indemnify and hold harmless IdentityPulse from and against any loss, liability, cost, or expense (including reasonable legal fees) arising from: (a) the Client’s breach of the Agreement; (b) the Client’s breach of Applicable Law in connection with its use of the Platform; (c) any unauthorised representation made by the Client about IdentityPulse or the Platform; or (d) any claim by a third party arising from the Client’s failure to impose adequate downstream restrictions on the use of Response Data.
11.4 Indemnification by IdentityPulse. IdentityPulse will indemnify the Client against any third-party claim that the Platform infringes a third party’s intellectual property rights, except to the extent the infringement arises from the Client’s misuse of the Platform or combination with non-IdentityPulse technology.
11.5 Exclusions from Cap. The limitation in Clause 11.1 does not apply to: (a) liability arising from breach of Clause 9 (Confidentiality); (b) liability arising from a party’s indemnification obligations; or (c) liability that cannot be excluded or limited by Applicable Law.
12.1 The Agreement commences on the Effective Date and continues for the initial term specified in the applicable Order Form. If no term is specified, the Agreement continues until terminated in accordance with this Clause 12.
12.2 Either party may terminate the Agreement (or an individual Order Form) for convenience by giving thirty (30) days’ written notice to the other party.
12.3 Either party may terminate the Agreement immediately by written notice if the other party: (a) commits a material breach that is not remedied within fourteen (14) days of receiving written notice of the breach; (b) becomes insolvent, enters into administration, receivership, or liquidation; or (c) ceases or threatens to cease carrying on business.
12.4 On termination: (a) the Client’s access to the Platform will be revoked; (b) all outstanding fees become immediately due and payable; (c) each party must return or destroy the other party’s Confidential Information; and (d) the Client must immediately cease all use of the Platform and destroy or return all IdentityPulse materials, API documentation, and credentials in its possession.
12.5 Clauses 5 (Data and Privacy), 8 (Intellectual Property), 9 (Confidentiality), 10 (Warranties, to the extent they relate to the period before termination), 11 (Liability), and 13 (General) survive termination.
13.1 Governing Law. The Agreement is governed by and construed in accordance with the laws of New South Wales, Australia. The parties submit to the non-exclusive jurisdiction of the courts of New South Wales.
13.2 Dispute Resolution. The parties must attempt in good faith to resolve any dispute through negotiation. If unresolved within thirty (30) days, the parties shall submit the dispute to mediation administered by the Australian Disputes Centre before commencing legal proceedings.
13.3 Relationship. The parties are independent contractors. Nothing in the Agreement creates a partnership, joint venture, employment, or agency relationship.
13.4 Subcontracting. IdentityPulse may use subcontractors to deliver Platform Services, provided it remains responsible for the performance and compliance of its subcontractors.
13.5 Insurance. IdentityPulse maintains professional indemnity, cyber liability, and public liability insurance adequate to cover its obligations under the Agreement. Proof of insurance coverage is available upon reasonable request.
13.6 Force Majeure. Neither party will be liable for any delay or failure in performance resulting from events beyond its reasonable control, including natural disasters, war, terrorism, pandemics, government intervention, or failure of third-party telecommunications networks.
13.7 Assignment. Neither party may assign the Agreement without the other party’s prior written consent, except to a related body corporate or in connection with a merger, acquisition, or sale of all or substantially all of its business.
13.8 Entire Agreement. The Agreement (including these Terms and all Order Forms) constitutes the entire agreement between the parties regarding its subject matter and supersedes all prior communications, negotiations, and agreements. Amendments to these Terms must be in writing and published by IdentityPulse. Amendments to an Order Form must be in writing and signed by both parties.
13.9 Severability. If any provision of the Agreement is held to be invalid or unenforceable, the remaining provisions continue in full force and effect.
13.10 Waiver. A failure by a party to exercise or delay in exercising a right under the Agreement does not constitute a waiver of that right.
13.11 Notices. Notices under the Agreement must be in writing and sent by email to the addresses specified in the applicable Order Form. A notice sent by email is deemed received on the next business day after sending. Notices to IdentityPulse should be sent to legal@identitypulse.ai.
13.12 Publicity. Neither party may issue any public statement, press release, or marketing material referencing the other party or the terms of the Agreement without prior written consent.
13.13 Compliance with Laws. Both parties agree to comply with all Applicable Laws in relation to the performance of their obligations under the Agreement, including anti-bribery, anti-corruption, and sanctions laws.
Identity verification, rebuilt from the data layer up. Built in Australia. Supporting clients globally.
