Terms & Conditions

1. Definitions

For the purposes of these Terms:

"ASTERIA KYC," "Asteria," "we," "our," and "us" refer to Asteria Limited (HK).

"Customer," "you," and "your" refer to the individual or legal entity accessing or using ASTERIA KYC.

"Services" refer to ASTERIA KYC’s website, dashboard, KYC workflows, identity verification tools, document verification tools, liveness detection tools, biometric processing features, AML screening features, risk scoring tools, case management tools, reporting tools, APIs, SDKs, technical documentation, and related support services.

"End User" means an individual whose identity, document, biometric information, personal data, risk profile, or compliance status is submitted to, processed through, or reviewed by the Services.

"Customer Data" means data, files, documents, metadata, images, video frames, biometric signals, identity attributes, risk indicators, transaction-related information, account information, and other information submitted to or processed through the Services by or on behalf of a Customer.

"Verification Result" means any output, score, flag, status, classification, match result, risk indicator, confidence level, or review outcome generated by the Services.

2. Nature of the Services

ASTERIA KYC provides technology tools designed to support identity verification, document verification, liveness checks, risk screening, workflow automation, compliance review, fraud prevention, reporting, and operational decision support.

ASTERIA KYC does not act as a regulator, law firm, bank, payment institution, government agency, financial adviser, credit bureau, auditor, certification body, or final decision-maker for Customer onboarding, account approval, transaction approval, account suspension, asset transfer, regulatory filing, or enforcement decisions.

Customers remain responsible for their own compliance programs, regulatory obligations, user onboarding decisions, risk appetite, internal policies, jurisdictional analysis, and final decisions regarding End Users.

3. Eligibility and Account Registration

To use certain Services, Customers may be required to create an account, provide business information, designate authorized administrators, and complete onboarding or security procedures.

You agree to provide accurate, current, and complete information during registration and to keep such information updated. You are responsible for maintaining the confidentiality of credentials, API keys, administrator access, dashboard access, and other authentication mechanisms.

You are responsible for all activities conducted through your account, including actions by employees, contractors, agents, integration partners, or any person who accesses the Services using your credentials.

4. Customer Responsibilities

You are responsible for:

• ensuring that your use of ASTERIA KYC complies with applicable laws and regulations
• obtaining all required notices, permissions, consents, authorizations, and legal bases before submitting End User data
• providing legally adequate privacy notices to End Users
• configuring verification workflows appropriately for your business model and jurisdictions
• reviewing Verification Results before taking material action against an End User
• maintaining internal AML, KYC, sanctions, fraud, data protection, and recordkeeping policies where required
• preventing unauthorized access to your account, dashboard, API keys, and systems
• ensuring that your staff and contractors use the Services lawfully and professionally
• validating whether any ASTERIA KYC output is appropriate for your own compliance decision
• promptly notifying us of suspected misuse, security incidents, or unauthorized access

5. End User Notice and Consent

Where required by applicable law, you must provide End Users with clear notice that their personal data, identity documents, biometric information, images, videos, device signals, account attributes, and other information may be processed for identity verification, fraud prevention, liveness detection, risk screening, compliance review, recordkeeping, and security purposes.

Where consent is required, you are responsible for obtaining valid consent before submitting End User data to ASTERIA KYC. Where another legal basis applies, you are responsible for documenting and maintaining that legal basis.

6. Acceptable Use

You may not use ASTERIA KYC to:

• violate applicable law or regulation
• process data without a lawful basis
• perform unauthorized surveillance
• target individuals unlawfully or unfairly
• discriminate unlawfully based on protected characteristics
• create fake identities or fraudulent documents
• facilitate money laundering, terrorist financing, sanctions evasion, fraud, illegal gambling, trafficking, scams, or other unlawful activity
• reverse engineer, scrape, overload, probe, or attack the Services
• bypass security or rate limits
• upload malicious code, corrupted files, or harmful content
• resell, sublicense, or provide unauthorized access to the Services
• misrepresent ASTERIA KYC outputs as government-issued decisions or regulatory approvals
• use Verification Results as the sole basis for decisions where human review is legally required or reasonably necessary

7. Verification Results and Decision-Making

Verification Results are decision-support outputs. They may include confidence scores, document checks, liveness results, watchlist matches, risk indicators, fraud signals, or review statuses.

ASTERIA KYC does not guarantee that any Verification Result is complete, error-free, current, or sufficient for a Customer’s legal or regulatory obligations. Verification technologies may produce false positives, false negatives, inconclusive results, or results affected by image quality, document type, lighting, device conditions, network conditions, user behavior, jurisdictional limitations, data-source limitations, or third-party information accuracy.

Customers should apply human review, internal escalation, and documented procedures where appropriate, especially for adverse decisions, high-risk alerts, sanctions screening, biometric mismatches, fraud flags, or account restrictions.

8. API and SDK Use

If you use ASTERIA KYC APIs or SDKs, you are responsible for implementing them securely and correctly. You must not expose API keys, tokens, secrets, or credentials in public repositories, client-side code, or unsecured environments.

You must follow technical documentation, integration requirements, rate limits, security guidance, and operational instructions provided by ASTERIA KYC. We may suspend API access where we detect abuse, security risk, excessive load, unauthorized use, or non-compliant integration.

9. Data Protection and Privacy

Our processing of personal data is described in the Privacy Policy, Cookie Policy, Data Processing Addendum, Data Retention Policy, and other applicable notices.

Customers remain responsible for determining whether they act as controller, processor, business, service provider, or another legally recognized role under applicable data protection laws. Where required, Customers must ensure that appropriate data processing agreements, transfer mechanisms, security measures, notices, consents, and retention rules are in place.

10. Security

ASTERIA KYC uses administrative, technical, and organizational safeguards designed to protect the Services. However, no system can be guaranteed to be completely secure. Customers are responsible for securing their own systems, networks, devices, credentials, integrations, and user access.

You must notify us promptly if you become aware of unauthorized access, suspected compromise, exposed credentials, API key leakage, account misuse, or any security incident related to your use of the Services.

11. Intellectual Property

ASTERIA KYC and its licensors retain all rights, title, and interest in the Services, including software, algorithms, interfaces, dashboards, APIs, SDKs, designs, documentation, workflows, models, risk logic, trademarks, trade names, and other intellectual property.

Customers retain ownership of Customer Data, subject to the rights granted to ASTERIA KYC to provide, secure, monitor, support, improve, and operate the Services in accordance with applicable agreements and policies.

You may not copy, modify, distribute, reverse engineer, decompile, extract, reproduce, or create derivative works from the Services except as expressly permitted in writing.

12. Confidentiality

Non-public information exchanged between ASTERIA KYC and Customers may be confidential. Each party must protect confidential information using reasonable care and must not disclose it except as permitted by contract, required by law, or necessary for service delivery.

Confidential information may include business plans, pricing, technical documentation, integration details, security information, product roadmaps, audit materials, customer data, and operational procedures.

13. Service Availability and Changes

ASTERIA KYC may update, improve, modify, suspend, or discontinue parts of the Services from time to time. We may perform maintenance, security updates, infrastructure changes, or emergency fixes.

We aim to maintain reliable service availability, but we do not guarantee uninterrupted operation unless a separate written service level agreement applies.

14. Third-Party Services and Data Sources

ASTERIA KYC may use third-party infrastructure, hosting providers, data sources, screening databases, analytics tools, communications tools, or operational vendors to support service delivery.

Third-party information may be incomplete, outdated, inaccurate, delayed, or unavailable. ASTERIA KYC is not responsible for the independent acts, omissions, or data accuracy of third-party providers except as required by applicable law or written agreement.

15. Fees and Payment

Where paid Services apply, fees, billing terms, payment methods, taxes, usage limits, and renewal terms may be set out in an order form, invoice, subscription agreement, service agreement, or commercial proposal.

Unless otherwise agreed in writing, fees are non-refundable to the maximum extent permitted by law. Customers are responsible for applicable taxes, duties, withholding, bank charges, and payment processing fees.

16. Suspension and Termination

We may suspend or terminate access to the Services if:

• you breach these Terms
• payment is overdue
• your use creates security, legal, regulatory, operational, or reputational risk
• we detect abuse, fraud, illegal activity, excessive load, or unauthorized access
• continued service provision may violate applicable law
• required information is not provided during onboarding or review
• we are required to do so by law, court order, regulator, or competent authority

Upon termination, your right to use the Services ends. Data handling after termination will be governed by applicable agreements, retention policies, legal obligations, and operational requirements.

17. Disclaimers

To the maximum extent permitted by law, ASTERIA KYC provides the Services on an "as is" and "as available" basis. We disclaim warranties of merchantability, fitness for a particular purpose, non-infringement, uninterrupted operation, error-free performance, legal sufficiency, regulatory approval, or guaranteed fraud detection.

The Services are not a substitute for legal advice, regulatory advice, compliance counsel, human review, or Customer-specific risk assessment.

18. Limitation of Liability

To the maximum extent permitted by law, ASTERIA KYC will not be liable for indirect, incidental, special, consequential, punitive, exemplary, or loss-of-profit damages, including loss of revenue, loss of business, loss of data, reputational harm, lost opportunity, service interruption, or regulatory penalties arising from Customer decisions.

Where liability cannot be excluded, ASTERIA KYC’s aggregate liability will be limited to the amount paid by the Customer for the relevant Services during the applicable period, unless a separate written agreement provides otherwise.

19. Indemnity

You agree to indemnify and hold harmless ASTERIA KYC from claims, damages, losses, liabilities, costs, and expenses arising from:

• your use of the Services
• your breach of these Terms
• your violation of law
• your processing of End User data without required authority
• your decisions based on Verification Results
• your integration, system, or security failure
• claims by End Users related to your onboarding, rejection, suspension, or account decisions

20. Governing Law and Dispute Resolution

These Terms are governed by the laws applicable to Asteria Limited (HK), unless a separate written agreement provides otherwise. Disputes should first be addressed through good-faith negotiation. If unresolved, the parties may pursue remedies through the competent courts or dispute resolution forum specified in an applicable written agreement.

21. Updates to These Terms

We may update these Terms from time to time to reflect changes in law, technology, operations, security practices, business requirements, or service features. Updated Terms will be posted on the website with a revised effective date. Continued use of the Services after an update means you accept the revised Terms.