Terms of service

The agreement between you and Kiavi when you use our service.

Dernière mise à jour: 2026-05-08

These Terms of Service (the “Terms”) are entered into between Kiavi B.V., registered in the Netherlands under Chamber of Commerce (KvK) number 42042433 (“Kiavi”, “we”, “us”), and the natural or legal person who creates an account or is identified in an order form (the “Customer”, “you”). By creating an account, accepting these Terms in the management dashboard, or using the Service, you agree to be bound by these Terms. If you accept these Terms on behalf of a company or other legal entity, you represent that you have authority to bind that entity, and “Customer” refers to that entity.

1. Definitions

In these Terms:

  • “Service” means the hosted, multi-tenant authentication infrastructure that Kiavi makes available, including the per-tenant authentication instances, the management dashboard, the public APIs and SDKs, and the supporting infrastructure components, as further described in our documentation.
  • “End User” means a natural person who interacts with your application through the Service.
  • “Customer Data” means data, content, and configuration that you or your End Users submit to or generate within the Service, including End User authentication records.
  • “Documentation” means the technical and product documentation published by Kiavi at the documentation URL referenced above, as updated from time to time.
  • “DPA” means the Data Processing Agreement entered into between you and Kiavi, which forms part of these Terms.
  • “Order” means an order form, online checkout, or self-service signup through which you subscribe to the Service or to a paid tier.

2. Agreement and order of precedence

These Terms, together with the DPA, the privacy policy, the subprocessors list, the Documentation, and any Order, form the entire agreement between you and Kiavi for the Service (the “Agreement”). In the event of a conflict, the following order of precedence applies: (i) the DPA, with respect to the processing of personal data; (ii) any signed Order; (iii) these Terms; (iv) the Documentation. Marketing materials and pre-contractual representations not incorporated by reference are not part of the Agreement.

3. The Service

Kiavi provides the Service as a software-as-a-service offering. We will provide the Service in substantial conformity with the Documentation. We may modify, add, or discontinue features. We will not materially decrease the overall functionality of the Service during a paid subscription term without giving you reasonable advance notice and, where the change is materially adverse, a right to terminate as set out in section 13.

Subject to your compliance with the Agreement, Kiavi grants you a non-exclusive, non-transferable, non-sublicensable, worldwide right to access and use the Service during the term, solely for your internal business purposes and for the benefit of your End Users. The Service is provided “as a service” and not as a software licence; no source code or object code of the Service is licensed, delivered, or escrowed under the Agreement.

4. Account and security

You must provide accurate registration information and keep it up to date. You are responsible for all activity under your account, including activity by your personnel and by anyone you authorise to access the management dashboard or the public APIs. You must keep API keys, credentials, and signing material confidential and secure. You must notify us without undue delay of any suspected or actual unauthorised access to or use of your account at security@kiavi.eu.

5. Customer responsibilities

You are responsible for:

  • obtaining and maintaining all consents, authorisations, and lawful bases required for your collection, configuration, and processing of End User data through the Service;
  • configuring the Service correctly for your application, including authentication methods, redirect URIs, identity providers, allowed origins, and any custom user fields;
  • providing your End Users with appropriate notices and terms (including a privacy notice covering the processing performed through the Service);
  • handling End User support and, except where we are required to act, all communications with your End Users;
  • your applications, websites, and services that integrate with the Service, and for the security of the systems you operate.

6. Acceptable use

You may not, and you may not permit any End User to:

  • use the Service in violation of applicable law or to facilitate illegal activity, fraud, or infringement of third-party rights;
  • send unsolicited commercial communications or use the Service to deliver malware, ransomware, or other malicious code;
  • probe, scan, load-test, or attempt to compromise the Service, except as authorised in writing or under a published vulnerability disclosure programme;
  • circumvent rate limits, quotas, billing controls, or technical access controls, or share or resell access to the Service except as expressly permitted by the Agreement;
  • reverse engineer, decompile, or attempt to derive the source code of the Service, except to the extent such restrictions are prohibited by applicable law;
  • use the Service to build a product or service that is substantially similar to the Service or competes with it, or to benchmark the Service for the purpose of such a product;
  • process special categories of personal data (Art. 9 GDPR) or data relating to criminal convictions and offences (Art. 10 GDPR) through user profile fields or custom inputs, except as expressly agreed in writing.

7. End Users

You determine the purposes and means of processing End User data through the Service. You are solely responsible for the relationship with your End Users, including the lawfulness of their accounts, the content they submit, and any complaints they raise. We may, where we receive a request from an End User that identifies you as the relevant controller, decline to act on the merits and forward the request to you in accordance with the DPA.

8. Personal data and confidentiality

Our processing of personal data on your behalf is governed by the DPA, which is incorporated into the Agreement by reference. Our processing of personal data about you and your personnel as an independent controller is described in the privacy policy.

Each party will treat as confidential any non-public information disclosed by the other party that is marked or reasonably understood to be confidential (“Confidential Information”), and will use it only to perform the Agreement. The receiving party will protect Confidential Information using the same degree of care it uses for its own confidential information of like importance, and in any event no less than a reasonable standard of care. These obligations do not apply to information that is or becomes publicly available without breach, was already known without confidentiality obligations, is independently developed, or is rightfully received from a third party. The receiving party may disclose Confidential Information where required by law or court order, provided it gives the disclosing party reasonable prior notice where lawful.

9. Fees, taxes, and payment

Usage fees are charged monthly in arrears at the rates published on the pricing page or set out in your Order. Optional infrastructure warmup tiers are charged in advance for the period selected. Fees are stated exclusive of VAT and any other applicable taxes, levies, or duties, which are added at the rate in force at the time of invoicing and are payable by you. You are responsible for providing valid billing details and a valid VAT number where applicable.

Invoices are due within 14 days of the invoice date unless an Order specifies otherwise. We may charge statutory commercial interest on overdue amounts and recover reasonable collection costs. We may suspend or terminate paid Service components if undisputed amounts remain unpaid more than 30 days after the due date, in accordance with section 12. You must notify us of any good-faith dispute in writing within 30 days of the invoice date; undisputed amounts remain payable.

Except where required by mandatory law (including statutory withdrawal rights for consumers, where applicable), fees are non-refundable. We may change the published prices on at least 30 days’ prior notice, effective at the start of the next billing period; if a price increase materially and adversely affects you, you may terminate the affected component effective on the price change date by written notice given before that date.

10. Beta features

We may make pre-release, alpha, beta, preview, or experimental features available (each a “Beta Feature”). Beta Features are provided “as is” and “as available”, may be changed or withdrawn at any time, are excluded from any service-level commitments, and are excluded from any express warranty in the Agreement. Use of a Beta Feature is at your discretion and risk.

11. Service availability and support

We aim for high availability of the Service and operate it on resilient EU-hosted infrastructure described on the security page. Specific service-level commitments (uptime targets, response times, and remedies) apply only where expressly stated in your Order or in a separate service-level document. Standard support is provided by email at support@kiavi.eu during normal business hours; enhanced support, where included with a paid tier, is described in the corresponding tier’s documentation or Order.

Planned maintenance windows are announced in advance through the management dashboard or by email. We may carry out emergency maintenance without prior notice where necessary to preserve the security or integrity of the Service.

12. Suspension

We may suspend your access to all or part of the Service, without liability, if (a) you materially breach the Agreement (including section 6) and have not cured the breach within a reasonable period after notice, (b) undisputed fees are more than 30 days overdue, (c) your use of the Service poses a security risk, threatens the integrity or performance of the Service, or exposes us or other customers to liability, or (d) we are required to do so by law or by a binding order of a competent authority. Where reasonably practicable and not prohibited by law, we will give you prior notice of the suspension and an opportunity to cure. We will restore access promptly once the cause of suspension is resolved.

13. Term and termination

The Agreement starts when you first accept these Terms or use the Service and continues until terminated. Subscriptions to paid tiers (including warmup tiers) renew automatically for successive billing periods unless either party gives notice of non-renewal in the management dashboard before the end of the then-current period.

Either party may terminate the Agreement for convenience by giving the other party at least 30 days’ prior written notice. Either party may terminate the Agreement immediately on written notice if the other party (a) commits a material breach that is not cured within 30 days after written notice describing the breach, (b) becomes insolvent, makes a general assignment for the benefit of creditors, files a petition in bankruptcy, or undergoes the appointment of a receiver or similar officer, or (c) ceases to operate in the ordinary course. Kiavi may additionally terminate the Agreement immediately where required to do so by law.

14. Effects of termination

On termination, your right to access and use the Service ends, and any fees accrued up to the effective date of termination become immediately due. You may export Customer Data through the management dashboard and the public APIs at any time during the term and for 30 days after termination. We will then delete Customer Data in accordance with the DPA. Provisions that by their nature are intended to survive termination (including sections 1, 8, 9 with respect to accrued fees, 14, 15, 16, 17, 18, 19, 22, 24, and 25) survive.

15. Intellectual property

As between the parties, Kiavi (and its licensors) retains all right, title, and interest in and to the Service, the Documentation, all related software, designs, and trademarks, and all improvements, modifications, and derivative works thereof. No rights are granted to you except those expressly set out in the Agreement.

As between the parties, you retain all right, title, and interest in and to Customer Data. You grant Kiavi a non-exclusive, worldwide, royalty-free licence to host, copy, transmit, display, and otherwise process Customer Data solely as necessary to provide the Service, to comply with your instructions, and to comply with law.

If you submit suggestions, ideas, or feedback to us about the Service (“Feedback”), you grant us a perpetual, irrevocable, worldwide, royalty-free, sublicensable licence to use the Feedback for any purpose, without obligation or attribution. Open-source components incorporated into the Service are licensed under the terms of the applicable open-source licences, which prevail over these Terms with respect to those components.

16. Warranties

Each party warrants that it has the legal authority to enter into the Agreement. Kiavi warrants that, during the term, the Service will perform in substantial conformity with the Documentation. Your sole and exclusive remedy, and Kiavi’s sole and exclusive liability, for breach of this warranty is, at Kiavi’s option, to (a) re-perform or correct the affected portion of the Service or (b) terminate the affected portion of the Service and refund any pre-paid fees attributable to the unused portion of the affected Service following the date of the failure.

17. Disclaimers

Except as expressly stated in section 16, and to the maximum extent permitted by applicable law, the Service is provided “as is” and “as available”, and Kiavi disclaims all warranties, conditions, and representations, whether express, implied, or statutory, including any warranty of merchantability, fitness for a particular purpose, non-infringement, or that the Service will be uninterrupted, error-free, or secure against every conceivable threat. Kiavi does not warrant the availability or behaviour of any third-party identity provider or other third-party service that you choose to integrate.

18. Indemnification

Kiavi will defend you against any third-party claim alleging that the Service, as provided by Kiavi and used in accordance with the Agreement, infringes a third party’s intellectual property right, and will indemnify you against damages finally awarded against you, or amounts agreed in a settlement approved by Kiavi in writing. Kiavi has no obligation under this section to the extent the claim arises from (a) Customer Data, (b) your or your End Users’ use of the Service in breach of the Agreement, (c) your modifications to the Service, or (d) the combination of the Service with anything not provided by Kiavi where the claim would have been avoided without that combination. If the Service is, or in Kiavi’s reasonable opinion is likely to be, the subject of an infringement claim, Kiavi may, at its option, (i) procure the right for you to continue using the Service, (ii) modify or replace it so it is non-infringing, or (iii) terminate the affected portion of the Service and refund pre-paid, unused fees for that portion. This section sets out Kiavi’s entire liability and your sole remedy for any third-party intellectual property claim.

You will defend Kiavi against any third-party claim arising out of (a) Customer Data, (b) your or your End Users’ use of the Service in breach of the Agreement or applicable law, or (c) your application or services that integrate with the Service, and will indemnify Kiavi against damages finally awarded, or amounts agreed in a settlement approved by you in writing.

Each party’s indemnity obligations are conditional on the indemnified party (i) promptly notifying the indemnifying party of the claim, (ii) giving the indemnifying party sole control over the defence and settlement (provided that no settlement may impose obligations on the indemnified party without its consent, not to be unreasonably withheld), and (iii) providing reasonable cooperation at the indemnifying party’s expense.

19. Limitation of liability

To the maximum extent permitted by applicable law, neither party will be liable to the other for any indirect, incidental, special, consequential, exemplary, or punitive damages, or for any loss of profits, revenue, goodwill, business opportunity, or anticipated savings, however caused and on any theory of liability, even if advised of the possibility of such damages.

Each party’s aggregate liability arising out of or in connection with the Agreement, whether in contract, tort (including negligence), strict liability, or otherwise, is limited to the total fees paid or payable by you to Kiavi under the Agreement in the 12 months immediately preceding the event giving rise to the liability.

The limitations and exclusions in this section do not apply to (a) liability that cannot be excluded or limited under applicable law (including, where applicable, liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, or wilful misconduct), (b) your obligation to pay fees due under the Agreement, or (c) either party’s indemnity obligations under section 18.

20. Force majeure

Neither party is liable for any failure or delay in performance (other than your obligation to pay fees that have accrued) caused by events beyond its reasonable control, including acts of God, war, terrorism, civil unrest, labour disputes, epidemics or pandemics, government action, network or power failures outside the affected party’s infrastructure, or failures of upstream providers. The affected party will notify the other promptly and use reasonable efforts to resume performance. If the event continues for more than 60 consecutive days, either party may terminate the affected portion of the Service by written notice.

21. Changes

We may update these Terms from time to time. For non-material changes (including clarifications, formatting changes, or changes required by law), the updated Terms take effect on the date stated at the top of this page. For material changes, we will give at least 30 days’ prior notice to the primary contact registered in the management dashboard or by an in-product notice; if you do not accept a material change, you may terminate the affected portion of the Service before the change takes effect, with a pro-rata refund of any pre-paid, unused fees for that portion. Continued use of the Service after the effective date constitutes acceptance of the updated Terms.

22. Subcontractors and assignment

Kiavi may engage subcontractors (including subprocessors as listed on the subprocessors page) to perform parts of the Service and remains responsible for their performance under the Agreement. Neither party may assign or transfer the Agreement without the other party’s prior written consent (not to be unreasonably withheld), except that either party may assign the Agreement, on written notice, to an affiliate or to a successor in connection with a merger, reorganisation, or sale of all or substantially all of its assets or equity. Any purported assignment in violation of this section is void.

23. Notices

Notices to Kiavi must be sent by email to legal@kiavi.eu. Notices to you will be sent to the primary contact email registered in the management dashboard or, where used in your Order, to the email address specified there. Notices are effective on receipt, except that notices sent by email outside normal business hours are deemed received at the start of the next business day in the recipient’s location.

24. Miscellaneous

The parties are independent contractors. The Agreement does not create a partnership, joint venture, agency, or employment relationship. Neither party may bind the other or hold itself out as having authority to do so. The Agreement is for the benefit of the parties only and creates no third-party beneficiary rights.

If any provision of the Agreement is held unenforceable, that provision will be modified to the minimum extent necessary to make it enforceable, or, if it cannot be modified, severed; the remaining provisions remain in full force. A failure or delay in exercising any right under the Agreement is not a waiver. The Agreement constitutes the entire agreement between the parties with respect to its subject matter and supersedes all prior or contemporaneous agreements, proposals, and communications, whether oral or written.

25. Governing law and jurisdiction

The Agreement, and any non-contractual obligations arising out of or in connection with it, are governed by the laws of the Netherlands, excluding its conflict of laws rules and excluding the United Nations Convention on Contracts for the International Sale of Goods. The courts of Amsterdam, the Netherlands, have exclusive jurisdiction over any dispute arising out of or in connection with the Agreement, subject to mandatory consumer-protection rules of the consumer’s country of residence where applicable.

26. Contact

Questions about these Terms can be sent to legal@kiavi.eu.