Skip to main content
Didit Raises $2M and Joins Y Combinator (W26)
Didit
Didit
End User Terms for Identity Verification
Updated May 16, 2026 · didit.me/terms/identity-verification
Legal

End User Terms for Identity Verification

Updated: May 16, 2026

On this page

These End User Terms for Identity Verification (the "Terms") apply when you access or use any Didit-hosted verification flow, SDK, white-label experience, API-powered journey, mobile flow, questionnaire, or related tool used to verify identity, authenticate a person, assess fraud risk, or complete related compliance checks (collectively, the "Verification Services").

The organization that asks you to complete the verification is the "Customer". Didit provides the technology and related services used to perform the Verification Services. By starting, continuing, or completing a verification flow, or by clicking an acceptance or consent control where one is presented, you agree to these Terms.

Please also read our Privacy Policy and Verification Privacy Notice.

1. Who is involved in the verification

The parties involved in a Didit verification flow are usually:

  • You, the individual completing the verification;
  • The Customer, the company, institution, or organization that asked you to verify; and
  • Didit, the provider of the verification technology and supporting services.

In most verification flows:

  • the Customer decides why the verification is required, which checks are enabled, what happens if you do not complete the process, and how the results are used; and
  • Didit processes the data needed to perform the configured checks, provide the service, secure the platform, and support lawful compliance and fraud-prevention operations.

If the verification flow appears on a custom domain, with custom branding, or in a white-label environment, Didit may still be the underlying verification provider.

2. Eligibility and authority

You may only use the Verification Services if:

  • you are legally permitted to do so;
  • you are providing your own information, or you are authorized by law to act for another person;
  • the information and documents you provide are accurate, complete, current, and not misleading; and
  • your use of the Verification Services does not violate applicable law, the rights of another person, or the Customer's terms.

If you do not meet these conditions, you must not continue with the verification flow.

3. What the Verification Services may involve

Depending on the Customer's configuration, the Verification Services may involve one or more of the following:

  • capture or upload of identity documents;
  • extraction and validation of document data;
  • selfies, face images, video, liveness checks, face match, or other biometric analysis;
  • proof-of-address review;
  • phone or email verification;
  • questionnaires or declarations;
  • database checks, fraud checks, sanctions or watchlist screening inputs, and other risk signals;
  • manual review or re-submission requests.

Not every verification flow uses every feature. The Customer decides which checks are activated.

4. Your consents, disclosures, and permissions

By proceeding with the Verification Services, and by selecting any checkbox, button, or equivalent consent control presented to you, you acknowledge and agree that:

  • you have read the notices and disclosures shown to you before capture or upload;
  • Didit and the Customer may collect, use, disclose, store, review, and otherwise process your personal data to perform identity verification, fraud prevention, security, and compliance functions;
  • where the workflow includes biometric verification, Didit and the Customer may process your biometric data, including data derived from scans of facial geometry, selfie images, and liveness captures, where permitted by law and supported by the relevant legal basis;
  • you authorize the use of your device permissions, including camera access and, where applicable, microphone or other capture permissions required by the configured verification steps; and
  • you understand that the Customer should also provide its own privacy notice and any disclosures required by law, especially in white-label or API-based verification journeys.

If a flow requires explicit consent by law or by Customer choice, you must provide that consent before proceeding. Pre-ticked boxes or passive acceptance are not intended to replace a legally required affirmative action where such action is required.

5. If you do not want to continue or provide biometric data

You may choose not to continue with a verification flow. However:

  • the Customer may be unable to provide the requested service, access, payment, onboarding, or account functionality without successful verification; and
  • if biometric verification is part of the configured workflow, the Customer may or may not offer an alternative verification method, depending on the Customer's policies and applicable law.

Questions about alternative verification methods should be directed to the Customer.

6. Accuracy, cooperation, and truthful use

You agree to:

  • provide truthful, complete, and current information;
  • upload documents and images that belong to you or that you are lawfully authorized to use;
  • follow the instructions shown in the verification flow;
  • allow sufficient access to your device, camera, browser, and network to complete the requested checks; and
  • re-submit information if the Customer or Didit asks you to do so because the prior submission was incomplete, unreadable, expired, inconsistent, or potentially fraudulent.

You must not:

  • impersonate another person;
  • upload forged, altered, manipulated, or stolen documents;
  • tamper with the Verification Services;
  • use automation, scraping, reverse engineering, overlays, or other tools to interfere with the verification flow; or
  • try to bypass fraud, liveness, or security controls.

7. Device, network, telecom, and third-party data

To operate the Verification Services, Didit and the Customer may use:

  • device, browser, IP, language, location, and security telemetry;
  • information embedded in the documents, images, videos, or files you upload;
  • third-party sources, public records, or fraud-prevention data providers where permitted by law; and
  • where applicable, data made available by mobile network or telecom providers for fraud prevention, identity verification, or account integrity purposes.

The exact data sources used depend on the configured workflow and the Customer's integration choices.

8. Verification outcomes, automation, and manual review

Didit may use automated systems and human review to assess authenticity, liveness, consistency, fraud indicators, and related risk factors. Verification outputs may include:

  • approval, rejection, warning, review, or resubmission outcomes;
  • extracted document data;
  • risk or fraud signals;
  • audit information; and
  • supporting media or review notes, depending on the Customer's integration.

Except where Didit expressly states otherwise in a specific service, Didit generally provides verification technology and supporting analysis, while the Customer remains responsible for the decision about whether to approve, reject, onboard, pay, authenticate, or otherwise transact with you.

9. Repeat checks and resubmission

If the Customer enables prior document reuse, repeat checks, or ongoing monitoring, your previously submitted data may be used again or compared against later submissions where permitted by law and described in the relevant notices.

You may also be asked to repeat a step or provide updated materials if:

  • your document has expired or is no longer acceptable;
  • a previous submission was incomplete or could not be verified;
  • the Customer changes its verification requirements; or
  • a new legal, fraud, or risk review is required.

10. Privacy and data handling

Your use of the Verification Services is also governed by:

Depending on the workflow configuration, the Customer may receive the data you submit, the verification results, supporting evidence, fraud signals, or a combination of those outputs.

Didit does not sell, lease, or trade biometric identifiers or biometric information.

If you want to exercise privacy rights relating to a specific verification session, you should generally contact the Customer first. If Didit receives a request directly in a processor context, Didit may direct or forward that request to the Customer where appropriate.

11. Third-party services

The Verification Services may involve or interact with third-party technologies, hosting providers, communications providers, databases, public authorities, identity data providers, or other service providers. Those parties may process data where necessary to help Didit and the Customer provide the Verification Services lawfully and securely.

Didit is not responsible for the independent acts or omissions of third-party websites, devices, app stores, browsers, or services that are not under Didit's control.

12. Availability, suspension, and service changes

Didit may suspend, limit, or stop a verification flow where necessary to:

  • protect security or prevent abuse;
  • comply with law or lawful requests;
  • investigate fraud or suspicious activity;
  • address technical failures; or
  • support the Customer's configured controls.

The Customer may also suspend or terminate your ability to continue using its service or onboarding flow based on its own policies and the verification outcome.

Didit may update these Terms from time to time. Material changes become effective when posted or otherwise communicated where required by law.

13. Intellectual property

Didit and its licensors retain all rights, title, and interest in the Verification Services, including all software, workflows, content, designs, models, trademarks, and related intellectual property, except for your personal data and other rights that cannot be excluded under applicable law.

You receive no ownership rights in the Verification Services. You may use them only for the limited purpose of completing the requested verification.

14. Disclaimers

To the fullest extent permitted by law:

  • the Verification Services are provided on an "as is" and "as available" basis;
  • Didit does not guarantee that every document, image, identity claim, or transaction will be accepted or approved;
  • Didit does not guarantee uninterrupted or error-free operation; and
  • results may depend on the quality of your documents, images, device, lighting, connectivity, and the Customer's configured rules.

Nothing in these Terms limits any rights that cannot be waived under mandatory law.

15. Limitation of liability

To the fullest extent permitted by law, Didit will not be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, or for any loss of profit, revenue, data, goodwill, or business opportunity arising out of or relating to the Verification Services.

To the fullest extent permitted by law, Didit's aggregate liability arising out of or relating to these Terms or the Verification Services will not exceed EUR 1,000.

These limitations do not apply to liability that cannot be limited or excluded under mandatory law.

16. Governing law

Unless mandatory local law requires otherwise, these Terms are governed by the laws of Spain, without regard to conflict-of-law principles.

17. Contact

If you have questions about these Terms, contact:

Didit Identity Spain, S.L. — CIF B22929327 · Calle Nápoles 227, P. 1, 08013 Barcelona, Spain
Didit Identity, Inc. — EIN 39-2860573 · 1111B S Governors Ave STE 34855, Dover, Delaware 19904, United States
© 2026 Didit · legal@didit.me · privacy@didit.me · security@didit.me · didit.me/terms/identity-verification

Have questions about a specific document?

Email legal@didit.me, privacy@didit.me, or security@didit.me — or message us on WhatsApp. We route you to the right contact.

Talk to us
Ask an AI to summarise this page