Skip to main content
Didit Raises $2M and Joins Y Combinator (W26)
Didit
Didit
Master Services Agreement
Updated May 16, 2026 · didit.me/terms/master-services-agreement
Legal

Master Services Agreement

Updated: May 16, 2026

On this page

This Master Services Agreement ("MSA") is the framework agreement under which Didit provides identity and fraud-prevention infrastructure to Enterprise customers (the "Client") who sign one or more Order Forms referencing this MSA. The full self-serve contract — including the embedded Service Level Agreement (SLA) and Data Processing Agreement (DPA) — is at /terms/business. This MSA is offered as a standalone document for procurement teams that prefer a separate MSA / Order Form / DPA / SLA structure; in case of conflict, the order of precedence in Section 3 of this MSA governs.

1. Parties and contracting entity

This MSA is entered into between the Client identified in the applicable Order Form and the Didit entity that, under Section 16.6 (Governing Law and Jurisdiction), contracts with that Client:

  • Didit Identity Spain, S.L. — CIF B22929327, Calle Nápoles 227, P. 1, 08013 Barcelona, Spain. Contracts with Clients established in the European Union, European Economic Area, United Kingdom, Switzerland, and Latin America.
  • Didit Identity, Inc. — EIN 39-2860573, 1111B S Governors Ave STE 34855, Dover, Delaware 19904, United States. Contracts with Clients established in the United States, Canada, Asia-Pacific, the Middle East, and all other jurisdictions not allocated to Didit Identity Spain, S.L.

All formal notices to Didit are sent to legal@didit.me.

2. Scope of the Services

Didit provides the identity and fraud infrastructure platform described at `didit.me`, the Business Console at `business.didit.me`, the public APIs documented at `docs.didit.me`, the Software Development Kits (SDKs) for Web, iOS, Android, React Native, and Flutter, the Model Context Protocol (MCP) server, and any product line Didit makes available — including User Verification (KYC), Business Verification (KYB), Transaction Monitoring, and Wallet Screening (KYT) (collectively, the "Services"). The Services available to the Client at any time, and any commercial terms specific to the Client, are described in the relevant Order Form.

3. Order of precedence

In case of conflict between the documents that form the agreement between the Parties, the following descending order of precedence applies:

  1. The signed Order Form between the Parties.
  2. The Data Processing Agreement (DPA) signed by the Parties (or, if none is separately signed, Annex 2 of /terms/business).
  3. This Master Services Agreement.
  4. The Service Level Agreement (SLA) at /terms/service-level-agreement (or, if the Order Form names a specific SLA, that SLA).
  5. Any other policy or annex expressly incorporated by reference.

4. Term and termination

4.1 Term. This MSA starts on the Effective Date stated in the first Order Form between the Parties and continues until every Order Form has expired or been terminated.

4.2 Termination for convenience. Unless the Order Form says otherwise, either Party may terminate any Order Form on thirty (30) days' written notice; the Client forfeits unused prepaid Credits except where the termination is by Didit for convenience, in which case Didit refunds the unused Credits.

4.3 Termination for cause. Either Party may terminate immediately if the other Party (a) materially breaches the agreement and fails to cure within thirty (30) days of written notice, or (b) becomes insolvent or enters into an equivalent proceeding. Didit may suspend or terminate immediately if the Client uses the Services unlawfully, in breach of Section 5, or in a way that compromises the security or integrity of the Services.

4.4 Effect of termination. Sections that by their nature should survive (Intellectual Property, Confidentiality, Liability, Indemnification, Governing Law) survive termination.

5. Client obligations and use restrictions

The Client agrees to: (a) use the Services in compliance with all applicable laws and regulations, including data-protection, anti-money-laundering, and counter-terrorist-financing laws; (b) obtain and maintain every notice, consent, and authorization required from End Users for Didit to process their personal data (including biometric data, where applicable); (c) protect the confidentiality of its Access Credentials; (d) ensure the accuracy of Client Data; and (e) not (i) reverse-engineer the Services, (ii) build a competing identity-verification service using the Services, (iii) use Verification results or Client Data to train AI/ML models without Didit's prior written consent, (iv) abuse the free or trial plan by creating multiple organizations or accounts, or (v) interfere with the security or operation of the Services.

6. Fees and payment

6.1 Prepaid Credits. Unless an Order Form specifies otherwise, the Services are paid for through prepaid Credits denominated in USD; Credits do not expire. Charges accrue per completed Verification Feature.

6.2 Order-Form pricing. The Order Form may specify volume commitments, custom pricing, invoicing terms, and payment terms that prevail over the standard pay-as-you-go model.

6.3 Failed payments. Three consecutive failed automatic charges, or non-payment of an invoice past its due date, allow Didit to suspend the Services or terminate this MSA in accordance with Section 4.

6.4 Taxes. Prices exclude taxes (VAT, sales tax, withholding) and processor fees, which are the Client's responsibility.

7. Intellectual property

Didit (and its licensors) retain all rights in the Services and Documentation. The Client retains all rights in Client Data. The Client grants Didit a worldwide, non-exclusive, royalty-free license to process Client Data solely to provide and improve the Services in accordance with the DPA. Feedback the Client provides may be freely used by Didit.

8. Confidentiality

Each Party will protect the other Party's Confidential Information with at least the same degree of care it uses to protect its own (and never less than reasonable care), and will use it solely to perform this MSA. Confidentiality survives for five (5) years from termination, or longer for trade secrets.

9. Data protection

Processing of personal data on behalf of the Client is governed by the DPA. The DPA addresses lawful basis, sub-processors, international transfers, security measures, breach notification, audit rights, and deletion / return of data. The DPA also governs Didit's processing of anonymized or pseudonymized data for model training and fraud-detection purposes as Independent Controller, including the opt-out path (delete the underlying record via the API or the Business Console, or email privacy@didit.me).

10. Warranties and disclaimer

Didit warrants that the Services will be provided in a professional manner and substantially in accordance with the Documentation. Except for the warranties expressly stated in this MSA, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE", and Didit disclaims all implied warranties (merchantability, fitness for a particular purpose, non-infringement) to the maximum extent permitted by law. Didit does not warrant the truth of any identity claim or the absence of fraud; verification results support, but do not replace, the Client's decision-making.

11. Limitation of liability

To the maximum extent permitted by law, Didit's total cumulative liability under this MSA shall not exceed the amount of fees actually paid by the Client to Didit in the twelve (12) months preceding the event giving rise to the claim. Neither Party is liable for indirect, incidental, special, consequential, exemplary, or punitive damages, or for lost profits, revenue, data, or goodwill. The cap does not apply to (a) breach of confidentiality, (b) gross negligence or willful misconduct, (c) infringement of the other Party's intellectual property, or (d) the Client's payment obligations.

12. Indemnification

12.1 Didit indemnifies the Client against third-party claims that the Services, as provided by Didit and used in accordance with this MSA, infringe a patent, copyright, or trademark of the third party. The indemnity does not apply to claims arising from (a) the Client's use of the Services in combination with non-Didit software, hardware, or data; (b) modification of the Services by a non-Didit party; or (c) use of outdated versions where a non-infringing version was available.

12.2 The Client indemnifies Didit against claims arising from (a) breach of Section 5, (b) End-User or third-party claims related to the Client's collection or processing of personal data or its decisions based on Verification results, (c) Client Data infringing third-party rights, and (d) Client use of the Services in breach of applicable law.

13. Insurance

Didit maintains commercial general liability, professional liability (errors and omissions), and cyber-liability insurance with reputable insurers, in amounts and on terms appropriate to its operations. Certificates of insurance are available on request.

14. Compliance with sanctions and export controls

The Client represents that neither it nor its Authorized Users are subject to sanctions or embargoes imposed by the European Union, the United States, the United Kingdom, or other competent authorities, and that the Services will not be used for any purpose prohibited by sanctions or export-control laws.

15. Publicity

The Client agrees that Didit may use the Client's name and logo in Didit's marketing materials and customer list, unless the Client opts out in writing in the Order Form.

16. General provisions

16.1 Force majeure. Neither Party is liable for delay caused by events beyond its reasonable control.

16.2 Modifications. Didit may modify this MSA on thirty (30) days' notice; the Client may terminate before the effective date if it does not agree.

16.3 Assignment. The Client may not assign without Didit's prior written consent; Didit may assign to an affiliate or in connection with a merger or sale of assets.

16.4 Severability. Invalid provisions are limited to the minimum extent necessary; the rest of the MSA remains in force.

16.5 No waiver. Failure to enforce any right is not a waiver of that right.

16.6 Governing law and jurisdiction. As described in Section 1, the governing law and exclusive jurisdiction depend on the Client's place of establishment:

  • EU / EEA / UK / Switzerland / Latin America Clients contract with Didit Identity Spain, S.L.; the MSA is governed by the laws of Spain and the courts of Barcelona, Spain have exclusive jurisdiction.
  • US / Canada / Asia-Pacific / Middle East and other Clients contract with Didit Identity, Inc.; the MSA is governed by the laws of the State of Delaware, USA, and the state and federal courts located in New Castle County, Delaware have exclusive jurisdiction.

Nothing in this Section deprives a consumer of the mandatory protections of the law of the country of its habitual residence. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

16.7 Entire agreement. This MSA, together with the applicable Order Form, DPA, SLA, and any policy expressly incorporated, constitutes the entire agreement between the Parties on the subject matter and supersedes all prior or contemporaneous communications.

16.8 Independent contractors. The Parties are independent contractors. This MSA does not create a partnership, joint venture, employment, franchise, or agency relationship.

16.9 Notices. Notices are valid when (a) delivered personally, (b) sent by registered mail with return receipt, (c) sent by email with confirmation of receipt, or (d) for general notices from Didit, posted in the Business Console or on the Website.

16.10 Survival. Sections 7, 8, 10, 11, 12, 13, 14, 15, 16, and any payment obligation accrued before termination survive termination of this MSA.

17. Contact

Didit Identity Spain, S.L. — CIF B22929327 · Calle Nápoles 227, P. 1, 08013 Barcelona, Spain
Didit Identity, Inc. — EIN 39-2860573 · 1111B S Governors Ave STE 34855, Dover, Delaware 19904, United States
© 2026 Didit · legal@didit.me · privacy@didit.me · security@didit.me · didit.me/terms/master-services-agreement

Have questions about a specific document?

Email legal@didit.me, privacy@didit.me, or security@didit.me — or message us on WhatsApp. We route you to the right contact.

Talk to us
Ask an AI to summarise this page