Legal

Terms of Service

These Terms of Service govern your use of the Veritas photo verification platform, APIs, SDKs, and related services provided by Veritas, Mumbai, India.

DPDP Rules 2025 CompliantMumbai JurisdictionRazorpay / Stripe Payments

Effective date: March 12, 2026Last updated: March 12, 2026

1. Acceptance of Terms 2. Definitions 3. Description of Service 4. Account Registration & Security 5. Subscription, Billing & Payments 6. Refund & Cancellation Policy 7. API & SDK Usage Terms 8. Acceptable Use Policy 9. Data Processing & DPDP Compliance 10. Intellectual Property 11. Limitation of Liability 12. Indemnification 13. Termination 14. Force Majeure 15. Governing Law & Dispute Resolution 16. General Provisions

1. Acceptance of Terms

By accessing or using the Veritas photo verification platform, APIs, SDKs, dashboard, documentation, or any related services (collectively, the "Service"), you agree to be bound by these Terms of Service ("Terms"). If you are entering into these Terms on behalf of an organisation, you represent and warrant that you have the authority to bind that organisation to these Terms.

If you do not agree to these Terms, you must not access or use the Service. These Terms constitute a legally binding agreement between your organisation ("Customer", "you") and the operator of the Veritas platform, based in Mumbai, Maharashtra, India ("Veritas", "we", "us").

We may update these Terms from time to time. Material changes will be communicated via email to your registered account address at least 30 days before they take effect. Continued use of the Service after such notice constitutes acceptance of the updated Terms. If you do not agree with the changes, you may terminate your account before the changes take effect.

2. Definitions

The following definitions apply throughout these Terms:

•"Service" means the Veritas photo verification platform, including the marketing website (veritas.in), the dashboard (dashboard.veritas.in), REST API, Android SDK, and all related tools, features, and documentation

•"Customer" or "you" means the organisation or individual that creates an account and subscribes to the Service

•"User" means any individual authorised by the Customer to access the Service, including administrators, team members, adjusters, and field agents

•"Data Fiduciary" means the Customer, who determines the purpose and means of processing personal data through the Service, as defined under the DPDP Act, 2023

•"Data Processor" means Veritas, which processes personal data on behalf of and under the instructions of the Data Fiduciary, as defined under the DPDP Act, 2023

•"Data Principal" means the individual whose personal data is processed through the Service (e.g., insurance claimants, field agents)

•"Capture" means a single photo verification event through the SDK or web upload, including the photo, metadata, trust score, and all associated provenance data

•"Trust Score" means the numerical score (0-100) assigned to a Capture based on multi-signal analysis of device integrity, location, timing, motion, and provenance

•"Plan" means the subscription tier selected by the Customer (Free, Pro, Enterprise, or Whitelabel), which determines feature access, usage limits, and pricing

3. Description of Service

Veritas provides a photo verification platform designed for Indian enterprises, with a particular focus on insurance claims documentation, NBFC field verification, and regulated industry workflows. The Service includes:

•An Android SDK that captures photos with hardware-backed device attestation (StrongBox/TEE), GPS coordinates, timestamps, motion sensor data (IMU), and C2PA 2.1 content credentials

•A REST API for submitting, querying, verifying, and managing Captures programmatically, with nonce-based replay protection and rate limiting

•A web-based dashboard for reviewing Captures, managing team members and devices, configuring workflows, generating compliance reports, and exporting court-ready PDF/A documents

•Trust score computation based on multi-signal analysis including device integrity, GPS validation, cell tower cross-referencing, motion seal verification, duplicate detection, AI generation detection, and C2PA manifest validation

•Tamper-evident audit logging via a Merkle transparency log for every Capture and API interaction

•Compliance tooling including: erasure APIs with signed certificates, breach notification templates, DPDP-ready data exports, data residency certificates, and consent management

•Perceptual hash database for cross-enterprise duplicate detection (hashes only, never raw images)

The Service is provided on a subscription basis as described in the applicable Plan. Feature availability, usage limits, and SLA commitments vary by Plan. Detailed Plan comparison is available at veritas.in/pricing.

4. Account Registration & Security

•To use the Service, you must create an account with a valid business email address, full name, and organisation name. You represent that all registration information is accurate and current

•You are responsible for maintaining the confidentiality of your account credentials, API keys, and access tokens. Notify us immediately at support.veritas@gmail.com if you suspect unauthorised access

•You must not share account credentials or API keys with unauthorised individuals. Each User must have their own account

•Veritas is not liable for any loss or damage arising from unauthorised access to your account that results from your failure to safeguard your credentials

•We may suspend or terminate accounts that show signs of compromise, automated abuse, or credential sharing, after providing reasonable notice

•You must designate at least one account administrator who has authority to manage Users, API keys, and billing for your organisation

5. Subscription, Billing & Payments

This section governs all payment-related terms for the Service. By subscribing to a paid Plan, you agree to the following:

•Subscription Plans: The Service is offered in four tiers — Free, Pro (INR 2,999/month or INR 29,990/year), Enterprise (INR 29,999/month or INR 2,99,990/year), and Whitelabel (custom pricing). All prices are exclusive of applicable GST (currently 18%)

•Free Tier: The Free Plan provides limited access to the Service at no cost, with usage caps as described on the pricing page. No credit card is required. Veritas reserves the right to modify Free Plan limits with 30 days' notice

•Trial Period: Pro and Enterprise Plans include a 14-day free trial. No payment is charged during the trial. If you do not cancel before the trial ends, your selected Plan will activate and billing will commence automatically

•Billing Cycle: Paid subscriptions are billed in advance on a monthly or annual basis, depending on the billing frequency selected at checkout. Monthly billing occurs on the same calendar date each month. Annual billing occurs on the anniversary of your subscription start date

•Payment Methods: We accept UPI, credit cards (Visa, Mastercard, RuPay, American Express), debit cards, netbanking, and wallets via Razorpay. Enterprise and Whitelabel customers may pay via wire transfer, NEFT/RTGS, or purchase orders with NET-30 terms

•Payment Processing: All online payments are processed by Razorpay Software Private Limited (PCI-DSS Level 1 certified) and/or Stripe Payments India Private Limited. Veritas does not store, process, or have access to your full card number, CVV, UPI PIN, or netbanking password at any point

•Auto-Renewal: All paid subscriptions renew automatically at the end of each billing cycle unless cancelled at least 24 hours before the renewal date. You can cancel auto-renewal from the dashboard at any time

•Overage Billing: For metered features on the Pro Plan (captures, API calls, PDF exports, hash queries, AI detection), usage beyond the Plan limit is billed at the published overage rate. Overage charges are invoiced at the end of the billing cycle

•Taxes: All prices are exclusive of applicable taxes. GST at the prevailing rate (currently 18%) will be added to all invoices. If your organisation is GST-registered, please provide your GSTIN during checkout for proper tax documentation

•Invoice: A GST-compliant tax invoice is generated for every payment and available for download from the dashboard. Invoices are retained for 8 years per Indian tax law

•Late Payment: If payment fails, we will retry the charge up to 3 times over 7 days. If all retries fail, your account will be downgraded to the Free Plan after a 7-day grace period. You will not lose your data during the grace period, but access to paid features will be restricted

•Price Changes: We may modify pricing with 30 days' advance notice. Price changes take effect at the start of your next billing cycle. If you do not agree with the new pricing, you may cancel before the next cycle begins

•Currency: All prices are in Indian Rupees (INR). For international customers, payments are processed in INR and your bank's exchange rate applies

6. Refund & Cancellation Policy

For the complete Refund & Cancellation Policy, please visit our dedicated page. Key terms are summarised below:

•14-day free trial: No payment is taken during the trial. Cancel anytime during the trial at no cost

•Monthly subscriptions: You may cancel at any time. Access continues until the end of the current billing period. No refund for partial months

•Annual subscriptions: You may cancel at any time. A pro-rated refund for unused full months (minus the first 30 days) is available if requested within 30 days of the annual renewal. After 30 days, no refund — but access continues until the end of the annual term

•Refund requests: Email support.veritas@gmail.com with your organisation name, registered email, and reason for refund. Refunds are processed within 5-7 business days to the original payment method

•Data export: Upon cancellation, you have a 30-day grace period to export your data via the dashboard or API. After 30 days, data is deleted per our retention policy

•No refunds for: partial months, usage-based overage charges already consumed, add-on services already delivered (PDF exports, fraud reports), or accounts terminated for Terms violation

•For full details, see our Refund & Cancellation Policy at veritas.in/refund-policy

7. API & SDK Usage Terms

Access to the Veritas API and SDK is governed by the following terms:

•API keys are confidential. You are responsible for safeguarding all API keys, tokens, and credentials issued to your account. Veritas is not liable for unauthorised access resulting from compromised credentials that were not reported to us within 24 hours of discovery

•Rate limits apply per Plan tier. Exceeding documented rate limits will result in HTTP 429 responses with Retry-After headers. Persistent abuse (sustained attempts to exceed limits) may result in temporary suspension of API access after written warning

•You must not reverse-engineer, decompile, disassemble, or attempt to extract the source code of the Veritas API, SDK, or any component of the Service

•You must not use the Service to build a competing photo verification, provenance, or trust scoring product, or resell API access to third parties without a written reseller agreement

•You must not submit test, synthetic, or deliberately fraudulent data to production endpoints. Use the designated sandbox environment (api-sandbox.veritas.in) for development and testing

•All API calls are logged with timestamp, endpoint, response code, IP address, and authenticated user. Logs are retained for a minimum of 1 year per DPDP Rules 2025, Rule 6(1)(e)

•SDK integration must follow our published integration guidelines at docs.veritas.in. Modifications to SDK behaviour (hooking, patching, instrumentation, Frida injection) void all trust score guarantees and may result in account suspension

•The API and SDK are provided with a target availability of 99.5% (Pro) or 99.9% (Enterprise). SLA credits for downtime exceeding these targets are available for paid Plans as described in the SLA addendum

8. Acceptable Use Policy

You agree not to use the Service for any of the following purposes:

•Any activity that violates applicable Indian law, including the DPDP Act 2023, IT Act 2000, Indian Penal Code, or any sector-specific regulation (IRDAI, RBI, SEBI)

•Processing personal data without valid consent from the Data Principal or without a lawful basis under the DPDP Act

•Uploading, storing, or transmitting content that is obscene, defamatory, harassing, threatening, or that infringes the intellectual property rights of any third party

•Attempting to gain unauthorised access to any part of the Service, other accounts, or computer systems or networks connected to the Service

•Introducing malware, viruses, worms, Trojans, or any harmful code into the Service or any system connected to it

•Using the Service to facilitate fraud, identity theft, money laundering, or any other criminal activity

•Scraping, crawling, or using automated tools to extract data from the Service beyond what is available through the documented API

•Circumventing, disabling, or interfering with security features, rate limits, or access controls of the Service

•Submitting deliberately false or misleading data with the intent to manipulate trust scores or verification outcomes

•Using the Service for surveillance, tracking, or monitoring of individuals without their knowledge and consent

Violation of this Acceptable Use Policy may result in immediate suspension or termination of your account, without refund, and may be reported to relevant law enforcement authorities.

9. Data Processing & DPDP Compliance

Veritas acts as a Data Processor under the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the DPDP Rules, 2025. Your organisation acts as the Data Fiduciary. The following obligations apply:

•You are responsible for obtaining valid consent from Data Principals (claimants, adjusters, field agents) before using the Veritas SDK to collect their data. The SDK provides a configurable consent screen (Rule 3 compliant) to assist with this obligation

•You determine the purpose and scope of data processing. Veritas processes personal data strictly on your documented instructions as set forth in the Data Processing Agreement (DPA)

•All personal data is stored exclusively in Mumbai, Maharashtra, India. No data is transferred outside Indian jurisdiction. This satisfies DPDP Rules 2025, Rule 14

•You must execute the Veritas Data Processing Agreement (available at veritas.in/dpa) before processing personal data through the Service. The DPA constitutes the mandatory contract provision under Rule 6(1)(f)

•Erasure requests from Data Principals must be processed through your dashboard or via the Erasure API (DELETE /v1/captures/erase-by-principal). Veritas generates signed erasure certificates with Merkle proof of deletion

•In the event of a data breach, Veritas will notify your organisation within the timeline specified in the DPA (and in any case within 72 hours) and provide a pre-filled incident report for submission to the Data Protection Board of India (Rule 7)

•Security audit logs are retained for 1 year per Rule 6(1)(e) even after erasure of personal data, as disclosed in the consent notice

•You are responsible for complying with the DPDP Act's requirements regarding: appointment of a Data Protection Officer (if applicable), responding to Data Principal requests, maintaining consent records, and reporting breaches to the Data Protection Board

Failure to comply with your obligations as Data Fiduciary under the DPDP Act 2023 may result in penalties of up to INR 250 crore. Veritas provides tooling to assist with compliance but does not assume your Fiduciary obligations. The Service does not constitute legal advice.

10. Intellectual Property

•The Service, including all software, APIs, SDKs, algorithms, trust score methodologies, documentation, designs, Merkle log implementations, and fraud detection systems, is the exclusive intellectual property of Veritas, protected under Indian copyright, patent, and trade secret law

•Your subscription grants you a limited, non-exclusive, non-transferable, revocable licence to use the Service for your internal business purposes during the subscription term and in accordance with these Terms

•You retain all rights to the photo data and business data you submit through the Service. Veritas claims no ownership over your content. Upon termination, you may export all your data

•Veritas may use anonymised, aggregated usage data (not personal data or photo content) to improve the Service. Such data cannot be used to identify any individual, organisation, or specific Capture

•The Veritas name, logo, "Trust Layer" tagline, and product names are proprietary to the Veritas platform. You may not use these marks without prior written consent, except as necessary to identify your use of the Service in your own materials

•Feedback, suggestions, or feature requests you submit may be incorporated into the Service without obligation or compensation to you. By submitting feedback, you grant Veritas a perpetual, irrevocable, royalty-free licence to use it

11. Limitation of Liability

To the maximum extent permitted by applicable Indian law:

•The Service is provided on an "as is" and "as available" basis. We do not warrant that the Service will be uninterrupted, error-free, or free of harmful components, although we commit to the uptime SLA specified in your Plan

•Veritas's total aggregate liability for any claims arising from or related to the Service shall not exceed the fees actually paid by you to Veritas in the 12 months immediately preceding the event giving rise to the claim

•In no event shall Veritas be liable for indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, business opportunity, or goodwill, whether arising from contract, tort, or otherwise

•Veritas is not liable for decisions made by your organisation based on trust scores, verification results, fraud flags, or any output of the Service. Trust scores are advisory signals based on available sensor data, not determinative judgements. Final claim decisions remain the sole responsibility of the Data Fiduciary

•Veritas is not liable for the accuracy of GPS coordinates, device attestation signals, IMU data, or timestamps where inaccuracy results from device hardware, firmware, or operating system behaviour outside our control

•Veritas is not liable for service disruptions caused by: force majeure events, third-party infrastructure failures (Google Cloud, Razorpay), internet connectivity issues, or regulatory actions

•These limitations do not exclude or limit liability for: fraud, wilful misconduct, gross negligence, breach of data protection obligations, or any liability that cannot be excluded or limited under applicable Indian law

12. Indemnification

•You agree to indemnify, defend, and hold harmless Veritas, its officers, directors, employees, and agents from any claims, losses, damages, liabilities, and expenses (including reasonable legal fees) arising from: (a) your use of the Service in violation of these Terms; (b) your violation of the DPDP Act 2023 or any applicable law; (c) any third-party claims relating to personal data you process through the Service; (d) your failure to obtain valid consent from Data Principals

•Veritas will indemnify you against third-party claims that the Service, as provided by Veritas and used in accordance with these Terms, infringes any valid Indian patent, copyright, or trademark, provided that you: (a) promptly notify Veritas of the claim in writing; (b) give Veritas sole control of the defence; and (c) cooperate fully in the defence

•If the Service becomes the subject of an infringement claim, Veritas may, at its sole option: (a) modify the Service to be non-infringing while maintaining substantially equivalent functionality; (b) obtain a licence for your continued use; or (c) terminate the affected portion of the Service and refund prepaid fees on a pro-rata basis

13. Termination

•Either party may terminate these Terms by providing 30 days' written notice to the other party via email

•You may cancel your subscription at any time from the dashboard. Cancellation takes effect at the end of the current billing period. See Section 6 (Refund & Cancellation) for refund eligibility

•Veritas may suspend or terminate your access immediately, without prior notice, if: (a) you materially breach these Terms and fail to cure within 15 days of written notice; (b) you fail to pay fees within 30 days of the due date despite 2 payment reminders; (c) your use poses an imminent security risk to the Service or other customers; (d) required by law, court order, or regulatory authority

•Upon termination, you have a 30-day grace period to export your data via the dashboard or API. During this period, you retain read-only access to your data but cannot create new Captures

•After the 30-day grace period, Veritas will permanently delete your data in accordance with the retention policies set forth in the DPA and Privacy Policy. Signed erasure certificates will be generated for all personal data

•Termination does not release either party from obligations that accrued prior to termination, including: unpaid fees, indemnification obligations, confidentiality obligations, and data protection obligations

•Sections that by their nature should survive termination will survive, including: Definitions, Intellectual Property, Limitation of Liability, Indemnification, Governing Law, and any accrued payment obligations

14. Force Majeure

•Neither party shall be liable for failure or delay in performance of its obligations under these Terms to the extent caused by circumstances beyond its reasonable control ("Force Majeure Events")

•Force Majeure Events include, but are not limited to: natural disasters, pandemics, wars, terrorism, riots, government actions, sanctions, embargoes, internet or telecommunications failures, power outages, and third-party cloud infrastructure failures

•The affected party must notify the other party within 48 hours of becoming aware of the Force Majeure Event, describing its nature and expected duration

•If a Force Majeure Event continues for more than 60 consecutive days, either party may terminate the affected portion of the Service with pro-rata refund of prepaid fees

15. Governing Law & Dispute Resolution

•These Terms are governed by and construed in accordance with the laws of India, without regard to conflict of law principles

•The courts of Mumbai, Maharashtra, India shall have exclusive jurisdiction over any disputes arising from or related to these Terms

•Before initiating litigation, the parties agree to attempt resolution through good-faith negotiation for a period of 30 days from the date of written notice of the dispute

•If negotiation fails, disputes shall be resolved through binding arbitration under the Arbitration and Conciliation Act, 1996. The arbitration shall be conducted in English, seated in Mumbai, with a sole arbitrator mutually agreed upon by the parties (or appointed by the Mumbai Centre for International Arbitration if the parties cannot agree)

•The arbitral award shall be final and binding on both parties and may be enforced in any court of competent jurisdiction

•Nothing in this clause prevents either party from seeking interim or injunctive relief from a court of competent jurisdiction to prevent irreparable harm

•The United Nations Convention on Contracts for the International Sale of Goods (CISG) does not apply to these Terms

•If any provision of these Terms is held to be invalid or unenforceable, the remaining provisions shall continue in full force and effect

16. General Provisions

•Entire Agreement: These Terms, together with the Privacy Policy, DPA, Refund & Cancellation Policy, and any order forms or SOWs, constitute the entire agreement between you and Veritas regarding the Service and supersede all prior agreements and understandings

•Assignment: You may not assign or transfer these Terms without the prior written consent of Veritas. Veritas may assign these Terms in connection with a merger, acquisition, or sale of all or substantially all of its assets, provided the assignee agrees to honour these Terms

•Waiver: The failure of either party to enforce any right or provision of these Terms shall not constitute a waiver of such right or provision. Any waiver must be in writing and signed by the waiving party

•Notices: Legal notices must be sent via email to: Veritas — legal@veritas.in; Customer — the email address on file in the account. Notices are deemed received 24 hours after email transmission

•Independent Contractors: The parties are independent contractors. Nothing in these Terms creates a partnership, joint venture, agency, or employment relationship between the parties

•No Third-Party Beneficiaries: These Terms do not confer any rights on any third party. Data Principals may exercise their rights under the DPDP Act 2023 as described in our Privacy Policy but are not parties to these Terms

Veritas — Photo Verification Platform
Mumbai, Maharashtra, India
Email: support.veritas@gmail.com
Legal: legal@veritas.in

Terms of Service

Contents

1. Acceptance of Terms

2. Definitions

3. Description of Service

4. Account Registration & Security

5. Subscription, Billing & Payments

6. Refund & Cancellation Policy

7. API & SDK Usage Terms

8. Acceptable Use Policy

9. Data Processing & DPDP Compliance

10. Intellectual Property

11. Limitation of Liability

12. Indemnification

13. Termination

14. Force Majeure

15. Governing Law & Dispute Resolution

16. General Provisions

Related Documents

Terms of Service

Contents

1. Acceptance of Terms

2. Definitions

3. Description of Service

4. Account Registration & Security

5. Subscription, Billing & Payments

6. Refund & Cancellation Policy

7. API & SDK Usage Terms

8. Acceptable Use Policy

9. Data Processing & DPDP Compliance

10. Intellectual Property

11. Limitation of Liability

12. Indemnification

13. Termination

14. Force Majeure

15. Governing Law & Dispute Resolution

16. General Provisions

Related Documents