CommonAUTH Client Platform Terms of Service

Effective Date: March 30, 2025

These Client Platform Terms of Service ("Client Terms") govern the use of the CommonAUTH services ("Service") by third-party platforms or applications ("Client," "you," or "your") that integrate with CommonAUTH to provide authentication and authorization services to their end users ("End Users"). These Client Terms are entered into between you and QWYK iSoft, a dba of IWYNO Finworks LLC ("CommonAUTH," "we," "us," or "our"). By integrating with or using the Service, you agree to be bound by these Client Terms. If you do not agree, do not integrate with or use the Service.

1. Acceptance of Terms

By accessing, integrating with, or using the Service, you represent that you have read, understood, and agree to be bound by these Client Terms, including any additional terms and policies incorporated by reference. If you are entering into these Client Terms on behalf of a business or organization, you warrant that you have the authority to bind that entity, and "you" and "your" will refer to that entity.

2. Description of Service

CommonAUTH provides authentication and authorization services, including single sign-on (SSO), multi-factor authentication (MFA), password management, and social sign-in options, to enable End Users to sign in and sign up for your platform or application. You may integrate with the Service via APIs, SDKs, or other methods we provide, subject to these Client Terms and any separate agreement (e.g., API License Agreement).

3. Your Responsibilities

As a Client, you are solely responsible for the following:

A. Data Practices

  • You are responsible for your own collection, use, storage, and processing of End User data, including any data shared with you through the Service. CommonAUTH is not responsible for your data practices, privacy policies, or compliance with data protection laws (e.g., GDPR, CCPA) applicable to your platform or application.
  • You must obtain all necessary consents from End Users before sharing their data with CommonAUTH or using the Service on their behalf.
  • You must notify End Users that their authentication and authorization are handled by CommonAUTH and provide a link to our Privacy Policy and Terms of Service.

B. Security

  • You are responsible for securing your integration with the Service, including protecting any API keys, credentials, or other access mechanisms we provide. Any breach or unauthorized use of these mechanisms due to your negligence or failure to secure them is your sole responsibility.
  • You must implement and maintain industry-standard security measures (e.g., encryption, regular security audits) to protect End User data in your possession and prevent unauthorized access, disclosure, or use.

C. Compliance

  • You must comply with all applicable laws, regulations, and industry standards related to your platform, including but not limited to data protection, consumer protection, and intellectual property laws.
  • You are responsible for ensuring that your use of the Service complies with any restrictions or requirements in these Client Terms, our API documentation, and any additional agreements.
  • You must certify annually that your use of the Service complies with all applicable laws and regulations. Failure to comply may result in immediate termination of your access to the Service.

D. End User Support

  • You are solely responsible for providing support, customer service, and technical assistance to your End Users regarding your platform or application, including issues related to their use of your platform in conjunction with the Service.

E. Security Incidents and Notifications

  • You must immediately notify us in writing of any security breach, unauthorized access, or incident affecting the Service or End User data shared through the Service. You agree to cooperate fully with us in investigating and mitigating any such incident, including providing all necessary information and assistance.

F. Limitation on Sensitive Data

  • You may not send or process sensitive personal information (e.g., health data, financial account numbers, Social Security numbers) through the Service unless you have obtained our prior written consent and complied with all applicable laws. Any unauthorized processing of sensitive data is a material breach of these Client Terms.

4. CommonAUTH’s Responsibilities

CommonAUTH will:

  • Provide the Service as described in our documentation and agreements, subject to these Client Terms.
  • Maintain reasonable security measures to protect the Service and any data we process on your behalf, as outlined in our Privacy Policy.
  • Notify you of any material changes to the Service, these Client Terms, or our Privacy Policy that may affect your integration.

However, CommonAUTH is not responsible for your platform, your End Users, or any data or actions outside the scope of the Service we provide.

5. Security and Compliance Audits

We reserve the right to conduct periodic audits of your integration with the Service to ensure compliance with these Client Terms, security standards, and applicable laws. You agree to provide reasonable assistance and access to relevant records during such audits. If we determine that your use poses a risk to the Service or End Users, we may suspend or terminate your access without liability.

6. Intellectual Property

A. License to Use the Service

Subject to your compliance with these Client Terms, we grant you a limited, non-exclusive, non-transferable, revocable license to integrate with and use the Service solely for the purpose of authenticating and authorizing your End Users. This license does not include any right to copy, modify, distribute, or create derivative works of the Service or our intellectual property without our prior written consent.

B. Your Intellectual Property

You retain ownership of your platform, application, and any data you generate or collect. By integrating with the Service, you grant us a limited, non-exclusive, royalty-free license to use, store, and process your data solely to provide and improve the Service.

7. Data Sharing and Confidentiality

A. Data Shared by CommonAUTH

We may share with you only the minimum necessary data required to authenticate and authorize your End Users, such as a unique identifier or tokenized data (if End Users opt for data anonymization). We will not share sensitive personal information (e.g., passwords, social security numbers) unless required by law or explicitly authorized by you and the End User.

B. Your Responsibility for End User Data

You are solely responsible for any End User data you collect, store, or process, whether obtained through the Service or otherwise. You must not use End User data for any purpose other than providing your services, unless you have obtained explicit consent from the End User.

C. Confidentiality

Both parties agree to keep confidential any non-public information disclosed during the term of these Client Terms, including technical, business, or financial information. This obligation does not apply to information that is publicly available, independently developed, or required to be disclosed by law.

8. Limitation of Liability

TO THE EXTENT PERMITTED BY APPLICABLE LAW, COMMONAUTH SHALL NOT BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, OR USE, ARISING OUT OF OR RELATED TO YOUR USE OF THE SERVICE, WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR OTHERWISE, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

OUR TOTAL LIABILITY TO YOU FOR ANY CLAIM ARISING OUT OF OR RELATING TO THESE CLIENT TERMS OR THE SERVICE SHALL NOT EXCEED THE AMOUNT YOU PAID US FOR THE SERVICE IN THE PRECEDING 12 MONTHS, OR $100, WHICHEVER IS GREATER.

COMMONAUTH SHALL NOT BE LIABLE FOR ANY DAMAGES ARISING FROM YOUR FAILURE TO SECURE YOUR INTEGRATION, COMPLY WITH LAWS, OR PROTECT END USER DATA. YOU ACKNOWLEDGE THAT YOUR USE OF THE SERVICE IS AT YOUR OWN RISK, AND WE ARE NOT RESPONSIBLE FOR THE ACTIONS, OMISSIONS, OR DATA PRACTICES OF YOUR PLATFORM OR END USERS.

9. Disclaimer of Warranties

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT ANY WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR FREE FROM VIRUSES OR OTHER HARMFUL COMPONENTS.

YOU ACKNOWLEDGE THAT COMMONAUTH IS NOT RESPONSIBLE FOR YOUR PLATFORM, YOUR END USERS, OR ANY DATA PRACTICES, SECURITY MEASURES, OR LEGAL COMPLIANCE OUTSIDE THE SCOPE OF THE SERVICE WE PROVIDE.

10. Indemnification

You agree to indemnify and hold CommonAUTH, its affiliates, and their respective officers, directors, employees, and agents harmless from any claims, damages, losses, liabilities, costs, or expenses (including reasonable attorneys’ fees) arising out of or related to:

  • Your use of the Service in violation of these Client Terms.
  • Your breach of any applicable laws, regulations, or third-party rights.
  • Your failure to secure your integration, protect End User data, or comply with your own privacy policies or terms of service.
  • Any claims by your End Users or third parties related to your platform or application.
  • Any allegations that your platform, application, or use of the Service infringes on the intellectual property rights of any third party.

11. Termination

We may terminate or suspend your access to the Service at any time, with or without cause, and without notice, if you violate these Client Terms, fail to comply with applicable laws, or if we believe your use of the Service poses a risk to us, our users, or the Service. Grounds for termination include, but are not limited to, security breaches, repeated non-compliance, or misuse of the Service.

Upon termination, you must immediately cease all use of the Service and remove all CommonAUTH integrations from your platform. You may request a reasonable period (not to exceed 30 days) to retrieve any data processed through the Service that is necessary for your continued operations, subject to applicable laws. CommonAUTH is not responsible for any loss, corruption, or inability to use such data after termination, nor for your ability to transition to an alternative service.

12. Changes to Client Terms

We may update these Client Terms at any time to reflect changes in our practices, legal requirements, or other factors. We will notify you of any material changes via email or a prominent notice on our platform at least 30 days in advance. Your continued use of the Service after such changes constitutes your acceptance of the new Client Terms.

13. Governing Law and Dispute Resolution

These Client Terms shall be governed by and construed in accordance with the laws of the State of [Your State], without regard to its conflict of laws principles. Any disputes arising out of or related to these Client Terms or the Service shall be resolved exclusively through binding arbitration in [City, State], administered by the American Arbitration Association under its Commercial Arbitration Rules. The prevailing party shall be entitled to recover reasonable attorneys’ fees and costs.

14. Force Majeure

Neither party shall be liable for any failure or delay in performance under these Client Terms due to circumstances beyond its reasonable control, including but not limited to acts of God, war, terrorism, labor disputes, government actions, or third-party service failures. In such cases, the affected party’s obligations shall be suspended for the duration of the event.

15. Miscellaneous

  • These Client Terms constitute the entire agreement between you and CommonAUTH regarding your use of the Service and supersede all prior agreements.
  • If any provision of these Client Terms is found to be invalid or unenforceable, the remaining provisions will remain in full force and effect.
  • Our failure to enforce any right or provision of these Client Terms will not be considered a waiver of those rights.
  • You may not assign or transfer these Client Terms or any rights or obligations hereunder without our prior written consent. Any attempted assignment without consent is void.

16. Contact Us

If you have any questions about these Client Terms, please contact us using the contact us section of the QWYK iSoft website