Terms of Service
Last Updated: 18 August 2020
You hereby certify to CriticalBlue that you are at least 18 years of age. If you are accepting on behalf of a corporation or entity, you represent and warrant that: (i) you have full legal authority to bind such corporation or entity to these Terms; (ii) you have read and understood these Terms; and (iii) you agree to these Terms on behalf of the party that you represent. If you don’t have the legal authority to bind such party please do not click “Subscribe” (or similar button) that is presented to you. PLEASE NOTE THAT IF YOU SIGN UP FOR THE SERVICES USING AN EMAIL ADDRESS FROM A CORPORATION OR ENTITY, THEN (A) YOU WILL BE DEEMED TO REPRESENT SUCH PARTY, (B) YOUR ACCEPTANCE WILL BIND THAT CORPORATION OR ENTITY TO THESE TERMS, AND (C) THE WORD “YOU” IN THESE TERMS WILL REFER TO THAT CORPORATION OR ENTITY.
These Terms do not have to be signed in order to be binding. You indicate your assent to these Terms by clicking “Subscribe” (or similar button) at the time you register for the Services.
THESE TERMS CONSTITUTE A BINDING CONTRACT BETWEEN US AND GOVERN YOUR USE OF AND ACCESS TO THE SERVICES WHETHER IN CONNECTION WITH A PAID OR FREE TRIAL SUBSCRIPTION OF THE SERVICES.
These Terms are only in the English language.
The division of this agreement and the insertion of titles and headings are for convenience only and are not for purposes of interpretation.
The following definitions will apply in these Terms and any reference to the singular includes a reference to the plural and vice versa.
Active Device: is the unit by which the usage of the Services is measured. An Active Device is a mobile device on which a Registered App has been launched or is running. Each mobile device on which any Registered App has been launched is considered a separate Active Device for billing purposes.
An Active Device is measured per Registered App, therefore:
a person using a Registered App which has been launched on four different devices during the Billing Period will be counted as four separate Active Devices.
App Stores: online third-party data sites, services and sources, which may include, without limitation, Apple iTunes Connect, Google Play and other app stores, as well as digital distribution, advertising and monetization platforms.
Approov Failover Service: a backup system that is provided in the event that any point of the Approov attestation service should fail or be unreachable.
Approov Portal: there are three portals that are provided for subscribers to manage their use of the Services:
Approov CLI: the Approov Command Line Interface (CLI) tool is provided for subscribers to manage their use of the Services:
Billing Period: the period between the date on which the Services were first provided to you and the same date in the next month. If that date does not exist in any month (for example, the 31st), then the period shall be deemed to end on the last day of that month.
Client SDK: an SDK that is built into your Registered App which handles all of the work necessary to attest the Registered App and fetch a token.
Collected Data: all non-personal data collected by us when Registered Apps connect to the Approov server as part of the authentication protocol, or during the app registration process.
Confidential Information: any information that is not public knowledge and that is obtained from the other Party in the course of, or in connection with, the provision and use of the Services. Our Confidential Information includes Intellectual Property owned by us, including the Software. Your Confidential Information includes the Collected Data.
Force Majeure: an event that is beyond the reasonable control of a Party and is not caused by the negligence or intentional conduct or misconduct of such Party, and such Party has exerted all reasonable efforts to avoid or remedy such event.
Free Trial: a trial of the Services is offered for a limited period without charge to potential customers who have not used the Services before to enable them to evaluate the Services.
Monthly Active Devices (MADs): the number of unique Active Devices in a Billing Period.
Party or Parties: each of the parties to these Terms or both of them as the context may require.
Personal Data: information relating to a person who:
Registration Information: the information that you supplied when registering for the Services.
Registered App: a mobile application that you have submitted to the Approov registration process.
Registered Email Address: the email address that you supplied when registering for the Services. It is your responsibility to keep your email address valid and current to enable us to send account information to you.
Sites: the websites www.approov.io and www.criticalblue.com owned by CriticalBlue Limited.
Software: all software owned by us that is required to use the Services.
Subscription Term: the period during which you have agreed to subscribe to the Services.
The Services, Sites, and any Software used to provide the Services, (herewith known as Intellectual Property or “IP”) are the intellectual property and copyrighted work of CriticalBlue or third-party authors. All rights not expressly granted with respect to the IP are hereby reserved. CriticalBlue may modify (or cease providing) the IP at any time at our sole discretion, subject to the Terms.
Content owned by third parties (including, without limitation, logos or trademarks) shall not be used by you for any purpose. Unauthorized use of IP may violate copyright laws, trademark laws, the laws of privacy and publicity, and/or other regulations and statutes.
You agree not to copy, reproduce, sell, transfer, modify, publish, display, prepare derivative works from, reverse engineer, disassemble or decompile or exploit any portion of the Services, our IP, code, or third-party Content or IP without prior written consent from us or, upon our direction, from the respective owner of said material.
Subject to the Terms, we hereby grant you a worldwide, royalty-free, non-exclusive, term licence to use, copy and distribute the Software embedded into a Registered App, and worldwide, royalty-free, non-exclusive, licence to use the Approov Portal for the Subscription Term, solely for your own internal business purposes.
You hereby grant us a worldwide, royalty-free, non-exclusive, license to use, copy and distribute the Collected Data to the extent required to perform the Services and for our internal use to improve the Services.
For clarity, the foregoing license grant to us does not affect your ownership of or right to grant additional non-exclusive licenses to the material in your User Submissions, unless otherwise agreed in writing.
Furthermore, you understand that we retain the right to reformat, modify, create derivative works of, excerpt, and translate any User Submissions submitted by you. We shall own any such derivative works, excerpts or translations.
We reserve the right to remove any User Submissions from the Services at any time, for any reason. You, not us, remain solely responsible for all User Submissions that you upload, post, email, transmit, or otherwise disseminate using, or in connection with, the Services, and you warrant that you possess all rights necessary to provide such content to us and to grant us the rights to use such information in connection with the Services and as otherwise provided herein.
You hereby assign to us the full right title and interest in and to any suggestion, enhancement request, recommendation, correction or other feedback provided by you and other users relating to the operation of the Services.
As a condition of using the Services, you will be required to register. You agree to provide us with current, accurate and complete Registration Information. You agree not to omit or misrepresent any Registration Information and you agree to update such data to ensure that it is current, accurate and complete. Failure to do so shall constitute a breach of these Terms, which may result in immediate termination of your account. You authorize us to verify your Registration Information as required for you to use the Services.
Upon registration, you will be provided with access tokens (“Approov Management Tokens”). We reserve the right to refuse registration (or cancel an Approov Management Token) for any reason and in our sole discretion. You shall be responsible for maintaining the confidentiality of your Approov Management Tokens. You are allowed to share your Approov Management Tokens with members of your organization and affiliates, and you are fully, personally, and solely responsible for all activities that occur under your account. You agree to notify us immediately upon learning of any unauthorized use of your account or any other breach of security.
We may communicate with you via email using your Registered Email Address, or through our website regarding your account, system updates or other matters related to the Services. You cannot opt out of receiving emails from us regarding the administration and use of the Services during your Subscription Term. We will not send marketing emails to you without your explicit consent.
In connection with your use of the Services, you agree that you will not violate any local, state, provincial, national, or other law or regulation, or any order of a court; attempt to gain unauthorized access to any part of the Services or to any CriticalBlue computer systems or networks; infringe the rights of any person or entity, including, without limitation, their intellectual property, privacy, publicity or contractual rights; interfere with or damage any part of the Services, including, without limitation, through the use of viruses, bots, Trojan horses, harmful code, flood pings, denial-of-service attacks, packet or IP spoofing, forged routing or electronic mail address information or similar methods or technology; use scripts, bots, spiders, or other automated mechanisms to collect information or otherwise interact with the Services without CriticalBlue’s express written permission; or claim that CriticalBlue is endorsing or supporting your business, product or service without prior written approval by CriticalBlue.
The Services may provide links to third-party websites or access to third-party content, products and/or services (“Third-Party Sites and Content”). CriticalBlue is not responsible for such Third-Party Sites and Content; you bear all risks associated with the access and/or use of such Third-Party Sites and Content. THE SITES, SERVICES, CONTENT, AND ANY THIRD-PARTY SITES AND CONTENT ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS. CRITICALBLUE EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
We reserve the right to modify the Services and to release subsequent versions of the Services. You may be required to obtain and use the most recent version of the Services in order to maintain functionality.
Your Registered Apps MUST access the Services ONLY via the Client SDK.
The following provisions apply:
Subject to these Terms, we grant you a limited, personal, non-sublicensable, non-transferable, royalty-free, non-exclusive license to: (1) use our SDKs to build software applications (each, an “Application”) that communicate with the Services and (2) display our brand, logo and links to approov.io to promote or advertise your Approov integration.
You may not use our brand, logo or any links in any way that suggests, directly or indirectly, that you or the Registered App is sponsored, approved by, or affiliated in any way with CriticalBlue.
You agree to provide us with access to your Registered App and/or other materials related to your use of the Services as reasonably requested by us to verify your compliance with these Terms. CriticalBlue reserves the right to monitor your use of the Services and/or impose limits on certain features of the Services.
You agree to limit access to the Services (and any derived information) to employees involved in building your Registered App.
Except as expressly and unambiguously authorized under these Terms, you agree not to:
Violation of any of the foregoing is grounds for termination of your right to use or access the Services.
By using the Services, you expressly authorise us to access and grant us a licence to use your Collected Data subject to these Terms. For purposes of these Terms and to provide authentication data to you and authentication tokens to your Registered Apps as part of the Services, you hereby authorise us, appoint us as your agent and permit us to access, transmit, retrieve and use your Collected Data with the full power and authority to do and perform each action necessary in connection with such activities, as you could do in person. YOU ACKNOWLEDGE AND AGREE THAT WHEN WE ARE ACCESSING, TRANSMITTING, RETRIEVING AND USING COLLECTED DATA, WE ARE ACTING AS YOUR AGENT, AND NOT AS THE AGENT OF OR ON BEHALF OF A THIRD PARTY.
NOTWITHSTANDING THE FOREGOING, YOU FURTHER ACKNOWLEDGE AND AGREE THAT WE ARE NOT ACTING AS YOUR AGENT IF WE USE YOUR COLLECTED DATA TO GENERATE AND PROVIDE ESTIMATES OF APP AUTHENTICATIONS TO SUBSCRIBERS OF THE SERVICES.
You hereby acknowledge and consent to the use of your Collected Data in this manner by using the Services.
Your specific set of Collected Data will not be provided to any third party in an identifiable form without your consent, unless we conclude that it is required by law, such as to comply with applicable legislation, by any court of competent jurisdiction or by any regulatory or administrative body, or when we believe in good faith that disclosure is necessary to protect our rights, implement a change of control transaction, protect your safety or the safety of others, investigate fraud, or respond to a government request.
In addition to the foregoing, you hereby grant us a non-exclusive, worldwide, royalty-free, perpetual, irrevocable, sublicensable and transferable right to use your Collected Data for internal purposes to operate and improve our Services for you and other customers, and to build and operate new services and products.
Upon your request, we will delete your account and associated account information (such as your contact details, email addresses, etc.). While we will immediately cease any future collection of your Collected Data upon deletion of your account, any Collected Data that has already been included in the pool of data will be deleted at our earliest convenience.
CriticalBlue will store Collected Data for up to a year from the date of collection. You may request access to the data for tracking and auditing purposes. Please contact us at email@example.com with your request.
We have put in place appropriate security measures to prevent your Collected Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
All amounts and fees stated or referred to are in US dollars (USD) and are exclusive of VAT, which, where applicable, shall be added to your invoice(s) at the appropriate rate.
From time to time, we may offer trials of the Services for a specified period without payment (“Free Trial”). The Free Trial is available to new customers only. You may not register for multiple accounts in order to receive additional Free Trials. CriticalBlue may determine your eligibility for a Free Trial and reserves the right to modify the features of the Free Trial. We may terminate or suspend the Free Trial at any time without notice or liability, to the extent permitted under applicable law.
By entering a credit card number upon registration for the Services, you agree that our Third Party service providers may store your credit card information and you expressly authorize us to charge you applicable Subscription Fees on a recurring basis for the Services provided. You must ensure that your credit card will not be declined. If your credit card expires and you do not cancel the Services, you will remain responsible for paying the Subscription Fees, which will accrue until we receive notice of your cancellation of the Services.
Fees shall be calculated by reference to the total number of Monthly Active Devices per Registered App.
The minimum charge in a Billing Period is one hundred and ninety-eight (198) USD (“Minimum Fee”), this includes the first nine thousand nine hundred (9900) Monthly Active Devices. Additional Active Devices are charged at a rate of 0.02 USD for each Active Device per Registered App. We reserve the right to apply the minimum charge on a per app basis when there are five (5) or more Registered Apps active in your account with different package names but the total number of Monthly Active Devices is still below the minimum level of nine thousand nine hundred (9900).
Subscription Fees are calculated on the first day of the current Billing Period and are the sum of the Minimum Fee for the current Billing Period and the fees for any additional (above nine thousand nine hundred (9900)) Active Devices from the previous Billing Period.
Subscription Fees will be collected on or around the first day of the new Billing Period by recurring credit card payment from the credit card registered by you when signing up for the Services, unless an alternative method is agreed in writing by both Parties.
The Subscription Term is monthly, unless an alternative term is agreed in writing by both Parties.
We reserve the right to suspend or terminate these Terms, and your right to access and use the Services, if your account falls into arrears. If payment fails, we will contact you by email using your Registered Email Address. If the applicable invoice remains unpaid we will assume that you wish to cancel the Services and we will follow the termination process outlined in clause 12.1 after serving you fourteen (14) days notice via email.
Customised graphs are provided at the end of each Billing Period, reporting on the usage of the Services throughout the Billing Period. Upon receipt of your invoice you have fourteen (14) days to raise any billing queries or disputes with CriticalBlue.
CriticalBlue may offer additional Software features or services from time to time. These may be added to the Services provided by agreement between the Parties.
EXCEPT TO THE EXTENT AS OTHERWISE SET OUT HEREIN, THE SERVICES ARE PROVIDED “AS IS”. TO THE FULLEST EXTENT PROVIDED BY LAW, WE HEREBY EXCLUDE AND DISCLAIM ALL REPRESENTATIONS AND WARRANTIES, EXPRESS OR IMPLIED, RELATED TO THE SERVICES, INCLUDING, WITHOUT LIMITATION, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR THAT USE OF THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE.
You agree to indemnify and hold us, our directors, officers, employees and suppliers harmless to the fullest extent of applicable law from any claim, action, demand, loss, liability, damage, cost or expense (including, without limitation, legal fees) arising from or in connection with (i) your breach of these Terms, (ii) your violation of any laws or regulations or third-party rights (such as intellectual property or privacy rights), (iii) any content you have submitted to or through the Services or (iv) any dispute you have or may have with other users or any third party.
IN NO EVENT SHALL CRITICALBLUE BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, REVENUE, DATA OR USE, INCURRED BY YOU OR ANY THIRD PARTY, WHETHER IN AN ACTION IN CONTRACT OR TORT, ARISING FROM YOUR ACCESS TO, OR USE OF, THE SERVICES, ANY CONTENT, OR ANY THIRD-PARTY SITES AND CONTENT. APPLICABLE LAW MAY NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY OR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU. IN SUCH CASES, CRITICALBLUE'S LIABILITY WILL BE LIMITED TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW.
We attempt to have the Services available and operating effectively at most times but cannot guarantee that they will always be available. The Services may become unavailable for a number of reasons, including, without limitation, the performance of maintenance, the implementation of new software, in emergency situations and/or due to equipment or telecommunications failures. While we attempt to prevent any loss of data, we do not provide any guarantee against any loss of data, including, without limitation, any loss of data due to equipment or telecommunication failures. We do not guarantee complete accuracy in all aspects of the Services at all times. Features of the Services contingent on App Stores or third-party Service Providers are not guaranteed to always be available and are dependent on their technologies and policies.
YOU EXPRESSLY ACKNOWLEDGE THAT CRITICALBLUE DISCLAIMS ANY LIABILITY FOR DAMAGES INCURRED BY YOU AS A RESULT OF SANCTIONS IMPOSED BY THIRD PARTIES (INCLUDING, WITHOUT LIMITATION, SUSPENSION OF YOUR USE OF AN APP STORE) BECAUSE OF YOUR USE OF THE SERVICES. YOU AGREE THAT WE SHALL NOT BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY MODIFICATION, SUSPENSION, OR DISCONTINUANCE OF THE SERVICES. YOU AGREE THAT WE HAVE NO LIABILITY WITH RESPECT TO ANY APPLICATIONS YOU PUBLISH OR DISTRIBUTE.
Clause 10.1 will not apply to CriticalBlue’s liability under these Terms for any liability which cannot be excluded or limited by applicable law, including without limitation any liability for:
Each Party shall hold in confidence the Confidential Information of the other Party. Neither Party shall disclose any Confidential Information to any person other than its employees, agents or subcontractors and shall not use, unless expressly authorized, the Confidential Information of the other Party for any purpose other than where such disclosure is required for the performance of the Party’s obligations under these Terms. There is no obligation to maintain confidential information that is or becomes public knowledge or which is trivial or obvious. The obligations of confidentiality shall survive the expiration or termination of these Terms.
You may choose to terminate these Terms and your right to access and use the Services at any time, and for any reason, by informing us through the Approov Portal or by contacting us at firstname.lastname@example.org.
Upon termination of the Services, we offer a Transition Service where tokens will continue to be served for a maximum of ninety (90) days from the date of your last successful payment prior to the date of cancellation, provided that you have paid the Minimum Fee for at least one month. The Transition Service is limited to existing Registered Apps; you will not be able to register additional mobile applications after termination of the Services. While the Transition Service is active, no attestations will be performed; therefore your Registered Apps will continue to function but the software being used to access your API will not be authenticated.
Upon termination of these Terms, any fees that are outstanding will become immediately due and payable.
CriticalBlue may, in its sole discretion, terminate or limit your access to any part (or all) of the Services after giving you thirty (30) days written notice. To do this we will contact you by email using your Registered Email Address. You agree that CriticalBlue shall not be liable to you or any third party for any termination or limitation of your access to, or use of, the Services. No compensation is payable by us to you as a result of termination of these Terms for any reason.
Either Party may terminate these Terms and your right to access and use the Services if the other Party:
(a) breaches these Terms in a material way and the breach is not (i) rectified within thirty (30) days of receipt of notice in writing of such breach; or (ii) capable of being rectified; or (b) becomes insolvent, liquidated or bankrupt; has a receiver, administrator, liquidator appointed; becomes subject to any form or insolvency action or external administration or ceases to carry on business for any reason.
You may request a copy of your Collected Data, provided that (i) we receive your request within thirty (30) days of the date of termination of these Terms, and (ii) you pay our reasonable costs for providing that information. We will provide a copy of the Collected Data in a common electronic format.
CriticalBlue may, in its sole discretion, increase the Subscription Fees for the Services by giving at least thirty (30) days written notice. To do this we will contact you by email using your Registered Email Address. If you do not wish to pay the increased Subscription Fees, you may terminate these Terms and your right to access and use the Services by giving us notice of termination, provided the notice is received by us prior to the increase in Subscription Fees going into effect. Subject to applicable law, you accept the increased Subscription Fees by continuing to use the Services.
You agree that CriticalBlue shall not be liable to you or any third party for any variation to the pricing of the Services.
These Terms (including any document incorporated by reference into them) are the entire statement of the terms that govern your use of the Services. CRITICALBLUE MAY MODIFY THESE TERMS AT ANY TIME BY NOTIFYING YOU OF ANY CHANGE BY EMAIL. UNLESS STATED OTHERWISE, ANY CHANGE WILL TAKE EFFECT FROM THE DATE SET OUT IN THE NOTICE. YOU ACKNOWLEDGE AND AGREE THAT YOUR USE OF THE SERVICES FROM THE DATE ON WHICH THE TERMS ARE MODIFIED WILL CONSTITUTE YOUR ACCEPTANCE OF THOSE MODIFIED TERMS. If you do not wish to continue using the Services under the modified terms, you may unsubscribe from the Services through the Approov Portal or by contacting us. You must accept any modified terms if you wish to continue using the Free Trial. If you do not accept the modified terms you must cease using the Free Trial.
We provide the Services in accordance with the CriticalBlue Approov Service Level Agreement. Please contact us at email@example.com if you would like a copy of our Service Level Agreement.
These Terms and any dispute or claim arising out of or in connection with them or their subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of Scotland, and Scottish courts will have exclusive jurisdiction over any dispute, claim or controversy arising out of or relating to these Terms or the breach, termination, enforcement, interpretation or validity thereof.
If any provision of these Terms is determined to be unenforceable or invalid for any reason whatsoever, in whole or in part, such invalidity or unenforceability shall attach only to such provision or part thereof and the remaining part thereof and all other provisions shall continue in full force and effect.
No waiver of any provision of these Terms shall be enforceable against that Party unless it is in writing and signed by that Party.
Neither Party shall be liable to the other Party for any failure to perform its obligations under these Terms to the extent caused by Force Majeure.
You shall not, without the prior written consent of CriticalBlue, assign, transfer, delegate or sublicense any of your rights or obligations under these Terms. CriticalBlue may at any time transfer, assign, delegate or sublicense any of its rights and obligations under these Terms without your consent.
All obligations and duties which by their nature extend beyond the expiration or termination of these Terms shall survive and remain in full force and effect beyond any such expiration or termination.
Except with respect to general solicitations of employment or where a person approaches a Party hereto for employment, neither Party shall, cause the other Party to directly solicit for employment, any persons who are employees of the other Party as of the date hereof during the Term and for a period of twelve months following the termination of this Agreement, without the prior written consent of the other Party.
Subject to clause 4.2, both Parties are independent contractors and these Terms do not create an agency, partnership, franchise, fiduciary, joint venture or employment relationship between the Parties.
These Terms do not give rise to any rights under the Contract (Third Party Rights) (Scotland) Act 2017 for any third party to enforce or otherwise invoke any term of these Terms.
The Approov website, branding, and digital properties belong to CriticalBlue Ltd (registered in Scotland, Company Number SC224237). If you have any questions regarding these Terms, please contact us:
Post: CriticalBlue Ltd, 181 The Pleasance, Edinburgh, EH8 9RU, United Kingdom