Identity Verification Solution Service Agreement
Print
Identity Verification Solution Service Agreement
Identity Verification Solution Service Agreement (hereinafter referred to as "this Agreement") describes your rights, obligations, and responsibilities of using Huawei Cloud services. Please carefully read the terms carefully, especially the terms that have a significant impact on your rights and interests, such as exemption from liability and limitation of liability. Such terms are in bold in this Agreement.
You understand and agree that by using any service as stated under this Agreement, you are deemed to have read and agree to the General Terms of Service in this Agreement and the Dedicated Terms of Service for the service you use. By using any service under this Agreement, this Agreement shall become legally binding on you. If you do not agree to part or all of the terms of this Agreement, you shall stop using any such related services.
1. General Terms of Service
1.1 Contracting Entity: This Agreement is entered into by and between Huawei Cloud Contracting Party as defined in Section 15.4 of Huawei Cloud Customer Agreement (hereinafter referred to as "Huawei Cloud", or "We") and you (or "User"). Once this Agreement takes effect, it has legal effect between you and Huawei Cloud. You acknowledge that you shall be a natural person, legal person, or other organization that has full capacity for civil conduct, and may independently carry out civil juristic acts. If the foregoing is not true, please do not use this Service. Otherwise, you shall bear all consequences caused thereby. In addition, Huawei Cloud has the right to cancel (or permanently freeze) your account and claim compensation from you. In the event that you register on behalf of a company or other legal entity, you represent and warrant that you are an authorized representative of the company or legal entity to bind such company or legal entity to the terms of this Agreement.
1.2 Separate Agreement: If you subscribe to this Service offline, purchase this Service through our partners, or purchase partner products that integrate this Service, you may sign a separate agreement with us or our partners. You acknowledge and agree that you will remain bound by the separate agreement mentioned in this article if you are authorized to access and use this Service.
1.3 Agreement Update: This Agreement is subject to change. We will notify you of any changes to this Agreement by posting a notice on our website or by other means. You can also visit our website to read the latest service agreement. If you do not agree to part or all of the latest version of this Agreement, please stop using this Service. By continuing to use this Service, you acknowledge that you are aware of and agree to the latest version of this Agreement.
1.4 Service Maintenance: We may maintain this Service from time to time through application upgrade, patch installation, or bug fixing. We will use our reasonable efforts to notify you of such maintenance events (except for emergency maintenance). You agree to use your best efforts to comply with any notified cooperation requirements.
1.5 Your Content
1.5.1 The definition and related regulations of "Your Content" are subject to the Huawei Cloud Customer Agreement (https://www.huaweicloud.com/intl/en-us/declaration-sg/sa_cua.html).
1.5.2 In terms of your content, except as required by laws and regulations or for your use of this Service, Huawei Cloud is entrusted to process your data only in accordance with your authorization and instructions and the agreement between you and us.
1.5.3 You have the right to upload, delete, and modify your content. Exercise caution when deleting or modifying data and you shall solely bear the consequences of these operations.
1.5.4 You shall back up your data as required. Huawei Cloud provides data backup services only in accordance with relevant laws and regulations.
1.6 You shall be responsible for your end users. If your end users violate laws and regulations when using services related to this Agreement, or improperly use related services and cause damages to third parties or Huawei Cloud, you shall be liable for compensation.
1.7 Our Limited Warranty
1.7.1 The provision of a Huawei Cloud service is based on the availability status and product features of the cloud service at the time of provisioning, and does not constitute a commitment of Huawei Cloud to provide the cloud service for a long time after a certain lifecycle of the cloud service ends.
1.7.2 You understand and agree to our limited warranty in terms of the SLA in Clause 4.3 "Our Limited Warranty" of the Huawei Cloud Customer Agreement (https://www.huaweicloud.com/intl/en-us/declaration-sg/sa_cua.html).
1.8 Agreement by Both Parties
1.8.1 You understand and agree that your use of this Service must comply with applicable laws and regulations. We provide you with standard services only in accordance with your instructions and are not responsible for the legal compliance of your use of this Service. If we reasonably believe that you have violated laws, regulations, or the rights of third parties when using this Service, or violated the terms of related agreements (including Privacy Statement, Acceptable Use Policy, Huawei Cloud Customer Agreement, and other agreements related to you on the Huawei Cloud official website) ("Prohibited Content"), we have the right to delete Prohibited Content, prohibit your use of related services and access to related content, or suspend services. In addition, you shall compensate for all losses caused to Huawei Cloud attributable to your default, breach, violation, act or omission.
1.8.2 Huawei Cloud provides O&M only for Huawei Cloud services. You shall ensure the security and stability of your network and devices. If any device fault or network interruption occurs due to your own or third-party reasons, you shall resolve the issue in a timely manner to avoid impact on Huawei Cloud services.
1.8.3 When the lifecycle of a specific cloud service product reaches the end of marketing (EOM), end of service and support (EOS), or end of all service activities, we will use our best commercial efforts to notify you. After reading and understanding the notification, you can agree to upgrade related services or migrate related services to updated software and hardware.
1.9 Disclaimer
1.9.1 You understand and agree that we are not liable for unavailability of this Service in the following situations:
1) Service unavailability or any legal consequences caused by your refusal to provide relevant information or the information provided does not meet service requirements
2) Service unavailability due to force majeure
3) Service unavailability due to your reasons or other non-Huawei Cloud reasons
4) Service unavailability during regular service maintenance
1.9.2 You understand and agree that before the lifecycle of a specific cloud service reaches the end of all service activities, we will use our best commercial efforts to notify you. You need to migrate or upgrade related workloads within a certain time window based on the notification of Huawei Cloud. If you do not choose to upgrade this Service to a new version available, you agree that Huawei Cloud has the right to automatically upgrade it when the right opportunity arises. We shall not be held liable for any potential service outage arising from the upgrade.
2. IVS Terms of Service
2.1 Service Content
Identity Verification Solution (hereinafter referred to as "this Service" or "IVS Service") is an identity verification solution. You can integrate the IVS Service SDK into your application (hereinafter referred to as "App") to complete liveness authentication for end users, in conjunction with your App's backend services and IVS Service. First, the IVS Service will upload the specified face image provided by your App's backend services to the Object Storage Service (hereinafter referred to as "OBS") bucket that you have pre-specified. Your App will guide end users to capture facial photos or videos using terminal devices, such as mobile phones. The IVS SDK performs real-time liveness detection and then calls the IVS Service API to upload the facial photos and video data to be verified. The IVS Service uses algorithms to further perform liveness judgment on the data to be verified. Simultaneously, it retrieves the designated face image from your OBS bucket and performs a one-to-one comparison between the faces in the photos/videos and the designated face image. This ensures whether the two belong to the same individual, verifies the authenticity of the end user's identity information, and returns the verification result to your App and backend services.
2.2 Collection and Processing of Your Personal Data
For the entire service process, you understand and agree that Huawei Cloud is entitled to collect, use, and process your personal data in accordance with the Privacy Statement (https://www.huaweicloud.com/intl/en-us/declaration-sg/sa_prp.html).
2.3 Processing Your Content Data
You understand and agree that, in accordance with applicable personal data protection laws, you are responsible for the legality of the source and acquisition of data such as facial images and videos contained in your content. We specially remind you that you shall inform end users of the purpose, content, and potential consequences of verification before obtaining their authorization. Additionally, you must not provide the above data to Huawei Cloud beyond the explicit authorization scope of your end users. Huawei Cloud is entrusted to process the personal data contained in your content, as detailed below:
- Personal data types and purposes of the processing
When you or your end users use the IVS Service, we need to process the facial images, videos, and other data submitted by you or your end users to provide identity verification services.
- Duration of the processing
Facial images, videos, and other data submitted by you or your end users will be encrypted and stored in an OBS bucket under your control, with a retention period of 24 hours.
- Personal data location of the processing
The location of the processing is the selected region of this Service.
- Sub-trustees of personal data processing
We will not share or entrust your personal data to third parties.
- Cross-border transfer of personal data
We will not transfer your data across borders.
You understand and agree that both parties shall process the personal data contained in your content in accordance with the Data Processing Addendum (https://www.huaweicloud.com/intl/en-us/declaration-sg/sa_dpa.html). We promise to process the personal data contained in your content in accordance with the provisions of the Data Processing Addendum.
2.4 Cooperation You Need to Provide
When using this Service, you shall provide true and valid usage information to Huawei Cloud, including but not limited to the true estimated annual usage.
In the event of any disputes, controversies, or complaints arising from the services provided to you, you shall cooperate to resolve them and provide all necessary assistance as requested by Huawei Cloud. This includes, but is not limited to, providing end-user authorization documents, query qualifications, and other relevant documents and evidence.
2.5 Restrictions
You and/or your end users shall not use this Service in any of the following ways:
(1) Providing the APIs of this Service to any third party;
(2) Accessing the service environment from an internal audit system that is isolated from external networks;
(3) Setting up audit entrances or exits for this Service on Internet pages or various external network clients;
(4) Downloading, printing, or retaining verification results of this Service;
(5) Using this Service or the verification results of this Service for any infringement of any person's rights (interests) or any violation of laws or regulations. This includes but not limited to the following: committing cyber crimes, generating false information, infringing third-party rights and interests (including but not limited to copyrights, patents, trademarks, trade secrets, and portrait rights), and implementing unfair competition by leveraging advantages such as algorithms, data, and platforms.
(6) Providing us with any data that violates laws or regulations, infringes on intellectual property rights or the legitimate rights and interests of third parties, infringes on the physical and mental health of others, or may bring risks to Huawei Cloud (such as discriminatory data, data that infringes on others' personal information, portrait rights, reputation rights, or trade secrets, or any other content that may affect the security and stability of this Service);
(7) Engaging in any behavior that may pose risks or losses to us (including acts or omissions).
If you or your end users violate laws and regulations, infringe on the rights and interests of third parties, or breach the terms of this Agreement, Huawei Cloud has the right to suspend or terminate the provision of all or part of this Service to you. You shall be held liable for compensating us or third parties for any losses caused by such violations.
2.6 Shared Responsibility
To build a secure, trustworthy, and legally compliant identity verification solution, you need to share responsibilities with Huawei Cloud. If you and/or your end users incur any losses due to your failure to fully or partially comply with this Agreement, you shall bear the relevant responsibility independently.
2.6.1Keeping Solutions Updated
This Service regularly upgrades the SDK and service components to enhance security, reliability, and user convenience. Given the continually evolving attack methods in the field of liveness authentication, you are obligated to ensure the use of the latest versions of SDK and service components at all times to guard against potential security risks.
2.6.2Ensuring Connection Security
(1)Data interaction is a core element in achieving a complete service loop. To ensure connection security, you must adhere to the following principles:
- You are responsible for ensuring the security and reliability of your backend services, including but not limited to network security protection, application security hardening, and a comprehensive monitoring and logging system.
- You shall establish strict identity authentication and access control mechanisms within your backend services to ensure the integrity and confidentiality of communication between the client and backend, preventing data tampering or unauthorized access.
- You shall perform real identity verification for end users and strictly bind user account information with active sessions.
- You shall sign your applications and publish them only through official app stores.
(2)Huawei Cloud ensures the connection security of this Service through the following measures:
- Providing support for Identity and Access Management (IAM) role configuration to achieve refined authentication and operation management.
- Generating session tokens via the session creation API, serving as the unique credentials for transaction verification.
- Allowing calls to IVS backend services only through HTTPS.
2.6.3 Client Protection
(1) Protection of Client Applications
You shall implement protective measures for your client applications to prevent malicious tampering that could compromise service reliability. During development, you shall integrate integrity verification mechanisms, monitor in real-time, and report abnormal attack behaviors to ensure prompt response and handling.
(2) Protection of Client Devices
Based on the security requirements of application scenarios, you shall adopt customized protection policies. Key measures include: Deploying enterprise-level device management solutions to regulate device access permissions to the application. Enabling a secure boot mechanism to ensure hardware integrity and enforce device management policies.
2.6.4 Monitoring of Misuse
To counter brute-force attacks, you shall establish the following protection mechanisms:
(1) Use randomly generated universally unique identifiers (UUIDs) as device association IDs (avoiding binding with system main IDs). When a threshold for abnormal attempts is triggered by the associated ID, the system automatically intercepts new session requests.
(2) Implement manual intervention mechanisms: Initiate manual review processes for intercepted abnormal requests. If deemed legitimate users, restore services by resetting UUID associations, balancing security protection with service continuity.
2.7 Disclaimer
(1) You understand and agree that Huawei Cloud strives to continually improve and enhance our services. However, given the limitations of current industry research, the probabilistic nature of AI services, and the detail provided in your inputs or requirements, we cannot guarantee the accuracy, completeness, authenticity, or practicality of this Service and its verification results. Huawei Cloud shall not be held responsible for any losses incurred as a result.
(2) You understand and agree that while Huawei Cloud has taken necessary measures to ensure the smooth operation of this platform, the following issues may still arise. You agree that Huawei Cloud is not liable for any losses resulting from:
1) Service interruptions during Huawei Cloud's network adjustments and maintenance.
2) Slow access to common products or services due to network congestion.
3) Issues caused by hackers, computer viruses, Trojans, or other malicious programs.
4) Issues resulting from technical adjustments by telecommunications departments and disruptions in backbone lines.
5) Losses arising from operational and maintenance activities for troubleshooting, including but not limited to system upgrades, optimizations, and expansions.
6) Issues arising from your improper operations or issues with your computer software, systems, hardware, or communication lines.
7) Consequences of using related services in violation of the platform rules.
8) Any other issues not caused by Huawei Cloud.
2.8 Definition
SDK: A software development kit tailored for client development, comprising prebuilt APIs, functional libraries, and documentation. It is designed for swift integration of specialized services like facial recognition and liveness detection.
Client application: Frontend software running directly on user terminal devices, such as mobile phones and PCs, including mobile apps, web applications, and desktop programs. It either calls the SDK or independently implements service logic, offering user interaction interfaces and enabling data communication with the server.
Client device: A terminal hardware carrier, like a smartphone or PC, used by users. It runs client applications and utilizes its hardware capabilities, such as CPU/GPU power, sensors, and cameras, to execute functions.
Contracting Entity: Huawei Cloud Contracting Party as defined in Section 15.4 of Huawei Cloud Customer Agreement(https://www.huaweicloud.com/intl/en-us/declaration-sg/sa_cua.html)
Updated: April 22, 2025