Terms of Service - 2FAS. Two Factor Authentication Service, Inc.

Terms of Service

Effective as of 24 August, 2020 (the “Effective Date”). This Terms of Service document (the “Agreement”) is a legal agreement made between the individual or organization (“you”, “User” or “Customer”) using the Service or Services provided by Two Factor Authentication Service, Inc., a Delaware corporation (“us”, “we”, “our”, or “2FAS”). By accepting this Agreement or using the Service(s), you represent and warrant that you are of legal age (as described further below) and have the authority to bind the User to the Agreement and applicable Privacy Policy.

  1. About Us - Two Factor Authentication Service, Inc. is a Delaware corporation with a registered office located at 16192 Coastal Highway, Lewes, DE 19958 and a mailing address at 340 S. Lemon Avenue #2130, Walnut, CA 91789. 2FAS provides Users with tokens for secondary authentication for websites and mobile applications that support TOTP tokens.
  2. General Definitions
    1. Account means your access to the 2FAS API, 2FAS Plugin, and/or 2FAS Vault Services. When you create an Account, you will be asked to provide your email address. You must use true, accurate, current, and complete information to create and maintain your Account.
    2. Device means the mobile device (phone, tablet, and the like) that you used to download and use the 2FAS Services.
    3. Master Password means the set of words randomly generated which allows you to access the backup solution provided by 2FAS Vault. The Master Password is only generated one time, you must write down the set of words given to you in order to use it to login to your 2FAS Vault Account.
    4. PIN means the Personal Identification Number you can set in order to open the 2FAS Mobile Application on your Device. The PIN can be 4 or 6 digits long.
  3. Changes to this Agreement – We may modify this Agreement from time to time by providing you notification of material changes at least thirty (30) days in advance of the changes becoming effective, except in the case of changes in law or telecommunications providers that does not allow for thirty (30) days’ notice. The updated Agreement will be effective as of the latest Effective Date specified in the Agreement and will supersede all prior versions. Continuing to use the Services constitutes your acceptance of any changes to this Agreement.
  4. Services – “2FAS Services” or “Service” or “Services” refers to all products and services that 2FAS currently provides or may provide in the future. As of the Effective Date, 2FAS provides the following Services:
    1. 2FAS Mobile Application – our Mobile Application allows Users to generate TOTP tokens for any website or other application that supports TOTP two-factor authentication tokens. All fees for cellular data, WiFi, SMS, Phone Calls, and other use associated with using the 2FAS Mobile Applications are your responsibility.
    2. 2FAS API – our API solution allows website owners to integrate the website services with the 2FAS API so that website users can verify login through 2FAS’s Mobile Application, rather than a unique token.
    3. 2FAS Plugin – our Plugin solution allows website owners to download and include a connection to the 2FAS Services on their website.
    4. 2FAS Vault – our back up system that allows Users to recover 2FAS Accounts if a Device is lost, stolen, or otherwise destroyed or a PIN number is lost or forgotten.
  5. Service License – Subject to the terms of this Agreement, 2FAS grants Users a non-exclusive, non-sublicensable, and non-transferable license to access and use the Services which are made available to Users.
  6. Modifications – 2FAS reserves the right to modify Services at any time, provided the modifications do not materially diminish the functionality of a Fee based Services that may be provided by 2FAS and all 2FAS Services continue to comply with the Service Level Agreement found in Section 14. You have the right to cancel your Service if we make a material modification to the Services or Service Level Agreement. Such cancellation will be treated as a cancellation for non-conforming Service under Section 26 and your remedies are limited to those spelled out in Section 26.
  7. IP owned by 2FAS – 2FAS retains all proprietary rights, title, and interest in the 2FAS Services, our logo, name, and other marks (the “2FAS Marks”) and all related intellectual property, whether registered or not, anywhere in the world, including, without limitation, all modifications, changes, enhancements, and derivative works. You agree that you will not use, register, or make derivative works of any business name, domain name, trademark, servicemark, logo, slogan, or social media account name or handle which is based on, or in any way incorporates, in whole or in part, the 2FAS Marks.
  8. Feedback – You may provide Feedback to 2FAS at any time by emailing [email protected] with the subject line “Feedback.” “Feedback” includes, but is not limited to, identifying potential errors, improvements, modifications, bug fixes, and enhancements. Any and all Feedback given by you and received by 2FAS from you is owned by 2FAS. You assign the full ownership in Feedback to 2FAS. In the event that Feedback cannot be assigned, you grant 2FAS, at no charge, an exclusive, perpetual, irrevocable, royalty-free, worldwide license to use, reproduce, disclose, sublicense, distribute, modify, make derivate work from, and otherwise exploit the Feedback without restriction.
  9. Personal Information Collected by 2FAS – You recognize that in order to provide the 2FAS Services, we must collect and store certain personal information about you. By entering into this Agreement and using the Services, you grant us consent to use and store such personal information about you. Except upon sign-up, 2FAS will never use an email, SMS, or Phone Call to ask you for your username, PIN, or Master Password. In order to keep your Account and use of the Services secure, you should keep your username, PIN, and Master Password confidential. Please refer to the terms and conditions of our Privacy Policy to understand what personal information we may collect.
  10. Permitted Uses – You may use our Services to access any legal online websites or activities so long as such use does not interfere with other Users’ use of our Services.
  11. Non-Permitted Uses and Activities –
    1. You represent and warrant that your use of the Services will not be for any illegal activities including, but not limited to, online harassment (cyber-bullying); sending unauthorized advertising or spam; viewing, collecting, or transmitting child pornography; engaging in illegal narcotics trade; engaging in illegal arms trade; and engaging in illegal human trafficking.
    2. You represent and warrant that you will not modify, prepare derivative works of, or reverse engineer any of 2FAS’s Services.
    3. You represent and warrant that your use of the Services will not allow any viruses, Trojan horses, back doors, worms, time bombs, software locks, spyware, or any other malicious software that is capable of accessing, modifying, deleting, damaging, disabling, deactivating, interfering with, or otherwise harming any computer, network, data, Device, or any other electronically stored information to (i) disrupt, disable, harm, or otherwise impede others’ use of the Services; or to (ii) damage or destroy any data, file, or electronically stored information.
    4. You represent and warrant that you will not market or resell the 2FAS Services to third parties.
    5. You represent and warrant that you will not collect, gather, or harvest data of 2FAS Users without their consent.
    6. You represent and warrant that you will not transmit any material that may infringe the intellectual or privacy rights of third parties.
    2FAS reserves the right to cancel your Account and deny you access to the 2FAS Services if we believe that your use of the Services violates this provision or may cause harm to our other Users in any way.
  12. Master Password and PIN – 2FAS has no access to your Account, Device, or data. 2FAS does not have access to any of the service keys or TOTP tokens generated by the application. You are responsible at all times for keeping track of the Master Password and/or PIN that you use to access the 2FAS Services or your Device. If your Device is lost, stolen, or damaged, we have no way of recovering your data or any other login information and your Account and access to the 2FAS Services will be unavailable unless you are correctly using 2FAS Vault. If you lose or forget your PIN, you will not be able to access the 2FAS Services. If you are using 2FAS Vault and you lose your Master Password, you will not be able to access your 2FAS Vault. All Master Passwords stored in our system are encrypted and we are unable to decrypted them. Except upon sign-up, 2FAS will never use an email, SMS, or Phone Call to ask you for your username, PIN, or Master Password. In order to keep your Account and use of the 2FAS Services secure, you should keep your PIN and Master Password confidential. We are not liable or responsible for any loss that may occur if a third party uses your PIN or Master Password.
  13. Customer age for use - The 2FAS Services provided by us are not to be used by anyone under the age of 16. If we discover that you are under the age of 16, we reserve the right to cancel your Account and remove your access to all Services. By agreeing to this Agreement and using the Services, you represent that you are over the age of 16.
  14. Uptime (Service Level Agreement) –
    1. We guarantee an Uptime for Services of 99.00% on an annual basis. Uptime means that a User is able to access the 2FAS Services and not receive a system error message. 2FAS will monitor the performance and availability of the 2FAS Services on a continuous, 24/7 basis and will remain competitive in all material respects with the performance and availability of similar applications.
    2. Uptime does not include:
      1. Periodic scheduled maintenance. We will notify all Users of scheduled maintenance at least one (1) week in advance.
      2. Emergency maintenance.
      3. Interruptions caused by your physical location, your access to WiFi or cellular service, and your configuration or custom coding of the 2FAS Services.
      4. Distributed Denial of Service (DDOS) attacks.
      5. Force Majeure events, including, but not limited to action or inaction of a governmental, civil, or military authority; terrorist act; war; riot; fire, flood, earthquake, and other natural disasters; and any other event that is outside the reasonable control of 2FAS.
    3. As of the Effective Date of this Agreement, 2FAS provides Users access to all 2FAS Services free of charge. For this reason, you will not receive any monetary or other credit if we do not meet our Uptime guarantee and your only recourse is the right to cancel your Account or discontinue your use of the 2FAS Services.
    4. If at some point in the future, we begin providing 2FAS Services on a Fee basis then:
      1. You will receive a Service Credit for each additional hour that Service is unavailable outside of the Uptime Guarantee.
      2. The Service Credit will be calculated by dividing the monthly Fee for Service by 730 (approximate hours in a month) and multiplying that by the number of additional hours that 2FAS Service is unavailable outside of the Uptime Guarantee.
      3. You must notify us of your eligibility for Service Credits within thirty (30) days of becoming eligible for the Service Credits. Notifications should be sent to [email protected] with the subject line “SLA Service Credit.”
      4. Service Credits will be applied as a credit to the next billing period.
  15. Maintenance – As of the Effective Date of this Agreement, 2FAS is able to update the software supporting the 2FAS Services without interruption to Users. However, if we need to interrupt Users’ access to Services in order to complete maintenance, we will inform all Users, via email, of the scheduled maintenance at least one (1) week in advance.
  16. Fees – As of the Effective Date of this Agreement, all 2FAS Services are provided to Users at no cost. The only Fees that are charged are for SMS or Phone Call verification for 2FAS API Users. In order to receive TOTP tokens via SMS or Phone Call, you must provide credit card information to our third-party payment processor, Stripe. We have no access to, and are not responsible for, any data you provide to Stripe. If your method of payment has expired or is no longer valid, you will not be able to receive TOTP tokens via SMS or Phone Call. Stripe will send automatic reminders to you when your method of payment is set to expire or has been deactivated for any reason. It is your responsibility to keep your method of payment up to date with Stripe.
  17. Payment –
    1. For Fee based 2FAS Services, payment is due at the beginning of the Service month or year and will automatically renew for the subscribed period of time. Users who chose to pay monthly will be charged on the first day of using the 2FAS Service(s) (after any promotional period expires) and then on that same day of the month, every month, until 2FAS Service(s) is cancelled. For example, if you sign up for a Fee based 2FAS Service(s) on the 14th day of a month, you will be charged for the 2FAS Service(s) on the 14th day of the month, every month, until you cancel that 2FAS Service(s). Users who chose to pay annually will be charged on the first day of using the 2FAS Service(s) (after any promotional period expires) and then on the same day of the year, every year, until 2FAS Service(s) is cancelled.
    2. In order to use Fee based 2FAS Service(s), you must provide credit card information to our third-party payment processor, Stripe. We have no access to, and are not responsible for, any data you provide to Stripe. If your method of payment has expired or is no longer valid, you will not be able to use the 2FAS Service(s). Stripe will send automatic reminders to you when your method of payment is set to expire or has been deactivated for any reason. It is your responsibility to keep your method of payment up to date with Stripe.
    3. Taxes – You are responsible for all applicable sales, use, and other purchase related taxes applicable in your jurisdiction.
  18. Denied Payment – For Fee based 2FAS Services, if your method of payment is denied by our third-party payment processor, Stripe, your Account will be suspended and you will not have access to the 2FAS Services until you update your payment method to a valid form of payment. Accounts suspended for more than thirty (30) days due to non-payment will be cancelled. We are not responsible for any damages, liabilities, losses incurred, or any other consequences that you may suffer as a result of a suspended or cancelled Account.
  19. Termination – When you request that we cancel your 2FAS Services, please indicate if you are reducing the level of 2FAS Services to non-Fee based 2FAS Services or if you wish to cancel your Account entirely. If you cancel your Account entirely, we will delete all data associated with it, including personal data and Device data. In addition, if we cancel your Account for any reason specified in this Agreement, we will delete all data associated with it, including personal data and Device data. Once deleted, such data cannot be recovered. 2FAS will maintain all records of payment and invoices for the period of time required by applicable governmental and regulatory bodies.
  20. Refunds – We will not refund Users for Fee based 2FAS Service(s) for any reason except as described in the Limited Warranty Section 26 and for our breach of the Uptime guarantee found in Section 14.
  21. Pricing changes – We will notify you at least seven (7) days in advance of any pricing change to Fee based 2FAS Service(s) that you are using. You may choose to continue to use 2FAS Service(s) at the new price point or cancel your Account. All Fee based Account cancellations will be effective immediately, however, we will not refund you for any Fees already paid. When cancelling, you may elect to continue 2FAS Service until the last day of your pre-paid 2FAS Service period.
  22. Cancellation
    1. We reserve the right to cancel your 2FAS Service if you violate or breach this Agreement.
    2. We reserve the right to cancel your 2FAS Service and delete your Account if you make a data erasure request under our GDPR Privacy Policy, as we will be unable to provide 2FAS Services to you.
    3. We reserve the right to cancel your 2FAS Service and delete your Account if you fail to make a payment on a suspended Account for more than thirty (30) days.
    4. We reserve the right to cancel your 2FAS Service and delete your Account if we discover that you are under the age of 16.
    5. We reserve the right to cancel your 2FAS Service and delete your Account if we discover that you are using the 2FAS Service(s) for any non-permitted uses.
    6. We reserve the right to cancel your 2FAS Service and delete your Account if we discover that your use of the 2FAS Service violates any applicable laws.
  23. Beta – 2FAS may make “Beta Versions” of new or improved 2FAS Services available to you at no Fee or a reduced Fee. You may use Beta Versions at your discretion and at your own risk. 2FAS does not guarantee that Beta Versions will be released as 2FAS Services. Beta Versions may contain errors, bugs, and other defects and are provided without support of any kind. For the avoidance of doubt, Beta Versions are not 2FAS Services and none of the Warranty Provisions found in Section 26 or Service Level Agreement Uptime guarantees found in Section 14 apply to Beta Versions. We may request your Feedback about Beta Versions and all Feedback received from you is made under the terms and conditions of Section 8.
  24. Compliance with laws – Each Party agrees to comply with all laws, rules, and regulations applicable to the 2FAS Services provided by 2FAS and applicable to this Agreement. Applicable laws include, but are not limited to, import/export, privacy, and data protection laws and regulations. Each Party represents that it is not named on any United States Government denied party list, including the Office of Foreign Assets Control (OFAC)’s Specially Designated Nationals and Blocked Persons List. In addition, Users shall not permit access to or use any 2FAS Service in a US embargoed country or in violation of any US export law or regulation. 2FAS will, in accordance with applicable laws, cooperate with US local, US state, and US federal government authorities with respect to the 2FAS Services. We retain the right to immediately cancel any 2FAS Service, delete any Account, terminate the Agreement for your non-compliance with applicable laws.
  25. Indemnification –
    1. You agree to defend, indemnify, and hold harmless 2FAS, our future affiliates and their respective members, managers, shareholders, officers, directors, employees, agents, vendors, customers, indemnitees, representatives, successors, licensees and assigns, and each of them, from and against any and all claims, actions, demands, damages, losses, costs and expenses, including reasonable attorney’s fees and disbursements, charges, penalties, judgments, and interest sustained or which any of them may sustain arising out of, resulting from or relating to any material breach or alleged breach of any representation, warranty, obligation, or agreement made by you in this Agreement including, without limitation, any breach or alleged breach by you with respect to third party intellectual property, third party privacy, interference with third party or other User data, and non-permitted uses.
    2. We will provide you with prompt notification of any claim and cooperate with you in the defense of the claim. You will have full control over the defense and settlement of the claim, except to the extent that: (i) the settlement requires 2FAS to admit liability ; and (ii) we may join in the defense at our own expense with our own counsel.
  26. Limited warranty – We warrant that the 2FAS Services will comply with the Service Level Agreement found in Section 14 of this Agreement. Remedies for non-compliance with the Service Level Agreement found in Section 14 are limited to those described in Section 14. We do not warrant that your use of the 2FAS Service(s) will be timely, uninterrupted, or error free. In addition, we do not warrant that the 2FAS Service(s) will operate in combination with any specific hardware, software, system, or data. You use the 2FAS Service(s) at your sole risk. No warranties are express or implied except as set forth herein. All other warranties, including warranties of merchantability and fitness for a particular purpose, are expressly excluded from this warranty. Your sole and exclusive remedy for any cause of action arising out of any defective software or breach of this Agreement is limited to us providing conforming 2FAS Service within five (5) days of your notice to us of non-conforming 2FAS Service or your ability to cancel the 2FAS Service at no charge and with a pro-rata refund of any pre-paid fees for the dates of non-conforming 2FAS Service. Under no circumstances will we be liable for any indirect, special, incidental, or consequential damages or loss, including but not limited to loss of profits, loss of use, or loss of data, whether caused by breach of contract, negligence, or otherwise. Under no circumstances will our liability under this Agreement exceed the amount paid by you to us in the proceeding twelve (12) months. If your jurisdiction does not allow such limitations, the permissible limitations shall apply.
  27. Limitation of liability
    1. Neither you nor we will be liable to each other for any indirect, special, incidental, or consequential damages or loss, including but not limited to loss of profits, loss of use, or loss of data, whether caused by breach of contract, negligence, or otherwise. Under no circumstances will our liability under this Agreement exceed the amount paid by you to us in the proceeding twelve (12) months. If your jurisdiction does not allow such limitations, the permissible limitations shall apply.
  28. Customer Intellectual Property Rights – if you believe that the 2FAS Services have been used in a way that constitutes copyright infringement, please notify us at [email protected] with the subject line “DMCA” and a description of the infringing material in the body of the email. We will review the notification and comply with the procedures outlined in the Digital Millennium Copyright Act of 1998 (“DMCA”) to review and respond to such notifications.
  29. Security Breach Notification Policy – In case of a breach of our system, we will post a notification to our Site and send a notification via email to Users who have provided us with an email address. If you believe that there has been a breach of your data, please notify us at [email protected] with the subject line “Security Breach” and a description of the incident that you believe occurred in the body of the email.
  30. Links to third-party websites – 2FAS’s website may contain links to other websites which are of interest to our Users. In addition, the 2FAS API and 2FAS Plugin are available on third-party websites. These third-party websites have separate and independent Terms of Use or Service. 2FAS has no responsibility or liability for the content or activities of the websites accessible via the links and it is your responsibility to comply with any applicable Terms of Use or Service. 2FAS is not responsible for and does not endorse any third-party website.
  31. Miscellaneous
    1. Entire agreement – This Agreement constitutes the entire understanding and agreement between the Parties with respect to the subject matter of this Agreement. No agreements, understandings, restrictions, representations, or warranties exist between or among the Parties other than those found in this Agreement or referred to or provided for in this Agreement. Nothing contained in any document submitted by you will modify or amend this Agreement. We may update the Agreement from time to time, the current version will be dated. An updated version of the Agreement may be found at https://2fas.com/terms-of-service/ and we will send a notification via email to Users who have provided us with an email address. Your continued use of the 2FAS Services constitutes your acceptance of the then-current version of the Agreement.
    2. Survival - Any provision of this Agreement that imposes upon Users or 2FAS an obligation after termination or expiration of this Agreement shall survive termination or expiration of this Agreement and be binding upon the Parties.
    3. Authority – If you are entering into this Agreement on behalf of a company, organization, or other non-individual person entity, you represent and warrant that you have the authority to bind such entity to this Agreement.
    4. Waiver - No waiver by us of any provision of this Agreement shall be deemed, or shall constitute, a waiver of any other provision, whether or not similar, nor shall any waiver constitute a continuing waiver. No waiver shall be binding unless executed in writing by us.
    5. Severability - If any term or provision of this Agreement is held to be void or unenforceable, that term or provision will be severed from this Agreement, the balance of the Agreement will survive, and the balance of the Agreement will be reasonably construed to carry out the intent of the Parties as evidenced by the terms of this Agreement.
    6. Notice – Notices under this Agreement may be posted to our Site and sent via email to Users who have provided us with an email address.
    7. No agency – Nothing in this Agreement creates a partnership, agency, fiduciary, or employment relationship between the Parties. The Parties are and will remain at all times independent contractors. There are no third-party beneficiaries to this Agreement.
    8. No Class Actions – All disputes between you and us will be resolved on an individual basis and you agree not to bring or participate in any class, consolidated, or representative action against us, including our future affiliates.
    9. Agreement to Arbitrate – You agree that any controversy, claim, or dispute arising out of or relating to this Agreement will be settled by arbitration administered by the American Arbitration Association (AAA) in accordance with its Commercial Arbitration Rules. The arbitrator will be selected from a list of arbitrators provided by AAA following a request by the Party seeking arbitration. The arbitration will be conducted under the procedures applicable to arbitration in the state of Delaware. All judgments and awards rendered by the arbitrator(s) may be entered into any court having jurisdiction thereof. Notwithstanding the foregoing, any disputes arising out of Intellectual Property or Privacy issues may be submitted to a court of law.
    10. International Arbitration – If you reside outside of the United States, or its territories and possessions, then any dispute or controversy arising from or relating to this Agreement shall be submitted to binding arbitration administered by the International Chamber of Commerce according to its expedited Rules of Arbitration. The number of arbitrators will be one (1). The language of the arbitration will be English. The seat of arbitration will be New York City, NY, and the place will be New York City, NY. The Parties shall instruct the arbitrator to issue a reasoned award. A judgment upon the award rendered by the arbitrator may be entered in any court having proper jurisdiction.
    11. Governing law and Venue (US Resident) – If you reside within the United States, or its territories and possessions, this Agreement shall be governed by and shall be construed in accordance with the laws of the State of Delaware without regard to principles of conflict of law. Any action brought with respect to this Agreement, the Privacy Policy, or any document related to the Service provided by us, shall be brought only in a court of competent jurisdiction in Sussex County, Delaware. All Parties to this Agreement consent to the jurisdiction of the chosen court and waive any objection under the theory of forum non conveniens.
    12. Local Terms – If you are located outside of the United States, additional terms may apply to your use of the Services.