Privacy Policy

+ Terms And Conditions + Terms Of Service

VeriLink Privacy Policy

Last Updated: 31 March 2026  |  Version: 2.0

  1. Introduction

    2. VeriLink, operated by SkyL4rk (Pty) Ltd, is committed to protecting the privacy of all individuals whose data passes through our platform. This Privacy Policy explains how we collect, use, store, share, and safeguard personal information in connection with our identity verification, biometric authentication, and compliance screening services. It applies to Company Users, End Users, and all visitors to verilink.online and dashboard.verilink.online.

    VeriLink operates under the Protection of Personal Information Act 4 of 2013 (POPIA) as its primary governing data protection framework. Where services are provided to clients in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) applies additionally to those processing activities.

  2. Information We Collect

    3. We collect the following categories of personal information:

    1. Company User Account Data: Business name, registered name, contact name, email address, telephone number, physical address, and payment information (processed via PayFast — we do not store card data directly).

    2. End User Identity Data: Full name, date of birth, ID number, passport number, nationality, and government-issued document data extracted via PDF417 barcode or MRZ scanning.

    3. Biometric Data: Facial recognition encodings, liveness detection outputs, and facial landmark data generated during verification. Face detection, liveness checks, and template matching are performed on the End User's device. Resulting encodings may be transmitted to our servers for comparison and stored in encrypted form as part of the PVTF where the End User has consented to server storage.

    4. Geolocation Data: GPS coordinates captured at the time of verification where Location verification is requested by the Company User and consented to by the End User.

    5. Device and Technical Data: IP address, device type, operating system, Firebase device token, browser type, and usage logs.

    6. Verification Transaction Data: Timestamps, request references, token consumption records, verification outcomes, and audit logs associated with each Verification Request.

    7. Compliance Screening Data: Name, date of birth, nationality, and identification details submitted for screening against OFAC, UN, EU, and UK sanctions lists, PEP databases, and adverse media sources. Screening results including match scores, entity links, and media summaries are retained as part of the compliance record for the relevant Verification Request.

    8. Communication Data: Support requests, emails, and any other correspondence submitted to VeriLink.

  3. How We Use Your Information

    4. We use collected data for the following purposes:

    1. Identity verification, biometric authentication, and liveness detection on behalf of Company Users.

    2. Compliance screening including OFAC sanctions, UN/EU/UK sanctions, AML/PEP checks, and adverse media monitoring.

    3. Account management, subscription billing, and token transaction processing.

    4. xCrypt licence validation on every API-based Verification Request.

    5. Fraud detection, platform security, and abuse prevention.

    6. Compliance with applicable legal and regulatory obligations.

    7. Improving platform functionality, reliability, and security.

    8. Communicating with Company Users regarding account activity, billing, and service updates.

  4. Legal Basis for Processing

    5. We process personal data under the following legal bases:

    1. Consent: End Users provide explicit consent before biometric data is captured and processed. Consent may be withdrawn at any time via the VeriLink application.

    2. Contractual Necessity: Processing is required to fulfil our service obligations to Company Users under their subscription or API access agreement.

    3. Legal Obligation: Compliance screening and record-keeping obligations arising under FICA, POCA, POCDATARA, and equivalent international AML legislation.

    4. Legitimate Interests: Fraud prevention, platform security, abuse detection, and service improvement, where such interests are not overridden by the fundamental rights and freedoms of data subjects.

  5. AML and Compliance Screening Data

    6. Where Company Users request compliance screening services, VeriLink processes the submitted identity data against its in-house screening stack. This involves:

    1. Sanctions screening against OFAC (US), United Nations, European Union, and United Kingdom consolidated sanctions lists.

    2. PEP and enforcement screening against international politically exposed person and law enforcement databases.

    3. Adverse media screening using GDELT (Global Database of Events, Language, and Tone) and licensed news data APIs. GDELT is an open-access global media monitoring dataset. Results are scored and entity-linked by VeriLink's internal processing engine.

    Compliance screening results — including match scores, entity associations, source articles, and risk indicators — are retained as part of the Verification Request audit record. Company Users may access these results via the Dashboard or API response payload. VeriLink retains screening records for a minimum of five (5) years to support regulatory audit requirements, unless a shorter period is specified by applicable law.

    VeriLink does not make legal determinations on the basis of screening results. Company Users are responsible for interpreting results and making their own compliance decisions in accordance with applicable AML law.

  6. Data Sharing and Disclosure

    7. Face detection, liveness checks, and biometric template matching are performed on the End User's device. We do not use biometric data for advertising or profiling. We will only transmit biometric data or a verification result to the named Company User, and only for the purpose for which the End User gave consent.

    We do not sell or rent personal information. We may share data with the following categories of recipients:

    1. Company Users (Data Controllers): Verified payloads are delivered to the Company User who initiated the request.

    2. Sub-Processors: Third-party services engaged to support platform delivery, including:

      • Google Cloud Platform and Firebase — cloud infrastructure and push notification delivery
      • Cloudflare — security, CDN, and DDoS protection
      • PayFast — payment processing for subscriptions and token purchases
      • GDELT — open-access adverse media dataset used in compliance screening
      • Licensed news data providers — used in adverse media screening
      • xCrypt (SkyL4rk internal platform) — API licence validation
      All sub-processors are subject to appropriate data protection obligations.

    3. Regulatory authorities: Where required by law, court order, or regulatory directive.

    4. Law enforcement: In cases of suspected fraud, money laundering, or other illegal activity.

  7. Data Security Measures

    8. Your Personal Verification Token File (PVTF) is stored on your device within the application's private encrypted storage. If you enable cross-device use, an encrypted copy is stored on our servers. All biometric data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

    We implement the following security measures:

    1. AES-256 encryption for all sensitive data in storage and transit.

    2. Role-based access controls on all internal systems.

    3. Transaction hash validation to prevent replay attacks on payment and billing events.

    4. Regular security audits and vulnerability assessments.

    5. Incident response procedures with a 72-hour breach notification obligation to affected controllers.

  8. Data Retention

    9. We retain personal data only as long as necessary for the purposes for which it was collected, or as required by law:

    1. PVTF (on-device): Retained until the End User deletes it via the application or uninstalls the app.

    2. PVTF (server-stored): Retained to support active verifications. Deleted within 30 days of an unlink or deletion request, unless longer retention is legally required.

    3. Verification Request records: Retained for a minimum of five (5) years to support compliance audit obligations.

    4. Compliance Screening records: Retained for a minimum of five (5) years in line with FICA and AML record-keeping obligations.

    5. Token transaction records: Retained for a minimum of five (5) years for financial record-keeping and dispute resolution purposes.

    6. Liveness session images/frames: Processed in memory during the active session and discarded immediately upon session completion. Not stored.

    7. Company User account data: Retained for the duration of the account and for five (5) years following closure, unless otherwise required by law.

  9. Your Rights

    10. End Users may decline any Verification Request, withdraw biometric consent, or delete their PVTF at any time within the application. Company Users may request deletion of server-stored data by contacting us.

    Depending on your jurisdiction, you may have the right to:

    1. Access a copy of your personal data held by VeriLink.

    2. Request correction of inaccurate or incomplete personal data.

    3. Request deletion of personal data, subject to legal retention obligations.

    4. Withdraw consent for biometric processing at any time without affecting the lawfulness of prior processing.

    5. Object to processing based on legitimate interests.

    6. Lodge a complaint with the Information Regulator of South Africa (for POPIA) or your local supervisory authority (for GDPR).

    To exercise any of these rights, contact us at: privacy@verilink.online

  10. Account Deletion

    11. End Users may delete their account at any time via Settings → App Info → Delete Account within the VeriLink application. Upon deletion, biometric templates and PVTF data are removed from active systems. Certain records — including verification logs, compliance screening records, and transaction histories — may be retained for the periods specified in clause 8 above, as required by applicable law. If you are unable to access your account, deletion may be initiated by contacting our support team at support@verilink.online.

  11. Cross-Border Data Transfers

    12. VeriLink is headquartered in South Africa. Where personal data is processed or stored outside of South Africa, we ensure such transfers comply with POPIA Section 72 requirements, including that the recipient country provides adequate protection or that appropriate contractual safeguards are in place (such as Standard Contractual Clauses for EU data transfers). Sub-processors such as Google Cloud Platform and Firebase may process data in jurisdictions outside South Africa. All such sub-processors are bound by data protection obligations no less stringent than those set out in this Policy.

  12. Cookies and Tracking Technologies

    13. The VeriLink website and dashboard use cookies and similar tracking technologies to maintain session state, support authentication, and monitor platform performance. We do not use cookies for advertising or cross-site tracking. Users may manage cookie preferences through their browser settings; however, disabling essential cookies may affect platform functionality.

  13. Changes to this Privacy Policy

    14. We may update this Privacy Policy periodically to reflect changes in our services, legal obligations, or data processing practices. Material updates will be communicated to registered Company Users by email and posted on this page with a revised effective date. Continued use of VeriLink after the effective date constitutes acceptance of the updated Policy.

  14. Contact Us

    15. For privacy-related enquiries, data subject access requests, or concerns regarding this Policy:
    Email: privacy@verilink.online
    Postal: SkyL4rk (Pty) Ltd, Ballito, KwaZulu-Natal, South Africa
    Website: https://verilink.online

    The Information Regulator of South Africa may be contacted at: https://www.justice.gov.za/inforeg/

VeriLink Terms and Conditions

Last Updated: 31 March 2026  |  Version: 2.0

These Terms and Conditions ("Terms") govern access to and use of all VeriLink products and services, including the VeriLink API, the VeriLink Dashboard, the VeriLink mobile application, and all associated compliance screening services. By registering, accessing, or using any VeriLink service, you confirm that you have read, understood, and agree to be bound by these Terms. If you do not agree, you must not use our services.

  1. Definitions
    1. "VeriLink" means the identity verification, biometric authentication, and compliance screening platform operated by SkyL4rk (Pty) Ltd (Reg. 2018/043553/07), including all sub-domains, APIs, dashboards, and mobile applications.
    2. "SkyL4rk" means SkyL4rk (Pty) Ltd, the operator and owner of VeriLink.
    3. "Company User" means any registered business or organisation accessing VeriLink via the Dashboard or API.
    4. "End User" means any individual who is the subject of a verification request initiated by a Company User.
    5. "API User" means a Company User accessing VeriLink programmatically via API key and licence key integration.
    6. "Dashboard User" means a Company User accessing VeriLink via the web-based dashboard portal at dashboard.verilink.online.
    7. "Sub-Client" means any entity on whose behalf a Dashboard User or API User initiates verification requests under a bill-back or reseller arrangement.
    8. "Token" means a unit of service credit used to pay for verification and compliance requests on the VeriLink platform. One token has a face value of USD $0.10.
    9. "Subscription Token" means tokens credited to an account as part of a monthly or yearly subscription plan.
    10. "Rollover Token" means unused Subscription Tokens carried forward from a previous billing period under the rollover policy.
    11. "Top-Up Token" means tokens purchased as a once-off payment, independent of any subscription plan.
    12. "Negative Buffer" means a temporary token credit facility that permits up to 21 tokens of negative balance before account lock is applied.
    13. "Verification Request" means a single instruction sent by a Company User to VeriLink to initiate one or more identity verification or compliance screening checks against a named End User.
    14. "PVTF" means the Personal Verification Token File, a device-stored encrypted biometric profile generated during End User onboarding.
    15. "Compliance Screening" means any of the AML, OFAC, PEP, or Adverse Media checks run against a named individual or entity by VeriLink's in-house screening stack.
    16. "xCrypt" means the API key and licence management platform operated by SkyL4rk, used to validate Company User credentials on every Verification Request.
  2. Eligibility
    1. To register as a Company User, you must be a duly registered legal entity or a natural person of at least 18 years of age with legal capacity to enter into binding agreements.
    2. By registering, you warrant that all information provided is accurate, current, and complete, and that you have authority to bind any organisation on whose behalf you register.
    3. VeriLink reserves the right to decline or revoke registration at its sole discretion.
  3. Acceptable Use
    1. You agree to use VeriLink only for lawful identity verification, KYC, KYB, AML, and related compliance purposes.
    2. You must not use VeriLink to verify individuals without their knowledge and express consent.
    3. You must not attempt to reverse-engineer, scrape, or misuse VeriLink's API, biometric systems, or compliance screening outputs.
    4. You must not use verification results or compliance screening outputs to discriminate unlawfully against any individual.
    5. You must not submit fictitious, synthetic, or fraudulent identity data to the platform.
    6. Compliance screening results are informational outputs only. VeriLink does not make binding legal determinations. You remain solely responsible for any decisions made on the basis of screening results.
    7. VeriLink may suspend or terminate accounts where misuse is detected or suspected, without prior notice.
  4. Token Allocation and Billing
    1. General. All VeriLink services are priced in Tokens. Token balances are maintained per Company User account. The total spendable balance is the sum of all token pools less any Negative Buffer.
    2. Subscription Tokens. Upon successful payment of a monthly or yearly subscription, the token allocation for the chosen plan is credited to the account's Subscription Token pool. Subscription Tokens are use-it-or-lose-it within the billing period subject to the rollover policy in clause 4.3.
    3. Rollover Policy. Unused Subscription Tokens and Rollover Tokens remaining at the end of a billing period roll over to the next period, subject to a maximum cap of two times (2×) the monthly token allocation for the active plan. Tokens exceeding this cap at the point of renewal are forfeited without refund. Example: a Starter plan (260 tokens/month) has a rollover cap of 520 tokens. Rolled-over tokens are consumed before fresh Subscription Tokens from the new period.
    4. Once-Off Token Purchases (Top-Up Tokens). Tokens purchased as once-off top-ups are credited to a separate Top-Up Token pool. Top-Up Tokens do not expire and remain valid for the lifetime of the account, provided the account is in good standing. No refund is issued for unused Top-Up Tokens on account closure.
    5. Token Consumption Order. Tokens are consumed in the following priority order per Verification Request: (1) Subscription Tokens first; (2) Rollover Tokens second; (3) Top-Up Tokens third; (4) Negative Buffer last, only when all other pools are exhausted.
    6. Token Cost per Service. Each service option selected within a Verification Request consumes tokens as follows:
      1. Tier A — Biometric and Data Services (1 token each): Face Verification, Liveness Check, ID Number, Location Data, Face Encodings, PDF417 Confirmation, Passport MRZ Confirmation.
      2. Tier B — Compliance Screening Services (5 tokens each): OFAC Sanctions Screening, AML/PEP Screening, Adverse Media Screening.
    7. Minimum Token Floor. A minimum of 3 tokens is deducted per Verification Request regardless of the number of options selected. This floor applies even where fewer than 3 Tier A options are chosen.
    8. Charged on Request. Tokens are deducted at the point of Verification Request creation, not at the point of End User completion. A request is considered rendered once it has been accepted and dispatched by the platform, regardless of whether the End User responds, downloads the application, or completes the requested checks.
    9. Negative Buffer. Where a Verification Request is submitted against a zero or near-zero balance, VeriLink may, at its discretion, permit the request to proceed into a provisional negative balance not exceeding negative twenty-one (−21) tokens. This facility exists solely to prevent service interruption for legitimate ongoing operations and does not constitute a credit facility or loan. The Negative Buffer is recovered automatically from the next inbound token credit (subscription renewal or top-up purchase) before any spendable balance is made available. Accounts at or below the −21 token threshold will be hard-locked from submitting further Verification Requests until the balance is restored to zero or above.
    10. Currency. All token prices are denominated in United States Dollars (USD). Payments processed via PayFast are converted to South African Rand (ZAR) at the prevailing exchange rate at the time of transaction. SkyL4rk is not responsible for currency fluctuations between the displayed USD price and the ZAR amount charged.
    11. Yearly Subscriptions. Yearly subscriptions are billed annually in advance. Upon subscribing to a yearly plan, tokens equivalent to thirteen (13) months of the plan's monthly allocation are credited, representing one free month. No pro-rata refund is available for early cancellation of a yearly subscription.
    12. Token Forfeiture on Termination. Upon account termination — whether initiated by the Company User or by VeriLink — all remaining Subscription Tokens and Rollover Tokens are forfeited immediately. Top-Up Tokens are likewise forfeited unless otherwise agreed in writing with SkyL4rk prior to termination.
    13. Free Tier. New accounts are credited with ten (10) complimentary tokens upon registration. These free tokens are subject to the Negative Buffer and minimum floor policies but are not subject to the rollover policy. Free tokens are forfeited if unused at the point of first subscription or top-up purchase.
  5. AML and Compliance Screening Services
    1. VeriLink operates an in-house compliance screening stack encompassing OFAC sanctions lists, United Nations consolidated sanctions, European Union and United Kingdom sanctions registers, global PEP (Politically Exposed Person) databases, and adverse media sources including GDELT and licensed news data feeds.
    2. Compliance screening results are informational only. VeriLink does not provide legal advice, and screening outputs do not constitute a legal determination of sanctions exposure, criminal liability, or reputational risk.
    3. Company Users are solely responsible for acting on screening results in accordance with applicable law, including FICA, POCA, POCDATARA, and any other applicable AML legislation in their jurisdiction.
    4. VeriLink's screening stack operates against datasets maintained on a best-efforts basis. VeriLink does not guarantee real-time completeness of all global sanctions or watchlist data.
    5. Deep-link screening via third-party providers such as LexisNexis is available on request and is billed separately outside of the standard token model. Separate terms apply to such engagements.
    6. Compliance screening checks run server-side and do not require End User interaction or app installation. Tokens for Compliance Screening are deducted at the point of request regardless of the screening result.
  6. API Usage Terms
    1. API access requires a valid API key and licence key issued via xCrypt. Both keys are validated on every Verification Request. Requests with invalid or expired keys will be rejected.
    2. API keys and licence keys are confidential. Company Users must not share, publish, or expose keys in client-side code, public repositories, or any other accessible medium.
    3. Company Users are liable for all usage on their account regardless of whether that usage was authorised by them, in the event of key compromise resulting from their own failure to maintain key security.
    4. VeriLink reserves the right to apply rate limits to API access at any time to protect platform stability. Rate limits will be communicated via the API documentation and dashboard.
    5. Automated or programmatic misuse of the API, including but not limited to bot-driven verification requests, synthetic identity testing at scale, or denial-of-service attempts, will result in immediate account suspension.
  7. Dashboard Usage Terms
    1. Dashboard access is provided to registered Company Users for the purpose of managing verification requests, reviewing results, monitoring token balances, and administering Sub-Client access where applicable.
    2. Dashboard credentials must not be shared between individuals within an organisation. Each individual requiring access should hold their own authorised credentials.
    3. Company Users remain responsible for all activity conducted within their Dashboard account, including activity by any authorised Sub-Client or delegated user.
    4. VeriLink may introduce role-based access controls within the Dashboard. Company Users are responsible for assigning appropriate access levels to their users.
  8. Sub-Client and Reseller Obligations
    1. Company Users who access VeriLink on behalf of Sub-Clients, or who resell VeriLink services to third parties, are fully responsible for ensuring that their Sub-Clients comply with these Terms and all applicable law.
    2. All token consumption incurred on behalf of Sub-Clients is charged to the Company User's account. VeriLink has no contractual relationship with Sub-Clients and accepts no liability for Sub-Client actions.
    3. Company Users must ensure that End Users whose data is submitted for verification have given valid, informed consent for their data to be processed for verification and compliance purposes.
    4. Company Users acting in a reseller or aggregator capacity must maintain their own terms of service with their Sub-Clients that are no less protective of End Users than these Terms and applicable data protection law.
    5. VeriLink reserves the right to request evidence of Sub-Client consent frameworks at any time. Failure to provide such evidence may result in account suspension.
  9. Biometric Data Obligations (Company User)
    1. Company Users may only use verified payloads received from VeriLink for the specific purpose for which the verification was requested and for which the End User gave consent.
    2. Company Users must not store, re-process, sell, or share biometric data received from VeriLink beyond what is necessary for the stated verification purpose.
    3. Company Users are responsible for complying with POPIA, GDPR (where applicable), and any other applicable biometric data protection legislation in their jurisdiction.
    4. VeriLink is not liable for the downstream handling of verified payloads by Company Users or their Sub-Clients.
  10. Privacy and Data Protection
    1. VeriLink processes personal data in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) and, where applicable, the General Data Protection Regulation (GDPR).
    2. Company Users act as the Data Controller in respect of End User personal data submitted for verification. VeriLink acts as the Data Processor.
    3. A Data Processing Agreement (DPA) governing the processor relationship is available on request and is incorporated by reference into these Terms.
    4. Users may review our full Privacy Policy on this page for detail on data collection, use, retention, and rights.
  11. Account Security
    1. Company Users are responsible for maintaining the confidentiality of their account credentials, API keys, and licence keys.
    2. Any suspected unauthorised access, credential compromise, or unusual account activity must be reported to VeriLink immediately at support@verilink.online.
    3. VeriLink will not be liable for loss or damage arising from failure to maintain account security on the part of the Company User.
  12. Service Availability
    1. VeriLink targets high availability but does not guarantee uninterrupted or error-free service.
    2. Planned maintenance will be communicated with reasonable advance notice where possible.
    3. VeriLink is not liable for service interruptions caused by factors outside its reasonable control, including third-party infrastructure failures, telecommunications outages, or force majeure events.
  13. Intellectual Property
    1. All software, algorithms, APIs, interfaces, trademarks, and documentation comprising VeriLink are the exclusive property of SkyL4rk (Pty) Ltd or its licensors.
    2. Company Users are granted a limited, non-exclusive, non-transferable licence to access and use VeriLink solely for the purposes set out in these Terms.
    3. You may not copy, modify, reverse-engineer, decompile, sublicence, or create derivative works from any VeriLink materials without prior written consent from SkyL4rk.
  14. Limitation of Liability
    1. VeriLink and SkyL4rk are not liable for any indirect, incidental, consequential, or punitive damages arising from your use of the platform, including but not limited to loss of business, loss of data, or reputational harm.
    2. VeriLink's total aggregate liability to any Company User in respect of any claim shall not exceed the total token spend by that Company User in the three (3) calendar months immediately preceding the event giving rise to the claim.
    3. VeriLink does not warrant that compliance screening results are complete, current, or free from error. All screening outputs are used at the Company User's own risk and do not constitute professional legal or compliance advice.
    4. VeriLink is not liable for decisions made by Company Users or their Sub-Clients on the basis of verification results or compliance screening outputs.
  15. Termination
    1. VeriLink reserves the right to suspend or terminate any account that violates these Terms, engages in fraudulent activity, fails to pay outstanding amounts, or poses a risk to the platform or other users.
    2. Company Users may close their account at any time via the Dashboard settings. Closure does not entitle the user to a refund of any remaining token balance.
    3. Upon termination, all data associated with the account will be handled in accordance with the Data Retention provisions in the Privacy Policy below.
  16. Governing Law
    These Terms are governed by and construed in accordance with the laws of the Republic of South Africa. Company Users located in the European Union additionally acknowledge that GDPR obligations apply to the processing of EU data subjects' personal data. Any disputes arising under these Terms shall be subject to the jurisdiction of the High Court of South Africa (KwaZulu-Natal Division), unless otherwise agreed in writing.
  17. Changes to Terms
    SkyL4rk may update these Terms periodically. Material changes will be communicated by email to registered Company Users and/or by prominent notice on the VeriLink platform. Continued use of VeriLink after the effective date of any update constitutes acceptance of the revised Terms.
  18. Contact
    For questions regarding these Terms, contact us at: Email: legal@verilink.online  |  Website: https://verilink.online

VeriLink Terms of Service

Last Updated: 31 March 2026  |  Version: 2.0

These Terms of Service ("ToS") set out the operational rules governing how VeriLink services are accessed and consumed. They supplement the Terms and Conditions above and apply to all registered users of the platform.

  1. Acceptance of Terms
    By accessing VeriLink — whether via the API, the Dashboard, or the mobile application — you confirm unconditional acceptance of these Terms of Service and the Terms and Conditions above.
  2. User Responsibilities
    1. You must comply with all applicable laws, regulations, and industry standards relevant to identity verification and compliance screening in your jurisdiction.
    2. You must not engage in fraudulent, deceptive, or illegal activities using VeriLink services.
    3. You are responsible for ensuring that every Verification Request submitted is based on a legitimate business need and that the End User has provided valid, informed consent.
    4. You must maintain the confidentiality of your account credentials and API/licence keys at all times. See clause 6 of the Terms and Conditions for key security obligations.
  3. Subscription Plans and Payment
    1. VeriLink offers the following subscription tiers. Token allocations are per billing period (monthly or yearly):
      Starter — USD $19/month  |  260 tokens/month  |  3,380 tokens/year (yearly plan)
      Professional — USD $49/month  |  720 tokens/month  |  9,360 tokens/year (yearly plan)
      Enterprise — USD $159/month  |  2,400 tokens/month  |  31,200 tokens/year (yearly plan)
      Yearly plans include the equivalent of one additional month's tokens at no extra charge.
    2. Payments are processed via PayFast. By subscribing, you authorise recurring charges to your selected payment method on the applicable billing date.
    3. Subscription payments are non-refundable. Downgrading a subscription mid-period does not entitle the user to a partial refund for the difference in plan cost.
    4. If a recurring payment fails, VeriLink will attempt re-collection in accordance with PayFast's retry schedule. Account access may be restricted if payment cannot be collected within a reasonable period.
    5. All prices are displayed in USD. ZAR conversion is applied at checkout based on the prevailing exchange rate.
  4. Token Management
    1. Token pools. Your token balance is maintained across three pools: Subscription Tokens, Rollover Tokens, and Top-Up Tokens. A fourth pool, the Negative Buffer, tracks temporary overdraft usage. Your displayed balance is the sum of all four pools.
    2. Consumption priority. Subscription Tokens are consumed first on each request, followed by Rollover Tokens, then Top-Up Tokens. The Negative Buffer is only drawn upon when all other pools are at zero.
    3. Rollover. Unused Subscription and Rollover Tokens carry over for one additional billing period, up to a maximum of twice your monthly allocation. Tokens exceeding this cap at renewal are forfeited. This policy mirrors a one-month grace period — a quiet month is never entirely wasted.
    4. Top-Up Tokens never expire. Tokens purchased as once-off top-ups remain valid indefinitely for the life of the account. They are the last pool consumed on any request, preserving their value for when they are needed.
    5. Negative Buffer. The platform may allow up to 21 tokens of negative balance to prevent interruption to active verification workflows. This is a service continuity facility, not a credit arrangement. The negative balance is recovered from the next token credit before any spendable balance is available. At −21 tokens, the account is hard-locked until the balance is restored.
    6. Token top-up packages. Once-off token packages are available for purchase at any time:
      10 tokens — $1.00  |  50 tokens — $5.00  |  120 tokens — $10.00  |  280 tokens — $25.00  |  550 tokens — $50.00  |  1,200 tokens — $100.00
      Top-up tokens are always more expensive per token than subscription plans, which offer a 27–34% better per-token rate depending on tier. Subscriptions are the recommended route for regular users.
  5. Charged-on-Request Policy
    1. Tokens are deducted at the moment a Verification Request is created and accepted by the platform. This occurs before the End User receives any notification, opens any link, or completes any verification step.
    2. A request is considered rendered once it has been validated and dispatched. No token credit or refund is issued because an End User chose not to respond, had not yet downloaded the VeriLink application, or completed only some of the requested verification steps.
    3. Compliance screening requests (OFAC, AML/PEP, Adverse Media) are processed entirely server-side with no End User interaction required. Tokens for such requests are deducted immediately upon processing.
    4. This policy reflects market-standard practice for identity verification and compliance SaaS platforms. Company Users are advised to verify that their target End Users are reasonably reachable before initiating high-volume request campaigns.
  6. xCrypt Licence Dependency
    1. Every Verification Request submitted via the API is validated against the xCrypt licence management platform. An active, valid xCrypt licence key is required for API access.
    2. If an xCrypt licence key expires, is revoked, or becomes invalid, all API-based Verification Requests will be rejected until the key is renewed or replaced.
    3. xCrypt licence management is the responsibility of the Company User. VeriLink is not liable for service interruption resulting from an invalid or expired xCrypt licence.
  7. Data Usage and Protection
    1. VeriLink protects user and End User data using AES-256 encryption in transit and at rest, role-based access controls, and regular security auditing.
    2. All users consent to data processing as described in the Privacy Policy on this page.
    3. VeriLink acts as a Data Processor on behalf of Company Users (Data Controllers) in respect of End User personal data. The obligations of each party are set out in the VeriLink Data Processing Agreement.
  8. Service Modifications
    1. VeriLink may introduce new features, modify existing features, change token pricing, or discontinue services, with reasonable notice to registered users where such changes are material.
    2. Token pricing changes will not apply to existing subscription periods already paid for. New pricing takes effect from the next billing cycle following notice.
  9. Dispute Resolution
    1. Any disputes arising from or relating to these Terms of Service shall first be referred to good-faith negotiation between the parties.
    2. Unresolved disputes shall be referred to arbitration conducted in KwaZulu-Natal, South Africa, under the rules of the Arbitration Foundation of Southern Africa (AFSA), unless both parties agree otherwise in writing.
  10. Contact
    For service-related enquiries: Email: support@verilink.online  |  Dashboard: https://dashboard.verilink.online