Last Updated: August 13, 2025
Welcome to noauth.sh. This document constitutes a legally binding agreement (hereinafter, the "Agreement") between the legal entity operating noauth.sh ("Provider," "We," "Us") and the natural person or legal entity that subscribes to, accesses, or uses our service ("Customer," "You").
This Agreement governs your access to and use of the noauth.sh passwordless authentication platform, including any software, software development kits (SDKs), application programming interfaces (APIs), documentation, and related services (collectively, the "Service").
By accessing, registering for, or using our Service in any manner, You accept and agree to be bound by all the terms and conditions set forth herein. If You are entering into this Agreement on behalf of a company or other legal entity, You represent and warrant that you have sufficient authority to bind such entity in accordance with the terms and conditions of this Agreement.
If you do not agree with these terms, you must not access or use the Service.
In accordance with best practices and principles of good faith in digital contracting, it is established that consent to be bound by this Agreement is understood to be formed only if You have had prior, clear, comprehensible, and unequivocal access to these conditions, as well as the ability to store or print them.
For the purposes of these Terms and Conditions, the following terms shall have the meanings ascribed to them below:
Refers to the biometric and passwordless authentication software-as-a-service (SaaS) platform provided by noauth.sh, which includes access to our SDKs, APIs, technical documentation, and any related software made available to you.
The natural person or legal entity that contracts the Service to integrate it into their own applications, websites, or platforms for the purpose of authenticating their End Users.
Any natural person who uses the authentication Service provided by noauth.sh through the Customer's applications or platforms. It is essential to understand that the End User does not have a direct contractual relationship with the Provider; their relationship is with the Customer. This distinction is key for the correct allocation of responsibilities regarding the processing of personal data.
Refers to all data, information, and content, including Personal Data, that the Customer or their End Users submit, upload, or transmit to the Service.
Any information relating to identified or identifiable natural persons, in accordance with the definition established in Law No. 19.628 of Chile.
Considered a category of "Sensitive Data" under Chilean law. These are personal data referring to the physical or biological characteristics of a person that allow or confirm their unique identification.
All copyrights, trademarks, patents, trade secrets, and any other intellectual or industrial property rights, registered or not, related to the Service.
All non-public information disclosed by one party to the other, whether orally or in writing, that is designated as confidential or that should reasonably be understood to be confidential given the circumstances of its disclosure.
The Service consists of a next-generation authentication solution designed to provide modern, secure, and simple authentication, passwordless and powered by biometrics, to be integrated into the Customer's web and mobile applications.
Subject to compliance with the terms and conditions of this Agreement, the Provider grants the Customer a limited, non-exclusive, non-transferable, non-sublicensable, and revocable license to access and use the Service during the term of the contract. This license is granted for the sole purpose of integrating and using the authentication functionalities of the Service within the Customer's commercial applications for their End Users.
This license does not constitute a sale of the underlying software or any copy thereof. The Provider retains ownership of all software. The license explicitly covers the use of the provided SDKs and documentation, which are core elements of the Service's value proposition. However, this permission is strictly limited to integration purposes, and any other use, such as creating derivative or competing products, is expressly prohibited under Section 4 of this Agreement.
To use the Service, the Customer must create an account, providing true, accurate, current, and complete registration information. The Customer is solely responsible for maintaining the confidentiality and security of their access credentials, including passwords and API keys.
The Customer is entirely responsible for all activity that occurs on or through their account. They agree to notify the Provider immediately of any unauthorized use of their account or any other breach of security of which they become aware.
The most critical responsibility of the Customer under this Agreement relates to the privacy of their End Users. The Customer represents, warrants, and undertakes to:
By contractually imposing this obligation, it is established that any damages, fines, or legal costs that the Provider may suffer as a result of the Customer's failure to obtain valid consent will be the responsibility of the Customer. This mechanism protects the Provider by ensuring that the entity with the direct relationship with the End User (the Customer) assumes the legal responsibility that corresponds to it as the Data Controller.
The Customer agrees to use the Service only for lawful purposes and in accordance with this Agreement. The Customer is strictly prohibited from, and will not permit third parties to:
The Provider and its licensors are and will remain the exclusive owners of all rights, titles, and interests in and to the Service, including its software, source and object code, algorithms, design, "look and feel," documentation, trademarks, and any other associated Intellectual Property. This Agreement does not grant the Customer any ownership rights in the Service, but only the limited license to use described in Section 2.
The Customer, for its part, retains all rights, titles, and interests in and to the Customer Data. However, the Customer grants the Provider a worldwide, non-exclusive, royalty-free license to host, process, transmit, and use the Customer Data for the sole and exclusive purpose of providing, maintaining, and improving the Service in accordance with this Agreement.
Additionally, the Provider reserves the right to collect, analyze, and use aggregated and anonymized data derived from the use of the Service by the Customer and its End Users. This data will not identify the Customer or any End User and will be used for purposes of analysis, product improvement, development of new features, and industry reporting. In accordance with Law No. 19.628, this "statistical data" is not considered personal data. Therefore, the Provider will be the exclusive owner of such aggregated and anonymized data, allowing it to generate value and innovation without compromising individual privacy.
The Provider undertakes to comply with the provisions of Law No. 19.628 on the Protection of Private Life and any other applicable data protection regulations in Chile.
In the context of processing End Users' Personal Data, the parties agree that:
As the Data Processor, the Provider undertakes to:
If the servers used to provide the Service are located outside the territory of the Republic of Chile, the Customer expressly authorizes the international transfer of Customer Data to such locations. The Provider guarantees that such transfers will be carried out with adequate safeguards to ensure a level of data protection equivalent to that required by Chilean law.
For greater clarity, the following table summarizes the division of key responsibilities in data protection matters. This table not only simplifies the understanding of the obligations but also functions as a precise contractual annex that delineates the legal responsibility of each party.
| Responsibility | Customer (Data Controller) | noauth.sh (Data Processor) |
|---|---|---|
| Legal Basis for Processing | Obtain and record free, informed, and unequivocal consent from End Users for the processing of their personal data, including biometrics. | Process data solely on the basis of the consent obtained by the Customer. |
| Management of Data Subject Rights | Be the primary point of contact for End Users. Receive, evaluate, and respond to requests for access, rectification, cancellation, and opposition (ARCO rights). | Provide the Customer with the necessary technical tools to manage data and assist in responding to requests, as reasonably possible. |
| Data Security | Ensure the secure configuration of its implementation of the Service. Manage its own users' access to the noauth.sh platform. | Implement and maintain technical and organizational security measures to protect data against unauthorized access, loss, or destruction. |
| Security Breach Notification | Notify the data protection authority and affected End Users, as required by law. | Notify the Customer without undue delay after discovering a security breach affecting Customer Data. |
| Data Quality | Ensure that the personal data provided to the Service is accurate and up-to-date. | Not modify data without the Customer's instruction. |
Each party agrees to maintain in strict confidence all Confidential Information of the other party and not to use it for any purpose outside the scope of this Agreement. Each party agrees to limit access to the other party's Confidential Information to those employees, contractors, and agents who need such access for purposes consistent with this Agreement and who have signed confidentiality agreements with obligations no less protective than those contained herein. This confidentiality obligation will survive the termination of this Agreement for a period of five (5) years.
Access to and use of the Service are subject to the payment of applicable fees according to the subscription plan selected by the Customer. Fees will be billed in advance on the agreed billing cycle (monthly or annual). All payments are non-refundable.
Fees do not include taxes, levies, duties, or similar governmental assessments of any nature, including, for example, Value Added Tax (VAT), which will be the responsibility of the Customer. In case of non-payment, the Provider reserves the right to suspend access to the Service until the amounts due are paid in full.
THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE." THE PROVIDER DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. THE PROVIDER DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE PROVIDER, ITS AFFILIATES, DIRECTORS, EMPLOYEES, OR AGENTS BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR RELATING TO THE USE OF, OR INABILITY TO USE, THE SERVICE.
THE PROVIDER'S TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR ANY OTHER LEGAL THEORY, SHALL IN NO EVENT EXCEED THE TOTAL AMOUNTS PAID BY THE CUSTOMER TO THE PROVIDER FOR THE USE OF THE SERVICE DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.
Either party may terminate this Agreement if the other party commits a material breach of any of its provisions and fails to cure such breach within thirty (30) days of receiving written notice.
The Customer may cancel their subscription at any time through their account interface. Termination will be effective at the end of the current billing cycle.
Upon termination or expiration of this Agreement, all rights and licenses granted to the Customer will immediately cease. The Provider will have no obligation to maintain or provide Customer Data and, unless prohibited by law, will delete all Customer Data in its systems or in its possession or control after a grace period of thirty (30) days.
The Provider reserves the right, at its sole discretion, to modify or replace any part of this Agreement at any time. It is the Customer's responsibility to review these Terms periodically for changes. The Provider will notify the Customer of significant changes at least thirty (30) days in advance, either by email to the address associated with the account or through a prominent notice within the Service. The Customer's continued use of the Service after the posting of any changes to this Agreement constitutes acceptance of those changes.
This Agreement shall be governed by and construed in all respects in accordance with the laws of the Republic of Chile.
For all legal purposes arising from this Agreement, the parties establish their domicile in the city and commune of Santiago, Chile, and expressly submit to the jurisdiction and competence of its ordinary courts of justice.
This Agreement constitutes the entire and exclusive agreement between the parties with respect to its subject matter and supersedes all prior communications, proposals, or agreements, whether oral or written.
If any provision of this Agreement is held by a court of competent jurisdiction to be invalid or unenforceable, such provision shall be construed in a manner that best reflects the original intention of the parties, and the remaining provisions shall remain in full force and effect.
The failure of either party to enforce any right or provision in this Agreement will not constitute a waiver of such right or provision.
The Customer may not assign or transfer this Agreement, by operation of law or otherwise, without the Provider's prior written consent. The Provider may assign this Agreement in its entirety in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets.
Neither party shall be liable for any failure or delay in the performance of its obligations hereunder (except for payment obligations) if such failure or delay is caused by circumstances beyond its reasonable control.
If you have any questions about these Terms of Service, please contact us.
Get Started