Terms & Conditions

TERMS AND CONDITIONS

These terms and conditions (the “Terms and Conditions”) are a binding legal agreement between you and Treefort Technologies Incorporated (the “Parties“) that governs your access to and use of the website https://treeforttech.com/ and (the “Website“) its System. This agreement is effective the moment you access the Website or System and remains in effect until terminated by either Party in accordance with these Terms and Conditions or any other agreement between you and us, as applicable. By accessing or using the Website or the System, you acknowledge that you have read and understood these Terms and Conditions, and agree to be legally bound by them and our Privacy Policy (collectively, the “Agreement“), in addition to complying with applicable laws and regulations. If you do not agree to these Terms and Conditions, you are not authorized to access or use the Website or the System.

Definitions

1. In these Terms and Conditions:

a) “Administrator” means a person who has been designated by their Organization to manage all user accounts within the Organization.

b) “Authentication ID” means a security mechanism, which may include user identification and passwords, by which an Administrator or an Authorized User identifies themselves to the System to gain access.

c) “Authorized User” means a person to whom an Administrator has issued an Authentication ID.

d) “Business Terms Agreement” means an agreement between you and the Provider that sets out additional or alternative terms that govern the relationship between you and your Organization and the Provider.

e) “Confidential Information” means the System, Data, and all ideas, designs, business models, databases, drawings, documents, diagrams, formulas, test data, marketing, financial or personnel data, sales information, client or supplier information, information of an individual used to create the ID Verification Report or any other information already furnished and to be furnished or made available by Provider to you. Confidential Information does not include information or material which is or was, at the time of disclosure or thereafter, demonstrably: (i) already known by you prior to the disclosure thereof, (ii) generally available to and known by the public (other than as a result of a disclosure directly or indirectly by you), (iii) available to you on a non-confidential basis from a source other than the Provider, (iv) independently acquired or developed by you without violating any of your obligations under these Terms and Conditions, or (v) information for which the Provider has authorized the unrestricted disclosure.

f) “Content” means all materials and content made available to users on the Website or System including notices, guidelines, communications, text, RSS feeds, graphics, images, illustrations, audio-visual works, multimedia elements, photographs, videos, music, sound recordings, policies, documents, software, information, data and any other work, including the manner in which such content is presented.

g) “Data” means any data, files, documentation, or other information that you may upload to the System, or which may be uploaded on your behalf. Data may include Personal Information.

h) “Data Breach” means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Data and/or Personal Information that has been transmitted, stored, or otherwise processed.

i) “ID Verification Report” means the form of report produced by the System for each individual who is the subject of the ID verification process. The ID Verification Report will contain, at a minimum, the following information:  a) the name of the individual; b) his/her address; and c) a pass or fail mention.

j) “Organization” means the entity you work for or the entity who has otherwise provided you access to the System.

k) “Personal Information” means data about an “identifiable individual”. It is information that on its own or combined with other pieces of data, can identify someone as an individual.

l) “Privacy Laws” mean all applicable privacy and data protection legislation and regulations, national and provincial laws and regulations relating to the processing of Personal Information, as amended, replaced or updated from time to time.

m) “Provider” means Treefort Technologies Incorporated.

n) “Related Parties” means any person or entity acting on behalf of or under authority of Provider to carry out Provider’s obligations under the Agreement, including but not being limited to Provider’s employees, agents, contractors and Sub-Contractors.

o) “Reliable Sources” means certain credit bureaus, financial institutions, telecommunication companies, and other entities the System receives ID verification information from;

p) “Sub–Contractor” means any person or entity acting on behalf of or under Provider’s authority to carry out specific processing activities with Data and/or Personal Information.

q) “System” means the computer server and application computer software, known as “Treefort”, that: (i) determines whether personal information about an individual inputted by you matches information about the individual held by Reliable Sources; (ii) obtains and reviews other risk indicators associated with the individual whose identity is being identified; and, (iii) allows individuals to have virtual meetings to sign documents after passing a biometric authorization process.

USE OF SYSTEM

2. These Terms and Conditions govern your access to and use of the System.
3. Subject to these Terms and Conditions, Provider hereby grants you a non-exclusive, non-transferable, revocable right to access and use all or a portion of the System in accordance with the provisions of these Terms and Conditions.
4. If you are an Administrator you will provide each Authorized User with an Authentication ID. You shall control and maintain the security of the Authentication IDs and you shall be responsible for all instructions, commitments and other actions or communications taken under each Authentication ID. You shall promptly report to Provider any errors or irregularities in the System or any unauthorized use and inform Provider immediately if an Authentication ID becomes known to any unauthorized person.
5. You agree:

a) not to sell, lease, transfer, provide or otherwise make available the System or any portion of the System to any third party, whether as a demonstration or otherwise;

b) not to take any action whatsoever to access, store, merge, aggregate, compile, decompile, manipulate, copy, reverse engineer, create derivative products, derive the source code, sublicense, sell, distribute, commercially exploit, frame, mirror, scrape or data-mine the System or any content in any form or by any means, and you will not attempt to access any restricted areas of the System;

c) not to develop a product that will compete with the System for a period of three (3) years after you stop using the System;

d) to be responsible for all actions taken by you, and all communications made by you, while you access the System;

e) to comply with all laws that apply or may apply to your access of the System, including Privacy Laws;

f) to ensure that all devices used by yourself to access and use the System are placed in a secure location, and that such devices are secured when not in use through such means as screen locks or shutting power controls off;

g) you will not share your Authentication ID with anyone including your staff and associates;

h) you will not use the System for personal (non-business), improper or unlawful purposes;

i) that if you cease working for your Organization, or if you otherwise cease your association with the Organization, you will immediately return all documentation and information associated with the System to your Organization, and you agree you will not access the System even if your Authentication ID still allows for access to the System.

j) not to access the System in a manner that could damage, disable, abuse or otherwise interfere with the System, its security, any services, system resources, accounts, servers or networks connected to or accessible through the System, or any other person’s use or enjoyment of the System; and,

k) not to upload to, distribute to, or otherwise disseminate through the System any material or information of any kind that is libelous, defamatory, obscene, pornographic, abusive, false, misleading or otherwise violates any law or infringes or violates any rights of any other person or entity (including any intellectual property or other property rights), or that contains viruses, backdoors or any other harmful or malicious code.

6        a) The System has a search function that allows Authorized Users to search for ID Verification Reports generated by other organizations for which they have been granted access. This search function is in addition to the ability of an Authorized User to search for ID Verification Reports that have been generated by their Organization. The ability to search for ID Verification Reports generated by other organizations is turned off by default, but an Administrator may turn it on so that Authorized Users in the Organization can search for ID Verification Reports generated by other organizations for which they have been granted access by the other organization. If the ability to search for ID Verification Reports generated by other organizations is turned on you agree to:

i. only search for ID Verification Reports that relate directly to transactions you are contemplating, or have entered in to, and for which you have consent to receive from the individual to whom the ID Verification Report relates; and,

ii. use the ID Verification Reports you obtain as a result of a search only for the purpose of satisfying your KYC requirements, determining whether you want to enter into a transaction or to complete a transaction you have already entered into.

b) The System also has a sharing function that allows your Organization to make ID Verification Reports generated by Authorized Users in your Organization available to specific authorized users in other organizations. This requires providing access to the ID Verification Report to other organizations. The sharing of ID Verification Reports generated by your Organization is turned off by default, but an Administrator can turn it on so that ID Verification Reports generated by your Organization can be accessed by other organizations. You agree that you will not sell, lease, transfer, provide or otherwise make available an ID Verification Report to any third party other than the individual whose identity is being verified, whether as a demonstration or otherwise, other than through the sharing function in the System and only to the other organizations that have a legitimate interest in having access to the report.

7. If you are an Administrator, in addition to all other tasks and obligations imposed on you by these Terms and Conditions you agree to:

a) assign, record and control the issuance and use of all Authentication IDs within your Organization, keeping the same Authentication IDs confidential except to those who are permitted to use them;

b) without delay, disable any Authentication ID and notify Provider immediately if Provider determines an Authentication ID issued by you has been provided to a person who is not an Authorized User or ceases to be an Authorized User. You shall also, in compliance with law, notify the individuals whose information was potentially accessed or acquired that an unauthorized use has occurred;

c) ensure your Organization complies, at all times, with all applicable legal and regulatory requirements and with the policies of the Reliable Sources in respect of the use of the System, including:

https://www.equifax.com/terms/; and
https://www.iproov.com/terms-and-conditions;

d) ensure that all devices used by Authorized Users to order or access the System are accessible only by the Authorized User, and that such devices are secured when not in use through such means as screen locks, shutting power controls off, or other commercially reasonable security procedures;

e) implement secure authentication practices when providing Authentication IDs to Authorized Users, including but not limited to: (i) using individually assigned email addresses and not shared e-mail accounts; (ii) prohibiting the sharing of Authentication IDs; and (iii) use of anti-malware, anti-spam, and similar controls;

f) confirm your Organization has effective administrative, technological, and physical safeguards in place to stop theft, loss and unauthorized access, copying, modification, use, disclosure, or disposal of information that are consistent with industry best practices;

g) respect all applicable Privacy Laws including any requirements of notification or declaration in relation to a Data Breach or incident of confidentiality as required by the applicable legislation;

h) educate Authorized Users with respect to Privacy Laws and policies and take reasonable steps to ensure compliance through training, confidentiality agreements and sanctions, as needed;

i) ensure Authorized Users who are fired, resign or whose association with your Organization is otherwise terminated return to you, or securely dispose of, all Confidential Information and terminate their access to the System;

j) monitor compliance with the obligations of these Terms and Conditions, and immediately notify the Provider if you suspect or know of any unauthorized access or attempt to access the System. Without limiting the generality of the foregoing, you agree that on at least a quarterly basis you will review the use of the System to ensure that such uses were performed for a legitimate business purpose and in compliance with all terms and conditions herein;

k) maintain and enforce data destruction procedures to protect the security and confidentiality of the Confidential Information and all other information obtained through the System as it is being destroyed or deleted when you or your Organization no longer has a need to keep it; and,

l) put in place procedures and protocols that ensure no one in your Organization uploads to, distributes to, or otherwise disseminates through the System any material or information of any kind that is libelous, defamatory, obscene, pornographic, abusive, or otherwise violates any law or infringes or violates any rights of any other person or entity (including any intellectual property or other property rights), or that contain viruses, backdoors or any other harmful or malicious code.

Priority and Changes:

8. If you or your Organization have entered into a Business Terms Agreement with the Provider the terms of that agreement shall have priority in the event of a conflict between the Business Terms Agreement and these Terms and Conditions.
9. Provider reserves the right, at its sole discretion, from time to time, to modify, add, or delete portions of these Terms and Conditions, and you agree to be bound by such changes. Such changes will be effective immediately upon notice to you and the notice may be given by any means including, posting in the System, on our Website or by e-mail. You agree to regularly review the Terms and Conditions and to be aware of such changes. If you do not agree with the updated Terms and Conditions, please stop using our System. Your use of the System following any such change constitutes your agreement to follow and be bound by the changed Terms and Conditions

Transaction Charges

10. As you use the System you are required to pay fees including, but not necessarily limited to, a fee for every ID Verification Report produced by the System and a fee for a video meeting in the System (collectively the “Fees”).
11. Unless other arrangements have been agreed to by the Parties, the Provider will deliver an invoice setting out all of the unpaid Fees to an Authorized User or that User’s Organization at the end of each calendar month. For clarity, if an Authorized User initiates an ID Verification in one month, but the ID Verification Report is not delivered to the Authorized User until the next month, the charges for that ID Verification Report will be included in the invoice for the first month.
12. All invoices will be delivered via email using the email address you have given to the Provider.
13. Payment terms are NET 15 days from the invoice date.
14. Payment will be submitted based on the invoice amount.
15. If any payment due to Provider is not received by the required payment date, all overdue payments will be subject to a late payment charge of 2% per month.

Termination

16. You may stop using the System for any reason at any time.
17. Provider may terminate your ability to access the System for any reason at any time on 30 days’ written notice to you.
18. Provider may terminate your ability to access the System with immediate effect if you or your Organization:

a) commits a material breach of these Terms and Conditions;

b) suffers or incurs any form of insolvency or enters an arrangement with creditors;

c) fails to pay any amount due to the Provider on the due date and fails to cure the default within thirty (30) days of receiving written notice of the non-payment;

d) has provided incomplete or inaccurate information to Provider during the account set-up process or fails to maintain such information on a timely basis;

e) operates in a territory that introduces a data localization requirement that affects the Personal Information, the Confidential Information or the Data the Provider stores or where Provider must store it or introduces any law that could require Provider to build a ‘back door’ to any data Provider stores or processes;

f) becomes a competitor of Provider or the System, or controls any person or organization which is a competitor of Provider or the System. Provider shall determine if you or your Organization is a competitor in its sole discretion; or

g) use the System in such a way that it causes harm to any individual or to Provider’s reputation or goodwill.

19.  Termination of the Agreement shall not affect any rights, remedies, obligations, or liabilities of the parties that have accrued up to the date of termination.

OWNERSHIP

20. Exclusive ownership of, and title to, all of the Provider’s Content, copyrights, trademarks, service marks, patent rights, trade secrets and all other intellectual property and other proprietary rights in the System and all of its functionality and content, including, software, text, design, graphics, images, data, advertisements, audio, video and all trade-marks, service marks and trade names and the selection and arrangements thereof will remain with, and vest in, Provider. Except as expressly provided in these Terms and Conditions, no license to use, copy, distribute, republish, transmit or otherwise exploit any of the System’s functionality or content is given to you or your Organization and all intellectual property and other proprietary rights in and to the System and all of its functionality and content are expressly reserved to Provider, or, as applicable, to a third party from whom Provider has obtained the right to the use of the third party intellectual property and other proprietary rights.

SCOPE OF USE

21. If the individual who is the subject of an ID Verification Report is not the age of majority according to the applicable laws of the jurisdiction where that individual resides then you must refuse the request for an ID Verification Report on that person.
22. IF YOU ACCESS CREDIT REPORTS OR OTHER INFORMATION PROVIDED BY A RELIABLE SOURCE THROUGH THE SYSTEM FOR UNAUTHORIZED PURPOSES YOU MAY BE SUBJECT TO CIVIL AND CRIMINAL LIABILITY UNDER CANADIAN CONSUMER LAWS PUNISHABLE BY FINES AND IMPRISONMENT.

RIGHT TO CONTROL ACCESS, FUNCTIONALITY, AND CONTENT

23. Provider reserves the right, at its sole discretion, from time to time, without notice, to:

(a)          modify, add, or delete portions of the System, including its functionality or content; and

(b)          deny, restrict, control, or revoke your access to the System, or to any portion of the System.

24. By using the System you acknowledge and consent to the Provider sharing information about you and your use of the System with the Reliable Sources for the purpose of obtaining approval from the Reliable Sources to share information and documentation developed or provided by the Reliable Sources with you and also to satisfy the audit requirements of the Reliable Sources.
25. Provider reserves the right to require you to use periodically updated complex passwords for Authentication IDs as well as enhanced authentication procedures such as two factor authentication.

ECONOMIC SANCTION LAWS AND NO CONSUMER REPORTS

26. You acknowledge that the Provider is subject to economic sanctions laws, including but not limited to those enforced by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”), the European Union, and the United Kingdom. You certify that, to your knowledge, you are neither identified on, and you shall not knowingly provide access to the System to any individuals or entities identified on (1) OFAC’s list of Specially Designated Nationals, (2) the UK’s HM Treasury’s Consolidated List of Sanctions Targets, (3) the EU’s Consolidated List of Persons, Groups, and Entities Subject to EU Financial Sanctions, (4) any other applicable sanctions lists, or (5) any person 50 percent or more owned, directly or indirectly, individually or in the aggregate by a person(s) identified in (1) through (4).
27. You agree the System is not provided by “consumer reporting agencies,” as that term is defined in the Fair Credit Reporting Act (15 U.S.C. § 1681, et seq.) (“FCRA”) and outputs of the System, including the ID Verification Reports do not constitute “consumer reports,” as that term is defined in the FCRA. You may not use the System, in whole or in part, as a factor in determining eligibility for credit, insurance other than title insurance, employment or another purpose in connection with which a consumer report may be used under the FCRA.

AUDIT

28. Provider reserves the right to monitor and audit your usage of the System for the purpose of (among others) ensuring compliance with these Terms and Conditions. Any such audit may be carried out by Provider or a third-party authorized by Provider, at Provider’s expense.

CONFIDENTIALITY

29. You acknowledge the Confidential Information consists of confidential and proprietary information of the Provider. You shall hold all Confidential Information in confidence and shall use the same degree of care to maintain the confidentiality of the Confidential Information you use to maintain the confidentiality of other confidential information you or your Organization controls or has access to, but with at least a reasonable degree of care commensurate with the nature and importance of the Confidential Information.
30. In the event you conclude, on the advice of your counsel, that you are legally compelled to disclose publicly any of the Confidential Information or to disclose any of such Confidential Information to a third party other than as expressly permitted by these Terms and Conditions, you shall provide to the Provider, if you are legally permitted to do so, prompt, prior written notice of such requirement so that the Provider may seek, at its sole expense, a protective order or other appropriate remedy and/or waive compliance with the provisions of these Terms and Conditions and you agree to delay such disclosure of the Confidential Information as long as is reasonably possible (without incurring liability for failure to make such a disclosure) to permit the Provider to seek, at its sole expense, a protective order and to allow for consultation between you and the Provider with respect to any reasonable alternatives to such disclosure and with respect to the content of any such disclosure. You will not oppose any action by the Provider or any of its agents or affiliates to seek a protective order or other remedy. In the event that a protective order or other remedy is not obtained, or that compliance with the provisions hereof are waived, you agree to furnish only that portion of the Confidential Information which you have been advised by counsel is legally required to be disclosed and, to the extent reasonably possible in the circumstances, you agree to use reasonable commercial efforts to ensure that confidential treatment will be accorded to the Confidential Information you have disclosed.
31. You authorize Provider to disclose Data and Personal Information to Reliable Sources through the System for the purpose of obtaining an ID Verification Report.
32. Where authorized by the relevant individual who is the subject of an ID verification process, you authorize Provider to deliver a copy of the ID Verification Report created by you to other clients of Provider through the report sharing function in the System.
33. Notwithstanding any other provision of these Agreement, if Provider receives a lawful request from a Law Society or a similar regulatory body to produce copies of information Provider has received from a Reliable Source, Provider shall deliver the requested information to that Law Society or similar regulatory body within a reasonable time and without notice to you.

REPRESENTATIONS, WARRANTIES, AND DISCLAIMERS

34. EXCEPT AS OTHERWISE EXPRESSLY STATED IN THESE TERMS AND CONDITIONS, PROVIDER EXPRESSLY DISCLAIMS ALL CONDITIONS, WARRANTIES AND REPRESENTATIONS, EXPRESS, IMPLIED OR STATUTORY INCLUDING, BUT NOT LIMITED TO, IMPLIED CONDITIONS OR WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR DURABILITY, , WHETHER ARISING BY USAGE OF TRADE, COURSE OF DEALING, COURSE OF PERFORMANCE OR OTHERWISE, OR THAT THE SERVICES, SYSTEM OR DOCUMENTATION WILL MEET YOUR NEEDS OR WILL BE AVAILABLE FOR USE AT ANY PARTICULAR TIME OR WILL BE ERROR FREE. UNDER NO CIRCUMSTANCES WILL PROVIDER BE LIABLE FOR THE RESULTS OF THE USE OR MISUSE OF THE SERVICES, SYSTEM OR DOCUMENTATION, INCLUDING ANY USE CONTRARY TO LAW, BY YOU. Without limiting the generality of the foregoing, you are advised that information obtained from the Reliable Sources may contain errors as source data is sometimes reported or entered inaccurately, processed incorrectly and is not warranted to be free from defects. By accepting these Terms and Conditions you acknowledge that Provider is not the source of the data in the System. 

INDEMNITY AND LIMITATION LIABILITY

35. Except in relation to an intentional breach of these Terms and Conditions by a Party, each Party’s liability under these Terms and Conditions shall be limited to direct damages incurred and neither party shall be liable for any special, indirect, incidental, consequential, special, or economic damages (including, but not limited to loss of profits, loss of use and lost business opportunities), regardless of the legal theory under which such damages are sought, and even if that Party has been advised of the possibility of such damages. Other than for: (i) infringement of the intellectual property and other proprietary rights of a third party; and (ii) any breach of confidentiality or Privacy Laws, the total cumulative liability under these Terms and Conditions for direct damages from all causes of action and under all theories of liability shall not exceed a maximum aggregate amount equal to the amount paid by you or your Organization to Provider in the 12 months preceding the date of the loss.
36. You acknowledge that if unauthorized intruders are able to bypass all of Provider’s security safeguards, such unauthorized intruder may change, delete, or otherwise corrupt the contents and data, including the Data and Personal Information. Although Provider cannot guarantee the security of the System against a cyber attack, Provider shall procure and maintain cyber liability insurance which shall be sufficiently broad to cover Provider’s duties and obligations under this Agreement and include coverage for claims relating to any unauthorized access or use of the System, Data and Personal Information.

Provider’s Obligations

37. In consideration of your abiding by the provisions of these Terms and Conditions the Provider shall:

I) comply with all relevant Privacy Laws and:

a) deal with Personal Information only in accordance with your lawful instructions;

b) take reasonable steps to ensure only the Provider’s authorized personnel have access to the Personal Information, and they are under obligations of confidentiality;

c) maintain commercially reasonable and appropriate security measures, including administrative, physical, and technical safeguards, to protect against unauthorized or unlawful access to any Personal Information and against accidental loss or destruction of, or damage to Personal Information and to ensure a level of security appropriate to the risk;

d) ensure that it and any employees, Authorized Users, Related Parties and Reliable Sources are made aware of their obligations regarding the security and protection of Personal Information and, where applicable, the same data protection obligations as set out in these Terms and Conditions shall be imposed upon them by way of a contract or applicable laws;

e) ensure that all agreements with Related Parties and or Reliable Sources are in writing and contain provisions requiring said parties to maintain commercially reasonable security measures to maintain the confidentiality of all Personal Information; and,

f) modify these Terms and Conditions as may become necessary as Privacy Laws become effective or change to ensure these Terms and Conditions are consistent with, and do not violate, the Privacy Laws;

II) maintain and make available to you, a written record of all categories of processing activities carried out by Provider on your behalf. This report shall include, where applicable: (a) categories of processing activities performed; (b) name and contact details of all Sub-Contractors; (c) details of any cross-border data transfers outside of Canada, including documentation of suitable safeguards; (d) a general description of the technical and organizational security measures implemented with respect to the Personal Information; and (e) the name of Provider’s Privacy Officer or privacy representative;

III)          notify you without undue delay, but no later than within 72 hours, if Provider receives any complaint, notice or communication which relates directly or indirectly to the processing of Personal Information related to an ID verification initiated by you, or to either party’s compliance with Privacy Laws, and shall provide reasonable cooperation and assistance to you in relation to any such complaint, notice, communication or non-compliance;

IV) deal promptly and properly with all inquiries from you relating to the processing of Personal Information provided by you;

V) make available to you all information necessary to demonstrate compliance with the obligations pursuant to Privacy Laws and allow for and contribute to audits, including inspections, conducted by you;

VI) assist you, when and where possible, with the fulfilment of your obligation to respond to requests by individuals exercising their rights of access, rectification and erasure, restriction of processing, and data portability pursuant to Privacy Laws;

VII)         at your direction, delete or return to you all Personal Information provided by you to Provider in its possession after you cease to use the System and to delete existing copies unless Provider is otherwise required by law to maintain the Personal Information;

VIII)       not transfer Personal Information outside of Canada without the appropriate legal mechanisms first being implemented, such as any necessary privacy impact assessment of the receiving country, or organization and contractual protections;

IX) implement appropriate technical and organizational measures to ensure the security and protection of Personal Information;

X) in the event of a Data Breach, or suspected Data Breach:

a) inform you without undue delay of the Data Breach or any other breach of security that could potentially affect the confidentiality of Personal Information;

b) promptly provide you with reasonable cooperation and assistance, including providing any necessary documentation concerning the breach, for you to investigate including but not limited filing any reports with government authorities or notifying individuals or any other actions necessary to comply with your breach notification obligations under the Privacy Laws; and

c) take reasonable measures to mitigate against and to prevent similar breaches from occurring in the future.

XI) to the extent possible, provide you the following details regarding a Data Breach when this information is available:

a) the possible cause and consequences for individuals to whom the Personal Information relates of the Data Breach;

b) the categories of Personal Information involved;

c) the risk of serious harm for the individuals to whom the Personal Information relates;

d) identification of the unauthorized recipient(s) of the Personal Information; and

e) the measures taken to mitigate any damage and/or adverse effects;

XII)         implement and maintain safeguards and controls to deter, detect, prevent, and correct any unauthorized access or use of the System, Data and Personal Information.

XIII)        collect, use, and store Data and Personal Information in accordance with the privacy policy located at https://treefort.tech/website-privacy-statement/. Other than to the extent required by Privacy Laws, Provider will not be responsible for the monitoring, accuracy, completeness, or adequacy of any Data and Personal Information provided by you.

General:

38. These Terms and Conditions shall be governed by, and construed and enforced in accordance with, the laws in force in the Province of Alberta (excluding any conflict of laws rule or principle which might refer such construction to the laws of another jurisdiction). You agree to submit to the exclusive jurisdiction of the courts of the Province of Alberta and you waive any objection relating to improper venue or forum non conveniens to the conduct of any proceeding in any such court.
39. Except as otherwise expressly provided herein, all written notices permitted or required to be delivered by the parties pursuant hereto, shall be deemed so delivered forthwith when delivered by hand, one (1) business day after transmission by electronic system, or five (5) business days after posting in the mail by registered or certified mail, postage prepaid and addressed as follows:

To PROVIDER:

c/o 12306 109A Ave NW
Edmonton, AB T5M 2H7
Attention: Jay Krushell
Email address: jkrushell@treeforttech.com

To you:

At the mailing address or email address provided by you to Provider

40. If any provision of these Terms and Conditions is invalid, illegal, or unenforceable in any jurisdiction, such invalidity, illegality, or unenforceability will not affect any other term or provision of these Terms and Conditions or invalidate or render unenforceable such term or provision in any other jurisdiction.
41. With the exception of a Business Terms Agreement, these Terms and Conditions, together with any other documents incorporated herein by reference, constitutes all of the terms and conditions governing your access to and use of the System and supersedes all prior and contemporaneous understandings, agreements, and representations and warranties, both written and oral, with respect to such subject matter.

The following Mandatory User Terms apply solely and exclusively to accessing credit bureau data required to complete the credit file identity verification method and the dual process identification method. In the event of a conflict between the provisions of the Mandatory User Terms set our below, and the Terms and Conditions set out above, the provisions of the Mandatory User Terms set out below shall prevail.

1.0         DEFINITIONS

“Agent” shall mean the Provider

“Services” means the provision from time to time of consumer credit information, as defined in the applicable consumer reporting laws, whether in the form of a full or partial report (“Credit Reports”), and related services, from Trans Union of Canada, Inc. (“TransUnion”) through the Platform.

“User” shall mean any Origanization

2.0         USER OBLIGATIONS

2.1  Permissible Purpose/Appointment of Agent. User warrants that it will request Services for User’s exclusive, internal and one-time use only and pursuant to the procedures prescribed by Agent from time to time. User hereby appoints Agent as its agent for the purposes of requesting Services and otherwise facilitating User’s receipt of the Services. User also warrants that inquiries for Credit Reports will be made only for the permissible purposes (as set out in the applicable consumer reporting laws) that are checked below and for no other purpose (check as appropriate):

a) ☐ In connection with the extension of credit to a consumer to whom the information pertains; or

b) ☐ In connection with the purchase or collection of a debt of a consumer to whom the information pertains; or

c) ☐ For the purpose of the entering into or renewal of a tenancy agreement; or

d) ☐ For employment purposes; or

e) ☐ In connection with the underwriting of insurance involving the consumer; or

f) ☐ To determine the consumer’s eligibility for any matter under a statute or a regulation where the information is relevant to a requirement prescribed by law; or

g) ☒ Where a direct business need for the information exists in connection with a business or credit transaction involving the consumer.

User warrants that it will not use any Services for investigation purposes, including but not limited to pre-litigation investigative services, without the consumer’s written consent (in accordance with section 2.6, below) or as specifically permitted by applicable law. User understands that User’s ability to request Credit Reports from TransUnion through the Agent is contingent on TransUnion membership requirements including compliance with legal or regulatory objectives in respect of Personal Information (as defined herein) or Credit Reports. In the event of a breach by User of the terms and conditions related to the permitted use of TransUnion Services, TransUnion shall have the right, without notice, to cause Agent to terminate the provision of Services to the User.

2.2  Record Retention.  User will maintain copies of all consents (whether in written, tape-recorded or electronic formats) for a minimum of three (3) years from the date of the relevant inquiry and shall make copies of such consents available to Agent or TransUnion upon request.  User shall ensure that all consents are in verifiable form.

2.3  Compliance and applicable laws. When requesting and/or using Services, User agrees to comply with all applicable Canadian, Provincial and local laws, including the various provincial consumer reporting acts or equivalent, the Personal Information Protection and Electronic Documents Act (Canada) or equivalent provincial privacy acts, and any applicable regulations, judicial orders and/or orders of an administrative tribunal, as are now or may in the future become effective throughout the term of these user terms (“User Terms”). 

2.4  Restrictions on Services.  Services shall only be requested by, and disclosed by User to, User’s designated and authorized employees, agents or representatives (each a, “Representative”) on a need-to-know basis (provided such Representatives are bound by a confidentiality agreement at least as strict as the confidentiality provisions set forth herein) and only to the extent necessary to enable User to use the Services in accordance herewith.  User shall ensure that such Representatives do not attempt to obtain Services as it relates to themselves, their associates, or any other person, except in the exercise of their official duties.  Nothing herein is intended to allow User to receive Services for the purpose of selling or otherwise providing them, or the information contained or derived from Services, to the consumer who is the subject thereof, or to any third party.  For further clarity, User is prohibited from selling Credit Reports directly to consumers hereunder.  User may make disclosures to consumers only as clearly required by law.  Where the User has made a legally permissible disclosure to a consumer, and such consumer has questioned information contained in such consumer’s Credit Report, User shall refer such consumer directly to TransUnion for further investigation.

2.5  Audits and Investigations. User shall cooperate with Agent and/or TransUnion with regards to any investigation launched as a result of a consumer complaint or any other investigation necessary to ensure compliance with these User Terms and applicable laws.  User shall re-verify disputed information and inquiries upon request by Agent, on behalf of TransUnion, and confirm such disputed items to Agent and/or TransUnion within five (5) business days.  User understands and agrees that a failure to do so may result in the disputed information being deleted by TransUnion as “unverifiable”.  Furthermore, during the term of these User Terms and for period of three (3) years thereafter, Agent and/or TransUnion may audit User’s policies, procedures and records to ensure compliance with these User Terms, including compliance with applicable laws, upon reasonable notice and during normal business hours.

2.6  Consent.  User warrants that it will have obtained (through the Agent) prior to requesting from TransUnion (through the Agent) any Personal Information (as defined below), including but not limited to Credit Reports, disclosed as part of the Services, the appropriate active and informed consent in accordance with applicable laws necessary for TransUnion to perform the Services.  User warrants that it will use such Personal Information only as permitted by such consent.  As used herein, “Personal Information” means information about an identifiable consumer.  User will permit Agent and/or TransUnion to review a copy of User’s consent form(s) and/or privacy policy, and will forward any revised consent form(s) and/or privacy policy for review by Agent and/or TransUnion within a reasonable period of time after their adoption.  User agrees to make changes to such documents as Agent and/or TransUnion may request from time to time that are necessary, in the sole opinion of TransUnion, for TransUnion to lawfully provide the Services.

2.7  Third Party Information. Where User requests Services to be performed by TransUnion based on information obtained from a third party, User represents and warrants that it has obtained the agreement and/or consent of such third party for the intended use and that such use is consistent with applicable law.

2.8 Configuration. Many of the Services are configurable and the configuration, delivery specifications and/or decision criteria of the User shall be as agreed upon between Agent and TransUnion. User acknowledges and agrees that it is solely responsible to determine its compliance obligations, in particular without limitation, its compliance with the provincial consumer reporting legislation, privacy legislation or the Proceeds of Crime (Money Laundering and Terrorist Financing Regulations) or other applicable law or regulation and as a result, User is solely responsible to obtain its own legal advice and to determine the configuration required from the Agent such that it meets these compliance obligations.

2.9 Fraud and ID Management Services. In the event User obtains any Fraud and ID Management Services from TransUnion in conjunction with Credit Reports or as a stand-alone service, User shall re-verify all information that triggers a potential fraud message and/or a no match, and shall not deny or otherwise take any adverse action (as defined in the applicable consumer reporting laws) against any consumer based solely on TransUnion’s Services. TransUnion does not guarantee the accuracy, completeness or reliability of the Fraud and ID Management Services, and a fraud message, a match, or lack of a match, is not intended, in itself, to guarantee reliability.  Accordingly, User agrees to use the Fraud and ID Management Services at its own risk.

2.10 TransUnion Scores. In the event the User obtains scoring products (“TransUnion Scores”), the following terms shall apply: The TransUnion Scores may be delivered with a Credit Report for convenience only but the TransUnion Score does not form part of the Credit Report and does not update, enhance, modify, supplement or change the information in the Credit Report on which it is based. User agrees that the TransUnion Scores are for User’s exclusive use. User may store TransUnion Scores solely for User’s own use in furtherance of User’s original purpose for obtaining the TransUnion Scores and for no other purpose. User recognizes that factors other than the TransUnion Score may be considered in making a decision about a consumer. Such other factors include, but are not limited to, the Credit Report, the individual account history, application information, and economic factors. TransUnion may provide score reason codes to User. The score reason codes are designed to indicate the principal factors that contributed to the TransUnion Score, and may be disclosed to consumers as the reasons for taking adverse action, as required by applicable consumer reporting law.  The TransUnion Score itself is proprietary and may not be used as the reason for adverse action and accordingly, shall not be disclosed to a credit applicant, except as clearly required by law.

2.11 Governmental Permits. User represents and warrants that User has obtained all Governmental Permits required to be obtained and that are necessary to carry on its business in each province and that each Governmental Permit is valid, subsisting and in good standing.  User shall remain in good standing with all Governmental Authorities having jurisdiction or authority over or in respect of it  and to obtain and maintain in good standing throughout the term all Governmental Permits necessary in connection with the operation of its business, including those required to be obtained and/or maintained pursuant to applicable law.

For the purposes of these User Terms, ”Governmental Permit”  means any license, right, permit, franchise, privilege, registration, direction, decree, consent, order, permission, approval or authority issued or provided, or to be issued or provided, by any Governmental Authority, including, where relevant to a User, directives issued by the any Canadian gaming control regulator.  “Governmental Authority” means the government of Canada, or any political subdivision thereof, whether provincial, territorial, state, municipal or local, and any governmental, executive, legislative, judicial, administrative or regulatory agency, department, ministry, authority, instrumentality, commission, board, bureau or similar body, whether federal, provincial, territorial, state, municipal or local, in each case, having jurisdiction in the relevant circumstances.

3.0         CONFIDENTIAL INFORMATION

User agrees that User will receive information of a confidential and/or proprietary nature in connection with these User Terms, and such confidential and proprietary information will be held in strict confidence by the User and shall be disclosed only (i) upon demand to governmental regulatory agencies; or (ii) as required by law.  User shall protect any such confidential or proprietary information with at least the same degree of care it uses to protect its own information of a similar nature (although not less than a reasonable degree of care) or as required under applicable laws. For greater certainty, User agrees that it shall keep all Credit Reports and their content confidential and not use any Credit Report except for the purposes set out in section 2.1 and consistent with the consent provided by the consumer under section 2.6 to whom a Credit Report relates.

4.0         SAFEGUARDING

User shall implement, and shall take measures to maintain, reasonable and appropriate administrative, technical, and physical security safeguards (“Safeguards”) designed to: (i) ensure the security and confidentiality of Personal Information, including Credit Reports, derived from the Services, accessible through the Platform, and/or otherwise received from TransUnion and/or Agent; (ii) protect against anticipated threats or hazards to the security or integrity of Personal Information; and, (iii) protect against unauthorized access or use of Personal Information. User shall implement and maintain reasonable security procedures and practices appropriate to the nature of the information and to protect the Personal Information from unauthorized access, destruction, use, modification, or disclosure including without limitation, ensuring any User intentional deletion, destruction and/or disposal of Personal Information (whether in paper, electronic, or any other form, and regardless of medium on which such Personal Information is stored) is performed in a manner so as to reasonably prevent its misappropriation or other unauthorized use including, but not limited to, cross-shredding printed information and pulverizing or incinerating tapes, disks and other such non-paper media.  User acknowledges and agrees that the provision of Services may be dependent on User’s completion of a satisfactory security audit and questionnaire that demonstrates compliance with these terms.

User is responsible for: (i) any breaches to its Safeguards, including those emanating from its leased lines, modems or other communication devices; (ii) any failure by User to establish or maintain its Safeguards; (iii) any loss, theft or unauthorized access, disclosure, distribution, copying, modification, use or destruction of Personal Information; (iv) any unauthorized access to or use of any software, hardware or systems of Agent or TransUnion, including any authorized access or use of any account credentials or membercodes; (v) any unauthorized entry to the facilities where TransUnion Credit Reports or Services may have been accessible; (vi) any unauthorized release of or access to TransUnion Credit Reports or Services by an employee, agent, contractor or subcontractor of User resulting from a breach of its Safeguards or otherwise; or (vii) any unauthorized access to or use of the Platform (each, a “Breach”).

In the event of a Breach, User shall immediately (but in no event later than twenty-four (24) hours after the occurrence of the Breach) notify Agent or TransUnion by phone and in writing with the following information:  (i) a description of the Breach (and, if known, the cause); (ii) the date on (or the period during which) the Breach occurred; (iii) details of the Personal Information impacted by the Breach; (iv) details of consumer impact, if known by User, including the number of impacted consumers; (v) a description of the steps taken to contain, mitigate and recover from the Breach; and (vi) any other information reasonably required by Agent or TransUnion in connection with such Breach. 

User shall fully cooperate with TransUnion and Agent in mitigating any damages due to any Breach.  Such cooperation shall include, but not necessarily be limited to, allowing TransUnion and/or Agent to participate in the investigation of the cause and extent of such Breach.  Such cooperation shall not relieve User of any liability it may have as a result of such Breach.

TransUnion or Agent reserve the right to suspend or terminate User’s access to all or part of the Services if User fails to comply with its obligations in this Section 4.0 (Safeguarding) or TransUnion or Agent reasonably suspect that User is experiencing or has experienced a Breach.  In addition, TransUnion or Agent may require User to modify its account credentials, undergo a security assessment or agree to additional security controls in order to regain access to Services, in their sole discretion. Upon request by TransUnion or Agent, User shall provide a certificate signed by User’s forensic auditor or Chief Information Officer (or equivalent) to confirm that the Breach has been fully remediated and that there is no further risk to Personal Information.

User shall ensure that all of its employees, agents, contractor and subcontractors comply with the requirements set out in this Section 4.0 (Safeguarding) and other obligations of User in these User Terms.

5.0         SYSTEM AND ACCESS

User acknowledges that TransUnion is not responsible for the availability, performance, or security of Agent’s Platform, or for User’s inability to obtain access to the Services. User is responsible for all Breaches emanating from any of User’s password or code misuse or any Breaches using such User’s password or code. TransUnion shall have no liability in relation thereto and User acknowledges that TransUnion shall assume that the individual(s) logging into or accessing the Platform using the specific code(s) and password(s) assigned to User are in fact authorized to do so by User.

6.0         OWNERSHIP

User agrees that the Services provided hereunder are confidential and proprietary to TransUnion and except as explicitly set forth herein, and subject to the licenses granted to User hereunder, the entire right, title and interest in and to the Services and all copyrights, patents, trade secrets, trademarks, trade names, and all other intellectual property rights associated with any and all ideas, concepts, techniques, inventions, processes, or works of authorship including, but not limited to, all materials in written or other tangible form developed or created by TransUnion in its performance of the Services, shall at all times vest exclusively in TransUnion.

TransUnion reserves all rights not explicitly granted to User hereunder.  User shall not attempt, directly or indirectly, to reverse engineer, decompile, or disassemble the Services or any confidential or proprietary criteria developed or used by TransUnion relating to the Services provided hereunder.

Subject to User’s compliance with all the terms and conditions herein, Agent grants to User, on behalf of TransUnion: (a) a worldwide, paid-up, non-transferable, revocable and non-exclusive license to all Services provided hereunder for use by User, within User’s internal business operations; and (b) a worldwide, paid-up, limited, revocable and non-exclusive license to use any and all TransUnion-owned intellectual property rights that are integrated into such Services to the extent necessary for User to exercise, unencumbered, its rights set forth herein. Such licenses shall not be deemed to include sublicensing rights or any rights to third party works including, but not limited to, any TransUnion subcontractor intellectual property rights, unless TransUnion explicitly otherwise grants such rights to User in writing.

7.0         WARRANTY

The User recognizes that the Services furnished to User through the Platform are based upon data obtained from sources considered to be reliable.  However, due to the possibilities of errors inherent in the procurement and compilation of statistical data involving a large number of individuals, the accuracy, reliability or completeness of the information provided as part of the Services by TransUnion is not warranted and the Services are provided “AS IS” and User shall use the Services at its own risk.  In addition, TransUnion makes no representations or warranties that the use of the Services or any particular configuration of such Services requested by User via Agent will enable User to meet its compliance obligations.  OTHER THAN AS SET FORTH IN THIS SECTION 7.0, TRANSUNION MAKES NO OTHER WARRANTIES AND HEREBY DISCLAIMS ALL OTHER WARRANTIES, REPRESENTATIONS, OR CONDITIONS, WHETHER STATUTORY, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES OR CONDITIONS AS TO QUALITY OR FITNESS FOR A PARTICULAR PURPOSE OR THAT THE SERVICES WILL BE OF MERCHANTABLE QUALITY.  FURTHERMORE, TRANSUNION’S SOLE LIABILITY, AND USER’S SOLE REMEDY, FOR BREACH OF THIS WARRANTY BY TRANSUNION SHALL BE THE CORRECTION OF ANY DEFECTIVE SERVICE (PROVIDED THAT, TRANSUNION RECEIVES A WRITTEN NOTICE WITH A REASONABLY DETAILED DESCRIPTION OF THE DEFECT WITHIN TEN (10) DAYS AFTER THE PERFORMANCE OF THE SERVICE) AND/OR THE REFUND OF FEES PAID FOR SAME AT TRANSUNION’S DISCRETION. USER ACKNOWLEDGES AND AGREES THAT THESE USER TERMS SHALL NOT GIVE RISE TO ANY THIRD PARTY RIGHTS AGAINST TRANSUNION’S DATA SUPPLIERS AND/OR LICENSORS AND THAT, TO THE MAXIMUM EXTENT PERMITTED BY LAW, ALL RIGHTS AND OBLIGATIONS UNDER THESE USERS AND ANY LIABILITY RESULTING THEREFROM ARE SOLELY BETWEEN THE PARTIES HERETO. 

8.0         INDEMNIFICATION

User shall indemnify and hold harmless TransUnion and its directors, officers, employees, representatives and agents from any and all claims, losses, liabilities or damages, including consequential damages, and costs (including reasonable attorney’s fees) arising directly or indirectly from, but not limited to: (i) the failure or alleged failure of User to perform any of its obligations described in these User Terms, and the failure by User to comply with any provision of the User Terms including but not limited to, any breach which results in the non-permissible use of the Services provided hereunder; (ii) the negligence or intentional wrongful conduct of User, and/or its directors, officers, employees, agents, contractor or subcontractors; (iii) the use or misuse of Services by the User; (iv) a violation by User of any applicable laws, including but not limited to the failure of User to obtain and/or maintain in good standing any relevant Governmental Permits; (v) any claims by individuals relating to the use, retention or disclosure of Personal Information, including, without limitation, Credit Reports or information included in the Services;  (vi) any claims arising out of actions or omissions of User, or its employees, agents, subcontractors; or (vii) any breach of Section 3.0 (Confidential Information) or Section 4.0 (Safeguarding).

9.0         LIMITED LIABILITY

IN NO EVENT SHALL TRANSUNION BE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL, INDIRECT, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES INCURRED BY USER ARISING OUT OF THE DELIVERY OF CREDIT REPORTS TO THE PLATFORM OR PROVISION OF SERVICES, INCLUDING BUT NOT LIMITED TO LOSS OF GOODWILL, LOSS OF DATA AND LOST PROFITS OR REVENUE, WHETHER OR NOT SUCH LOSS OR DAMAGE IS BASED IN CONTRACT, WARRANTY, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE, EVEN IF TRANSUNION HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.  FURTHERMORE, IN NO EVENT SHALL TRANSUNION’S TOTAL AGGREGATE LIABILITY TO USER, OR ANY THIRD PARTY ARISING IN RESPECT OF THE SERVICES UNDER THESE USER TERMS AND/OR IN RESPECT OF THE SERVICES EXCEED THE TOTAL AMOUNT OF FEES PAID BY THE USER FOR THE SERVICES DURING THE THREE (3) MONTH PERIOD IMMEDIATELY PRECEDING THE FIRST EVENT GIVING RISE TO A CLAIM FOR LIABILITY, WHETHER SUCH CLAIM IS BASED IN CONTRACT, TORT, WARRANTY, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE. THESE LIMITATIONS SHALL SURVIVE AND APPLY NOTWITHSTANDING THE VALIDITY OF THE LIMITED REMEDIES PROVIDED HEREUNDER.  IN NO EVENT WILL TRANSUNION BE LIABLE FOR ANY DISPUTE THAT ARISES BETWEEN USER AND AGENT.

10.0      THIRD PARTY BENEFICIARY

TransUnion is an intended third party beneficiary of these User Terms.

Updated: February 23, 2026