Privacy PolicyTerms & Condition

Glide Terms and Conditions

Last Updated:

November 6, 2025

These Terms and Conditions (the "Terms and Conditions" or "Agreement") together with any other agreements or terms incorporated by reference, including Glide's Privacy Policy https://www.glideidentity.com/privacy-policy govern the use of the Services. These Terms and Conditions constitute a binding and enforceable legal contract between Glide Identity, Inc. ("Glide") and any customer (the "Customer") using the Glide Platform (as defined below). By accepting these Terms and Conditions electronically by clicking a box indicating your acceptance, or by using the Services, Customer agrees to these Terms and Conditions.

1. Services; License

  1. Subject to the terms and conditions of this Agreement, Glide shall provide Customer with services designed to telco finder and open gateway APIS ("Services") through its proprietary technology (the "Glide Platform") as hosted on a third party cloud service.
  2. During the Term and subject to Customer’s compliance with the terms and conditions of this Agreement, Glide grants Customer a non-exclusive, non-transferable, non-sublicenseable, limited, revocable right for Customer employees, agents, representatives and contractors who are registered for access to the Services by Customer ("Authorized Users") to access the Glide Platform, for Customer’s internal business use, as required for Glide to provide the Services, in accordance with Glide’s instructions and technical documentation ("Documentation").  

2. Customer's Obligations

Customer hereby undertakes to:

  1. provide Glide with access to the Customer data as agreed by the Parties;
  2. use the Services, the service offerings and all related APIs and software in compliance with all applicable terms and conditions of the telco providers, as further detailed in the applicable Telco Terms and Conditions attached hereto in Exhibit A. it is hereby clarified that the provision of the Services hereunder is dependent on the Customer warranting the use of the Services in compliance with such terms and conditions and acknowledging that the telco company providing the specific offerings is solely responsible for the applicable terms for use of the APIs and/or service offerings purchased by the Customer through the Glide Platform;
  3. use the Glide Platform, the Services and all related software and Documentation in compliance with all applicable laws and regulations, including but not limited to applicable data security and privacy laws ("Data Protection Laws"). Customer represents and warrants that no third party agreement prevents it from using the Glide Platform as contemplated here under;
  4. manage and secure all API keys and login credentials used by Authorized Users in connection with their use of the Glide Platform, and protect the same against unauthorized use or disclosure.

3. Intellectual Property Rights; Confidentiality

  1. All intellectual property rights in the Glide Platform, Services, software, Documentation (the "Glide Materials") and any part thereof, including any and all derivatives, changes and improvements thereof lie exclusively with Glide. Customer shall (i) not attempt to infiltrate, hack, reverse engineer, decompile, or disassemble the Glide Materials or any part thereof for any purpose; (ii) not represent that it possesses any proprietary interest in Glide Materials or any part or derivative thereof; (iii) not directly or indirectly, take any action to contest Glide's intellectual property rights or infringe them in any way; (iv) except as specifically permitted in writing by Glide, not use the name, trademarks, trade-names, and logos of Glide; (v) except as specifically permitted herein, not copy any part or content of the Glide Platform, reports or documentation other than for Customer’s own internal business purposes; (vi) not copy any features, functions or graphics of the Glide Platform or use it to build a competitive product or service; and (vii) not remove the copyright, trademark and other proprietary notices contained on or in Glide Materials. All intellectual property rights in the Customer data lie exclusively with Customer or its licensors. Customer shall take no action, directly or indirectly, to register Glide trademarks (or their variation), domain names, or copyrights in its own name and shall provide commercially reasonable assistance to Glide to prevent the occurrence of such activity by any third parties.
  2. Customer hereby grants to Glide a non-exclusive, royalty-free, perpetual, worldwide license to use, reproduce, and prepare derivative works of all data provided to Glide in connection with this Agreement, to permit Glide to perform the Services to Customer as set forth in this Agreement, and to analyze the data and create internal databases for the purpose of improving its products and services, all subject to Glide’s compliance with applicable law and privacy regulations.    
  3. The receiving party agrees (i) not to disclose the disclosing party’s Confidential Information to any third parties other than to its directors, employees, advisors, or consultants (collectively, its “Representatives”) on a “need to know” basis and provided that such Representatives are bound by confidentiality obligations not less restrictive than those contained herein; (ii) not to use or reproduce any of the disclosing party’s Confidential Information for any purposes except to carry out its rights and responsibilities under this Agreement; (iii) to keep the disclosing party’s Confidential Information confidential using at least the same degree of care it uses to protect its own confidential information, which shall in any event not be less than a reasonable degree of care. Notwithstanding the foregoing, if the receiving party is required by legal process or applicable law, rule, or regulation to disclose any of the disclosing party’s Confidential Information, then prior to such disclosure, if legally allowed, receiving party will give prompt notice to the disclosing party so that it may seek a protective order or other appropriate relief.  The confidentiality obligations hereunder shall expire three years from the date of termination or expiration of this Agreement and shall supersede any previous confidentiality undertakings between the parties.  
  4. For the purposes hereof, "Confidential Information" means any proprietary or trade secret information disclosed by one party to the other which can be reasonably understood under the circumstances to be confidential, but excluding any information that: (i) is now or subsequently becomes generally available in the public domain through no fault or breach on the part of receiving party; (ii) the receiving party can demonstrate in its records to have had rightfully in its possession prior to disclosure of the Confidential Information by the disclosing party; (iii) the receiving party rightfully obtains from a third party who has the right to transfer or disclose it, without default or breach of this Agreement; (iv) the receiving party can demonstrate in its records to have independently developed, without breach of this Agreement and/or any use of or reference to the Confidential Information.  

4. Data Protection

  1. The processing of Customer users' information which is considered personal data under Data Protection Law ("Personal Data"), shared between the parties for the provision of the Services, shall be in accordance with this Agreement, including the applicable Telco Terms and Conditions, any applicable Data Protection Laws and the Data Processing Agreement (which is available in Exhibit B). Any other Personal Data shared with Glide, including Personal Data of Authorized Users and any other Personal Data shared in the registration process, will be processed in accordance with Glide Privacy Policy available here: https://www.glideidentity.com/privacy-policy.

5. Disclaimer; Indemnification; Limitation of Liability

  1. GLIDE PROVIDES THE GLIDE PLATFORM, SERVICES AND DOCUMENTATION TO CUSTOMER ON AN “AS IS” BASIS, WITHOUT WARRANTIES OR REPRESENTATION OF ANY KIND, AND GLIDE EXPRESSLY DISCLAIMS ALL WARRANTIES – STATUTORY, EXPRESS, IMPLIED OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF CUSTOMERABILITY, NON INFRINGEMENT, FITNESS FOR A PARTICULAR PURPOSE OR ACCURACY. GLIDE FURTHER DISCLAIMS ANY WARRANTY THAT THE OPERATION OF THE GLIDE PLATFORM OR ANY RELATED SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE.
  2. Customers acknowledge that the quality and accuracy of any alerts or recommendations by the Glide Platform are dependent on the accuracy and completeness of the data provided.  CUSTOMER ACKNOWLEDGES THAT GLIDE SHALL NOT BEAR ANY LIABILITY OR RESPONSIBILITY FOR FAULTS, ERRORS OR ERRONEOUS ALERTS, OR FOR FAILURE TO IDENTIFY ANY THREATS.
  3. Customer will defend and hold harmless Glide and its affiliates against any damages, claims, demands, suits, or proceedings (including attorney fees and costs) made or brought against Glide by a third party, including without limitation the telco companies, arising from or in connection with (i) breach of the Telco Terms and Conditions and any other applicable terms and conditions determined by such telco companies which may be in place from time to time; (ii) the infringement of  intellectual property rights of a third party due to Customer's use of the Services, any Customer materials or Customer’s use of Customer materials with the Services, or a non-Glide application provided by Customer, or (iii) Customer’s use of the Services in an unlawful manner or in violation of any applicable laws, including privacy and data protection laws, this Agreement, the Documentation, or an order form. In the event of a claim, Glide shall (a) provide the Customer with written notice of such claim, (b) give the Customer sole control of the defense and settlement of the claim (except that the Customer may not settle any claim unless it unconditionally releases Glide of all liability), and (c) give the Customer all reasonable assistance, at the Customer's expense.
  4. EXCEPT FOR WILLFUL MISCONDUCT OR FRAUD, AND TO THE MAXIMUM EXTENT PERMITTED BY LAW, GLIDE’S MAXIMUM AGGREGATE LIABILITY UNDER, ARISING OUT OF OR RELATING TO THIS AGREEMENT SHALL NOT EXCEED AMOUNTS ACTUALLY PAID BY CUSTOMER TO GLIDE FOR USE OF THE SERVICES HEREUNDER. TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL GLIDE BE LIABLE FOR LOST PROFITS, LOSS OF USE, LOSS OF DATA (INCLUDING END-USER INFORMATION), COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR SPECIAL, PUNITIVE, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED, WHETHER FOR BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE AND STRICT LIABILITY), OR OTHERWISE, WHETHER OR NOT GLIDE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.  

6. Temporary Suspension

  1. Glide may suspend Customer's or any Authorized User’s right to access or use any portion or all of the Service immediately upon notice to Customer if Glide determines: (a) Customer's or an Authorized User’s use of the Service is in breach of this Agreement; or (b) Customer or any third party through which Services were procured by Customer (a "Third Party Vendor") are in breach of Customer's payment obligations in connection with the Services.
  2. If Glide suspends Customer's right to access or use any portion or all of the Service Customer or any Third Party Vendor will not be entitled to any service credits for any period of suspension.

7. Term; Termination

  1. This Agreement shall commence on the commencement date listed in the order form the Customer signs with Glide, or that is set forth in the registration page by the applicable Third Party Vendor and will continue for the term specified in the order form or the registration page with the Third Party Vendor, as applicable, unless terminated in accordance with its terms (the "Term").
  2. Either party may terminate this Agreement for cause if the other party is in material breach of this Agreement and the material breach remains uncured for a period of 30 days from receipt of notice by the other party.
  3. Glide may terminate this Agreement immediately upon notice to Customer (A) for cause if Glide have the right to suspend under Section 5, or (B) in order to comply with the law or requests of governmental entities.
  4. Upon termination of this Agreement, Customer will immediately cease use of the Glide Platform and any Service, each party shall return to the other party all of the other party's Confidential Information in its possession and any outstanding Fees shall become due and payable. Sections 3, 4, ‎‎6 and 9 shall survive any expiration or termination of this Agreement.

8. Notices

All notices or other communications hereunder shall be in writing and given in person, by registered mail, by an overnight courier service which obtains a receipt to evidence delivery, or by email transmission with written confirmation of receipt, addressed to the address set forth in the Cover Sheet or to such other address as any party hereto may designate to the other in accordance with the aforesaid procedure. All notices and other communications delivered in person or by courier service shall be deemed to have been given upon delivery, those given by facsimile or email transmission shall be deemed given on the business day following transmission, and those sent by registered mail shall be deemed given three calendar days after posting.

9. Publicity

Glide may issue publicity or general marketing communications concerning its involvement with the Customer.

10. General

This Agreement constitutes the entire agreement between Glide and Customer and supersedes any previous agreements or representations, either oral or written, with respect to the subject matter of this Agreement. All amendments will be made only in writing. Customer shall not transfer or assign its rights or obligations under this Agreement to any third party. Any purported assignment contrary to this section shall be void. Glide may assign its rights and obligations under this Agreement upon a prior written notice to Customer. If any part of this Agreement is declared invalid or unenforceable for any reason, such part shall be deemed modified to the extent necessary to make it valid and operative and in a manner most closely representing the intention of the parties, or if it cannot be so modified, then eliminated, and such elimination shall not affect the validity of any remaining portion, which shall remain in force and effect. Any failure by a party to insist upon or enforce performance by the other of any of the provisions of this Agreement or to exercise any rights or remedies under this Agreement or otherwise by law will not be construed as a waiver or relinquishment of any right to assert or rely upon the provision, right or remedy in that or any other instance. Customer agrees that regardless of any statute or law to the contrary, any claim or cause of action arising out of or related to the use of the Glide Services or other Glide technology, or to this Agreement, must be filed within twelve months after such claim or cause of action arose or be forever barred. This Agreement is governed by the laws of the State of Israel, without regards to its conflict of laws principles, and any dispute arising from this Agreement shall be brought exclusively before the courts of Tel Aviv, Israel.

Exhibit A-1

Telefónica Móviles España, S.A.U. Terms and Conditions

When purchasing the service offerings provided by Telefónica Móviles España, S.A.U. ("Telefónica" and "Service Offerings"), Customer hereby undertakes to comply with the following additional terms and conditions, as may be amended and modified from time to time by Telefónica Móviles España, S.A.U. at its sole discretion:

  1. When Customer uses the Telefonica Service Offerings in combination with any other offerings or solutions, Customer commits to ensure that such a combination complies with the obligations and the provisions of this Agreement, including, without limitation, the provisions regarding the parties’ data protection roles, complies with any applicable laws and regulations, and does not infringe any third party rights.
  2. Customer will not: (a) use the Service Offerings in any manner or for any purpose other than as expressly permitted by the Agreement and the Telefónica Terms and Conditions; (b) reverse engineer, disassemble, or decompile the Services Offerings or apply any other process or procedure to derive the source code of any software included in the Services Offerings or that enable the provision of the Services Offerings; or (c) access or use the Services Offerings and/or the content offered by Telefonica in a way intended to avoid incurring fees;
  3. Upon Telefónica' or Glide's request, at any time, Customer shall allow audits to be carried out, in order to demonstrate to Telefónica compliance with the terms and conditions established in the Agreement, these Terms and Conditions or the agreement entered into between Glide and Telefónica. In addition to allowing such audits, Customer shall reasonably assist Telefónica and/or any other auditor authorized by Telefónica when conducting the audit.
  4. Furthermore, Customer shall fill in the required information in the form attached hereto as Schedule 1 which will be used to access or use each of the applicable Service Offerings (the "Registration Form") and submit the completed Registration Form to Glide for the purpose of providing such form to Telefónica.
  5. Customer's use of Telefónica’s Content and/or the Service Offerings will not violate any applicable law or any intellectual property rights therein.
  6. When sharing Personal Data with Telefonica, and when processing any personal data shared by Telefonica as part of the Service Offerings, Customer shall, and shall ensure that any third party with whom Customer shares such Personal Data, comply with the following obligations:
    • the Personal Data shared with Telefonica is accurate and is of individuals belonging to Telefonica’s customer base;
    • comply with applicable Data Protection Laws, including, without limitation, ensure (1) having a valid ‎lawful basis, (2) providing all the required transparency information to the data subjects; ‎and (3) complying with its respective accountability obligations, such as maintaining a register of ‎activities of processing or performing any required privacy impact assessment;
    • store Personal Data only for as long as necessary to use the Service Offerings: (1) for the product ‎purpose and according to the terms of this Agreement, and (2) in compliance with ‎applicable Data Protection Laws; ‎
    • upon request by Telefónica of by Glide, directly or indirectly through Glide or other applicable third parties, and as required to fulfil the obligations under applicable Data Protection Laws, provide Glide and/or Telefónica with necessary information, assistance and co-operation for such requesting party to: (i) respond to any queries, complaints or requests from data subjects or authorities; (ii) comply with its accountability obligations set out by applicable Data Protection Laws, such as the register of activities of processing and/or performing privacy impact assessments; and (iii) comply with any obligations to report security incidents to the appropriate supervisory authorities and (where applicable) data subjects; all in accordance with and within the time limits imposed by applicable Data Protection Laws;
    • fulfil any valid request for the exercise of rights that is established by the applicable Data Protection ‎Laws, such as access, rectification, erasure, restriction, limitation or portability, communicated to it by ‎Telefonica of by Glide, directly or indirectly through Glide or other applicable third parties, in the event it is a valid request from a data subject and the request cannot be fulfilled by the party receiving it on its own;
    • notify and inform Glide and Telefónica of (1) any security incident without undue delay; ‎and (2) any queries, complaints and/or requests from data subjects or authorities that ‎may be relevant of affect Glide or Telefonica; ‎
    • only share personal data with Telefonica, and process and use personal data shared by Telfonica, in order to receive the Service Offering for the product purpose, and according to this Agreement;  
    • perform any international transfers of personal data in compliance with applicable Data Protection Laws and, upon request by Telefonica or Glide, provide all the necessary information, assistance, and co-operation, in order for Telefonica and Glide to comply with Applicable Data Protection Laws in relation to such international transfers;
    • not to combine, use or otherwise process any Personal Data shared by Telefonica with other internal or external information or data, unless it is required to use the Service Offering and is expressly permitted by Telefonica;
    • not to process Telefonica Personal Data to profile data subjects, unless as strictly permitted and necessary by/for the product purpose set out by Telefonica, and/or to make automated decision making which produces legal effects or significantly similar effects;
    • not to share, disclose, and/or make available the any Personal Data shared ‎by Telefonica, to/with third parties, except those processors of the Customer who need to process such ‎Personal Data according to this Agreement and subject to the applicable Data Protection Laws;
    • process the Personal Data as an independent data controller (as defined under Data Protection Laws) and not to process any Personal Data, in any way, that would configure Telefónica as a joint ‎controller with the Customer, Glide and/or ‎any applicable third parties (including the Customer Affiliates), under any applicable Data Protection Laws;
    • not to instruct any processors or subprocessors, and prevent them from, processing Telefonica Personal Data in any way that would configure them as controllers, independently or ‎jointly with others, under any applicable Data Protection Laws; and ‎
    • not to perform any action or processing that would limit or impede, in any way, the exercise of rights or ‎the performance of obligations by Telefonica, Glide or any other applicable party.
  7. The Customer's obligations under section 6 will remain applicable  ‎even when the information that will be shared with and processed by the Customer does not contain Personal Data, but such information is still within the scope of other privacy-related laws and regulations.
  8. Telefónica may decide to unilaterally waive any of the obligations or restrictions above, provided (1) such waiver is made previously in writing by an authorized legal representative of Telefónica to Glide or to Customer; (2) the waiver is limited to specific situations analysed on a case-by-case basis; and (3) such waiver is subject to the provision of any additional information, and/or the execution of any additional measure, as required by Telefónica.
  9. Telefónica is hereby entitled to limit or restrict the processing of Personal Data related to the Service ‎Offerings as it may be needed in order to comply with the applicable Data Protection Laws, including, ‎without limitation, excluding data subjects from the processing, should Telefonica (1) does ‎not have a valid lawful basis to receive the Personal Data from the Customer or share the ‎Personal Data with the Customer; (2) has not complied with the transparency obligations in ‎relation to such processing; (3) does not comply with its accountability obligations in relation to such ‎processing; and/or (4) is informed, detects or suspects that such processing is not taking place according ‎to and in compliance with applicable Data Protection Laws.
  10. Additional Security Measures. The Customer agrees to comply with the security requirements under the following conditions:
    • The security parameters of the systems associated with the service will be configured ensuring that the ‎configuration baseline meets the security best practices established by the industry. ‎
      • For API consumption, Developers must follow the user guide (reference guide) defined by Telefónica. ‎
      • With regard to workstation equipment (ENDPOINTS), they must: ‎
        • Implement an access management and review procedure based on industry best practices, with the following prohibitions:
          • the existence of unencrypted keys embedded in applications, scripts, or function keys
          • Passwords may not be visible when typed
          • Keep Beyond First Access Default Keys
        • Be bastioned by applying a secure configuration following the best security practices in the industry.
        • The software used must have the necessary licenses of use, without infringing any intellectual property legislation, be supported, updated and patched at all times, guaranteeing that at least the known vulnerabilities are solved prior to access to Telefónica.
        • Have hard drives encrypted when they are going to store information of any kind owned by Telefónica or that may impact it in any way.
        • They will have an up-to-date antivirus, capable of eliminating and protecting against all types of malicious software, also storing the necessary logs for the investigation in case of security incidents.
    • Logical access to the Developer's systems must be stored and monitored, allowing logical accesses to be identified for investigation in the event of security incidents, during the time established in current Spanish legislation.
    • You will need to keep a record of requests made to the OpenGateway APIs for any forensic needs.
    • Tools will be available that, as far as possible, detect anomalies and unusual or potentially malicious IP traffic, as well as anomalous behavior of users or the internal team itself.
    • You'll need to follow secure development best practices (OWASP or similar) for Web and Mobile applications based on OpenGateway APIs, e.g., input validation, output coding, and protection against common vulnerabilities such as SQL injection and cross-site scripting (XSS)
    • The principles of secure software design and development of applications and APIs should always be implemented, based on the principle of providing the minimum necessary information.
    • The source code associated with the development should not be saved on production systems.
    • The maintenance, copying or changes in the source code will be subject to management procedures in accordance with good industry practices, among others, version control and an adequate audit trail will be maintained.
    • Under no circumstances will impact tests be carried out in Telefónica's production environments.
    • No tests will be carried out with real data in any environment, unless previously authorised by Telefónica. All proofs of concept should be conducted with test data from pre-production environments where possible and, in any case, performed in a bounded environment (e.g. whitelists of users/customers/data authorized for the pilot).
    • The Developer must make deliveries free of vulnerabilities that may exploit Telefónica's information or data.
    • In case of vulnerabilities in production, these must be corrected in less than 72 hours, Telefónica reserves the right to block the APIs in case of detection.
    • The data delivered by the exposed API must always be protected at all levels of the chain
    • Self-provisioning mechanisms for consuming applications will be based on industry-standard flows, namely: CIBA, AuthCode, OpenID Connect Dynamic Client Registration, and OAuth 2.0 Dynamic Client Registration.
    • The Developer undertakes to ensure that the CIBA flow is only used in those use cases where users will not be online at the time of the request and for those users who have consented to the application.
    • The HTTP methods used when consuming the API should be restricted strictly to those required for each API, applying a whitelist of allowed methods (e.g., GET, POST, PUT). All requests that do not match the whitelist should be rejected with the HTTP response code "Method 405 Not Allowed". It should also be ensured that anyone attempting to execute the HTTP method is authorized to do so.
    • An application must have limited resources on the host in terms of CPU, memory, file descriptors, processes, payload size, and requests per application consumer.
    • The request for access and the execution of queries by the Developer must be ethical and responsible and not use the service for purposes other than the commercial purpose of the application.
    • Any Developer who, among their services, has any kind of feature through which they make the user's IP available to other third parties will not be admitted.
    • The Developer will comply with the Developer registration controls and policies identified by Telefonica.
    • All FE-BE-ChannelPartner communications will always be encrypted with robust cryptographic algorithms.
    • For credential storage in the application:
      • All credential data that is present must be stored in encrypted form.
      • Access to any master or private key must be protected through access control/authentication/authorization.
  11. It is strictly forbidden to communicate to third parties any information that may pose a danger to the confidentiality, security or integrity of Telefónica's information or may impair Telefónica's privacy or intellectual property rights. Likewise, the entire supply chain that is directly or indirectly dependent on the Customer are subject to the same terms and conditions. In which case, it will ensure that all of its subcontractors or dependents directly or indirectly comply with the security requirements set out in this Exhibit. ‎

Exhibit A-2

EnStream LP Terms and Conditions

When purchasing the Services provided by EnStream LP ("EnStream") or any of the mobile network operator with which EnStream has an agreement for purposes of providing the EnStream Services ("Participating MNOs"), Customer hereby undertakes to comply with the following additional terms and conditions, as may be amended and modified from time to time by EnStream at its sole discretion:

  1. Customer will only use the Services for Approved Use Cases and not for any other purpose. Any other use, including without limitation for database or marketing purposes, is expressly prohibited.
  2. Customer will at all times obtain express consent from each end user, in accordance with all applicable Data Protection Laws and, without limitation, the standards outlined by EnStream and this Agreement, in order to authorize and permit each Participating ‎MNO, EnStream and Glide, to disclose such end ‎user’s subscriber information, to the Customer for the purpose of verifying ‎the identity of the end user as part of the Approved ‎Use Cases (“End User Consent”). Requirements for ‎obtaining End User Consent shall be as determined by ‎EnStream from time to time, and shall include at least ‎the requirements outlined below, as may be amended from time to time:
    • The end user must have reached the age of majority according to the applicable laws of the jurisdiction ‎where the end user resides.‎
    • The request for consent made to the end user must include: (i) a description of the specific information ‎being requested, (ii) a description of and how and under what circumstances it will be used (ie. its ‎intended purpose), (iii) a description of the information provider(s) that explicitly includes ‎‎“telecommunications service provider” or “mobile service provider”, and (iv) a statement confirming ‎the end user’s consent to the information provider to disclose such information.‎
    • Where consent from an end user is requested in an online or mobile application, Customer must have, as part of the mandatory transaction flow, an end user ‎activated control that requires the end user to take a positive action to opt in, and which includes ‎language substantially similar to the following: “By clicking the “Consent” or “Agree” button below, ‎you expressly consent to us verifying and comparing your information (for ex. – first and last name, ‎mobile phone number, etc.), account information (for ex. – account status, account type, etc.), to ‎records of your information maintained by third parties including your telecommunications service ‎provider(s) and you consent to such third parties providing such information to us or our third-party ‎suppliers for the purpose of identity validation and/or performing a risk assessment.”‎
    • Customer must provide or otherwise make available evidence of such End User ‎Consent, in a form acceptable to EnStream and any applicable Participating MNO, for each ‎Verification Transaction, and maintain records of all such End User Consents for audit purposes. ‎Aggregator acknowledges that if evidence of such End User Consent is not provided on request, ‎EnStream may immediately cease providing EnStream Identity Services to Aggregator.‎
    • Customer will not verify or attempt to verify any information about an end user prior to the ‎End User Consent having been obtained.‎
  3. Privacy Controls. Customer agrees to comply with all of the standard security practices and procedural requirements, to the extent applicable, as communicated from time to time, including without limitation the following security requirements:
    • Put effective and reasonable administrative, technological and physical safeguards in place to stop theft, loss and unauthorized access, copying, modification, use, disclosure or disposal of information that are consistent with industry best practice;
    • Educate its personnel with respect to Data Protection Laws and policies and take reasonable steps to ensure personnel compliance through staff training, confidentiality agreements and personnel sanctions, as needed;
    • Ensure that employees who are fired or resign return all information and cannot access applications, hardware, software, network and facilities belonging to either Glide or EnStream, as the case may be;  
    • Use tools like virus protection software, to avoid viruses, worms, back doors, trap doors, time bombs and other malicious software;
    • Maintain backup security and acceptable business recovery plans (including disaster recovery, data backup and alternate power);  
    • Share its privacy policy with EnStream; and
    • Upon reasonable prior written notice, permit representatives of EnStream to review the privacy policies and practices of Customer, including the training of relevant personnel, as those policies and practices relate to subscriber information.
  4. Security obligations. In addition to the obligations above, the Customer will:
    • ‎Implement information security policies, procedures, standards, guidelines and safeguards, normally within ‎the context of an information security management system such as that defined in ISO/IEC 27001, or ‎equivalent,  to protect the security and confidentiality of all Confidential Information, including ‎Subscriber Information in compliance with EnStream’s security, data and privacy requirements ‎‎(including physical, technological and administrative measures) as set out herein;‎
    • Perform background checks on personnel performing the activities contemplated by this Agreement in ‎accordance with ‎
    • Enforce access controls to restrict unauthorized disclosure, modification or destruction of information, ‎including physical and logical access controls, procedures for granting, reviewing, updating and ‎revoking access to systems, data and facilities, etc.;‎
    • Follow information security incident management procedures including mandatory incident reporting;‎
    • Return or destroy all information received from Glide or EnStream, upon the termination or expiry of ‎this Agreement;‎
    • Conduct specification, design, development, testing, implementation, configuration, management, ‎maintenance, support and use of security controls within or associated with IT systems;‎
    • Use anti-malware, anti-spam and similar controls;‎
    • Apply IT change and configuration management, including vulnerability management, patching and ‎verification of system security controls prior to the connection to EnStream’ s API or the EnStream ‎Platform;‎
    • Have business continuity arrangements including crisis and incident management, resilience, backups and ‎IT disaster recovery; and
    • Provide reasonable co-operation to Glide and/or EnStream with respect to assisting them to resolve any ‎incidents related to the activities contemplated in this Agreement, including co-operating with and ‎assisting, to the extent it is permitted by law, administrative, regulatory or criminal processes, furnishing ‎such information as may be reasonably required, and facilitating audits or site visits
  5. During the Term and for a period of two years thereafter, Customer shall have and maintain in force, with reputable insurers against such risks and in such amounts that could reasonably be expected to be carried by Persons acting prudently and in a similar business, including without limitation at a minimum: Third Party five-hundred thousand dollars ($500,000) in the aggregate with respect to products and completed operations liability; Cyber and Network Liability Insurance which shall: (a) cover EnStream liability associated with: (i) unauthorized processing (including collection) of confidential or private information, transmission of a computer virus, or denial of service that results from a failure of security; (ii) content, including copyright and trademark infringement and invasion of privacy arising out of material displayed in the course of business; (iii) identity theft; (iv) cyber extortion; (v) cyber terrorism; and (vi) failure to prevent unauthorized access to, or use of, electronic or non-electronic data containing confidential or private information; and (b) provide limits of not less than two million Canadian dollars ($2,000,000 CAD) per claim.

Exhibit A-3

ORANGE ESPAGNE Terms and Conditions

When purchasing the service offerings provided by ORANGE ESPAGNE, S.A. Sociedad Unipersonal.‎ ("Orange"), Customer hereby undertakes to comply with the following additional terms and conditions, as may be amended and modified from time to time by Orange at its sole discretion:

  1. Customer will use the information, including Personal Data, received from Orange in connection with its end-users, exclusively ‎for the specific purpose such information was requested for, and only during the period required‎ for such purpose. For any other usage of the information, a written consent by Orange shall be ‎required.‎
  2. In addition, Customer shall comply with the following obligations:
    • Have in place, and maintain, appropriate terms of service and a Privacy Policy which includes clear ‎information about the Services and the processing involved that complies with all ‎applicable Data Protection Laws with respect to and during any period in which that ‎end user's personal data is used in connection with a Service or is otherwise lawfully ‎entitled to process any personal data under Data Protection Laws in respect of the ‎provision and use of any of Orange's service offerings under this Exhibit; and the use ‎of any information, including personal data of such end users, in connection with the ‎ service offerings. In particular, Customer, to the extent applicable, shall ‎provide the data subject with the information necessary to ensure fair and transparent ‎processing in respect of the data subject, in accordance with applicable Data ‎Protection Laws, including, but not limited to, the source of the data; the legal basis ‎of the processing; the categories of personal data concerned; and the existence of ‎the right to object to this processing, so that Orange can disclose the personal ‎data related to the end user on a recurrent basis‎;
    • Not make requests to Orange related to end users that have objected to this ‎particular processing‎;
    • APIs shall be exclusively used only for fraud prevention purposes, and only during the ‎period required to prevent fraud on each individual transaction. For any other ‎purposes, a written consent by ORANGE shall be required.‎
  3. Upon Glide or Orange's request, Customer shall submit to Glide or Orange: ‎(a)‎ copy of the Customer’s privacy policy terms; (b) copy of the notice, and, if applicable, consent and opt-in language that will be ‎presented to the end user prior to making the initial request for Orange data; and (c) description of the use intended of Customer in Orange's service offerings.‎
  4. Customer shall, at all times, implement and maintain commercially reasonable and appropriate physical, technical and organizational security measures to protect Personal Data against accidental or unlawful destruction; accidental loss, alteration, unauthorized disclosure or access to Personal Data transmitted, stored or otherwise processed; and all other unlawful forms of processing, as required under applicable Data Protection Laws, INCLUDING Article 32 of the GDPR.

Exhibit A-4

Vodafone Enterprise Global Limited Terms and Conditions

When purchasing the service offerings (the “Service”) provided by Vodafone Enterprise Global Limited.‎ ("Vodafone"), Customer hereby undertakes to comply with the following additional terms and conditions, as may be amended and modified from time to time by Vodafone at its sole discretion:

  1. Customer shall fill in the required information in the use case approval form attached hereto as Schedule 1 which will be used to access or use each of the applicable Service Offerings (the "Use Case Approval Form") and submit the completed Use Case Approval Form to Glide for the purpose of providing such form to Vodafone for approval of use case prior to service commencement.
  2. With respect to any Users' personal data processed in connection with the Services, Customer shall: (i) ensure it has a valid lawful basis for data processing under applicable data protection laws, including the GDPR; (ii) provide any necessary information to Users regarding processing activities that will be carried out in connection with the provision of the Service, in accordance with Articles 13 and 14 GDPR; (iii) obtain, record, retain and maintain all necessary Users' consents necessary to allow Vodafone to provide the Customer with the Service; (iv) upon request, fully co-operate and provide Vodafone and/or Glide with any information, and submit itself to any audits and inspections, necessary to verify the proper use of data and the records of consent; and (v) provide Vodafone and/or Glide with such information, assistance and co-operation as Vodafone and/or Glide may reasonably require to establish compliance with the measures contained in this clause and inform Vodafone and/or Glide as soon as reasonably practicable of any particular risk of which Customer becomes aware to the security of any User personal data.
  3. Customer shall only access and use the Service for the specified and agreed purpose, such as verifying the identity of end-users for account registration or anti-money laundering checks during online transactions.
  4. Access is restricted to authorized Users within the Customer’s organization. The Customer is responsible for ensuring that only authorized personnel access the Service.
  5. The Customer must ensure that all data accessed through the Service is used solely for the intended purpose and is not shared with unauthorized third parties.
  6. The Customer must implement adequate security measures to protect data integrity and confidentiality in compliance with applicable data protection laws, including GDPR.
  7. The Customer must not exceed any transactions per second limits or other usage restrictions set by Vodafone. Exceeding these limits can result in additional charges or suspension of access.
  8. The Customer shall not attempt to reverse engineer, disassemble, or decompile any part of the Service.
  9. The Customer must not use the Service in any manner that could damage, disable, overburden, or impair any Vodafone server or the networks connected to any Vodafone server.
  10. The Customer is required to ensure the accuracy and integrity of any data submitted to Vodafone and must promptly correct any inaccuracies.
  11. Upon termination of the Service, the Customer must cease all use of the Service and return or destroy any data obtained through the Service as instructed by the customer or Vodafone.

The Customer shall not make any commitments, warranties, or representations regarding the Service on behalf of Vodafone.

Exhibit B

Data Processing Addendum

This Data Processing Addendum ("Addendum") forms an integral part of the Agreement between the relevant Glide entity that appears in the Agreement ("Company") and between the Customer agreeing to these terms ("Customer"; each “Party” and together “Parties”)  and applies to the extent that Company processes Personal Data, or has access to Personal Data, in the course of its performance under the Agreement, as specified in Appendix 1, which is attached and incorporated hereto by reference.

Customer shall qualify as the Data Controller and Company shall qualify as the Data Processor, as this term is defined under Data Protection Law. All capitalized terms not defined herein shall have the meaning set forth in the Agreement.

  1. Definitions
    • "Agreement" means the agreement between Company and Customer which involves Company having access to or otherwise processing Personal Data.
    • "Approved Jurisdiction" means a member state of the EEA, or other jurisdiction as may be approved as having adequate legal protections for data by the European Commission or the UK Information Commissioner's office, as applicable.
    • "Data Controller", "Data Processor", "Personal Data Breach", "Data Subject", "Process", "Processing", "Sell" and "Share", shall have the meanings ascribed to them in the Data Protection Law. Where applicable, Data Controller shall be deemed to be a "Business", Data Processor shall be deemed to be a "Service Provider", and "Data Subject" shall be deemed to be a "Consumer" as these terms are defined under US Privacy Law.
    • "EEA" means those countries that are member of the European Economic Area.
    • "Data Protection Law" means, as applicable, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) ("GDPR"), the Data Protection Act 2018 and the GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 ("UK GDPR"), the California Consumer Privacy Act Cal. Civ. Code § 1798.100 et seq. ("CCPA"), the Colorado Privacy Act, 2021 Colo. SB. 190, Connecticut Data Privacy and Online Monitoring Act, Conn. Gen. Stat. §42 et. Seq., the Utah Consumer Privacy Act, Utah Code Ann. §13-61, the Virginia Consumer Data Protection Act, Va. Civ. Code § 59.1, and any other applicable US state privacy law including any regulations promulged thereunder ("US Privacy Law"), and any replacements and amendments to the foregoing.
    • "Personal Data" means any information which (i) can be related to an identifiable individual, including any information that can be linked to an individual or used to directly or indirectly identify an individual, and (ii) supplied by Customer to Company pursuant to the Agreement or which Company generates, collects, stores, transmits, or otherwise processes on behalf of Customer in connection with the Agreement. Personal Data may include information which is related to Customer’s end users, employees, contractors, suppliers and other third parties.
    • "Security Measures" mean commercially reasonable security-related policies, standards, and practices commensurate with the size and complexity of Company’s business, the level of sensitivity of the data collected, handled and stored, and the nature of Company’s business activities.
    • "Standard Contractual Clauses" mean the applicable module of the standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council from June 4th 2021, as available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX:32021D0914&locale=en. Where the UK GDPR is applicable, the Standard Contractual Clauses" shall also include the International Data Transfer Addendum to the Standard Contractual Clauses, as issued by the ICO under S119A(1) of the Data Protection Act 2018 ("UK Addendum").
    • "Sub-Processors" mean any affiliate, agent or assign of Company that may process Personal Data pursuant to the terms of the Agreement, and any unaffiliated processor engaged by Company.
  2. Compliance with Laws
    • Each Party shall comply with its respective obligations under the Data Protection Law.
    • Company shall provide reasonable cooperation and assistance to Customer in relation to Company’s processing of Personal Data in order to allow Customer to comply with its obligations as a Data Controller under Data Protection Law.
    • Company agrees to notify Customer promptly if it becomes unable to comply with the terms of this Addendum and take reasonable and appropriate measures to remedy such non-compliance.
    • Throughout the duration of the Addendum, Customer agrees and warrants that:
      • the processing of Personal Data by Customer, as well as any instruction to Company in connection with the processing of Personal Data, has been and will continue to be carried out in accordance with the relevant provisions of the Data Protection Law;
      • Personal Data has been collected and transferred fairly and lawfully, pursuant to any applicable Data Protection Law, and that the concerned data subjects have been informed of the processing and transfer of Personal Data pursuant to this Addendum.
  3. Obligations under US Privacy Law
    • Company shall not Sell or Share the Personal Data.
    • Company is prohibited from retaining, using or disclosing Personal Data for a commercial purpose other than providing the services to the Customer under the Agreement and from retaining, using or disclosing the Personal Data outside of the Agreement.
    • Company understands its obligations under this section and will comply with them.
  4. Processing Purpose and Instructions
    • The subject-matter of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects, shall be as set out in the Agreement.
    • The duration of the processing under the Agreement is determined by the Parties, as set forth in the Agreement.
    • Company shall process Personal Data only to deliver the Services in accordance with Customer’s written instructions, the Agreement and the Data Protection Law, unless Company is otherwise required by law to which Company is subject (and in such a case, Company shall inform Customer of that legal requirement before processing, unless that law prohibits such information disclosure on grounds of public interest).
    • Processing any Personal Data outside the scope of the Agreement will require prior written agreement between Company and Customer by way of written amendment to the Agreement and will include any additional fees that may be payable by Customer to Company for carrying out such instructions.
  5. Reasonable Security and Safeguards
    • Company represents, warrants, and agrees to use Security Measures to (i) protect the availability, confidentiality, and integrity of any Personal Data collected, accessed, used, or transmitted by Company in connection with this Agreement, and (ii) protect such data from Personal Data Breach incidents.
    • The Security Measures are subject to technical progress and development and Company may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services subscribed by Customer.
    • Company shall take reasonable steps to ensure the reliability of its staff and any other person acting under its supervision who have access to and process Personal Data. Company shall ensure that persons authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
    • Customer is responsible for using and configuring the Services in a manner which enables Customer to comply with Data Protection Law, including implementing appropriate technical and organizational measures.
  6. Personal Data Breach
    Upon becoming aware of a Personal Data Breach, Company will notify Customer without undue delay and will provide information relating to the Personal Data Breach as reasonably requested by Customer. Company will use reasonable endeavors to assist Customer in mitigating, where possible, the adverse effects of any Personal Data Breach.
  7. Security Assessments and Audits
    • Company shall, upon reasonable and written notice and subject to obligations of confidentiality, no more than once a year and during regular business hours, allow its data processing procedures and documentation to be inspected by Customer (or its designee), at Customer's expense, in order to ascertain compliance with this Addendum. Company shall cooperate in good faith with audit requests by providing access to relevant knowledgeable personnel and documentation.
    • At Customer’s written request, and subject to obligations of confidentiality, Company may satisfy the requirements set out in this section by providing Customer with a copy of a written report so that Customer can reasonably verify Company’s compliance with its obligations under this Addendum.        
  8. Cooperation and Assistance
    • If Company receives any requests from individuals or applicable data protection authorities relating to the processing of Personal Data under the Agreement, including requests from individuals seeking to exercise their rights under Data Protection Law, Company will promptly redirect the request to Customer. Company will not respond to such communication directly without Customer's prior authorization, unless legally compelled to do so. If Company is required to respond to such a request, Company will promptly notify Customer and provide Customer with a copy of the request, unless legally prohibited from doing so.
    • If Company receives a legally binding request for the disclosure of Personal Data which is subject to this Addendum, Company shall (to the extent legally permitted) notify Customer upon receipt of such order, demand, or request. Notwithstanding the foregoing, Company will cooperate with Customer with respect to any action taken pursuant to such order, demand or request, including ensuring that confidential treatment will be accorded to such disclosed Personal Data.
    • Upon reasonable notice, Company shall provide reasonable assistance to Customer in:
      • allowing data subjects to exercise their rights under the Data Protection Law;
      • ensuring compliance with any notification obligations of Personal Data Breaches to the supervisory authority and communication obligations to data subjects, as required under Data Protection Law;
      • Ensuring compliance with its obligation to carry out Data Protection Impact Assessments (“DPIA”) or prior consultations with data protection authorities with respect to the processing of Personal Data. Any assistance to Customer with regard to DPIA or prior consultations will be solely at Customer's expense.
  9. Use of Sub-Processors
    • Customer provides a general authorization to Company to appoint (and permit each Sub-Processor appointed in accordance with this section to appoint) Processors and/or Sub Processors in accordance with this section.
    • Company may continue to use those Processors and/or Sub Processors already engaged by Company as at the date of this Agreement, subject to Company in each case as soon as practicable meeting the obligations set out in this section. A list of the Company's current Sub Processors will be provided upon request.
    • Company can at any time and without justification appoint a new Processor and/or Sub-Processor provided that Company provides seven (7) days' prior notice and the Customer does not legitimately object to such changes within that timeframe. Legitimate objections must contain reasonable and documented grounds relating to a Processor and/or Sub-Processor's non-compliance with Data Protection Law. If, in Company’s reasonable opinion, such objections are legitimate, Company shall either refrain from using such Processor and/or Sub-Processor in the context of the processing of Personal Data or shall notify Customer of its intention to continue to use the Processor and/or Sub-Processor. Where Company notifies Customer of its intention to continue to use the Processor and/or Sub-Processor in these circumstances, Customer may, by providing written notice to Company, terminate the Agreement immediately.
    • With respect to each Processor and/or Sub Processor, Company shall ensure that the arrangement between Company and the Processor and/or Sub Processor is governed by a written contract including terms which offer at least the same level of protection as those set out in this Addendum and meet the requirements of applicable Data Protection Laws.
    • Company will be responsible for any acts, errors or omissions by its Sub-Processors, which may cause Company to breach any of its obligations under this Addendum.
  10. International Data Transfers
    • Where the GDPR is applicable, to the extent that Company processes Personal Data outside the EEA or an Approved Jurisdiction, then the Parties shall be deemed to enter into the Standard Contractual Clauses, in which event the Customer shall be deemed as the Data Exporter and the Company shall be deemed as the Data Importer (as these terms are defined therein);
    • If the transfer of Personal Data is subject to the UK GDPR, then to the extent that Personal Data is processed outside the UK or an Approved Jurisdiction, the Parties shall be deemed to enter into the Standard Contractual Clauses, subject to the UK Addendum as amended below.
    • Company may transfer Personal Data of residents of the EEA outside the EEA or residents of the UK outside of the UK, as applicable ("Transfer"), only subject to the following: The Transfer is necessary for the purpose of Company carrying out its obligations under the Agreement, or is required under applicable laws; and the Transfer is done in accordance with Data Protection Law.
    • To the extent that the Parties will rely on the Standard Contractual Clauses, the following amendments shall apply:
      • The Parties shall be deemed to enter into the Controller to Processor Standard Contractual Clauses (Module 2).
      • For the purposes of the transfer of Personal Data between the Parties, Customer shall be deemed as the Data Exporter and Company shall be deemed as the Data Importer.
      • Clause 7 of the Standard Contractual Clauses shall not be applicable.
      • In Clause 9, option 2 shall apply. The Data Importer shall inform the Data Exporter of any intended changes to the list of Sub-Processors at least seven (7) days prior to the engagement of the Sub-Processor.
      • In Clause 11, data subjects shall not be able to lodge a complaint with an independent dispute resolution body.
      • In Clause 17, option 1 shall apply. The Parties agree that the clauses shall be governed by the law of Ireland.
      • In Clause 18(b) the Parties choose the courts of Dublin, Ireland as their choice of forum and jurisdiction.
      • Annexes I-III of the Standard Contractual clauses shall be populated with the relevant information from this Addendum and the Agreement.
    • Where the transfer of Personal Data is subject to the UK GDPR and the transfer relies on the UK Addendum, then the following amendments shall apply to the UK Addendum:
      • In Table 1 the "Exporter" is Customer; the "Importer" is Company; and the Parties’ details and signatures are included in this DPA.
      • In Table 2, the first option is selected and the "Approved EU SCCs" are those Standard Contractual Clauses incorporated into this DPA.
      • In Table 4, both the "Importer" and the "Exporter" can terminate the UK Addendum in accordance with section 19 of the UK Addendum.
  11. Data Retention and Destruction
    Company will only retain Personal Data for the duration of the Agreement or as required from its obligations under the Agreement. Following expiration or termination of the Agreement, Company will delete or return to Customer all Personal Data in its possession as provided in the Agreement except to the extent Company is required under applicable law to retain the Personal Data (in which case Company will implement reasonable measures to prevent the Personal Data from any further processing). The terms of this Addendum will continue to apply to such Personal Data.
  12. General
    • Any claims brought under this Addendum will be subject to the terms and conditions of the Agreement, including the exclusions and limitations set forth in the Agreement.
    • In the event of a conflict between the Agreement (or any document referred to therein) and this Addendum, the provisions of this Addendum shall prevail.

Appendix 1 - Description of Processing Activities

A: Identification of Parties

"Data Exporter": the Customer;

"Data Importer": the Company.

B: Description of Transfer

Data Subjects

The Personal Data transferred concern the following categories of Data Subjects (please specify):

Customer's end-users

Categories of Personal Data

The Personal Data required for the provision of the Services under the Agreement.

Special Categories of Data (if appropriate): None

The frequency of the transfer

Continuous

Nature of the processing

The nature of the processing means any operation performed on personal data or on sets of personal data, such as access, collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (whether or not by automated means)

Purpose of the transfer and further processing

As defined in the Agreement.

Retention period

Personal Data will be retained for the term of the Agreement.

Table of Contents

Security starts with the right foundation

A comprehensive authentication platform that protects against AI threats, delights your users, and scales with your business.
Join a Waiting List   →

Solutions

MagicalAuth
SuperPasskey
Glide Out
Glide In

company

About
FAQ

Resources

Quick Start
Github
API Documentation
News & Blog
Press Room

API Catalog

Number Verification
SIM Swap
Know your Customer
Device Location
Device Status
Glide identity logo white
Glide identity logo white
Glide identity logo white
Glide identity logo white
Privacy PolicyTerms & Conditions
facebook logomarkLinkedin Logomark