Terms of Service

1. What Verimago Does

Verimago provides camera applications for iOS and Android that cryptographically sign photos and videos at the moment of capture. Each signed capture produces a C2PA Content Credential — a tamper-evident record containing a SHA-256 hash of the media, a trusted timestamp, a content classification, and a device attestation proof. This credential is published to the Verimago public registry at registry.verimago.io, enabling anyone to verify the provenance and integrity of the media.

By using Verimago's camera apps, websites (www.verimago.com), publisher portal (publisher.verimago.io), verification registry (registry.verimago.io), APIs, and SDKs (collectively, the "Services"), you agree to these Terms of Service ("Terms").

2. Eligibility and Accounts

You must be at least 18 years old to use the Services.

To sign content, you must create a Verimago account. You are responsible for all activity under your account. Free accounts receive 25 content signings using a generic Verimago certificate. After 25 signings, a paid subscription is required to continue signing — you can still capture and save media without signing.

3. Content Classification System

Every signed capture is classified into one of three categories at the time of signing:

Authentic (Green Shield): The media was captured on a hardware-attested device running the genuine Verimago app, with no post-capture modification. The SHA-256 hash of the original capture matches the registry entry exactly.

AI-Enhanced (Purple Shield): The media was derived from or edited after an authentic capture. Detected via perceptual hash (pHash) comparison against the registry. The original provenance chain is preserved.

AI-Generated (Amber Shield): The media was flagged as AI-generated at the time of creation. This classification is applied at capture and cannot be changed after signing.

These classifications are permanent once published. You agree not to intentionally misrepresent the classification of your content. Misclassification undermines the trust the registry provides and may result in account suspension.

4. The Public Registry

When you sign media, the Content Credential is published to the Verimago public registry. The registry stores the cryptographic hash, timestamp, classification, signer identity, and perceptual hash — it does not store the photo or video itself.

Registry entries are permanent and publicly accessible. This is fundamental to the service — the registry exists so that anyone, anywhere, can verify whether content is authentic. You acknowledge and agree that published credentials cannot be deleted, modified, or made private after publication.

Each signed capture generates a unique verify URL (e.g., registry.verimago.io/v/?h=sha256:...) that can be shared alongside the media so recipients can independently verify its provenance.

5. Device Attestation and Signing

Verimago uses hardware attestation to verify that signing occurs on a genuine, unmodified device:

On iOS, we use Apple App Attest with Secure Enclave key generation. On Android, we use Google Play Integrity with Android Keystore StrongBox (or TEE fallback). These attestation tokens are verified server-side before a Content Credential is issued.

Each capture generates an ephemeral signing key that is used once and immediately destroyed. The signing key never leaves the device hardware. The corresponding public key is published with the Content Credential for independent verification.

Trusted timestamps are obtained from an RFC 3161 timestamp authority — not from the device clock — to provide independent proof of when signing occurred.

6. Certificate Tiers and Identity

Free accounts sign with a generic Verimago certificate ("Verified by Verimago"). The signer is anonymous but hardware-attested.

Creator accounts sign under a personal identity verified through social sign-in (Apple, Google). The name from your social identity provider becomes the signer name on your credentials.

Publisher and Enterprise accounts sign under a verified organizational identity. Publisher identity is validated through CSR-based domain verification, similar to SSL/TLS organization validation certificates. Enterprise accounts may receive custom SLAs and dedicated onboarding.

You may only sign content under identities you are authorized to represent. Using a false organizational identity or impersonating another party is prohibited and will result in immediate account termination.

7. Subscriptions and Payments

Paid subscriptions are billed through the Apple App Store, Google Play Store, or Stripe (for web-based publisher accounts). Pricing is listed at www.verimago.com and in the respective app stores.

Subscriptions renew automatically at the end of each billing period (monthly or annually) unless cancelled before the renewal date. Cancellation takes effect at the end of the current billing period. No prorated refunds are issued for partial periods.

Verimago reserves the right to adjust pricing with 30 days' advance notice. Existing subscriptions are honored at their current price until the next renewal after the notice period.

Early adopter pricing (where offered) is a limited promotional rate. Verimago may cap the number of accounts eligible for early adopter pricing and transition to standard pricing thereafter.

8. Your Content and Intellectual Property

You retain full ownership of your photos and videos. Verimago does not claim any rights to your media. We do not upload, store, or process your media files on our servers — only the cryptographic credential (hash, metadata, signature) is transmitted and stored.

By using the Services, you grant Verimago a limited license to process the cryptographic hash and metadata of your captures for the purpose of issuing and publishing Content Credentials to the public registry.

The Verimago name, the stylized "V" logo mark, camera applications, registry, and all associated software are the intellectual property of Verimago, Inc. and are protected by copyright, trademark, and patent law (U.S. provisional patent filed March 19, 2026; USPTO trademark serial No. 99677246).

9. Acceptable Use

You agree not to:

(a) Forge, tamper with, or fabricate Content Credentials or attempt to inject false entries into the registry.

(b) Reverse-engineer, decompile, or circumvent the cryptographic signing or attestation mechanisms.

(c) Use the Services to authenticate content that was not captured through the Verimago camera app or an authorized Verimago SDK integration.

(d) Scrape, bulk-download, or systematically query the registry beyond the documented API rate limits.

(e) Use the Services for any purpose that violates applicable law, including but not limited to intellectual property infringement, fraud, or harassment.

Verimago reserves the right to suspend or terminate accounts that violate these Terms, with or without notice depending on the severity of the violation.

10. Third-Party Platform Sharing

The Services integrate with third-party platforms (Instagram, Facebook, Snapchat, X, and others) for sharing verified content. These integrations use each platform's official sharing APIs and are subject to those platforms' terms and policies.

Verimago is not responsible for how third-party platforms display, compress, or process your shared media. Some platforms may strip embedded C2PA metadata — the registry verify URL in your shared caption provides an alternative verification path that survives platform processing.

11. Perceptual Hash (pHash) Bridge

Verimago computes a perceptual hash (pHash) of each capture and stores it alongside the cryptographic hash in the registry. This enables derivative content detection — even if media is screenshotted, cropped, filtered, or re-encoded, the pHash bridge can identify the original and classify derivatives as AI-Enhanced.

By using the Services, you acknowledge that a perceptual fingerprint of your content is stored in the registry. This fingerprint cannot be used to reconstruct the original media but can be used to identify visually similar content.

12. API and SDK Use

Publisher and Enterprise accounts may access the Verimago Verify API (POST /v1/verify) and other documented endpoints. API keys are confidential and must not be shared, published, or embedded in client-side code.

API access is subject to rate limits. Exceeding rate limits may result in temporary throttling. Sustained abuse may result in API key revocation.

The Verimago SDK (when available) may be integrated into third-party applications for content signing and verification. SDK use is governed by a separate SDK License Agreement.

13. Disclaimers

The Services are provided "as is" and "as available." Verimago does not warrant uninterrupted access, error-free operation, or that the Services will meet your specific requirements.

Content Credentials attest to the technical provenance of media (when and where it was captured, on what device, whether it has been modified). They do not attest to the truthfulness, legality, or editorial merit of the content itself.

Verimago is not a certificate authority in the X.509 PKI sense. Content Credentials are issued under Verimago's own trust framework, anchored by hardware attestation and the C2PA specification.

14. Limitation of Liability

To the maximum extent permitted by law, Verimago shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the Services, including but not limited to loss of data, loss of revenue, or reliance on Content Credential classifications.

Verimago's total aggregate liability for all claims shall not exceed the greater of (a) the amount you paid to Verimago in the twelve months preceding the claim, or (b) one hundred U.S. dollars ($100).

15. Indemnification

You agree to indemnify and hold harmless Verimago and its officers, directors, employees, and agents from any claims, damages, losses, and expenses (including reasonable legal fees) arising from: (a) your use of the Services; (b) your violation of these Terms; (c) content you sign and publish through the Services; or (d) your violation of any third party's rights.

16. Governing Law and Disputes

These Terms are governed by the laws of the State of Delaware, United States, without regard to conflict of law principles.

Any dispute arising under these Terms shall first be submitted to good-faith negotiation for 30 days. If unresolved, disputes shall be resolved by binding arbitration under the rules of the American Arbitration Association, conducted in English. You waive any right to a jury trial or to participate in a class action.

17. Termination

You may close your account at any time. Verimago may suspend or terminate your access for violation of these Terms or at our discretion with reasonable notice.

Upon termination: your signing privileges cease immediately; your API keys are revoked; and your account data is deleted per our Privacy Policy. Published Content Credentials in the registry persist permanently — they are part of the public provenance record and cannot be retracted.

18. Publisher Accounts — Organizational Identity

The following sections (18–24) apply only to organizations subscribing to the Verimago Publisher ($399/year) or Enterprise Publisher ($899/year) plan.

Publisher accounts sign Content Credentials under a verified organizational identity rather than a personal name. The organization name displayed on every credential your team produces is the name verified during onboarding.

Identity verification uses CSR-based domain validation — the same model used for SSL/TLS Organization Validation certificates. You must demonstrate control of the domain associated with your organization (via DNS TXT record, CNAME, or administrative email verification). Verimago issues a named signing certificate only after domain validation succeeds.

You are responsible for the accuracy of your organizational identity. Misrepresenting your organization name, domain, or affiliation is grounds for immediate termination and revocation of your signing certificate.

19. Publisher Accounts — Team Management

Publisher accounts may invite team members who can capture and sign content under the organizational identity. All Content Credentials produced by team members bear the publisher's verified organization name.

Account administrators are responsible for: (a) managing team member access and permissions; (b) revoking access when individuals leave the organization; (c) ensuring team members comply with these Terms.

Content signed by a team member is attributed to the organization, not the individual.

20. Publisher Accounts — API Rate Limits

Publisher accounts include access to the Verimago API:

POST /v1/verify — Verify content by SHA-256 hash and/or perceptual hash (pHash). Returns shield state, signer identity, timestamp, and provenance chain.

POST /v1/sign — Server-side signing endpoint. Submit a SHA-256 hash (the media file never leaves your infrastructure) and receive a signed Content Credential published to the registry.

API keys are issued per publisher account and must be treated as confidential credentials. Do not embed API keys in client-side code, public repositories, or user-facing applications. Compromised keys must be rotated immediately via the Publisher Portal.

Rate limits: Publisher tier — 100 requests/minute. Enterprise tier — 1,000 requests/minute. Sustained abuse results in throttling; repeated abuse results in key revocation.

21. Publisher Accounts — Content Classification Responsibility

Publishers are responsible for the accuracy of content classifications applied through their accounts. The camera app enforces the Authentic classification automatically — it cannot be manually overridden. AI-Enhanced and AI-Generated classifications must be applied honestly.

Intentionally misclassifying content — particularly labeling AI-generated content as Authentic — undermines registry trust. Verimago reserves the right to suspend publisher accounts engaged in systematic misclassification, with notice and an opportunity to respond.

22. Publisher Accounts — Service Availability

Verimago targets 99.9% uptime for the registry and API endpoints. Scheduled maintenance is communicated at least 48 hours in advance.

This is a target, not a contractual SLA. Enterprise Publisher accounts may negotiate binding SLAs with specific uptime commitments and service credits as part of a separate Enterprise Agreement.

23. Publisher Accounts — Data Processing

For publishers processing personal data under GDPR or equivalent regulations: Verimago acts as a data processor on your behalf for Content Credential data. A Data Processing Agreement (DPA) conforming to GDPR Article 28 is available upon request.

Published registry entries contain the signer's organizational name and a content hash — no personal data of individuals depicted in the media is stored unless the publisher explicitly includes it in metadata fields.

24. Publisher Accounts — Certificate Revocation

Either party may terminate a publisher subscription with 30 days' written notice to legal@verimago.com.

Upon termination: API keys are revoked immediately; team member signing privileges are disabled; access to the Publisher Portal is suspended. Published Content Credentials persist permanently in the registry.

Verimago may revoke a publisher's signing certificate if: (a) the publisher engaged in systematic content misclassification; (b) the publisher's domain validation can no longer be confirmed; (c) the publisher violated these Terms in a way that compromises registry integrity. Certificate revocation is a serious action — Verimago will provide notice and an opportunity to respond before revoking, except in cases of clear fraud.

25. Contact

General inquiries: legal@verimago.com

Enterprise agreements: enterprise@verimago.com

Verimago, Inc.