Request access
Get free access to the Know Your Customer Limited sandbox. Tell us a little about you, read and sign the Sandbox Testing Agreement, and once our team approves your request we will email your sandbox credentials.
The sandbox is a full-fidelity replica of the production API, free to use for evaluation. Production credentials are issued separately as part of commercial onboarding.
Your access also includes a clonable sample onboarding app and an operator console for browsing your cases the way your internal compliance users would.
Step 2: The agreement
Before you sign, here is the agreement in brief. The full text is below and is what you are agreeing to.
- ✓Free: there is no charge for sandbox access.
- ✓90-day evaluation: access is granted for a 90-day evaluation period.
- ✓Test data only: use the sandbox with test and public-record data only.
- ✓No production use: the sandbox, and any sandbox output including reports, is for evaluation and must not be used for production compliance decisions.
- ✓Confidentiality: keep the API, credentials, and related materials confidential.
- ✓Hong Kong law: the agreement is governed by the laws of Hong Kong.
- ✓Liability cap: liability is capped at USD 10,000.
Read the Sandbox Testing and Data Protection Agreement in full below.
SANDBOX TESTING AND DATA PROTECTION AGREEMENT
This Sandbox Testing and Data Protection Agreement (the "Agreement") is made between:
(1) Know Your Customer Limited, a company incorporated in Hong Kong ("KYCL"); and
(2) the legal entity accepting this Agreement (the "Tester"),
each a "Party" and together the "Parties".
Effective Date: the date on which the Tester accepts this Agreement, whether by clicking to accept during sandbox sign-up or by signature, whichever occurs first.
1. Definitions
1.1 In this Agreement:
"Sandbox" means KYCL's no-cost test environment made available at api.knowyourcustomer.dev, providing access to the KYC Public API v2 in a non-production setting.
"Sandbox Data" means the data made available by KYCL within the Sandbox, comprising public-record corporate and registry filings and synthetic individual records pre-loaded for testing.
"Tester Data" means any data, including Personal Data, that the Tester or its Authorised Users input into the Sandbox.
"Authorised Users" means the Tester's employees and contractors who need access to the Sandbox for the Permitted Purpose and are bound by confidentiality obligations no less protective than this Agreement.
"Permitted Purpose" means the internal technical evaluation, integration development, and testing of the KYC Public API v2 by the Tester, together with demonstration of the Sandbox to the Tester's internal stakeholders, and no other purpose.
"Confidential Information" means the Sandbox, the Sandbox Data, the API and its behaviour, KYCL's documentation, and the existence and terms of this Agreement, together with any other information disclosed by KYCL that is marked or reasonably understood to be confidential.
"Personal Data", "Controller", "Processor", "Data Subject", and "Processing" have the meanings given in Applicable Data Protection Law.
"Applicable Data Protection Law" means all data protection and privacy laws applicable to a Party, including the EU GDPR, the UK GDPR, and the Hong Kong Personal Data (Privacy) Ordinance (PDPO), in each case to the extent applicable.
2. Grant of Sandbox Access
2.1 Subject to this Agreement, KYCL grants the Tester a limited, non-exclusive, non-transferable, revocable, royalty-free licence to access and use the Sandbox solely for the Permitted Purpose during the Term.
2.2 KYCL will issue access credentials to the Tester following acceptance of this Agreement. The Tester is responsible for keeping credentials secure and for all activity under its credentials.
2.3 The Sandbox is provided at no charge. KYCL may modify, suspend, or withdraw the Sandbox at any time.
3. Purpose Limitation and No Production Use
3.1 The Tester shall use the Sandbox and the Sandbox Data solely for the Permitted Purpose. The Tester shall not use the Sandbox or Sandbox Data for any operational, production, commercial, or live customer-facing purpose.
3.2 The Tester acknowledges the Sandbox is a test environment, is provided "as is" and "as available", carries no service levels or availability commitment, and must not be relied upon for any production decision.
3.3 The Permitted Purpose includes demonstration of the Sandbox and its functionality to the Tester's internal stakeholders. It does not extend to any external demonstration, resale, or service provision by the Tester to third parties.
4. Sandbox Data
4.1 As between the Parties, KYCL is the owner and Controller of the Sandbox Data. The Sandbox Data comprises public-record corporate and registry filings and synthetic individual records, and contains no real identity documents of individuals.
4.2 The Tester shall treat the Sandbox Data as Confidential Information and shall not copy, download, extract, export, retain, publish, or disclose it to any third party except as strictly necessary within the Sandbox for the Permitted Purpose, and shall not use it to train or develop any model, dataset, or product.
4.3 KYCL may use the Sandbox Data for its own internal purposes, including internal demonstration and presentation of the Sandbox and the KYC Public API v2. Because the Sandbox Data comprises public-record filings and synthetic records and KYCL is its Controller, such internal use by KYCL is permitted and is not restricted by this Agreement.
5. Confidentiality
5.1 The Tester shall keep all Confidential Information secret, use it only for the Permitted Purpose, and disclose it only to Authorised Users who need it.
5.2 The obligations in clause 5.1 do not apply to information that: (a) is or becomes public other than through breach; (b) was lawfully held before disclosure; (c) is lawfully received from a third party without restriction; (d) is independently developed; or (e) is required to be disclosed by law or regulator, provided the Tester gives reasonable prior notice where lawful.
5.3 Confidentiality obligations survive for 3 years after termination, save that obligations in respect of Personal Data and trade secrets continue for as long as the data remains confidential.
6. Security Measures (Tester)
6.1 The Tester shall apply appropriate technical and organisational measures to protect the Sandbox, credentials, and any Sandbox Data and Tester Data it handles, including access controls, encryption in transit, and prompt revocation of access for departing Authorised Users.
6.2 The Tester shall notify KYCL without undue delay on becoming aware of any unauthorised access to or use of the Sandbox or any Sandbox Data.
7. Deletion and Return
7.1 On expiry or termination of this Agreement, or earlier on KYCL's request, the Tester shall cease all use of the Sandbox and delete or destroy all Sandbox Data and Confidential Information in its possession or control (including any permitted local copies), and on request certify deletion in writing.
7.2 KYCL will, on termination or on the Tester's request, delete Tester Data from the Sandbox using its per-tenant wipe function, save for copies required to be retained by law.
7.3 The Tester may retain copies required by law or held in routine backups that are not readily accessible, provided such copies remain subject to confidentiality.
8. No Production Use of Output or Reports
8.1 Any reports, results, or outputs generated within the Sandbox are for evaluation only, may be based on test data, and must not be relied upon for any KYC, AML, onboarding, or compliance decision. KYCL gives no warranty as to their accuracy or completeness.
9. Data Protection
9.1 Sandbox Data (KYCL as Controller). As between the Parties, KYCL is the Controller of the Sandbox Data. Given that the Sandbox Data comprises public-record filings and synthetic records, the Tester's obligations in respect of it are those in clauses 4 and 5. The Tester shall not seek to re-identify, contact, or enrich any individual named in any public-record filing within the Sandbox Data.
9.2 Tester Data (Tester as Controller, KYCL as Processor). Where the Tester inputs Tester Data containing Personal Data, the Tester is the Controller and KYCL is the Processor. KYCL shall: (a) process Tester Data only on the Tester's documented instructions, which are to provide the Sandbox for the Permitted Purpose; (b) not use Tester Data for any KYCL purpose, including training, benchmarking, or product improvement; (c) ensure personnel authorised to process Tester Data are bound by confidentiality; (d) apply appropriate technical and organisational security measures, taking into account the nature of the Sandbox; (e) engage only the sub-processors listed in Appendix C, remain responsible for them, and give the Tester not less than 30 days' notice of any intended change, during which the Tester may object; (f) assist the Tester, taking into account the nature of processing, with Data Subject requests and with security, breach-notification, and DPIA obligations; (g) notify the Tester without undue delay on becoming aware of a personal data breach affecting Tester Data; (h) on termination or request, delete or return Tester Data, save for legally required copies; and (i) make available information reasonably necessary to demonstrate compliance with this clause.
9.3 Data location and transfers. The Sandbox is hosted in Hong Kong, on Microsoft Azure (East Asia region). The Tester, as Controller of Tester Data, is responsible for the lawfulness of any cross-border transfer. Where a transfer mechanism is required by Applicable Data Protection Law, including Standard Contractual Clauses, the Parties shall give it effect, and such clauses are incorporated by reference where applicable.
9.4 Tester responsibilities. The Tester warrants it has a lawful basis to input any Tester Data and shall not input Personal Data, in particular special-category data, that is not necessary for the Permitted Purpose. The Tester shall use synthetic or minimised test data wherever practicable.
10. Intellectual Property and No Reverse Engineering
10.1 KYCL owns all intellectual property in the Sandbox, the API, the platform, the Sandbox Data, and all documentation. Nothing in this Agreement transfers any such rights; the Tester receives only the limited licence in clause 2.
10.2 The Tester shall not (a) reverse engineer, decompile, or disassemble the Sandbox or API except to the extent that restriction is prohibited by law; (b) use the Sandbox to build a competing product; (c) benchmark the Sandbox for competitive purposes; or (d) remove or obscure any proprietary notices.
10.3 Any feedback the Tester provides is given freely; KYCL may use it without obligation. The Tester does not assign, and KYCL does not require, any of the Tester's own intellectual property.
11. Warranties and Disclaimer
11.1 Each Party warrants it has authority to enter into this Agreement.
11.2 The Sandbox is provided "as is". To the maximum extent permitted by law, KYCL disclaims all warranties, express or implied, including merchantability, fitness for a particular purpose, accuracy, and non-infringement, and gives no warranty as to the Sandbox Data.
12. Limitation of Liability
12.1 Nothing in this Agreement limits liability that cannot be limited by law, including for fraud or for death or personal injury caused by negligence.
12.2 Subject to clause 12.1, neither Party is liable for loss of profit, revenue, anticipated savings, or any indirect or consequential loss.
12.3 Subject to clauses 12.1 and 12.2, each Party's total aggregate liability under this Agreement shall not exceed USD 10,000.
12.4 Clause 12.3 does not cap the Tester's liability for breach of clauses 3 (purpose limitation), 4 (Sandbox Data), 5 (confidentiality), or 10 (IP), which protect KYCL's data and proprietary rights.
13. Term and Termination
13.1 This Agreement begins on the Effective Date and continues for 90 days (the "Term"), renewable by written agreement.
13.2 Either Party may terminate on 15 days' written notice. KYCL may terminate or suspend access immediately for breach of clauses 3, 4, 5, or 10, or for misuse of the Sandbox.
13.3 Clauses 4, 5, 7, 8, 9, 10, 11, 12, 13.3, and 14 survive termination.
14. General
14.1 Governing law and jurisdiction. This Agreement is governed by the laws of Hong Kong, and the Parties submit to the exclusive jurisdiction of the Hong Kong courts.
14.2 Entire agreement. This Agreement is the entire agreement between the Parties on its subject matter and supersedes prior discussions.
14.3 Assignment. Neither Party may assign without the other's prior written consent, save that KYCL may assign to an affiliate.
14.4 Variation. Any variation must be in writing and signed by both Parties.
14.5 Acceptance, counterparts, and electronic signature. This Agreement may be accepted by clicking to accept during sandbox sign-up, or executed in counterparts and by electronic signature (including DocuSign), each method being equally binding and each counterpart an original.
14.6 No partnership. Nothing creates a partnership, agency, or employment relationship.
Appendix C: Sub-Processors
KYCL engages the following sub-processors in connection with the provision of its services. For the Sandbox, this is the same canonical list that applies under KYCL's standard customer agreements. KYCL remains responsible for the acts and omissions of its sub-processors and will give the Tester not less than 30 days' notice of any intended addition or replacement, during which the Tester may object.
| Provider | Function |
|---|---|
| Microsoft | Data hosting (Azure) |
| 10TIX | Identity documentation |
| LexisNexis | AML checks |
| LSEG | AML checks |
| Identity processing | |
| W2 Global | Identity processing |
| NamSor | Identity processing |
| ID R&D | Fraud and liveness detection |
Need help? Contact help@knowyourcustomer.com.
