Skip to main content

Legal

Terms of Service & Privacy Policy

Last updated: 17 March 2026

Part One

Terms of Service

1. About Checkify

Checkify is operated by Business API Pty Ltd (ABN 62 651 575 843), registered in Queensland, Australia. By accessing or using the Checkify API or any related services, you agree to be bound by these Terms of Service. If you do not agree, please do not use the service.

References to "we", "us", or "our" refer to Checkify. References to "you" or "your" refer to the individual or entity using our services.

2. Services

Checkify provides a suite of API endpoints for Australian and New Zealand data validation, lookup, and enrichment. Our services include, but are not limited to:

  • Address autocomplete and validation for Australia and New Zealand, powered by official national address datasets
  • Suburb and postcode lookup and reverse geocoding for Australia and New Zealand
  • ABN and ACN lookup via the Australian Business Register and ASIC
  • Sanctions screening against 11 international sanctions and debarment lists, including the DFAT Australian Consolidated Sanctions List, UN Security Council, US OFAC SDN, EU, UK OFSI, Canada, New Zealand, France DG Trésor, Hong Kong CEDB, World Bank, and Inter-American Development Bank
  • Politically Exposed Person (PEP) screening against official Australian federal government sources
  • Email and phone number validation
  • Additional validation and enrichment endpoints as published in our documentation

We reserve the right to add, modify, or discontinue any endpoint or feature at any time, with reasonable notice where practicable.

3. Data Sources

Our services draw on authoritative government datasets, including:

  • Australian address data: the Geocoded National Address File, published by Geoscape Australia and licensed under Creative Commons Attribution 4.0 International. The dataset contains approximately 15.4 million Australian addresses and is updated quarterly.
  • New Zealand address data: the NZ Street Address dataset, published by Land Information New Zealand (LINZ) and licensed under Creative Commons Attribution 4.0 International. Updated as new releases are published.
  • Business data: the Australian Business Register (ABR), maintained by the Australian Taxation Office, and ASIC's company register for ACN and company name lookups.
  • Sanctions data: 11 sanctions and debarment lists, all synced hourly: the DFAT Australian Consolidated Sanctions List (Department of Foreign Affairs and Trade), UN Security Council consolidated list, US OFAC SDN list, EU consolidated sanctions list, UK OFSI consolidated list, Canadian CASL (Global Affairs Canada), New Zealand MFAT designated list, French DG Trésor national freezing measures, Hong Kong CEDB targeted financial sanctions, World Bank debarment list, and Inter-American Development Bank sanctions list. Together these cover Australian autonomous sanctions, UN Security Council resolutions, and major international sanctions regimes and multilateral debarment lists.
  • Politically Exposed Person (PEP) data: sourced from publicly available official Australian government sources, including the federal Parliament, the Department of the Prime Minister and Cabinet, the federal and state judiciary, state and territory ministers and governors, and other government sources. State and territory parliamentary member lists are included on a best-efforts basis; coverage may be incomplete where parliament websites do not publish machine-readable member data. Covers individuals currently or formerly holding senior positions in the Australian federal or state/territory government.

These datasets are provided by their respective custodians and are outside our control. We make no warranties as to their completeness, accuracy, or timeliness. See clause 9 (Accuracy & Limitation of Liability) for further detail.

4. API Usage & Fair Use

Your use of the Checkify API is subject to the following conditions:

  • API tokens are issued per account and are bound to the authorised domains you specify. Tokens must not be used outside those domains without our written consent.
  • You must not use our API for bulk data extraction, mass scraping, or any attempt to replicate or redistribute the underlying datasets.
  • You must not attempt to reverse engineer, decompile, or probe our API infrastructure, authentication mechanisms, or any related systems.
  • Automated abuse, credential stuffing, denial-of-service attempts, or any activity intended to disrupt or circumvent our systems is strictly prohibited.
  • Fair use rate limits apply to all plans. Sustained or excessive usage beyond your plan's allocation may result in throttling, temporary suspension, or termination of your account without refund.
  • Certain endpoints are designated as free (zero credit cost), including address autocomplete, suburb search, and business activity search. These endpoints are subject to a fair use allowance that scales with your plan tier. The fair use allowance is enforced per billing period. If your free endpoint usage exceeds the allowance for your plan, requests may be throttled or rejected until your next billing period begins. Free endpoints are intended for interactive, user-initiated lookups — not bulk extraction or automated enumeration of the underlying data.
  • You must not resell or sublicence access to our API without prior written agreement.

We reserve the right to determine, in our sole discretion, what constitutes excessive or abusive usage.

5. API Key Security

You are solely responsible for maintaining the confidentiality and security of your API keys and account credentials. You must:

  • Never commit API keys to public repositories, expose them in client-side code, or share them with unauthorised parties.
  • Restrict each key to the minimum set of domains and permissions required for its purpose.
  • Notify us immediately at [email protected] if you suspect a key has been compromised.

We will not be liable for any loss, damage, or unauthorised use arising from your failure to keep your API keys secure. On notification of a suspected compromise, we will revoke the affected key at your request.

6. Subscriptions, Billing & Cancellation

Checkify offers subscription plans billed on a monthly or annual basis. By subscribing to a paid plan, you agree to the following:

  • Auto-renewal: Subscriptions renew automatically at the end of each billing period (monthly or annually, as selected) at the then-current plan price, unless cancelled prior to the renewal date.
  • Cancellation: You may cancel your subscription at any time from your account dashboard. Upon cancellation, your subscription will remain active until the end of the current paid period; it will not renew thereafter.
  • No refunds: We do not offer refunds or credits for partial billing periods. This includes downgrades and mid-period cancellations.
  • Price changes: We may adjust subscription pricing with at least 30 days' written notice to your registered email address. Continued use following the effective date of a price change constitutes acceptance of the new pricing.
  • Payments: All payments are processed securely via Stripe. We do not store your card details; see the Privacy Policy below for details on how Stripe handles your payment information.

7. Check Units & Overage Billing

Each subscription plan includes a monthly allocation of Check Units ("Checks"). A Check is consumed each time you call an API endpoint; the number of Checks consumed varies by endpoint type and is published in our documentation and pricing page.

  • Included allocation: your plan's included Checks reset at the start of each billing period. Unused Checks do not roll over.
  • Overage: if your usage in a billing period exceeds your plan's included allocation, the excess will be calculated and billed at the start of your next billing period, in addition to your standard plan fee. Overage rates are published on our pricing page and may be updated with 30 days' notice.
  • Monitoring: your current usage and remaining Check balance are visible in your account dashboard at any time.

We reserve the right to suspend API access if overage charges remain unpaid.

8. Free Trials

We may offer free trial periods to allow you to evaluate our services before committing to a paid subscription. The following conditions apply to free trials:

  • The duration and terms of any free trial will be specified at the time of sign-up.
  • At the end of the trial period, your account will automatically convert to the selected paid plan unless you cancel before the trial expires.
  • If you do not wish to continue, you must cancel before the trial end date. No charge will be made if you cancel in time.
  • We reserve the right to withdraw or modify free trial offers at any time.

9. Availability & Downtime

We aim to maintain high availability and will use reasonable endeavours to minimise service interruptions. However, we cannot guarantee uninterrupted access to our services. We will not be liable for downtime or degraded performance arising from:

  • Scheduled or unscheduled maintenance windows by upstream government data providers, including Geoscape Australia, the ABR, or ASIC.
  • Outages, errors, or data delays attributable to third-party infrastructure providers.
  • Circumstances beyond our reasonable control, including natural disasters, acts of government, or telecommunications failures (force majeure).
  • Planned maintenance on our own infrastructure, for which we will endeavour to provide reasonable advance notice.

Planned maintenance will be communicated via our status page or email where possible.

10. Accuracy & Limitation of Liability

Data returned by our API is sourced from third-party government datasets and is provided on an "as is" basis. We make no representation or warranty, express or implied, as to the accuracy, completeness, timeliness, or fitness for any particular purpose of any data returned by our services.

To the fullest extent permitted by applicable law:

  • We expressly exclude all liability for indirect, special, incidental, or consequential loss or damage of any kind, including loss of profits, loss of revenue, loss of business, loss of data, or business interruption, arising from or in connection with your use of our services or any inability to access them, regardless of whether such loss was foreseeable or we had been advised of the possibility of such loss.
  • Our total aggregate liability to you for any claims arising under or in connection with these Terms, whether in contract, tort (including negligence), statute, or otherwise, shall not exceed the total fees paid by you to Checkify in the twelve (12) months immediately preceding the event giving rise to the claim.
  • Nothing in these Terms excludes or limits liability for death or personal injury caused by our negligence, fraud or fraudulent misrepresentation, or any other liability that cannot be excluded or limited by law.

Where our services are supplied to a consumer within the meaning of the Australian Consumer Law and the services are not ordinarily acquired for personal, domestic, or household use, our liability for a failure to comply with a consumer guarantee is limited to supplying the services again or paying the cost of having the services supplied again, at our election.

10A. Compliance Screening — Scope and Limitations

Our sanctions screening and PEP screening services are provided for informational purposes only and do not constitute regulatory compliance advice or guarantee that your obligations under any law are satisfied. The following applies to your use of these services:

  • Sanctions screening covers 12 international lists. Our sanctions endpoint screens against 11 sanctions and debarment lists including DFAT, UN Security Council, OFAC SDN, EU, UK OFSI, Canada, New Zealand, France DG Trésor, Hong Kong CEDB, World Bank, and IDB. All lists are synced hourly. While this provides comprehensive international coverage, if your obligations extend to jurisdictions or lists not covered, you should supplement accordingly.
  • PEP screening covers Australian federal and state/territory positions. Our PEP database provides strong coverage of senior positions across the Australian federal parliament, ministry, judiciary, diplomatic service, defence forces, and board members of major Commonwealth entities, as well as state and territory governors, parliamentarians, ministers, and supreme court judges. It does not extend to foreign PEPs, international organisation officials, or family members and close associates of PEPs.
  • Screening does not constitute AML/CTF compliance. Use of these endpoints supports your compliance program but does not, by itself, satisfy your obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, the Autonomous Sanctions Act 2011, or any other applicable law. You remain solely responsible for implementing and maintaining your AML/CTF compliance program, including customer due diligence procedures, written program documentation, risk assessments, staff training, and all AUSTRAC reporting obligations.
  • Screening results are probabilistic. Name-matching algorithms use fuzzy logic and confidence scoring to reduce false positives. As a result, screening results may produce false positives (a non-sanctioned person flagged as a potential match) or false negatives (a sanctioned person not identified). Checkify does not guarantee that all sanctioned persons or entities will be identified. Results must be reviewed in context and, where appropriate, verified against primary government sources before any compliance decision is made. A result returned by our API is not a definitive legal determination.
  • Confidence scores are not legal determinations. Confidence scores are outputs of an algorithmic fuzzy-matching process. They do not represent legal certainty or a regulatory compliance verdict. A high confidence score does not guarantee accuracy, nor does a low confidence score guarantee that no match exists. You must apply independent judgment and due diligence to all screening results, regardless of the confidence score returned.
  • No liability for reliance on screening results. Checkify does not warrant or guarantee that any screening result — including a result of "no match" or a nil confidence score — is accurate, complete, or sufficient for your compliance obligations under any applicable law. You remain solely liable for the accuracy and completeness of your customer due diligence, regardless of any result returned by our API. Checkify shall not be liable for any regulatory penalties, fines, enforcement actions, reputational harm, or business losses arising from your reliance on any screening result, including false negatives.
  • Not a substitute for professional advice. The services are not intended to replace independent legal, regulatory, or compliance advice. You should seek advice from a qualified legal or compliance professional regarding your specific AML/CTF obligations.
  • Data currency. All 11 sanctions and debarment lists are synchronised at least hourly; the data served by our API reflects the most recent available update from each source, which may be up to one hour old. PEP data is updated periodically from official government sources. All data is provided on an "as-is" basis without warranty as to completeness or accuracy. We make no warranty that data reflects the exact state of any source at the precise moment of a query.

10B. Screening Results — Disputes and Review

If you believe a screening result returned by our API is inaccurate — for example, if you or your client is flagged as a potential match and you believe this is incorrect — you may contact us at [email protected] with supporting information. We will review the query and result logic on a reasonable-efforts basis.

Please be aware of the following:

  • We do not provide manual override or re-scoring of individual screening results.
  • For disputed sanctions results, we recommend verifying directly against the DFAT Consolidated Sanctions List as the authoritative primary source.
  • For disputed PEP results, we recommend verifying against the relevant official government source (Parliament of Australia, pm.gov.au, or relevant state parliament).
  • You remain responsible for conducting your own due diligence and for any decisions made on the basis of screening results.

11. Security

We take the security of our platform seriously and employ industry-standard practices, including:

  • TLS encryption for all data in transit
  • Encryption of sensitive data at rest
  • Role-based access controls and least-privilege principles for internal systems
  • API key hashing — we do not store plaintext API keys
  • Rate limiting and anomaly detection to identify and mitigate abuse

Notwithstanding the above, no system is completely immune to security incidents. We will not be liable for any breach arising from circumstances outside our reasonable control, or from your failure to follow the key security obligations in clause 5.

12. Modifications to These Terms

We reserve the right to modify these Terms of Service at any time. Changes will be posted on this page with an updated "Last updated" date. For material changes, we will provide at least 14 days' notice by email to your registered address before the changes take effect. Your continued use of our services following the effective date constitutes acceptance of the revised Terms.

If you do not agree to the revised Terms, you must stop using our services and cancel your subscription before the effective date.

13. Governing Law

These Terms are governed by the laws of Queensland, Australia. Each party irrevocably submits to the non-exclusive jurisdiction of the courts of Queensland, including the District Court at Southport, and any courts competent to hear appeals from those courts, for the resolution of any dispute arising under or in connection with these Terms.

Part Two

Privacy Policy

This Privacy Policy explains how Checkify collects, uses, stores, and protects your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Information We Collect

We collect only the information necessary to operate and improve our services:

  • Account information: your name, email address, and business name provided at registration.
  • Billing information: contact details associated with your payment method, processed via Stripe. We do not store card numbers, expiry dates, or CVV codes — all payment data is handled directly by Stripe.
  • API request logs: IP address, timestamp, endpoint, and response metadata for each API request. For most endpoints, query content is retained in audit logs for the duration specified in section 5 (Data Retention) below. For compliance screening endpoints (sanctions screening and PEP screening), the name or entity string submitted in the query is retained as part of your audit log to support dispute resolution, audit trail requirements, and compliance with applicable record-keeping obligations. These logs are accessed only for audit, compliance, and support purposes — not for marketing or any secondary use.
  • Technical data: browser type, referring URL, and session identifiers collected automatically when you access our website or dashboard.

2. How We Use Your Information

We use the information we collect solely for the following purposes:

  • Providing, operating, and improving our services
  • Processing payments and managing your subscription
  • Audit logging and rate limit enforcement
  • Security monitoring, fraud prevention, and abuse detection
  • Communicating with you about your account, updates, or support requests
  • Compliance with applicable laws and regulatory obligations

IP addresses collected via API logs serve both operational purposes (rate limiting, abuse prevention) and audit and compliance functions. We do not use IP addresses or any other data to build advertising profiles or for behavioural targeting.

3. What We Do Not Do

  • We do not sell, rent, or trade your personal information to any third party.
  • We do not use your data for advertising or marketing purposes beyond communicating with you about our own services.
  • We do not store credit card numbers or sensitive payment credentials on our systems.

4. Disclosure to Third Parties

We share your information only with the following categories of third parties, and only to the extent necessary:

  • Payment processors: payment processors receive your payment details and billing contact information. They are bound by their own privacy policies. By using our services, you acknowledge that your payment information will be shared with them.
  • Infrastructure providers: we use cloud hosting and infrastructure services to store and process data. Our primary infrastructure is hosted in Australia. We select providers that maintain appropriate data security standards and, where applicable, are bound by data processing agreements.

We do not disclose personal information to any other third parties except where required by law or with your explicit consent.

5. Data Retention

We retain personal information only for as long as necessary for the purposes set out in this policy, or as required by law:

  • API access logs (including IP addresses, queries, and result summaries): retained for the period determined by your subscription plan — 30 days on the Free plan, 1 year on Starter, 2 years on Business, and 7 years on Enterprise. The 7-year retention period on Enterprise plans aligns with the record-keeping obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), which requires designated reporting entities to retain customer due diligence and transaction records for 7 years. Logs are permanently deleted at the end of the applicable retention period.
  • Billing and financial records: retained for 7 years in accordance with ATO requirements.
  • Account data: retained for the duration of your account, plus 30 days following account closure, after which it is securely deleted or de-identified.

6. Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure, as required under APP 11. Our security measures include encrypted storage, TLS in transit, access controls, and internal access auditing.

In the event of an eligible data breach under the Notifiable Data Breaches scheme (Privacy Act 1988, Part IIIC), we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with our legal obligations.

7. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate or incomplete personal information
  • Request deletion of your personal information (subject to our legal retention obligations)

To exercise these rights, please contact us at [email protected]. We will respond within a reasonable time and in accordance with the APPs.

If you are not satisfied with our response, you may lodge a complaint with the OAIC at oaic.gov.au.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or by a prominent notice on our website. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of our services following a change constitutes acceptance of the updated policy.

9. Contact

For any questions about these Terms, this Privacy Policy, or how we handle your personal information, please contact us or write to us at [email protected].