Oten Pass - Terms of service
Effective Date: [28/05/2026]
1. INTRODUCTION
Oten Pass is a mobile application provided by Oten Switzerland GmbH (“Oten”, “we”, “our”), a company incorporated in Switzerland with its registered address at: Blegistrasse 15, 6340 Baar, Zug, Switzerland.
Oten Pass is part of the Oten Identity ecosystem and enables users to securely access accounts, manage authentication methods, verify identity, and approve authentication or authorization requests.
Oten Pass operates in conjunction with the Oten Identity Platform (“Oten IDP” or "Oten Identity") and does not function as a standalone identity provider.
By using Oten Pass, you agree to these Terms of Service. If you do not agree to these terms, please do not access or use the application.
2. ACCOUNT & ELIGIBILITY
Oten Pass is built for professional, enterprise-grade authentication. Your account is created, owned, and managed by your organization ("Your Organization") through the Oten Identity Platform.
You may only use Oten Pass if your account has been provisioned and authorized by Your Organization.
Each account is associated with a single organization.
Your access to the Service is subject to Your Organization’s policies, configurations, and administrative controls.
Oten Pass does not independently create, own, or control your identity.
3. ORGANIZATION CONTROL
Your Organization acts as the primary Data Controller and has full administrative control over your account and usage of Oten Pass.
Your Organization may:
Require specific authentication, multi-factor authentication (MFA), or verification methods.
Approve or reject verification submissions (including biometric verification).
Configure session duration, access policies, and security constraints.
Monitor account activity and access security logs.
Restrict, disable, or suspend access to your account at any time.
If your account is restricted or disabled due to organizational policy, you must contact Your Organization's IT administrator for support.
4. USE OF THE SERVICE
Oten Pass allows you to perform secure authentication and identity operations:
Authentication & Access: Sign in to corporate systems using credentials or supported authentication methods, complete multi-factor authentication (MFA), and use passkeys or authenticator-based verification.
Security Management: Set up and manage supported authentication methods (such as passkeys, local authenticator, and biometric liveness), configure device-level application protection (Face ID / passcode), and view active devices or sessions.
Verification & Approval: Verify your identity for sensitive actions, approve or reject authentication or authorization requests, and respond to real-time security challenges.
5. AUTHENTICATION & SECURITY
Oten Pass supports multiple authentication methods:
Password-based authentication.
Authenticator-based verification (including TOTP tokens generated locally within Oten Pass).
Biometric verification (watermarked liveness video recordings submitted to Oten Identity).
Passkeys (managed securely by your device or platform providers under FIDO2 standards).
Face ID / Passcode (via your device's native local authentication).
The availability of these methods is subject to Your Organization’s specific security configurations. You are solely responsible for maintaining the confidentiality of your credentials, securing your device, and carefully reviewing all authentication and approval requests before taking action. Oten Pass does not store passkeys and does not control platform-level credential storage.
6. BIOMETRIC VERIFICATION
If enabled by Your Organization, Oten Pass allows biometric verification using facial liveness detection to prevent fraud and unauthorized access. By using this feature, you acknowledge and agree that:
Secure Capture & Watermarking: A short real-time video of your face will be captured by your device's camera. To prevent unauthorized reuse or extraction, Oten Pass automatically applies a secure, permanent digital watermark to the video stream directly at the point of capture on your mobile device.
Transmission & Admin Review: The watermarked video is transmitted securely (via SSL/TLS) to the administration review console managed under Oten Identity. Authorized administrators of Your Organization may review these biometric submissions on the Admin interface.
Data Retention: The watermarked video file is stored on the Oten Identity administration database for a maximum duration of three (3) months (90 days) from its creation date for audit purposes. After this 90-day period, the raw video file is permanently and irreversibly deleted from our servers.
Derived Matching Factors: After initial liveness verification, the system extracts a derived, non-reversible, and encrypted mathematical representation of your facial structure (the "Matching Factor"). While the raw video is deleted after 90 days, this secure factor is retained on Oten Identity to serve as a secure challenge-response method to verify your identity in future transactions.
7. DEVICE & APPLICATION SECURITY
Oten Pass may provide additional device-level protections, including an application lock using local biometric authentication (Face ID) or passcode.
You are responsible for securing your device and preventing unauthorized access to Oten Pass. Your local biometric data (Face ID/Touch ID) used for unlocking the app remains isolated within your device's secure hardware; Oten and Your Organization do not have access to, collect, or store this local biometric data. If your device is lost, stolen, or compromised, you must immediately contact Your Organization’s administrator to deauthorize the device.
8. PERMISSIONS & DEVICE CAPABILITIES
To deliver its security workflows, Oten Pass may request access to:
Camera: Solely for recording watermarked liveness videos during biometric verification and scanning QR codes for authentication.
Biometric Authentication: To secure local app access on your device.
Notifications: For real-time authentication, transaction approvals, and security challenge requests.
If you deny these permissions, certain features and security workflows will not function.
9. VERIFICATION & APPROVALS
When using Oten Pass to verify your identity or approve requests, you acknowledge that security requests may expire after a limited time, require specific authentication methods, and are subject to Your Organization's policies. You must review each push request carefully before approving. Oten is not responsible for actions taken or security breaches resulting from user-approved requests.
10. THIRD-PARTY INTEGRATIONS
Oten Pass may be used with third-party applications integrated by Your Organization (e.g., Single Sign-On). Oten is not responsible for the behavior, security, data processing practices, or availability of third-party services outside the Oten platform ecosystem.
11. ACTIVITY MONITORING & LOGS
Oten Pass may display detailed activity logs, including login events, device and session info, IP address, and approval actions. Your Organization, acting as the Data Controller, has full access to monitor and export these activity logs in accordance with their internal policies.
12. DATA & PRIVACY
Oten Pass operates in conjunction with Oten Identity, which manages your account and security-related data. All personal and biometric data processed through Oten Pass is handled in accordance with the Oten Pass Privacy Policy and the Oten Identity Privacy Policy.
13. ACCOUNT RECOVERY
Account recovery mechanisms (such as recovery emails, backup codes, or trusted contacts) are configured and managed by Your Organization. If you lose access to your authentication methods, recovery depends entirely on these mechanisms or manual intervention by Your Organization’s administrator.
14. SERVICE AVAILABILITY
Oten Pass depends on the Oten Identity Platform, your device's hardware capabilities, and network connectivity. We do not guarantee uninterrupted, secure, or error-free operation of the Service in all environments.
15. LIMITATION OF LIABILITY
To the maximum extent permitted by applicable law, Oten is not responsible for:
Administrative restrictions, account suspensions, or actions imposed by Your Organization.
Unauthorized access resulting from compromised devices, shared passcodes, or lost credentials.
User approval of malicious, fraudulent, or unintended requests.
Loss of access due to missing recovery methods.
Oten is solely responsible for service failures caused directly by defects within the application software.
16. CREDENTIAL & PASSWORD MANAGEMENT (FUTURE)
Oten Pass may introduce credential management features (e.g., password storage) in future releases. These features will strictly operate under a Zero-Knowledge Architecture, meaning Oten will not have access to the plaintext of your stored credentials, and you remain solely responsible for maintaining access to your decryption keys.
17. TERMINATION
Your access to Oten Pass may be restricted or terminated if Your Organization disables your Oten Identity account, if you violate these Terms, or if the Service is discontinued. Because Oten Pass operates in an enterprise B2B environment, users cannot independently delete their account and must request account deletion through Your Organization's administrator.
18. CHANGES TO TERMS
We may update these Terms of Service at any time. Continued use of Oten Pass after an update constitutes your acceptance of the revised Terms.
19. CONTACT
If you have any questions or concerns regarding these Terms, you may contact:
Oten Switzerland GmbH
📍 Blegistrasse 15, 6340 Baar, Zug, Switzerland
📧 contact@oten.com
📞 +41 77 291 61 22
For account-specific configurations or access issues, please contact Your Organization's IT administrator.
Last updated