Terms and Conditions

Last updated: May 27, 2026

These terms govern the subscription to and use of Vico, the digital check-in and virtual counter solution for car rental companies offered by Zentia Labs LLC.

Vico is a B2B SaaS product that enables car rental companies to digitize the vehicle pick-up process, biometric identity verification (KYC), electronic contract signing, damage inspection, and payment collection. Zentia Labs is not a car rental company and does not act as an intermediary between the customer and its end users (travelers).

1. Service scope

Vico provides a digital check-in platform that includes: biometric KYC identity verification (identity document, selfie with liveness detection), generation and electronic signing of rental contracts, photographic vehicle damage inspection, payment charges and pre-authorizations, and integration with the customer’s reservation management system (RMS).

Available functionality depends on the subscribed plan, the product documentation, and any applicable master agreement or order form.

2. Eligible customer and authority

  • Vico is intended exclusively for car rental companies (rent-a-car) and industry professionals, not for consumers as the SaaS contracting party.
  • Anyone subscribing on behalf of a customer represents that they have sufficient authority to bind the relevant entity.
  • The customer must provide accurate information, keep it updated, and designate authorized users for service administration.

3. Account and implementation

  • The customer configures Vico and offers it to its end users (travelers) as part of its vehicle pick-up process.
  • The customer is responsible for credential custody, user administration, and the use made of the service by its authorized users.
  • The customer is responsible for the configuration of its check-in flows, own legal texts, branding, and third-party accounts connected to the service.
  • If the customer integrates Vico with a third-party RMS (RaX, Karve, Wheelsys, or other), it must comply with the policies and technical requirements of that provider.

4. Data protection and roles

The customer (car rental company) acts as data controller for the personal data of its end users processed through Vico: identification data, liveness biometric data, damage photos, contract data, and payment data.

Zentia Labs acts as data processor for that operational data, under the customer’s documented instructions and the applicable data processing agreement.

Given the nature of biometric data (special category under Article 9 GDPR), the customer is responsible for obtaining the traveler’s explicit consent for biometric liveness verification before starting the KYC process in Vico.

Zentia Labs acts as independent controller for B2B marketing, customer account onboarding, support, billing, security, and use of its own websites and admin portals.

5. Use of AI and human supervision

  • The identity verification (KYC) process uses liveness detection and facial comparison algorithms that may produce false positives or false negatives. The service is provided "as-is" with respect to its outputs, with no warranty of error-free operation.
  • Certain future features may incorporate AI-assisted damage detection; in that case the customer will be informed before activation.
  • The customer is responsible for setting acceptance thresholds, reviewing borderline cases, and maintaining adequate human supervision in processes with contractual impact.
  • Zentia Labs does not guarantee that automated outputs will replace human review in every scenario.

6. Fees

Vico offers the following plans:

  • Startup plan: free, up to 20 bookings per month.
  • Pro plan: EUR 0.90 per processed booking.
  • Enterprise plan: tailored terms by agreement.

Unless expressly stated otherwise, applicable indirect taxes (VAT, GST or equivalent), duties, and regulatory charges are not deemed included. The economic terms in force are those communicated to the customer at the time of subscription or renewal.

7. Billing, payment, and reporting

  • Reporting and invoicing: Vico will automatically issue, at the applicable frequency per plan, an electronic invoice in the customer’s billing currency.
  • Payment terms and method: the customer will pay each invoice via the payment method enabled in the platform (Stripe) or, where applicable, by bank transfer to the account designated by Zentia Labs on the invoice, within fifteen (15) calendar days from the issue date.
  • Bank fees: where applicable, transfer-related fees are borne by the customer. Zentia Labs must receive the net invoiced amount free of bank deductions.
  • Indirect taxes: amounts do not include indirect taxes. The customer will comply with any tax obligations arising from the cross-border acquisition of the service under its local law.
  • Withholding taxes: if the customer’s law requires withholding taxes, the customer will settle them with the tax authority without reducing the net amount transferred to Zentia Labs, and will deliver the withholding certificate within thirty (30) days following payment.
  • Non-payment: after fifteen (15) calendar days from the due date, Zentia Labs may, upon written notice with five (5) days’ advance notice, suspend the service in whole or in part without that being a contractual breach or giving rise to compensation.

8. Acceptable use

  • Do not use the service for illegal, fraudulent, or rights-infringing activities.
  • Do not attempt to bypass security controls, extract unauthorized data, degrade the platform, or interfere with normal operations.
  • Do not use Vico to collect biometric data for purposes other than identity verification within the rental check-in process.
  • Do not use the service to distribute unlawful, misleading, discriminatory, or abusive content.

9. Intellectual property and license

Zentia Labs products, software, documentation, interfaces, brands, and other product elements are owned by Zentia Labs LLC or its licensors.

The customer receives a limited, non-exclusive, revocable, and non-sublicensable license to use the service during the term of the commercial relationship and in accordance with the contract.

10. Confidentiality

Each party undertakes to protect the other party confidential information with a reasonable standard of care and to use it only for performance of the commercial or technical relationship.

11. Availability, maintenance, and changes

  • Zentia Labs will use commercially reasonable efforts to keep the service available, subject to maintenance, incidents, and third-party dependencies.
  • We may introduce improvements, functional changes, or technical adjustments where necessary for the product, security, or legal compliance.
  • Enhanced support commitments or SLA levels apply only where expressly agreed in writing.

12. Brand usage and commercial reference

The customer expressly authorizes Zentia Labs LLC, on a broad, non-exclusive, worldwide, royalty-free basis, to mention its trade name and logo as a customer on the website of the contracted product (including the customer, testimonial, and case-study sections), in commercial presentations, pitch decks, press materials, owned social media, marketing campaigns, press releases, and any other communications materials, for the purpose of evidencing the customer portfolio and promoting the service.

This authorization extends to the production and dissemination of case studies describing the customer’s experience with the service in an aggregated form and with reasonable quantitative metrics (for example, percentage increase in bookings, response-time savings, NPS, conversation volume). Zentia Labs will not disclose personal data of end customers or strategic confidential information of the customer.

If the customer believes that a specific piece does not adequately reflect its positioning, it may request its amendment or withdrawal in writing; Zentia Labs will act diligently.

Each party undertakes not to make public statements that disparage the other party’s reputation.

13. Suspension and termination

  • The customer may stop using the service at any time, with no minimum term.
  • Zentia Labs may suspend or limit access in cases of non-payment, security risk, unlawful use, material breach, or service protection needs.
  • Upon termination, access may be revoked and data will be handled in line with the contract, privacy policy, and applicable retention or deletion process. Obligations that by their nature should survive termination remain in force, including those relating to confidentiality, data protection, limitation of liability, and dispute resolution.

14. General provisions

  • Assignment: neither party may assign these terms without the other party’s written consent, except for an assignment to a company of the same group or as a consequence of a corporate transaction (merger, spin-off, sale of the business), in which case notice to the other party will suffice.
  • Notices: notices will be delivered by email to the addresses designated by each party. Notices relating to breach or termination will additionally be sent by a reliable means of delivery.
  • Language: these terms are published in Spanish; should versions in other languages exist, the Spanish version will prevail unless mandatory applicable law provides otherwise.
  • No waiver: failure or delay in exercising any right under these terms will not constitute a waiver of such right.
  • Severability: a declaration of invalidity or unenforceability of any clause will not affect the validity of the remaining provisions, which will remain in force.
  • Entire agreement: these terms, together with any specific contractual documentation that may have been signed with the customer and the applicable annexes, constitute the entire agreement between the parties and supersede any prior agreement on the same subject matter.

15. Limitation of liability and indemnity

To the maximum extent permitted by law, neither party will be liable for indirect damages, loss of profit, loss of business, loss of opportunity, reputational harm, or data loss not directly attributable to a breach by such party, nor for outages caused by third parties outside its reasonable control.

Except where liability cannot lawfully be excluded, Zentia Labs’ aggregate liability arising out of the service is limited to the amounts actually paid by the customer during the 12 months preceding the event giving rise to the claim.

The foregoing limitations and exclusions will not apply in cases of wilful misconduct or breach of confidentiality or data-protection obligations.

Each party will indemnify and hold the other harmless against third-party claims arising out of the breach of its own obligations under these terms or of the content, data, or services it contributes to the service.

16. Governing law and dispute resolution

These terms are governed by the laws of the State of Wyoming (United States of America), without prejudice to mandatory rules applicable to the customer by reason of its domicile.

The parties will resolve any dispute arising out of or relating to the service through the following mandatory, tiered procedure. No party may move to a later stage without first having exhausted the previous ones.

  • (a) Direct negotiation: the affected party will notify the other in writing of the dispute. The commercial representatives of both parties will negotiate in good faith for thirty (30) calendar days from the notification.
  • (b) Mediation: failing agreement, the parties will submit the dispute to mediation under the Mediation Rules of the International Chamber of Commerce (ICC), seated in Madrid, in Spanish, for a maximum of thirty (30) days from the appointment of the mediator. Mediation costs will be shared 50/50.
  • (c) Arbitration: disputes with an amount in controversy exceeding fifty thousand US dollars (USD 50,000) that are not resolved through (a) and (b) will be finally submitted to arbitration under the ICC Rules of Arbitration, before a sole arbitrator, seated in Madrid, in Spanish. The award will be binding and enforceable under the 1958 New York Convention. The parties may voluntarily submit to arbitration disputes equal to or below USD 50,000 by written agreement.
  • (d) Residual jurisdiction: only disputes equal to or below USD 50,000 that have not been resolved through (a) and (b), and for which the parties have not agreed to voluntarily submit to the arbitration in (c), will be exclusively submitted to the competent courts of the State of Wyoming (United States of America).
  • (e) Interim relief: either party may seek urgent interim measures before the competent courts of the other party’s domicile without waiving the procedure agreed herein.

For legal, contractual, or privacy matters, contact info@virtual-counter.com.

17. Data Processing Agreement (DPA)

By accepting these terms, the customer (data controller) and Zentia Labs LLC (data processor) agree to the following conditions regarding the processing of personal data carried out in the context of providing Vico.

Scope and roles

Zentia Labs acts as data processor solely with respect to the operational data processed on behalf of the customer in the context of Vico. The customer retains its status as data controller over such data, including special-category biometric data (Article 9 GDPR).

Processing locations

Zentia Labs processes the customer’s personal data from the following locations: (i) United States of America (registered office and primary cloud subprocessors); (ii) Spain (authorized personnel); and (iii) Colombia (authorized personnel). By accepting these terms, the customer expressly authorizes these locations and undertakes to reflect them, where applicable law so requires, in the information provided to its end users (travelers) before the KYC process.

Data processed

  • Photos of identity document (ID, passport) and driving licence.
  • Liveness biometric data: selfies, liveness scores, and facial match scores.
  • Vehicle damage photos.
  • Rental contract data: name, dates, vehicle, terms, electronic signature.
  • Payment data: pre-authorizations and charges processed via Stripe.
  • Usage metadata: timestamps, device, IP, language.

Sub-processors

Zentia Labs uses the following sub-processors to deliver Vico, belonging to standard technology categories whose use the customer expressly authorizes (cloud infrastructure, storage, KYC/biometrics, payment gateway, transactional email, and observability):

  • Upstash — real-time cache and storage (Redis).
  • Google Cloud Platform — infrastructure, compute, and storage.
  • Stripe — payment processing and pre-authorizations.
  • Resend — transactional email (confirmations, notifications).
  • Brevo — B2B CRM and marketing email.

Zentia Labs will notify the customer with reasonable advance notice of any material change of sub-processors with impact on the processing of personal data. The customer may object on reasonable, justified grounds; if no agreement can be reached, the customer may terminate the contract without penalty.

Security measures

  • Encryption in transit (TLS 1.3) and at rest.
  • Role-based access control with least-privilege principle.
  • Isolation and scheduled deletion of biometric data per the retention policy.
  • Audit logs and security event monitoring.
  • Periodic review of sub-processors and vendors.

Retention and deletion

Biometric data is deleted once verification is completed, unless applicable law requires a longer period. Damage photos are retained for the duration of the rental contract plus the customer’s claim period. Customer account data is kept until a deletion request is made. Data derived from service use in aggregated, anonymized, or pseudonymized form may be retained for up to 24 additional months for service improvement and defence of claims.

Upon request from the controller, Zentia Labs will delete the data within a maximum period of 30 days, except where legal retention obligations apply.

International transfers

The international transfers inherent to the service (United States – Spain – Colombia triangle and subprocessors outside the EEA) are governed by the safeguards recognized under applicable law, in particular the Standard Contractual Clauses (SCCs) adopted by the European Commission under Decision (EU) 2021/914, Module 2 (Controller to Processor), and the model clauses published by the Colombian Superintendence of Industry and Commerce (SIC). This DPA constitutes, by itself, the contractual safeguard mechanism between the customer and Zentia Labs. For additional transfers to subprocessors, Zentia Labs relies on the DPAs and transfer clauses published by those providers.

Audit and compliance evidence

Upon the customer’s reasonable request, Zentia Labs will provide sufficient documentary information to evidence compliance with this DPA (description of technical and organizational measures, up-to-date list of sub-processors, valid certifications if any). Any on-site audit or additional inspection required by the customer will be carried out, upon reasonable and justified request, with at least thirty (30) days’ prior notice, without disrupting Zentia Labs’ operations, and at the customer’s expense, unless a material breach by Zentia Labs is established, in which case Zentia Labs will bear its reasonable direct costs.

Permitted use for service improvement

Zentia Labs may process aggregated, anonymized, or pseudonymized data derived from the use of Vico for (i) provision and technical improvement of the service, (ii) internal training and evaluation of the AI models used in AI-assisted features (liveness detection, facial comparison, future damage detection), (iii) aggregated statistical analyses of the sector, and (iv) development of new features and adjacent services. In no case is identifiable biometric data used to train third-party providers’ models.

Breach notification

Zentia Labs will notify the customer of any security breach affecting personal data within a maximum of 72 hours from detection, providing the information needed for the customer to comply, where applicable, with its notification obligations to the competent authority and to data subjects.

This data processing agreement is incorporated by reference into these terms of service. By accepting the terms, the customer also accepts the data processing conditions described herein.

Contact

Controller
Zentia Labs LLC, 30 N Gould St Ste N, Sheridan, WY 82801, USA