Last updated: 5th September 2019

Stronghold Pay Terms of Service

1. Parties

1.1  The Stronghold Pay solution is provided to you by Stronghold Institutional Services LLC (Stronghold, we, us, our) and your use of the Service is subject to these Terms and Conditions (Terms).

1.2  A reference to you or your in these Terms is a reference to the user who has registered and is using the Service.

1.3  By using the Service you agree to these Terms. If you do not agree to these Terms you should not use the Service.

2. What the Service does

2.1  The Service enables users to make payments to Stronghold clients who have registered with Stronghold to be able to receive payments via the Service and have enabled the necessary systems and functionality at their point of sale, whether in-store or online (Stronghold Merchants).

3. Registration

3.1  In order to register to use the Service with Stronghold you must:

  • have internet access;
  • have a valid phone number; and
  • have reached the age of majority in the Country or State in which you reside, or 21 (twenty-one), whichever is older.

3.2  To register, you will be required to provide your name, date of birth and cell service. Further verification will be done using (2FA) 2-factor-authentication for registration and at the point of sale.

3.3  Stronghold may reject a PIN or password at its discretion.  You can change your PIN or password at any time using the settings in the app.  If you forget your PIN or password at any time then these can be reset using the relevant functionality in the App.

3.4  Stronghold uses third parties to:

  • integrate the Service with your chosen bank account ; and
  • initiate and process payments,

(Payments Integrators).  You must ensure that your bank's terms and conditions allow you to link your bank account with the Service via the Payments Integrator's integration services and allow us and Payments Integrators to initiate and process payments from your bank account.

3.5  Registration on the App does not create a bank account and no funds will be held with Stronghold. 

4. How to make payments 

4.1  You can initiate a payment from your linked bank account to the Stronghold Merchant during the checkout process.

4.2  By initiating a payment through the Service you are authorizing Stronghold (and the Payments Integrators) to make a payment request (via an 'application programming interface' between Stronghold's/the Payments Integrators' systems and your bank's systems) to debit your linked account with the amount of the payment and to transfer that amount to the Stronghold Merchant. You must have sufficient available funds in your account to cover the amount of the payment in order to ensure that the payment can be completed and to avoid being charged any overdraft or other fees your bank may charge in accordance with its terms.

4.3  If your bank blocks a transaction (for example if the transaction is flagged by its fraud detection systems) you will not be able to complete the transaction using the Service.

4.4  Once a payment is authorized in the Service it is irrevocable and cannot be reversed. You must ensure the amount of the payment is correct before it is authorized.

4.5  Any payment made using the Service will be processed in accordance with the standard process and timelines for internet banking initiated electronic transactions.

4.6  Payments made using the Service will appear on your bank statement in the same manner as an ACH banking transaction.

5. Fees

5.1  Stronghold does not charge any fees for the use of the Service, however, your usual account fees will apply to all payments made using the Service. You may be charged fees by your bank, and/or by your mobile service provider for any data used when downloading, updating or using the Service.

6. When we can suspend access

6.1  We can suspend, block or restrict your access or use of the App at any time in the following circumstances:

  • if we reasonably consider it necessary to protect the security of the Service, your profile or account or a Stronghold Merchant's account, including if we believe there is a risk of fraudulent activity;
  • if you are using the Service other than in accordance with these Terms;
  • if Stronghold suspends, modifies or withdraws the operation of the Service;
  • if access to the Service is interrupted, for example to enable routine maintenance and administration work, because of malfunction of equipment or unavailability of internet connection; or
  • if we are required to do so by law or other regulatory requirements.

7. Privacy

7.1  Users are required to create and register an account in order to use the Service. In order to facilitate your use of the Service, we collect and store personal information from you including your name, email address, mobile number and other personal information you choose to share with us.

7.2  We may collect and use information about your device, systems and application software to facilitate the provision of software upgrades, product support and other services related to the Service, including any of its features or tools. We may also collect and use information about how you use the Service.

7.3  We work with trusted third party service providers in order to provide the Services (including Payments Integrators) who we may need to share your personal information with.

7.4  We work with trusted third party service providers in order to provide the App (including Payments Integrators) who we may need to share your personal information with.

7.5  In addition to the above, we will collect, use, store, disclose and otherwise process your personal information in accordance with our Privacy Policy, available at

8. Security

8.1  You are responsible for the security of your account, including your device. You must ensure the safety of your account by taking steps to prevent loss, theft and unauthorized or fraudulent use. You must immediately cease using the Service and notify us at [email protected] if you become aware or suspect that your account has been or may be used for fraudulent transactions, or your credentials have been compromised in any way.

8.2  We will treat any payment instruction issued via the Service when payment instructions are authorized by SMS message from your registered mobile number as having been authorized by you.

9. Intellectual Property

9.1  All intellectual property rights in and to the Service belong to Stronghold and/or our licensors. Except as expressly set out in these Terms, you do not have any intellectual property rights in or to the Service or any improvements or variations. Nothing in these Terms or otherwise should be construed as granting any right to use any trade mark appearing within or in relation to the Service without the express written permission of Stronghold.

9.2  You must not copy, reverse engineer, decompile, disassemble, attempt to derive the source code of, modify, create derivative works of, re-post to other web sites, frame, deep link to, change, or otherwise distribute, license, sub-license or transfer in any form any aspect of the Service without our prior written consent.

9.3  To the extent any intellectual property rights subsist in anything you upload to, or process using, the Service, you grant us a perpetual, irrevocable, non-exclusive license to copy, modify, use and reproduce that material for the purposes of providing the Service and related functionality to you. You warrant that you have the right to grant this sub-license in respect of material you upload or process using the Service.

9.4  We grant you a limited, non-exclusive, non-transferable, revocable license to use the Service in accordance with these Terms.

10. Termination

10.1  You can stop using and interacting with the Service at any time. Deleting the Service from your device will not delete any of the information that has been collected about you through your use of the Service, including any personal information. This information will be retained by us in accordance with our Privacy Policy.

10.2  If we block your access to the Service, terminate your use of the Service or terminate these Terms, the license granted to you under these Terms will immediately terminate and we have a right to prohibit your access to the Service, including without limitation by deactivating your username and password.

11. Updates and Maintenance

11.1  We may ask you for updates and perform upgrades to the Service. Unless we specify otherwise, these Terms will apply to any such updates or upgrades.  You acknowledge that updates may include important bug and security fixes and agree that you will always use the latest version of the Service.

12. Changes to these Terms

12.1  Stronghold may amend or modify these Terms by posting on the Stronghold website or emailing to you the revised Terms, and the revised Terms shall be effective at such time.

12.2  If you continue to use the Service after the expiry of any notice period, you will be deemed to have accepted any change to these Terms. If you do not accept any changes to these Terms, please stop using the Service.

13 Warranties, liability and disclaimers

13.1  Except as required by law, we do not make any warranty (either express or implied) about the Service,, including any warranty as to the Service’s fitness for a particular purpose or that the use and operation of the Service will be without disruption, interruption or error.

13.2  You acknowledge that, to the maximum extent permitted by law, your operating system provider has no warranty obligations under these Terms and that your operating system provider is not responsible for any claims made to you or any third party relating to the Service.

13.3  To the fullest extent permitted by law, we and any of our related companies and service providers (including Payments Integrators) will not be liable for any direct, indirect or consequential loss or damage of any kind or disruption or interference to any property or service as a result of the use of the Service. Nothing in these terms operates to limit or exclude liability that cannot by law be limited or excluded. To the fullest extent permitted by law, our liability for failure to comply with any guarantee that cannot be excluded by law, is limited to us remedying the failure within a reasonable time.

13.4  You indemnify, and will keep indemnified, Stronghold against all actions, proceedings, losses, liabilities, damages , claims, demands, costs and expenses (including all legal costs and expenses) suffered or incurred by Stronghold or for any claim brought against Stronghold by a third party that arises out of or is in connection with your use of the Service.

14. Assignment

14.4  You may not assign any of your rights or obligations under these Terms, whether by operation of law or otherwise, without our prior written consent. To the extent permitted by law, we may assign, novate or otherwise transfer these Terms (in whole or in part), to any other person and you agree to do all things necessary or convenient to give effect to such assignment, novation or transfer.

15. Other applicable terms

15.1  Because the Service is linked with your bank account, your use of the Service may be subject to your bank's terms and conditions. You must ensure that terms applicable to your bank account allow you to link it with the Service and for Stronghold (and its third party providers, including Payments Integrators) to initiate payments from your linked bank account via the Service.

15.2  Your use of the Service may also be subject to separate agreements you may enter into with your mobile device operating system provider, your mobile device manufacturer, your mobile service carrier or any other parties involved in providing your mobile device service.  Stronghold has no responsibility for the products and services provided by third parties and you agree to comply with all applicable third party terms of agreement when using the Service. 

16. General

16.1  These Terms are governed by the laws of the State of California. State of California law and the courts of the State of California shall have non-exclusive jurisdiction.

17. Contact Us

17.1  You can contact us by [email protected]


Last updated: 28th April 2020

Merchant Agreement Introduction

This Merchant Processing and any terms expressly incorporated herein ("Merchant Processing") apply to any access to, or use of, any service made available by Stronghold. This includes the use of the website and its subdomains (the "Stronghold Site"), any mobile applications or any application programming interface (API) provided by Stronghold relating to Stronghold , and to any other related services provided by Stronghold relating to the Stronghold Site (collectively, the "Stronghold Services").

By clicking on an "I Agree" button, or check box presented with or within these Terms, by E-Sign Consent on the Stronghold Site, API, or any Stronghold partner website or app, or elsewhere, or by using any Stronghold Services, you agree that you have read, understood, and accept all of the terms and conditions contained in this Agreement, as well as Stronghold's Privacy Policy.

Part 1: Automated Clearing House Processing Agreement

This Automated Clearing House Processing Agreement (this “Agreement’) is entered into as of the earlier of (i) the date you, acting on behalf of the entity identified in the application submitted to Processor (the “Client’), request access to the Services or the date the Client submits an application to Stronghold Institution Services LLC (the “Processor”), and (ii) the date Processor approves Client’s use of Services (the “Effective Date”). This Agreement is entered into by and amount Client and Processor. Each may be referred to herein as a “Party” or collectively as “Parties.”

WHEREAS, Processor provides Automated Clearing House (“ACH”) services as a third-party processor to businesses for the purpose of such businesses receiving payments for the sale of their goods or services or otherwise making payments due to other businesses for goods or services (the “Services”);

WHEREAS, Client is in the business of buying and selling goods and services; 

WHEREAS, Client desires to engage Processor to provide Client with Services to pay amounts due in connection with Client’s business or to receive payment from Client’s customers for the purchase of goods or services; and 

WHEREAS, Processor desires to provide Client with Services subject to the terms herein. 

NOW, THEREFORE, in consideration of the mutual covenants and conditions hereinafter set forth, the Parties hereto, intending to be legally bound, agree as follows:

1. Definitions

1.1  Except as otherwise specifically indicated in this Article 1 or elsewhere in this Agreement, capitalized terms used in this Agreement shall have the meanings set forth in the NACHA Rules (as defined below):

“Account” means individually and collectively the Client Account and/or Customer Account. 

“ACH” has the meaning provided in the recitals.

“Agreement” has the meaning provided in the preamble.

“Business Day” means Monday through Friday, excluding federal banking holidays.

“Client” has the meaning provided in the preamble.

“Client Account” means a deposit account established by Client at a bank designated by Processor that has the ability to receive ACH Entries from the Federal Reserve or any other ACH Operator (as defined by the NACHA Rules) for debit and credit to the account.

“Confidential Information” means any and all information that is disclosed by one Party to the other Party and that relates to a Party’s business or the Parties’ business relationship hereunder, including information concerning finances, products, services, customers and suppliers. Confidential Information shall not include information that (i) is in or comes into the public domain without breach of this Agreement by the receiving Party; (ii) was in the possession of the receiving Party prior to receipt from the disclosing Party and was not acquired by the receiving Party from the disclosing Party under an obligation of confidentiality or nonuse; (iii) is acquired by the receiving Party from a third party not under an obligation of confidentiality or nonuse to the disclosing Party; or (iv) is independently developed by the receiving Party without use of any Confidential Information of the disclosing Party.

“Customers” means the customers or service providers of Client who either buy or sell goods or services to or from Client, as the case may be. Receivers (as defined in the NACHA Rules) are considered Customers for purpose of this Agreement. 

“Customer Accounts” means a deposit account established or owned by Customer at a bank that has the ability to receive ACH Entries from the Federal Reserve or any other ACH Operator for debit and credit to the account.

“Effective Date” has the meaning provided in the preamble. 

“Entries” has the meaning provided in the NACHA Rules.

“Exposure Settlement Limits” means the maximum daily settlement limit set by Processor or ODFI in writing on Entries submitted under this Agreement.

“Force Majeure Event” has the meaning provided in Section 9.16.

“Initial Term” has the meaning provided in Section 8.1.

“Insolvent” means the failure to pay debts in the ordinary course of business, the inability to pay its debts as they come due or the condition whereby the sum of an entity’s debts is greater than the sum of its assets.

“NACHA” means the National Automated Clearing House Association.

NACHA Rules” means the rules and regulations provided by NACHA.

“NPI” has the meaning provided in Section 6.2.

“ODFI” has the meaning provided in the NACHA Rules and shall be the bank with which Processor has a relationship and that will act as ODFI for Entries processed in connection with this Agreement.

“OFAC” means Office of Foreign Asset Controls.

“Originator” has the meaning provided in the NACHA Rules.

“Party” and “Parties” have the meaning provided in the preamble. 

“Person” means any natural or legal person, including any individual, corporation, partnership, limited liability company, trust or unincorporated association, or other entity.

“Principal” means any Person directly or indirectly owning ten percent (10%) or more of Client, and any executive officer or director of Client.

“Processor” has the meaning provided in the preamble.

“RDFI” has the meaning provided in the NACHA Rules.

“Receiver” has the meaning provided in the NACHA Rules and includes the consumers or businesses who have given authorization to Client for Client to initiate credit or debit entries to the accounts of those consumers or businesses.

“Reserve Account” has the meaning provided in Section 5.3.

“Renewal Term” has the meaning provided in Section 8.1.

“Rules” means any and all applicable federal, state, local or organizational rules applicable to each Party in connection with its activities contemplated by this Agreement, including the NACHA Rules, or otherwise applicable to this Agreement or the Services.

“SEC” has the meaning provided in the NACHA Rules.

“Security Breach” means (i) any act or omission that materially compromises either the security, confidentiality or integrity of data or the physical, technical, administrative or organizational safeguards put in place by Client or a third-party service provider of Client that relates to the protection of the security, confidentiality or integrity of data relating to the Services, or (ii) receipt of a complaint in relation to the privacy and data security practices of Client or a third-party service provider of Client or a breach or alleged breach of this Agreement relating to such privacy and data security practices. Without limiting the foregoing, a material compromise shall include any unauthorized access to, unauthorized disclosure of or unauthorized acquisition of nonpublic personal information.

“Security Procedure” has the meaning provided in Section 3.13.

“Security Program” means a comprehensive, written information security program that contains appropriate administrative, technical and physical safeguards designed to (i) protect the security, confidentiality and integrity of NPI; (ii) ensure against any anticipated threats or hazards to the security and integrity of NPI; (iii) protect against unauthorized access to or use of NPI that could result in substantial harm or inconvenience to any Person; and (iv) ensure the proper disposal of NPI.

“Services” has the meaning provided in the recitals and includes Processor’s transmission of any credit Entry, debit Entry or nonmonetary Entry to ODFI to send to a Receiver’s account at an RDFI as more particularly set forth in this Agreement.

“Settlement Date” means the date specified by Client on which date Entries will be available to RDFI that receives Entries.

“Term” means the period commencing on the Effective Date and terminating as provided in Section 8.1.

2. The Services

2.1  Processor may enter into relationships with one or more ODFIs to facilitate ACH transactions submitted or requested by Client. Client shall provide Processor with all information requested by Processor for each ACH transaction and all information necessary for Processor to create an Entry File in compliance with NACHA Rules. Client directs Processor to provide to ODFI retained by Processor any and all information required for ODFI to initiate an ACH transaction or any other information that is otherwise requested by ODFI. ODFI will debit money for the purpose of collecting electronic payments from the Customer Accounts of Customers and/or credit money to Customer Accounts for the purpose of paying Customers in accordance with the Rules. The terms of this Agreement do not limit either Party’s obligation to comply with the Rules.

2.2  Subject to the limitations set forth herein and in the Rules, Processor shall: (i) process Entries received from the Client to ensure such Entries conform with the file specifications set forth in the NACHA Rules; and (ii) transmit such Entries to ODFI to then be transferred to an ACH Operator, either directly or via a third-party ACH processor. Subject to the terms herein, including limits related to Exposure Settlement Limits, ODFI shall transmit such Entries to the ACH Operator by the deadline set forth by ODFI; provided, however, (A) such Entries are received by ODFI prior to the cut-off times set forth by ODFI, as such time frames are provided to Client by Processor from time to time; (B) the ACH Operator is open for business on such Business Day; and (C) neither ODFI nor Processor has reason to believe the Entry violates the Rules or that this Agreement or Client is in default of the Rules or this Agreement. If preceding requirements set forth in (A) or (B) are not met, ODFI shall use reasonable efforts to transmit such Entries to the ACH Operator by the next deposit deadline of the ACH Operator that is a Business Day and a day on which the ACH Operator is open for business. Notwithstanding anything to the contrary, ODFI may refuse to transmit, process or submit any Entry in its sole and absolute discretion and without liability to Client.

3. Responsibilities; Representations, Warranties and Covenants

3.1  Client agrees to be bound by, and comply with, the Rules, as the same may be amended from time to time. Client confirms, for every Entry submitted to Bank, that Client has received authorization from the Customer (including, for the avoidance of doubt, any Receiver) as required by and in accordance with the Rules. Client further agrees it is liable for any and all Entries and amounts due in connection with such Entries, including fraudulent or unauthorized Entries. In addition to any other duties, responsibilities, warranties, representations and liabilities under this Agreement, for each and every Entry transmitted in connection with this Agreement, Client represents and warrants to Processor and ODFI and agrees that it shall: (i) assume all of the responsibilities, including, but not limited to, the responsibilities of Originators; (ii) make all of the warranties set forth in the NACHA Rules, including, but not limited to, the warranties of ODFIs and Originators under the NACHA Rules; (iii) not transact in a business prohibited by Processor or ODFI, as further described in Section 3.17; (iv) assume all of the liabilities, including, but not limited to, liability for indemnification for failure of an Originator to perform its obligations as an Originator in accordance with the NACHA Rules; (v) adhere to any enhanced due diligence requirements or processes provided to Client by ODFI or Processor and to promptly make changes to its processes, procedures and policies to comply with any changes to the enhanced due diligence required by either ODFI or Processor; and (vi) conduct, or have conducted, an audit of its compliance with the NACHA Rules in accordance with the NACHA Rules. Without limiting the generality of the foregoing and for the avoidance of doubt, Client agrees to be responsible and liable for any use, whether authorized or unauthorized, of the Services on behalf of Client hereunder. For greater certainty Client shall not permit any individual to use the Services unless they are: (A) employees or agents of Client; (B) acting for and on behalf of the Client; and (C) acting in the ordinary course of business of the Client.

3.2  Notwithstanding anything to the contrary, Client represents and warrants that, with respect to all Entries Processor originates for Client: (i) each Receiver has authorized the debiting and/or crediting of its account and that such authorization contains the information and is in the format required by the Rules and has not been revoked; (ii) each Entry is for an amount agreed by the Receiver due and owing by the Receiver to Client on the settlement date or is to correct an erroneous prior credit Entry; (iii) each Entry complies with the Rules and is in all respects properly authorized; and (v) each Entry is of a type that Processor has approved Client to initiate and has been identified with the proper SEC code as defined in the Rules. For the avoidance of doubt, with respect to each Entry, Client gives each of the warranties that an Originator or ODFI would be required to give for the type of Entry initiated. Client agrees to indemnify Processor and ODFI for any losses, liabilities, costs or expenses Processor or ODFI suffers or incurs as a result of any breach of any representations or warranties under this Agreement. If Client receives notice that any pre-notification has been rejected, Client will not initiate any Entry until the cause for rejection has been corrected and another pre-notification has been submitted and accepted. Client shall cease initiating Entries immediately upon Client receiving actual or constructive notice of the termination or revocation of authorization from Receiver. Client shall not collect, store or disclose Entry account information other than as expressly permitted by the Receiver to whom the information relates. Client bears the final responsibility to ensure that the Client’s practices, actions, policies and procedures and the Entries meet the requirements of the Rules and this Agreement.

3.3  Client shall, at all times, maintain the Client Account in good standing and shall ensure the Client Account maintains sufficient funds to cover all ACH credits, including, but not limited to, Credit Entries, and debits for fees, payments and returned Entries. Client may not close or change the Client Account without written notice to and approval from Processor. Client will be solely liable for all fees and costs associated with the Client Account and for all returns/overdrafts. Client hereby grants to Processor and ODFI a security interest in the Client Account, Reserve Account and any other account owned by Client to the extent of any and all fees, payments and liability that may arise under this Agreement, and Client shall execute any document and obtain any consents or waivers from the bank at which the Client Account, Reserve Account or any other account is maintained as requested by Processor to protect the security interest contemplated herein.

3.4  Data Retention. Client shall retain data on file adequate to permit remaking of Entries for at least thirty (30) days (or longer if required by Processor or ODFI) following the date of their transmittal by Processor or ODFI as provided herein and shall provide such data to Processor upon its request. Without limiting the generality of the foregoing provision, Client specifically agrees to be bound by and comply with all applicable provisions of the Rules regarding the retention of documents or any record, including, without limitation, Client’s responsibilities to retain all items, source documents and records of authorization in accordance with the Rules.

3.5  Client acknowledges and agrees it shall maintain sufficient funds in Client Account to satisfy each Credit Entry and On-Us Entry submitted to Processor or ODFI and authorizes Processor or ODFI to collect funds necessary to satisfy such Credit Entry or On-Us Entry from Client Account on or prior to the Effective Entry Date corresponding to such Credit Entry or On-Us Entry (the “Payment Date”). Client shall pay Processor or ODFI for the amount of each debit Entry returned by a RDFI or debit Entry dishonored by ODFI. Payment shall be made by Client to Processor or ODFI in any manner specified by ODFI. In the event that the Client Account does not have sufficient available funds to cover any submitted Credit Entry or On-Us Entry, returned or dishonored debit Entry or any other amount due to Processor or ODFI under this Agreement, Processor and ODFI are each authorized to debit the Reserve Account or any other account owned by Client. In the event that no Client account has collected funds sufficient on the Payment Date to cover the total amount of all Entries to be paid on such Payment Date, Processor or ODFI may take any of the following actions: (i) refuse to process all Entries, in which event Processor shall inform Client that it or ODFI suspended processing Entries, whereupon neither ODFI nor Processor shall have any liability to Client or any third party as a result thereof; or (ii) process all credit Entries. In the event Processor and ODFI elect to process credit Entries initiated by Client and Client has not maintained sufficient available funds in its Client Account to cover them, the total amount of the insufficiency advanced by ODFI on behalf of Client shall be immediately due and payable by Client to ODFI without any further demand from ODFI. If ODFI elects to pay Client’s account in the overdraft on any one or more occasions, it shall not be considered a waiver of ODFI’s rights to refuse to do so at any other time, nor shall it be an agreement by ODFI to pay other items in the overdraft.

3.6  Exposure Limits. ODFI or Processor may, from time to time, assign Client a limit representing the maximum aggregate dollar amount of Entries that may be initiated by Client each day and an Exposure Settlement Limit. ODFI or Processor may change such limits at any time without notice to Client. Client agrees to comply with all limits prescribed by ODFI or Processor, and shall not submit Entries that will cause Client to exceed the daily aggregate dollar limit for Entries or Exposure Settlement Limit.

3.7  Client shall only transmit Entries to Processor in compliance with the formatting and other requirements set forth in the NACHA Rules. Processor shall provide Client with consultation on the format and specification of Entries. Client may not appoint a third party to act as its agent to process or submit Entries on its behalf.

3.8  Rejection of Entries. Notwithstanding anything to the contrary, Processor or ODFI may reject any Entry it believes, in its sole discretion, violates the Rules or this Agreement, or Processor or ODFI otherwise determines the execution of such Entry poses a risk to Processor, ODFI, ACH Operator, Receiver or RDFI. Without limiting the foregoing, Processor or ODFI may reject any Entry that does not comply with the requirements of this Agreement, any other specification provided by Processor or the Rules. Processor shall have no liability to Client by reason of the rejection of any Entry.

3.9  Reversals. Client acknowledges the right of a Receiver of an unauthorized debit Entry, as applicable and as described in the NACHA Rules and/or applicable law, to obtain a refund of the funds debited from Receiver’s account (including Customer Accounts) by such Receiver sending notice to its RDFI in accordance with NACHA Rules. Client shall hereby indemnify Processor and ODFI against any such claim for a refund by any Receiver. If Client asserts that an Entry that was returned as an unauthorized debit Entry was authorized by the Receiver, Client may provide to Processor to provide to ODFI the relevant information (if any) to dispute the assertion that the Entry was unauthorized, and Processor shall use commercially reasonable efforts to act upon any such information on Client’s behalf in accordance with the NACHA Rules. For the avoidance of doubt, Client shall remain liable for any unauthorized or fraudulent transitions or Entries. In addition, subject to the terms herein and upon timely request by the Client, Processor may, in its discretion, effect a reversal of an Entry or File. Any such request must (i) be made within five (5) Business Days of the Effective Entry Date for the Entry or File to be reversed; and (ii) be accompanied by any forms required by ODFI or Processor. In the event Client requests a reversal of a Debit Entry or Debit File, Client shall immediately upon such request deposit into the Reserve Account (or, if otherwise instructed, in the Client Account) an amount equal to that Entry or File. Client agrees to notify the Receiver that a reversing Entry has been transmitted to the Receiver’s account no later than the date of request. Under no circumstances shall Processor or ODFI be liable for interest or related losses if the requested reversal of an Entry is not effected. The Client agrees to reimburse Processor for any expenses, losses or damages it incurs in effecting or attempting to effect the Client’s request for reversal of an Entry.

3.10  Cancellation or Amendment by Client. Client shall have no right to the cancellation or amendment of any Entry after its receipt by Processor or ODFI. However, if the Entry has not been submitted to the ACH Operator or ODFI, Processor shall use commercially reasonable efforts to act on a request by Client for cancellation or amendment of an Entry, provided such request complies with the security procedure set forth in this Agreement for cancellation or amendment of an Entry, but neither Processor nor ODFI shall have any liability if such cancellation or amendment is not effected. If Processor or ODFI accepts a cancellation or amendment of an Entry, Client hereby agrees to indemnify, defend and hold Processor and ODFI harmless from any and all claims losses, damages or expenses, including but not limited to attorneys’ fees incurred by Processor or ODFI as the result of its acceptance of the cancellation or amendment.

3.11  Notification of Change. Processor shall provide Client all information, as required by the NACHA Rules with respect to each Notification of Change Entry or Corrected Notification of Change Entry received by Processor relating to Entries transmitted by Client. Client shall ensure that changes requested by the Notification of Change Entry or Corrected Notification of Change Entry are made within three (3) Banking Days of Client’s receipt of the Notification of Change Entry or Corrected Notification of Change Entry information from Processor or prior to initiating another Entry to the Receiver’s account, whichever is sooner.

3.12  Client acknowledges and agrees that, if any Entry describes the Receiver inconsistently by name and or account number, payment of the Entry transmitted by ODFI to the RDFI may be made by the RDFI on the basis of the account number supplied by the Client, even if it identifies a Person different from the named Receiver, and that Client’s obligation to pay the amount of the Entry to ODFI is not excused in such circumstances.

3.13  Security Procedures. Client shall comply with the security procedure requirements described in this Section 3.13 and Schedule B with respect to Entries transmitted by Client to Processor to transfer to ODFI (“Security Procedure”), and Client acknowledges and agrees that the Security Procedure constitutes commercially reasonable security procedures under applicable law for the initiation of ACH Entries. Client authorizes Processor and ODFI to follow any and all instructions entered and transactions initiated using the Security Procedures unless and until Client has notified Processor, according to notification procedures prescribed by Processor, that the Security Procedures have been stolen, compromised or otherwise become known to Persons other than Client and until Processor has had a reasonable opportunity to act upon such notice. For the avoidance of doubt, if an Entry (or request for cancellation or amendment of an Entry) received by Processor or ODFI purports to have been transmitted or authorized by Client and such Entry is processed or submitted in compliance with the Security Procedure, it will be deemed effective as Client’s Entry (or request) and Client shall be liable to Processor or ODFI for such Entry even though the Entry (or request) was not authorized by Client. Processor or ODFI may modify, amend, supplement, change or cancel any or all of the Security Procedure, at any time in its sole discretion with prior written notice. Processor or ODFI may modify, amend, supplement or change the Security Procedure without advance notice to Client if Processor or ODFI determines that such modification, amendment, supplement or change is necessary or desirable to protect the security of Processor’s or ODFI’s systems and assets. Client shall immediately implement the modified Security Procedure, such implementation shall constitute Client’s agreement that the modified Security Procedure is commercially reasonable and adequate for the purposes intended. Client agrees that Processor or ODFI may delay the execution of an Entry until Client has completed any security measures Processor, in its sole discretion, deems warranted.

3.14  Cooperation in Loss Recovery. In the event of any damages for which Processor, ODFI or Client may be liable to each other or to a third party pursuant to the services provided herein, Processor and Client will undertake reasonable efforts to cooperate with each other, as permitted by NACHA Rules and applicable law, in performing loss-recovery efforts and in connection with any actions that the relevant party may be obligated to defend or elects to pursue against a third party.

3.15  Client certifies that (i) it has not been suspended and does not appear on a national association list of suspended Originators; and (ii) it will not transmit any Entry if it has been suspended or appears on a national association list of suspended Originators.

3.16  Client agrees that Processor has no obligation to discover and shall not be liable to Client for errors made by Client, including, but not limited to, errors made in identifying the Receiver or an RDFI or for errors in the amount of an Entry or for errors in settlement dates. Processor has no duty to discover and shall not be liable for duplicate Entries.

3.17  Prohibited Transactions. No Client may use the Services in connection with illegal conduct or activities. Client may not use Services for any activities prohibited by the Rules, this Agreement, Processor or ODFI, including, without limitation, the following activities: activities related to sexually oriented materials or services; gambling activities; activities related to fraud or money laundering; funding terrorist organizations; or sending or receiving funds on behalf of a current or former Customer that has violated the Rules. Processor and ODFI each reserve the right to report any Client to the appropriate law enforcement agency or agencies. Processor may, in its sole discretion, cancel any ACH transaction and terminate Services if Processor or ODFI suspects the Services are being utilized for any purpose prohibited by this Agreement, the Rules, Processor or ODFI. Client acknowledges that Processor is not liable for any Client use of the Services in violation of any applicable agreement or the Rules. Moreover, Processor or ODFI shall not be liable for failure to provide to ODFI any Entries if Processor believes Entries may or will violate the terms of this Agreement or the Rules.

4. Compensation

4.1  Client agrees to pay to Processor the fees set forth in a schedule provided to Client at or prior to the date Processor approves Client’s application to use the Services. Processor may increase any pass-through fees (including, without limitation, postage, supplies, courier, data transmission and telecommunications expenses) or any fees charged by ODFI or otherwise set forth in the NACHA Rules, without notice. In the event that Processor is required to investigate an Entry or ACH transaction as a result of Client’s conduct, Processor may assess Client a fee of 10% of the Entry or ACH transaction amount, and Client shall be responsible for all Processor costs associated with an investigation. All fees due hereunder, including recurring and undisputed fees, shall be billed for each calendar month (or portion thereof) beginning on the Effective Date and paid within ten (10) days of receipt of the invoice. For any amount not paid within five (5) days after its due date, Client shall pay interest on the unpaid amounts at a rate of one percent (1%) per month or the maximum interest rate allowed by law. Client hereby authorizes Processor to debit the Client Account for all amounts owed pursuant to this Agreement; provided, Client may revoke this authorization by providing Processor with at least sixty (60) days’ prior notice in accordance with the terms of Section 8.2; in the event Client revokes authorization, Processor may terminate or suspect the Services without liability. All charges and fees to be paid by Client under the Agreement are exclusive of any applicable withholding, sales, use, excise or value-added taxes. Client shall be responsible for all such taxes. Processor shall pay for any taxes on Processor’s property, income or payroll. Client agrees to pay and hold Processor harmless for any taxes on Client’s property, income or payroll. In the event of any assessment by a taxing authority, both parties agree to cooperate with each other to resolve issues in order to minimize the assessment. Client is responsible for all tax (other than income tax applicable to Processor) and agrees to pay all applicable taxes.  

5. Compliance, Audit and Reserve Account

5.1  Compliance. Client represents that neither it nor any of its affiliates, officers, employees or agents are listed on any Specially Designated Nationals list of the OFAC. Client hereby represents that neither it nor the individual officers of Client, or any individual using this processing relationship with Processor are now or have been in the past, part of any investigation or action, by the Federal Trade Commission, FBI or U.S. Postal Authority or any other governmental authority whether inside or outside the jurisdiction of the United States. Client agrees to subscribe to receive the NACHA Rules, including revisions, directly from NACHA. Client represents and warrants that Client will comply with the NACHA Rules (including but not limited to honoring any revisions that Processor may make to the procedures set forth in this Agreement in order to comply with the NACHA Rules or changes in the ODFI’s NACHA-related procedures) and Rules, including applicable laws, regulations and regulatory requirements. Client further represents and warrants that it will not transmit any Entry or engage in any act or omission that violates or causes Processor or ODFI to violate the NACHA Rules or the laws of the United States or any state or territory of the United States, or any other applicable laws, regulations or regulatory requirements, including, without limitation, regulations of the Office of Foreign Asset Control, sanctions or executive orders. In the event a Report of Possible Rules Violation is filed against Client as described in the NACHA Rules, Client will immediately notify Processor of the filing and take appropriate steps to correct the problem within the time frames suggested by Processor.

5.2  Audit. Processor, ODFI or their designated representative shall have the right, upon at least thirty (30) days written advance notice to Client (and sooner if required by ODFI or any regulator of ODFI ), to enter Client’s facilities in order to review, inspect, and audit records of Client related to the Services. Processor, ODFI or their designated representative shall perform such review, inspection and audit at Processor’s sole cost, unless such audit is in response to a breach of this Agreement or the audit uncovers a breach of this Agreement; in such case, Client shall be responsible for all audit costs. Client shall comply with requests from Processor, ODFI or their designated representative to furnish information or access to Client’s systems for the purpose of completing the review, inspection and audit. Such audits will be conducted no more than once in any period of twelve (12) consecutive months, unless there is a breach of this Agreement by Client, in which case an audit may be conducted per event giving rise to the material breach, or unless otherwise required by ODFI. Processor shall also have the right to audit Client at any time for compliance with the Agreement and Rules.

5.3  Reserve Account. In Processor’s sole discretion, at any time during the term of this Agreement, Processor may require Client to maintain a reserve account (the “Reserve Account”) at a financial institution determined by Processor and to fund the Reserve Account with an amount determined by Processor (the “Reserve Amount”). In the event that Processor requires a Reserve Account, Client shall establish the Reserve Account and deposit funds in an amount equal to the Reserve Amount into the Reserve Account. Client authorizes Processor to recover any liabilities owed to Processor or reasonably anticipated to be owed to Processor by the Client pursuant to this Agreement, including, without limitation, all liabilities in respect of actual and/or potential post-termination chargeback, post-termination fees, and charges, indemnifications and expenses due or anticipated to be due to Processor from or on account of Client, from the Reserve Account. The Reserve Account shall be maintained by Processor and funded by Client immediately upon notice from Processor. Notwithstanding, Processor may fund the Reserve Account by instructing ODFI to withhold amounts from the settlements to Client Account or by debiting funds from the Client Account. The amount of the Reserve Account shall be amended by Processor at its discretion as a function of the financial risk posed to Processor or ODFI by Client. Upon any termination of this Agreement, for any reason whatsoever, Processor reserves the right to maintain in its possession the Reserve Account any and all amounts then held by Processor, or its agents, in relation to the Client until such time as all actual and potential liabilities of Client to Processor are settled in full, including, without limitation, legal fees associated with enforcing the terms of this Agreement. In the event the Reserve Account is not sufficient to cover the items that are returned after the termination of this Agreement, Processor will debit the Client Account and other account(s) for the amounts owed. 

6. Data Security and Confidentiality

6.1  Unless otherwise agreed to in advance, in writing, by Processor or except as expressly permitted by this Agreement, Client will not, except as required by law or court order, use Confidential Information of the Processor or disclose it to any third party. Upon the termination of this Agreement for any reason, or upon the Processor’s earlier request, Client will deliver to Processor all of Processor’s property or Confidential Information in tangible form that Client may have in its possession or control or destroy all of Processor’s Confidential Information in its possession.

6.2  Client represents and warrants that its creation, collection, receipt, access, use, storage, disposal and disclosure of Receiver information, Entries, “Nonpublic Personal Information” or “Personally Identifiable Financial Information” (as defined in Sections 1016.3(p) and (q), respectively, of the Consumer Financial Protection Bureau on Privacy of Consumer Information published at 12 CFR Chapter X) or account information (collectively, “NPI”) does and will comply with all applicable federal and state privacy and data protection laws, as well as all other applicable regulations and directives. At a minimum, pursuant to NACHA Rules, Client must use 128-bit RC4 encryption technology for the entry and transmission of ACH Entries.

6.3  Without limiting Client’s obligations under Section 6.2, Client shall implement administrative, physical and technical safeguards to ensure NPI is protected from unauthorized access, acquisition, disclosure, destruction, alteration, accidental loss, misuse or damage that is no less rigorous than accepted industry practices, and shall ensure that all such safeguards, including the manner in which NPI is created, collected, accessed, received, used, stored, processed, disposed of and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Agreement. In addition, Client shall only transmit Entries and data to Processor using proper encryption and authentication. Encryption is a process of scrambling data content through hardware or software in order to protect the confidentiality of a file’s contents. This information should remain encrypted between all parties in the ACH Network using a technology that provides a commercially reasonable level of security that complies with applicable regulatory requirements. Authentication is a process of ensuring that files and data content have not been altered between the Originator and receiving points. Like encryption, this can be done using hardware or software to ensure data integrity.

6.4  At least once per year, Client shall conduct a site audit of the information technology and information security controls for all facilities used in complying with its obligations under this Agreement, including obtaining a network-level vulnerability assessment performed by a recognized third-party audit firm based on recognized industry best practices.

6.5  Client shall establish and maintain a Security Program as long as it stores NPI. At all times during and after the Term, (i) Client shall use at least the same degree of care in protecting such information against unauthorized disclosure as it accords to its other confidential information, but in no event less than the industry standard of care for financial institutions; and (ii) the Security Program shall comply with all information and data security requirements of the Rules. Within thirty (30) days of Processor’s written request, Client shall provide to Processor a summary of Client’s written Security Program and, thereafter upon Processor’s request, will provide updates on the status of such Security Program.

6.6  Client shall notify Processor of a Security Breach as soon as practicable, but no later than forty-eight (48) hours after Client becomes aware of any Security Breach. Immediately following notification set forth above of a Security Breach, the Parties shall coordinate with each other to investigate the Security Breach. Client agrees to fully cooperate with Processor in handling the matter, including: (i) assisting with any investigation; (ii) providing Processor with physical access to the facilities and operations affected; (iii) facilitating interviews with the Breached Party’s employees and others involved in the matter; and (iv) making available all relevant records, logs, files, data reporting and other materials required to comply with Rules, regulations and industry standards or as otherwise reasonably required by Processor or ODFI. Client shall, at its own expense, use best efforts to immediately contain and remedy any Security Breach and prevent any further Security Breach, including taking any and all action necessary to comply with applicable privacy rights, laws, regulations and standards. Client shall reimburse Processor for all actual reasonable costs incurred by Processor or ODFI in responding to, and mitigating damages caused by, any Security Breach, including all costs of notice and/or remediation. Client agrees that it shall not inform any third party of any Security Breach without first obtaining Processor’s prior written consent, other than to inform a complainant that the matter has been forwarded to Processor’s legal counsel or as may be required by the Rules. The Parties will work together promptly and in good faith to determine (A) whether notice of the Security Breach is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies or others as required by law or regulation, or otherwise in Processor’s discretion; (B) the contents of such notice, and (C) whether any type of remediation may be offered to affected Persons, and the nature and extent of any such remediation.

7. Indemnification, Disclaimer and Limitation of Liability

7.1  Neither Processor nor ODFI shall be responsible for Client’s acts or omissions (including without limitation the amount, accuracy, timeliness, of transmittal or due authorization of any Entry received from Client) or those of any other Person, including without limitation any ACH Processor, third-party processor or transmission or communications facility, any Receiver or RDFI (including without limitation the return of an Entry by such Receiver or RDFI), and no such Person shall be deemed Processor’s or ODFI’s agent. In addition, Processor and ODFI shall be excused from failing to transmit or delay in transmitting an Entry if such transmittal would result in Processor or ODFI exceeding any limitation upon its intra-day net funds position established pursuant to present or future Federal Reserve guidelines or ODFI otherwise violating any provision of any future risk-control program of the Federal Reserve or any rule or regulation of any other U.S. or state governmental regulatory authority.

7.2  Client shall indemnify, defend and hold harmless Processor and ODFI against any third-party claims or alleged claims, and any losses, liabilities or expenses (including attorneys’ fees and expenses) directly resulting from, related to or arising out of: (i) any breach by Client of any covenant, representation or warranty set forth herein or any violation of any Rules; (ii) any action or omission that Processor or ODFI takes or fails to take, as the case may be, acting upon Client’s instructions; (iii) Client’s failure to exercise ordinary care in connection with its duties hereunder; (iv) any action by the RDFI upon an unauthorized or erroneous Entry initiated by Client; (v) any actions by Client’s service provider or agent that result in a breach of this Agreement by Client; (vi) to the extent that it involves Processor or ODFI, any litigation by an ACH Operator, an RDFI or any Receiver asserting noncompliance on Client’s part with the NACHA Rules or any other applicable laws, regulations or regulatory requirements; (vii) any violation of the Rules; or (viii) any and all losses suffered by Processor or ODFI as a result of fraudulent transactions committed by Receiver, Client, any third party or by individuals misrepresenting themselves as Receivers in connection with the ACH services provided by Processor pursuant to this Agreement.



7.5  Notwithstanding anything to the contrary, Processor’s financial liability under this Agreement shall not exceed one (1) year of fees paid by Client to Processor.

8. Term and Termination

8.1  This Agreement will take effect on the Effective Date and continue until the first anniversary of the Effective Date (the “Initial Term”) and will renew automatically for successive additional terms of one (1) year each (each a “Renewal Term”), unless Client notifies Processor of nonrenewal at least one hundred eighty (180) days prior to the end of the Initial Term or any Renewal Term or Processor notifies Client of nonrenewal at least one hundred eighty (180) days prior to the end of the Initial Term or any Renewal Term (together, the “Term”).

8.2  Without limitation of the foregoing, Client understands that Processor may immediately suspend or terminate the Services or terminate this Agreement if: (i) Client or any Customer violates the Rules or otherwise fails to comply with the terms of this Agreement; (ii) Client breaches any agreement, representation, warranty or covenant with Processor or any third party; (iii) Processor has reason to believe an unauthorized transaction has taken or may take place involving any Accounts or the Services; (iv) Client becomes insolvent; (v) Processor is uncertain as to any Person’s authority to give Processor instructions regarding Account or the Service, (vi) Processor has withdrawn, or caused to be withdrawn, funds from either the Reserve Account or other similar reserve accounts in accordance with the provisions hereof, and such funds have not been restored thereto within three (3) business days; (vii) if reversals exceed 2.5% or the Exposure Settlement Limits; (viii) Processor concludes Client is financial insecure or poses a risk to ODFI, Processor, Receiver, RDFI or ACH Operator; (ix) the Client Account is closed or otherwise in default; or (x) required by a regulator or ODFI. The foregoing represent examples of circumstances in which Processor may terminate or suspend Services, but they do not limit Processor’s right to terminate such service at any time for any reason or for no reason at all. Termination or suspension of Services by Processor shall not affect Client’s obligations hereunder or under other agreements, and Processor shall have no liability on account of such termination.

8.3  Termination for convenience. Processor may terminate this Agreement by providing Client with sixty (60) days’ prior notice.

8.4  Client may terminate this Agreement if Processor fails to perform its obligations under this Agreement and such failure continues for thirty (30) days following notice from Client.

8.5  If Services are suspended or this Agreement is terminated for any reason or no reason, Client agrees: (i) to continue to be bound by this Agreement; (ii) to immediately stop using the Services; (iii) that Processor reserves the right (but has no obligation) to delete all information and account data related to Client or Client’s use of the Services that may be stored by Processor; and (iv) that Processor shall not be liable to Client or any third party for termination or suspension of access to the Services or for deletion of information or account data related to Client or Client’s use of the Services.

8.6  Termination of this Agreement by processor pursuant to Section 7.2 shall result in the assessment of a termination fee in an amount equal to the greater of: (i) the average monthly fees charged to Client for the previous twelve (12) months (or such shorter time if Client has processed for less than twelve (12) months) multiplied by the number of months remaining in the Term; or (ii) $1,000. The Parties expressly agree that the damages that may be incurred by Processor as a result of termination are difficult to ascertain and measure and that the amount set forth herein is a reasonable estimate of the damages likely to be incurred by Processor.

8.7  The termination of this Agreement shall not terminate, affect or impair any rights, obligations or liabilities of any Party that accrue prior to termination or with respect to the services occurring or arising prior to termination, or which, under this Agreement, continue after termination. Any termination of this Agreement shall not affect any of Processor’s rights and Client’s obligations with respect to Entries initiated by Client prior to the effective time of such termination.

9. Miscellaneous

9.1  Additional Representations and Warranties. Client represents, warrants and covenants to Processor that: (i) it is duly organized, validly existing and in good standing as a corporation or other entity as represented herein under the laws and regulations of its jurisdiction of incorporation, organization or chartering; (ii) the execution of this Agreement by its representative has been duly authorized by all necessary corporate actions of Client; (iii) it has the full right, power and authority to enter into this Agreement, to grant the rights granted hereunder and to perform its obligations hereunder; (iv) there is not pending or threatened against Client any litigation or proceeding, judicial, tax or administrative, the outcome of which might adversely affect the continuing operation or legal standing of Client; (v) Client is performing, and will at all times use commercially reasonable efforts to continue to perform, its obligations under this Agreement and is, will and shall at all times be in compliance with the Rules that relate to its business, the Services, ODFI, ACH transactions, this Agreement and the matters and transactions contemplated herein; (vi) no consent or approval of any third party is required for the valid execution, delivery and performance of this Agreement by Client; (vii) Client has obtained or will obtain and is or will be in compliance with all licenses, permits, memberships, consents and authorizations required to perform all its obligations under this Agreement and other agreements that must be executed to effect the services contemplated herein; (viii) when executed and delivered by Client, this Agreement will constitute the legal, valid and binding obligation of Client, enforceable against Client in accordance with its terms; (ix) it has no knowledge of any pending or threatened suit, action, arbitration or other proceedings of a legal, administrative or regulatory nature, or any governmental investigation against it or any of its affiliates or any officer, director, or employee that has not been previously disclosed in writing and that would adversely affect its financial condition or its ability to perform this Agreement; (x) it has obtained all consents and authorizations contemplated by this Agreement, including any consent of its beneficial owners required to enforce any terms or conditions herein against such individuals; (xi) all information it has provided to Processor is true, accurate and complete, and that it will immediately notify Processor if any information it has provided to Processor is no longer materially true, accurate or complete; and (x) Client has all licenses required to conduct its business and otherwise conducts its business, including the sales of goods and services to, and purchases of goods and services from, Customers, in compliance with the Rules.

9.2  Additional Representations and Warranties. Processor represents, warrants and covenants to Client that: (i) it is duly organized, validly existing and in good standing as a corporation or other entity as represented herein under the laws and regulations of its jurisdiction of incorporation, organization or chartering; (ii) the execution of this Agreement by its representative has been duly authorized by all necessary corporate actions of Processor; (iii) it has the full right, power and authority to enter into this Agreement, to grant the rights granted hereunder and to perform its obligations hereunder; (iv) there is no pending or threatened against Processor any litigation or proceeding, judicial, tax or administrative, of which the outcome will have an adverse effect on continuing operation or legal standing of Processor or would otherwise adversely impact the provisioning of the Services; (v) Processor is performing, and will at all times use commercially reasonable efforts to continue to perform, its obligations under this Agreement in compliance with the Rules that relate to its business and the Services; (vi) no consent or approval of any third party is required for the valid execution, delivery and performance of this Agreement by Processor; (vii) Processor has obtained or will obtain and is or will be in compliance with all licenses, permits, memberships, consents and authorizations required to perform all its obligations under this Agreement and other agreements that must be executed to effect the services contemplated herein; (viii) when executed and delivered by Processor, this Agreement will constitute the legal, valid and binding obligation of Processor, enforceable against Processor in accordance with its terms; (ix) it has obtained all consents and authorizations contemplated by this Agreement, including any consent of its beneficial owners required to enforce any terms or conditions herein against such individuals; and (x) all representations and warranties made under (i) – (ix)are true, accurate and complete, and that it will immediately notify Client if any information it has provided to Client is no longer materially true, accurate or complete.

9.3 Due Diligence and Additional Agreements. Client agrees ODFI or Processor may request copies of Client’s balance sheets and related statements of income and cash flow and such other items that ODFI or Processor may require or deem necessary in connection with their due diligence review of Client (the “Due Diligence Materials”). Client shall immediately provide all Due Diligence Materials to ODFI and Processor upon their request. All Due Diligence Materials furnished to either ODFI or Processor must be accurate and complete in all material respects and complete insofar as completeness may be necessary to give ODFI or Processor a true and accurate knowledge of the subject matter. Client’s financial statements, subject to any limitation stated therein, which have been furnished to ODFI or Processor, do fairly present the financial condition of Client and have been prepared in accordance with (i) the books and records of Client; (ii) generally accepted accounting principles as in effect in the United States at the time of preparation; and (iii) all pronouncements of the Financial Accounting Standards Board. In addition, ODFI may conduct, and Client shall cooperate with, due diligence of Client. ODFI may require Client to enter into a direct agreement with ODFI in order for ODFI to process, transmit or submit Entries on behalf of Client or enter into a separate credit agreement with ODFI and, if Client is unable to or refuses to enter into such direct relationship or credit agreement with ODFI, Client understands Processor may suspend Services or terminate this Agreement without liability.

9.4  Assignment. Neither Party shall assign any of its rights or delegate any of its obligations hereunder without the prior written consent of the other Party; provided, however, Processor may assign its rights or delegate its obligations, in whole or in part, without such consent, to (i) one or more of its wholly owned subsidiaries or affiliates; or (ii) an entity that acquires all or substantially all of the business or assets of such party to which this Agreement pertains, whether by merger, reorganization, acquisition, sale, or otherwise.

9.5  Notice. All notices that either Party may be required or desire to give to the other Party shall be in writing and shall be given by personal service, telecopy, registered mail or certified mail (or its equivalent), or overnight courier to the other Party at its respective address or telecopy telephone number set forth below. Mailed notices and notices by overnight courier shall be deemed to be given upon actual receipt by the Party notified. Notices delivered by telecopy shall be confirmed in writing by overnight courier and shall be deemed to be given upon actual receipt by the Party to be notified.

If to Processor:

Stronghold Institutional Services LLC
604 Mission St., 6th floor
San Francisco, CA
Attn: Legal Department

If to Client:

The postal address or e-mail address set forth on the application provided to Processor by Client or its agent.

A party may change its address set forth above by giving the other party notice of the change in accordance with the provisions of this section.            

9.6  Credit Reports, Background Information and Reporting. The Client authorizes Processor and its representatives to obtain from third parties financial, credit and background information relating to Client to assist Processor in its determination of whether to accept this Agreement and its continuing evaluation of the financial and credit status of Client for the entire term hereof. Client shall inform Processor immediately of any adverse circumstances or developments impacting Client’s business or the financial condition of Client. Client must immediately report any actual or threatened litigation, claim or enforcement action against Client to Processor.

9.7  All materials provided to Client by Processor or ODFI in connection with the Services or this Agreement are the property of Processor, and Client shall guard against duplication of such materials without the consent of Processor.

9.8  Relationship of Parties. Nothing contained in this Agreement shall be deemed to create a partnership, joint venture or similar relationship between the Parties. The Parties’ relationship shall be that of independent parties contracting for services.

9.9  Third Party Beneficiaries. This Agreement is entered into solely for the benefit of ODFI, Processor and Client and, other than ODFI, shall not confer any rights upon any Person not a party to this Agreement.

9.10  Subcontractors. Processor may subcontract all or any part of the Services.

9.11  Severability. If any provision of this Agreement is held invalid or unenforceable for any reason, the invalidity shall not affect the validity of the remaining provisions of this Agreement, and the parties shall substitute for the invalid provisions a valid provision that most closely approximates the intent and economic effect of the invalid provision.

9.12  Entire Agreement. This Agreement, including exhibits and schedules, sets forth all of the promises, agreements, conditions and understandings between the parties respecting the subject matter hereof and supersedes all negotiations, conversations, discussions, correspondence, memorandums and agreements between the parties concerning the subject matter.

9.13  Amendments. Client agrees that the Processor may amend this Agreement by providing written notice to the Client. Any amendments to this agreement by notice will not take effect until thirty (30) days after receipt of the notice by the Client. Subject to the foregoing, this Agreement may not be amended except in writing, signed by authorized representatives of the parties to this Agreement.

9.14  Waiver. The failure of a Party at any time to require performance by the other Party of any provision of this Agreement shall not affect in any way the full right to require the performance at any subsequent time. The waiver by a Party of a breach of any provision of this Agreement shall not be taken or held to be a waiver of the provision itself.

9.15  Governing Law and Dispute Resolution. This Agreement shall be governed by and construed in accordance with the laws of the State of California, without giving effect to any choice of law or conflict of law provisions. Any dispute or claim between the Parties arising out of or in connection with any provision of this Agreement shall be finally settled by binding arbitration in San Francisco County, California, in accordance with the Commercial Rules of Arbitration of the American Arbitration Association by one arbitrator appointed in accordance with such Commercial Rules. Judgment on the award rendered by the arbitrator may be entered in any court having jurisdiction thereof. Notwithstanding the foregoing, the Parties may apply to any court of competent jurisdiction for preliminary or interim equitable relief, or to compel arbitration in accordance with Section 9.15 (Injunctive Relief), without breach of this arbitration provision.

9.16  Injunctive Relief. Each Party acknowledges that a violation of Article 6 would cause immediate and irreparable harm for which money damages would be inadequate. Therefore, the harmed Party will be entitled to injunctive relief for the other Party’s breach of any of its obligations under the said Articles without proof of actual damages and without the posting of bond or other security. Such remedy shall not be deemed to be the exclusive remedy for such violation but shall be in addition to all other remedies available at law or in equity.

9.17  Force Majeure. If any Party will be unable to carry out the whole or any part of its obligations under this Agreement by reason of a Force Majeure Event, then the performance of the obligations under this Agreement of such Party as they are affected by such cause will be excused during the continuance of the inability so caused, except that should such inability not be remedied within thirty (30) days after the date of such cause, the Party not so affected may at any time after the expiration of such thirty (30)-day period, during the continuance of such inability, terminate this Agreement on giving written notice to the other Party. A “Force Majeure Event” as used in this Agreement will mean an unanticipated event that is not reasonably within the control of the affected Party or its subcontractors (including acts of God, acts of governmental authorities, strikes, war, terrorist attacks, riots and any other causes of such nature), and that by exercise of reasonable due diligence, such affected Party or its subcontractors could not reasonably have been expected to avoid, overcome or obtain, or cause to be obtained, a commercially reasonable substitute therefore. No Party will be relieved of its obligations hereunder if its failure of performance is due to removable or remediable causes that such Party fails to remove or remedy using commercially reasonable efforts within a reasonable time period. Either Party rendered unable to fulfill any of its obligations under this Agreement by reason of a Force Majeure Event will give prompt notice of such fact to the other Party, followed by written confirmation of notice, and will exercise due diligence to remove such inability with all reasonable dispatch.

9.18  Nonexclusivity. Client acknowledges and agrees Processor may each enter into similar arrangements with one or more third parties.

9.19  Headings; Interpretation. The various captions and section headings in this Agreement are included for convenience only and shall not affect the meaning or interpretation of any provision of this Agreement. References in this Agreement to any Section or Article are to such Section or Article of this Agreement. Except where expressly stated otherwise in this Agreement or the context otherwise requires: (i) “include,” “includes” and “including” are not limiting; (ii) “will” is deemed to mean “shall”; (iii) “hereof,” “hereto,” “hereby,” “herein” and “hereunder” and words of similar import when used in this Agreement refer to this Agreement as a whole and not to any particular provision of this Agreement; (iv) “extent” in the phrase “to the extent” means the degree to which a subject or other thing extends, and such phrase does not mean simply “if”; (v) references to a contract or agreement mean such contract or agreement as amended, replaced or otherwise supplemented or modified from time to time; (vi) references to a Person are also to its permitted successors and assigns; (vii) references to law include any rules, regulations and delegated legislation issued thereunder; (viii) references to any Rule shall mean to such law as changed, supplemented or amended, and (ix) wherever this Agreement calls for the consent or approval of a Party, unless otherwise expressly set forth therein, the same shall not be unreasonably withheld, conditioned or delayed.

9.20  Survival. Provisions of this Agreement that, by their nature, should survive termination of this Agreement shall survive termination (including, but not limited to, any indemnification obligations and Articles 3, 5, 6, 7, 8 and 9).

9.21  Counterparts. This Agreement may be executed by facsimile and in any number of counterparts, each of which shall be deemed an original but all of which together shall constitute one and the same instrument.

10. Security Procedures

Client agrees to comply with the Security Procedures set forth in this Schedule B in transmitting all Entries (including amendments and cancellations) pursuant to this Agreement. Client understands that the Security Procedures are designed to verify the authenticity, and not to detect errors in transmission or content, of Entries. If an Entry is authorized or issued by Client, or on Client’s behalf, or Client otherwise benefits from such Entry, Client agrees to be bound by the Entry, whether or not Processor complies with the Security Procedures. The Security Procedures for Entries shall consist of the procedures the Processor and Client use to verify that an Entry has been validly issued by Client. Pursuant to this Security Procedure: (i) Client warrants and agrees that no individual will be allowed to initiate and/or approve ACH transfers in the absence of proper supervision and adequate safeguards and agrees to take reasonable steps to maintain the confidentiality of the Security Procedures and any passwords, codes, security devices and related instructions provided by Processor or ODFI; and (ii) Client agrees to maintain the confidentiality of any Security Procedures and prevent the disclosure of such procedures except on a “need to know” basis and only to those that are subject to confidentiality requirements similar to those set forth herein. Client shall notify Processor immediately if Client becomes aware of or suspects that any of the Security Procedures relating to the transfer of funds may have been compromised or disclosed.

Client’s unique user IDs, passwords, and/or other access devices or authentication techniques as Processor or ODFI may require from time to time (“Access Codes”) to access the Services will be provided to authorized representative(s) identified by Client in writing (“Authorized Representatives”). Client understands that Processor may rely on any written instructions identifying a Person as an Authorized Representative if such written instruction purportedly originates from Client and Processor is under no obligation to validate such instructions. Client agrees that Access Codes are strictly confidential and must be safeguarded. Client shall have sole responsibility for controlling the distribution and maintaining the confidentiality of the Access Codes assigned to Client. Client acknowledges that anyone with knowledge of Client’s or Authorized Representatives’ Access Codes will be able to issue, cancel or modify Entries on Client’s Account. Client authorizes Processor and ODFI to execute Entries pursuant to the instructions of anyone who has provided Processor with proper Access Codes and acknowledges that Process shall conclusively presume that any Person possessing Client’s Access Codes is an Authorized Representative and will regard their Entry as being authorized by Client. If Client becomes aware of the unauthorized use of Access Codes or suspects that an unauthorized use may occur, or if Client has terminated authorization for an Authorized Representative, Client shall immediately notify Processor to deactivate such Access Codes and issue new Access Codes as appropriate. IN NO EVENT SHALL PROCESSOR BE RESPONSIBLE FOR ANY DAMAGES RESULTING, EITHER DIRECTLY OR INDIRECTLY, FROM THE UNAUTHORIZED USE OF THE ACCESS CODES PRIOR TO SUCH NOTICE AND A REASONABLE TIME THEREAFTER REQUIRED TO CANCEL SUCH PASSWORD(S).

Client is responsible for ensuring that there are adequate software and hardware security measures in place on Client’s computers to prevent initiation of fraudulent payments. Such security measures include but are not limited to anti-virus, spyware, malware, key logger detection software, firewalls and any other “crime ware” protection programs. 

Part 2: StrongholdNET

Merchant agrees to join StrongholdNET upon agreement.


This policy describes how Stronghold delivers communications to you electronically. Stronghold may amend this policy at any time by providing a revised version on the Stronghold Site. The revised version will be effective at the time Stronghold posts it.  Stronghold will provide you with prior notice of any material changes via its website.

Electronic Delivery of Communications

You agree and consent to receive electronically all communications, agreements, documents, notices and disclosures (collectively, “Communications”) that Stronghold provides in connection with your Stronghold Account and your use of Stronghold Services. Communications include: Terms of use and policies you agree to (e.g., the Stronghold User Agreement and Privacy Policy), including updates to these agreements or policies; Account details, history, transaction receipts, confirmations, and any other Account or transaction information; Legal, regulatory, and tax disclosures or statements Stronghold may be required to make available to you; and Responses to claims or customer support inquiries filed in connection with your Account. Stronghold will provide these Communications to you by posting them on the Stronghold website, emailing them to you at the primary email address listed in your Stronghold profile, communicating to you via instant chat, and/or through other electronic communication such as text message or mobile push notification.

Hardware and Software Requirements

In order to access and retain electronic Communications, you will need the following computer hardware and software: A device with an Internet connection; A current web browser that includes 128-bit encryption (e.g. Internet Explorer version 9.0 and above, Firefox version 3.6 and above, Chrome version 31.0 and above, or Safari 7.0 and above) with cookies enabled; A valid email address (your primary email address on file with Stronghold); and Sufficient storage space to save past Communications or an installed printer to print them.

How to Withdraw Your Consent

You may withdraw your consent to receive Communications electronically by emailing Stronghold at [email protected] If you fail to provide or if you withdraw your consent to receive Communications electronically, Stronghold reserves the right to immediately close your Account or charge you additional fees for paper copies.

Updating your Information

It is your responsibility to provide Stronghold with a true, accurate and complete email address and your contact information, and to keep such information up to date. You understand and agree that if Stronghold sends you an electronic Communication but you do not receive it because your primary email address on file is incorrect, out of date, blocked by your service provider, or you are otherwise unable to receive electronic Communications, Stronghold will be deemed to have provided the Communication to you. You may update your information by logging into your account and visiting settings or by contacting Stronghold's support team via email at [email protected]


Where necessary, Stronghold may require you to accept certain conditions or further terms electronically. To confirm our acceptance, you may be prompted to 'E-sign' on the relevant page on the Stronghold Site. If you do not wish to accept certain conditions or further terms DO NOT confirm via E-sign.  However, not confirming by E-sign may result in some or all of the Stronghold Services no longer being made available to you or your Stronghold Account being suspended or terminated.

Last updated: 5th September 2019

Stronghold Platform API Terms and Conditions

Stronghold Institutional Services Limited and its affiliates (referred to as Stronghold, we, our or us) have created these terms and conditions (Terms) so that developers like you can enjoy the benefits of our Platform while protecting both Stronghold’s and its users’ rights. By clicking on 'I agree' (or a similar box or button) or using the API Platform, you agree to be bound by these Terms. You may not use the API Platform if you do not agree to these Terms. These Terms are an agreement between the legal entity (including sole proprietors) that you identified on the registration page for use of the API Platform (you) and Stronghold.

If you are providing application development services or are otherwise acting as a third-party developer to a third party that will receive or otherwise benefit from User Data (Third-Party Recipient) obtained through the API Platform (i.e., you are a Third-Party Developer), you represent that you are acting as an agent of the Third-Party Recipient and you have the authority to bind the Third-Party Recipient to these Terms. In that case, 'you' includes the Third-Party Recipient as well.

If you subcontract the development of Your Applications, you will procure that any third-party subcontractor complies with these Terms. You are responsible for any act or omission of your subcontractor(s) as if they were your acts or omissions.

These Terms include any terms provided separately to you for the API Platform, including guidelines specific to certain types of developers and/or use cases.

If you are a marketplace application, dashboarding and benchmarking application, specialist white-labelled product developer, a bank or another type of financial services provider, please read Section 3 (Your Use Rights), Section 6 (Your Responsibilities) and Section 13 (Additional Terms for Financial Services) carefully.

These Terms will evolve as developers continue to innovate and find new, creative ways to use the API Platform, and will we provide notice of modifications as described in Section 12 (Modifications to Terms).

These Terms were last updated on January 25, 2019. If you registered to use the API Platform on or after January 25, 2019, these changes are effective immediately. If you registered to use the API Platform prior to January 25, 2019, these changes are effective beginning on January 25, 2019.

1. Our Platform API

These Terms govern your access to and use of our APIs, software development kit (if any), app keys and access tokens, and developer webpages and documentation, including (without limitation) the documentation located at (Documentation) (collectively, the API Platform). The API Platform is designed to allow you to connect your new and existing applications, products and services (Your Applications) with our own applications, products and services (collectively, the Stronghold Service).

2. Credential and Approval

To access the API Platform, you will need to create a credential and then apply for approval by emailing [email protected] with your credential's key and your use case. Stronghold may approve or deny access to the API Platform in its sole discretion. When you register, you may be subject to Stronghold's standard Terms of Service and Privacy Policy at and (together, Stronghold's Service Terms), as well as any additional registration terms specified by us.

3. Your Use Rights

Subject to these Terms, you may use the API Platform solely to enable Your Applications to access or interface with the Stronghold Service and as set forth in these Terms (your Use Rights). Your use must be as permitted in our Documentation and, without limitation, is subject to any call, usage and other limits as described in the Documentation or as we otherwise notify you. All of your rights are non-assignable, non-transferrable, and non-sub-licensable (however you may permit a subcontractor to access the API Platform solely for the purpose of, and to the extent necessary, to develop Your Applications and subject that subcontractor agreeing to comply with these Terms).

Unless otherwise specified in these Terms, your use within these Use Rights are permitted “free-of-charge” up to, but not to exceeding, any limits set out in the Documentation. We reserve the right to charge you for your use of the API Platform with prior notice to you.

If you are a Third-Party Developer, you are only permitted to pass through any User Data to the Third-Party Recipient on behalf of which you are connecting to the API Platform.

If you subcontract the development of Your Applications, then you will procure that any third-party subcontractor engaged by you is only passing through any User Data to you. Such subcontractors shall have no other use rights.

You agree not to use, nor permit any third party to use, the API Platform in a manner that violates any applicable law, regulation or these Terms.

If you are unsure whether your intended use case(s) comply with these Terms or the Documentation, please reach out to [email protected] before investing time and resources into building Your Application’s integration with Stronghold.

We reserve the right to modify or amend these Terms, in our sole discretion, at any time, in accordance with Section 12.

4. Support and Modification

While we may provide you with support or modifications for the API Platform, we are not obliged to do so and we have no obligation to fix or respond to errors you may encounter.

In our discretion and without liability to you, we may add, remove or modify any features of the API Platform, impose additional eligibility requirements or restrictions for access to the API Platform, or discontinue the API Platform. If we modify the API Platform, we may require you to use the modified version, which may not be compatible with any of Your Applications developed using previous versions. We will typically make these changes as part of our overall API Platform programme and may not be able to provide you with individual notice of the changes.

5. Branding and Publicity


Except where expressly stated, these Terms do not grant you any right, title, or interest in or to Stronghold's logos, trademarks, service marks or other distinctive brand features (Stronghold's Branding). You may not use Stronghold's Branding without our’s prior written consent. Any permitted use by you of Stronghold's Branding (including any goodwill associated therewith) will inure to the benefit of Stronghold.


You may promote Your Application, including talking to traditional and online media and your users about Your Application, but you may not issue any formal press release via traditional or online media referring to Stronghold or including any Stronghold Branding without our prior written consent. You must conduct all such activities truthfully and without implying that Your Application is created, sponsored, or endorsed by us (or otherwise embellishing your relationship with us) and you may not make any legal representations, guarantees or warranties on our behalf or with respect to the API Platform or the Stronghold Service. If You become aware that any public-facing articles are being developed by independent publications or authors connecting Your Application to Stronghold, then you agree to immediately inform us at [email protected]

We may publicly refer to you, orally or in writing, as a user of the API Platform. We may also publish your logos, trademarks, service marks or other distinctive brand features (with or without a link to Your Application) on our websites, in press releases, and in promotional materials without your prior consent.

6. Your Responsibilities

User Relationships

Your Applications must include your own legally binding terms of use and privacy policy (Your Terms) that are publicly available to your third-party users (assuming you have third-party users or that Your Application allows for the retrieval of User Data, or where including Your Terms would be customary or appropriate under the circumstances).

If a user of the Stronghold Service allows Your Applications to retrieve any data, content or information of that user, including where such data is aggregated by you across more than one user (User Data) from the Stronghold Service, you must (1) access only the minimum data fields Your Application needs to work properly, as permitted by the user and (2) ensure the User Data is collected, processed, transmitted, maintained and used in accordance with Your Terms, all Laws (defined below) and reasonable measures that protect the privacy and security of the User Data.

Without limiting the foregoing, Your Terms must contain clear and legally adequate disclosures about the nature of Your Application’s integration with the API Platform and the User Data you are collecting and how you may use it. Your Terms must include a prominent link to Stronghold's Service Terms.

For clarity, any user’s access or use of the Stronghold Service itself is subject to Stronghold’s Service Terms or other applicable terms agreed by us with the user, not Your Terms. If we receive any User Data from or on behalf of a user, including through or enabled by Your Application, then we will treat such User Data under our applicable terms with such user and such data will no longer be subject to Your Terms.

You will use all reasonable efforts to protect and secure User Data from unauthorised access, use or disclosure and you will promptly notify us where User Data is accessed, used or disclosed without permission (Data Breach). Subject to the next sentence, you must not make any announcement or disclosure to any person in respect of any Data Breach without out prior written consent (not to be unreasonably withheld, but which may be given subject to conditions, including making changes to the form of announcement or allowing us to issue a notice first). If we do not give our consent to an announcement or disclosure in respect of a Data Breach and you consider that you are required by Law to make such an announcement or disclosure, then you may do so provided that you notify us first and give us a copy of the announcement or disclosure. You must co-operate with us in respect of any investigation into any Data Breach or any other unauthorised access, use or disclosure of any other data accessed through Your Applications or your systems using the API Platform or the Stronghold Services.

Limitations on use

  • submit to the API Platform or Stronghold Service any viruses, worms, defects, Trojan horses, malware or any items of a destructive nature;
  • defame, abuse, harass, stalk or threaten others, promote unlawful activities or send disruptive or offensive messages or advertisements;
  • try to exceed or circumvent any limitations on calls and use in the Documentation;
  • create multiple versions of Your Applications that access the API Platform for the same or similar usages (e.g. creating customer-specific versions of Your Applications);
  • copy, reformat, reverse-engineer, or otherwise modify the API Platform, access credentials, or our website or content;
  • download, scrape, post or transmit (in any form or means) any part of our website or content;
  • sublicense our APIs for use by a third party;
  • use User Data to assist with any unsolicited marketing communication (electronic or otherwise) to any person;
  • resell (for a fee, or any other commercial benefit) any User Data (for clarity, 'resell' does not include your charging subscription fees for access to Your Application, generally);
  • transfer any User Data, in the form provided through the API Platform, to any third party (other than to your Third-Party Recipient if you are a Third Party Developer);
  • permit any third party to use any User Data, for any purpose not directly related to your advertised service offering, including but not limited to the on-sale of any transactional feed data or any revenue generating product or services;
  • create an API or similar function designed to help you enhance your websites and/or Your Applications that functions substantially the same as any of our APIs and offer it for use by third parties; or
  • access the API Platform for competitive purposes (including to connect to a competitive product or to create your own competitive product) or publicly disseminate performance information or analysis (including uptime, response time and/or benchmarks) relating to our APIs.

Your Representations and Indemnity

You are solely responsible for your use of the API Platform, Your Applications and any data or content that you use with the API Platform.

You represent and warrant that (a) you have full power and authority to enter into and perform these Terms and, if you are a Third-Party Developer, to bind the Third-Party Recipient to these Terms; (b) your use of the API Platform and Your Applications will not violate any third party rights (including intellectual property rights and rights of privacy or publicity) or any laws, rules, regulations or orders, including those relating to data privacy (including the New Zealand Privacy Act 1993), data transfer, international communications and the export of technical or personal data (Laws); (c) all information you provide to us is and will be true, accurate, and complete; and (d) you will not interfere with our business practices, the way in which we offer the Stronghold Service or the API Platform or any third party products or networks used with the API Platform.

You will indemnify, defend (at our request) and hold harmless Stronghold and its affiliates and their respective directors, officers, employees, agents, contractors, end users and licensees from and against any claims, losses, costs, expenses (including reasonable attorneys’ fees), damages or liabilities based on or arising from: (i) your use of the API Platform or User Data, (ii) Your Applications and your relationships or interactions with any users or third party distributors of Your Applications, or (iii) your breach or alleged breach of these Terms.

We may at our option and our own expense, run or, if we have requested you to run, participate in, the defence and settlement of any claim with our own counsel, and you may not settle a claim without Stronghold’s prior written consent (not to be unreasonably withheld).

7. Disclaimer of Warranties


8. Limitation of Liabilities



9. Intellectual Property Rights and Additional Terms

Independent Development and Patent Issues

You understand and acknowledge that we may be independently creating (or may receive from third parties) features, applications, content, or other products or services that may be similar to or competitive with Your Application, and nothing in these Terms will be construed as restricting or preventing us from doing so, nor are we restricted or prevented from allowing any other person to access the API Platform, even if that person's products or services complete with Your Application. In addition, in order to allow others to benefit from the API Platform, you agree not to assert (or assist or encourage anyone in asserting) any patent claims against us (or our users, customers partners or developers, or our or their respective successors, assigns) where such patent claim relates to the integration, combination or interface of any applications, products or services with the Stronghold Service or our other products or services.

Exception to Privacy Policy

We may reveal personal information about developers for attribution purposes, handling inquiries from users or potential users, and other purposes that we reasonably deem necessary under these Terms. You understand and agree that we may access, preserve, and disclose your personal information and your developer account details if required to do so by law or in a good faith belief that such access, preservation, or disclosure is reasonably necessary to comply with legal process or to protect the rights, property, or safety of Stronghold, its affiliates or partners, its users, or the general public.

Our Intellectual Property

As between you and us, we own all rights, title, and interest, including all intellectual property rights, in and the API Platform, Documentation, Stronghold Service, Stronghold’s Branding, our other products and services, and all related technology, websites and content, and any modifications or derivative works of the foregoing (collectively, Our Materials).

Except for the limited use right expressly granted to you under these Terms, we do not grant you any right, title, or interest in Our Materials. You have no obligation to give us any suggestions, comments or other feedback relating to Our Materials (Feedback). If you provide us with Feedback, you grant us a worldwide, royalty-free, non-exclusive, perpetual and irrevocable licence to use, copy, modify, sublicense (through multiple tiers) and otherwise exploit the Feedback (including any ideas, concepts, methods, know-how or techniques embodied in Feedback) for any purpose, without any restriction or obligation to you based on intellectual property rights or otherwise.

Your Intellectual Property

You retain ownership of any intellectual property rights in Your Applications, subject to our rights in any of Our Materials. You agree to provide us with a reasonable number of copies of or other access to Your Applications. During the term of these Terms you hereby grant to us a paid-up, royalty-free, non-exclusive, worldwide, irrevocable, right and license, under all of your intellectual property rights, to: (a) use, perform, and display Your Application and its content for purposes of our internal testing purposes (including security testing) and for marketing, demonstrating, and making Your Application available to users; and (b) link to and direct users to Your Application. Following the termination of these Terms and upon written request from you, we will make commercially reasonable efforts, as determined in our sole discretion, to remove all references and links to Your Application from our website and the Stronghold Service. We have no other obligation to delete copies of, references to, or links to Your Application.

10. Confidential Information

Our Confidential Information.

We may provide certain information to you that is confidential or proprietary (Our Confidential Information). Our Confidential Information consists of (a) your credential's key, access keys or logins for the API Platform, any non-public elements of the API Platform or any pre-release information about the API Platform or the Stronghold Service and (b) anything identified or marked as 'Confidential' or 'Proprietary' or that you should reasonably understand to be confidential or proprietary under the circumstances. You may use Our Confidential Information only for the purposes of these Terms. You may not disclose any Our Confidential Information to third parties, other than your employees, agents and advisors with a need to know and for whom you agree to remain responsible under these Terms.

Your Confidential Information.

You should not disclose any information to us that you consider to be confidential. To avoid any potential confusion, you agree that any unsolicited information you provide to us in relation to the API Platform will be non-confidential and that we may use it under the same terms as for Feedback above. For the avoidance of doubt, this does not apply to the extent you have entered into a separate non-disclosure agreement or other confidentiality terms with us addressing your confidential information in relation to the API Platform. You must preserve the confidential nature of Our Confidential Information and keep it secret, using at least the same level of technical and organisational measures you use to keep your confidential information confidential.

11. Term and Termination

These Terms remain in effect until terminated. You may terminate these Terms at any time by ceasing all use of the API Platform and notifying us. We may terminate these Terms for any reason or any reason upon ten (10) days’ notice to you. In addition, we may suspend or terminate these Terms (or your use of all or any of the API Platform) immediately if we believe you have violated these Terms, if we believe the use of Your Application with the API Platform is not in our or our users’ best interests, if we cease to offer the API Platform or as required by Laws.

Upon termination of these Terms:

  • all rights and licenses granted to you will terminate immediately and you must stop using all of Our Materials (unless you have a separate right to use them under another agreement with us);
  • neither party is liable to the other party just because the agreement has been terminated;
  • you must permanently delete all Our Confidential Information and any other data which you stored pursuant to your use of the API Platform (other than User Data you have received and are using in accordance with Section 6 (Your Responsibilities)) and, at our request, you will confirm such destruction;
  • Sections 6 (Your Responsibilities) through 14 (General) will survive.

12. Modification to Terms

We may modify these Terms or any additional terms that apply to the API Platform occasionally, for example, to reflect changes to the Law, changes to the API Platform or for other reasons in our sole discretion. We’ll post notice of modifications to these Terms or the additional terms within the documentation for the API Platform. Changes are effective thirty (30) days after they are posted. However, changes specific to new functionality for the API Platform, changes made for legal reasons, and any changes to our Documentation or referenced policies will be effective immediately. You may be required to accept the modified Terms in order to continue using the API Platform, and in any event you agree that your continued use of the API Platform after the changes become effective constitutes acceptance of the modified terms. Except as set forth in this Section 12, all amendments must be in writing and signed by both parties.

13. Additional Terms for Financial Services

These additional terms (Additional Financial Services Terms) apply to any and all of Your Applications that provides a financial product or service, including, without limitation, any product or service that informs or facilitates the delivery, referral, pricing, analysis, comparison, recommendation, crowd or peer-to-peer funding, offer or otherwise of a financial product or service (collectively, Financial Services). For the avoidance of doubt, the definition of financial product or service includes, but is not limited to, payments (payables or receivables), lending, foreign currency, insurance, retirement funding, financial advice, invoice factoring or discounting, trade financing, asset finance, credit and debit card products, capital raising, asset management and trade, commodity trade and origination of new financial accounts. Whether you are a new or existing user of the API Platform, you are prohibited from using the API Platform unless you obtain our written consent to each Financial Services use case (Permission). Please email [email protected] to submit your details and Financial Services use case.

If you use the API Platform and provide Financial Services, then you represent, warrant and covenant to us on a continuing basis that you:

  • have obtained Permission from us for each Financial Services use case relating to Your Applications;
  • will not use the API Platform for generating a lead for another Financial Service provider, for populating, informing, or distributing enquiries or applications for another Financial Services provider.
  • will not act as an aggregator/distributor of above mentioned leads, enquiries, or applications populated with our data or in any other way facilitated by our APIs.
  • will not use the API Platform for development or enablement of a price comparison tool for Financial Services;
  • will not imply, directly or otherwise, that we endorse, underwrite, broker or make any warranties or commitments around Financial Services;
  • will comply with all Laws pertaining to the provision of Financial Services; and
    will immediately notify us of any additional intended Financial Services use cases for Your Applications (whether new or existing applications) and obtain Approval for those new use cases prior to implementing them. For the avoidance of doubt, Approvals extend solely to use cases specified at the time Approval is obtained.

14. General

Entire Agreement, Waiver, Severability, Interpretation, Assignment, and Remedies.

Except as set forth in Section 2 (Credential and Approval) regarding Stronghold's Service Terms, these Terms constitute the entire agreement between Stronghold and you with respect to the subject matter in these Terms, and they supersede any and all prior proposals (oral and written), understandings, representations and other communications between you and us. They do not create any third-party beneficiary rights (however, if you are a Third-Party Developer, you are binding the Third-Party Recipient to these Terms as the Third-Party Recipient's agent, and you and the Third-Party Recipient are jointly and severally liable under these Terms).

If you do not comply with these Terms, and we do not take action right away, this does not mean that we are giving up any rights that we may have (such as taking action in the future).

If any provision of these Terms is found by a court of competent jurisdiction to be invalid, the parties agree that the court should endeavour to give effect to the parties’ intentions as reflected in the provision, and the other provisions of these Terms remain in full force and effect.

In these Terms, 'including' (and similar terms) are to be construed without limitation, and headings are for convenience only.

You may not assign these Terms, in whole or in part, without our prior written consent, and any assignment without such consent is null and void. We may assign, transfer or delegate these Terms in our discretion.

You acknowledge that your breach of these Terms may cause irreparable harm to us, the extent of which would be difficult to ascertain. Accordingly, you agree that, in addition to any other remedies to which we may be legally entitled, we will have the right to seek immediate injunctive relief in the event of a breach of these Terms by you or any of your officers, employees, consultants, or other agents.

Governing Law and Venue; Arbitration (U.S. only) and Waiver of Jury Trial (U.S. only).

If your principal place of business is in New Zealand, or any other jurisdiction besides the U.S.A.: New Zealand law applies to any claims arising out of or related to these Terms or Our Materials and we both agree to the exclusive jurisdiction of the courts of New Zealand for resolution of all such claims.

If your principal place of business is in the U.S.A.: the laws of California, U.S.A., excluding California’s choice of law rules, and the U.S. Federal Arbitration Act, and applicable U.S. federal law, applies to any disputes arising out of or related to these Terms or Our Materials. All claims arising out of or relating to these Terms or Our Materials will be resolved by binding arbitration conducted by the American Arbitration Association in San Francisco County, California, rather than in court. There is no judge or jury in arbitration, and court review of an arbitration award is limited. However, an arbitrator can award on an individual basis the same damages and relief as a court (including injunctive and declaratory relief or statutory damages) and must follow the terms of these Terms as a court would. We also both agree that you or we may bring suit in court to enjoin infringement or other misuse of intellectual property rights or our Confidential Information. You agree that all claims will be resolved exclusively in San Francisco County, California, and you consent to personal jurisdiction there, and waive any claim of forum non-conveniens.

Last updated: 30th March 2020

Privacy Policy Introduction


The purpose of this Privacy Policy is to describe how Stronghold collects, uses and shares information about you through our websites owned and controlled by us, including and its subdomains (the "Stronghold Site"), and through any other medium you use to communicate with us. Please read this notice carefully to understand what we do. If you do not understand any aspects of our Privacy Policy, please feel free to contact us as described at the end of this Policy.

  • Information We Collect And Why We Collect It
  • How We Use and Share Your Information
  • Access To Your Information And Choices
  • Security Of Your Information
  • Consent To Data Processing In United States
  • Changes To Our Privacy Policy
  • Questions And How To Contact Us

Scope: Third Party Sites

This Privacy Policy applies to information we collect at and through the Stronghold Site and to information you provide us through any other medium, including, for example, email, text messages, telephone, letters, or otherwise. The Stronghold Site also contains links to third party sites that are not owned or controlled by Stronghold. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our Site and to read the privacy statements of each and every website that collects personal information.

Terms of Use

Please note that your use of our Site is also subject to our Terms of Service.

Information We Collect, And Why We Collect It

Information You Provide To Us

Types of personal information we collect when you communicate with us include:

  • Name
  • Address
  • Telephone Number
  • Email address
  • Date of Birth
  • Taxpayer identification numbers
  • Government identification numbers
  • Information regarding your bank accounts

We may also collect certain other information necessary to fulfill the service that you have requested, including, for example, loyalty program cards numbers, addresses to deliver items you ask us to order on your behalf, and your passport number and other travel document information. We advise you to not share any sensitive personal information that you do not feel comfortable disclosing to strangers, such as information that relates to medical facts, racial or ethnic origins, political or religious beliefs or sexuality.

We may also collect and analyze information from the content of communications you have with us (including text messages and emails) using automated systems.

Information Collected Through Google Analytics

We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”) to collect certain information relating to your use of the Site. Google Analytics uses “cookies,” which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website. By using our website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. For more information regarding Google Analytics please visit Google’s website, and pages that describe Google Analytics, such as

Information Collected Through Cookies And Similar Technologies

We and our service providers use cookies, web beacons, and other technologies to receive and store certain types of information whenever you interact with our website through your computer or mobile device. A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit the website again, the cookie allows that site to recognize your browser. Cookies may store unique identifiers, user preferences and other information. You can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, some website features or services may not function properly without cookies. We use cookies to improve the quality of our service, including for storing user preferences, tracking user trends, and providing relevant advertising to you (see “Advertising” section below).

No Information From Children Under Age 18

If you are under the age of 18, please do not attempt to register with us at this Site or provide any personal information about yourself to us. If we learn that we have collected personal information from a child under the age of 18, we will promptly delete that information. If you believe we have collected personal information from a child under the age of 18, please contact us. If you are over the age of 18, you may provide us with whatever information about yourself or a child under the age of 18 that is necessary to perform the services you request, and we will only use this information pursuant to this Privacy Policy.

How We Use And Share Your Information

To Provide Products, Services, and Information

As described above, we collect information from you so that we can provide products and services that you request, and provide information that you request from us. We use your personal information to:

  • Contact you about your service requests
  • Perform the services you requested
  • Process financial transactions necessary for the services you requested
  • Personalize your experience
  • Improve our services
  • To process your transactional and membership fees

We may also use your information to send you information about products, services, and new offerings offered by us or by a Stronghold partner through email or through text messages to your mobile phone (if provided). We may also contact you through email when new partners join the Stronghold network and for new offers by Stronghold partners.

Third Party Access

We may provide information to third party service providers that help us fulfill services that you request from us. We may also use third parties to help host the Stronghold Site, send out email updates about the Stronghold Site, provide marketing, analytics, and advertising services for us, remove repetitive information from our user lists, and process payments. These service providers will have access to your personal information in order to provide these services, but when this occurs we implement reasonable contractual and technical protections to limit their use of that information to helping us provide the service.


Your feedback and suggestions you submit, including feedback or suggestions submitted through online forms, social media sites, or through email, will be considered non-confidential and non-proprietary to the extent permitted by law. We may use any of your feedback or suggestions to improve our services or for marketing purposes on our website or on any of our social media sites without any obligation to you.

Statistical Analysis

We may use your information you provide to us through any medium (including emails you delegate us to process on your behalf), combined with other information we may obtain from other sources, to perform statistical, demographic, and marketing analyses of the users of the Stronghold services, their service requests patterns, improve our understanding of our customers and potential customers, improve our service, and to improve customer relationships.

Third Party Advertising And Marketing

From time to time with your consent, we may disclose information with Stronghold partners who may offer you products and services of interest. You may opt-out of this sharing by contacting us. The information we may share with Stronghold partners includes your name, address, email address, telephone number, and information about types of services you have requested. We require Stronghold partners to agree to reasonable contractual and technical protections to limit their use of that information to their own advertising, and to not further share or distribute your information to non-partner third parties without your consent. If you have consented to our sharing your personal information with these third parties, you may subsequently opt-out by contacting us.

Legal Proceedings

We will share personal information with third party companies, organizations or individuals outside of Stronghold if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

  • Meet any applicable law, regulation, subpoena, legal process or enforceable governmental request
  • Enforce applicable Terms of Use, including investigation of potential violations
  • Detect, prevent, or otherwise address fraud, illegal activity, network security or technical issues concerning our service
  • Protect against harm to the rights, property or safety of Stronghold, our users (including you), customers or the public as required or permitted by law
  • Detect, prevent, or otherwise address risks to national security or other important public interests

Your Consent

In addition to the sharing described elsewhere in this Policy, we will share personal information with companies, organizations or individuals outside of Stronghold when we have your express consent to do so.

No Sale Of Data

Stronghold does not sell personal information, including personal information of anyone under 16 years old.

Access To Your Information And Choices

If you have questions about personal information we have about you or need to update your information, you can contact us. While we are happy to provide you the categories of information we have about you, to protect the security of your information we cannot provide you with certain information you may have provided to us, including, for example, passwords, frequent flyer numbers, credit card information, and other account numbers. You may request that we remove any information we have about you by contacting us. You can opt-out of receiving marketing and promotional emails from Stronghold by contacting us.

You may close your account as described in our Terms of Service. If you close your account, we will no longer use your online account information or share it with third parties. We will delete your information if you specifically request us to do so. We may, however, retain a copy of the information for archival purposes, to comply with financial and Anti-Money Laundering and Countering the Financing of Terrorism regulations, and to avoid identity theft or fraud.

Security Of Your Information

We use industry standard physical, technical and administrative security measures and safeguards to protect the confidentiality and security of your personal information. However, since the Internet is not a 100% secure environment, we cannot guarantee, ensure, or warrant the security of any information you transmit to us. Although we use industry standard practices to protect your information stored on our servers, there is no guarantee that information, including sensitive personal information, may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It is your responsibility to protect the security of your login information. Please note that emails and other communications you send to us through our Site are not encrypted, and we strongly advise you not to communicate any confidential information through these means.

Consent To Data Processing In the United States

The Stronghold Site is operated and managed on servers located and operated within the United States. By using and accessing the Stronghold Site, residents and citizens of countries and jurisdictions outside of the United States agree and consent to the transfer to and processing of personal information on servers located in the United States, and that the protection of such information may be different than required under the laws of your residence or location.

Changes To Our Privacy Policy

Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your consent in accordance with applicable law. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). We will also keep prior versions of this Privacy Policy in an archive for your review.

Contact Us

If you have any feedback, questions, or complaints, contact Stronghold via its Customer Support webpage at Stronghold Happiness. When you contact Stronghold please provide your name, address, and any other information Stronghold may need to identify you, your Stronghold Account, and the transaction on which you have feedback, questions, or complaints. If you believe your account has been compromised, you may also report your claim by emailing [email protected]

Infrastructure for Virtual Payment Networks