The information contained on this webpage is Marqeta Confidential Information and subject to the confidentiality agreements between Customer and Marqeta. If you do not have a confidentiality agreement in place with Marqeta, you are not authorized to access this webpage or view its contents.
These Marqeta Payment Services Terms and Conditions (these “Terms”) are entered into between Marqeta, Inc. (“Marqeta”) and Customer (as defined in the Order Form). Each of Marqeta and Customer is a “Party” and together referred to as the “Parties.” The Terms are part of the agreement between the Parties (the “Agreement”), which consists of the Terms, together with the terms and conditions set forth in the document titled “Order Form” executed by the Parties (the “Order Form”). These Terms do not constitute a binding contract between the Parties unless and until the Parties execute an Order Form.
Sections A (General Terms and Conditions), B (Data Privacy and Security), E (Service Levels), and F (Definitions) apply to all customers who have executed an Order Form that references the Terms.
Section C (Powered by Marqeta) applies where the Order Form references Powered by Marqeta Services.
Section D (Managed by Marqeta) applies where the Order Form references Managed by Marqeta Services.
SECTION A
GENERAL TERMS AND CONDITIONS
1. Marqeta’s Obligations.
(a) Services. Marqeta will deliver to Customer or Customer’s Affiliate(s) those services (the “Services”) and the Marqeta system (the “System”) indicated on the order form(s) issued pursuant to this Agreement (“Order Form”) and related onboarding services. Marqeta may enhance, revise, upgrade, improve, correct, or issue a new release of all or part of the Services or System (collectively, “Enhancement(s)”) at any time, provided an Enhancement does not materially degrade the Services. Marqeta and Customer will meet in good faith to agree on any fees and costs for which Customer will be responsible related to the implementation of any Enhancements; provided that, in the event that an Enhancement arises from or relates to a change in Applicable Law or Card Brand Rules, Marqeta may charge Customer reasonable fees and expenses related to increased costs or expenses associated with such an Enhancement or for any enhanced functionality that results from such an Enhancement. If Customer is required to update or otherwise alter its systems to make use of an Enhancement, then Customer will be responsible for its own costs and expenses. Where a Customer Affiliate will receive the Services, the Parties acknowledge and agree all references to “Customer” in this Agreement will also apply to such Customer Affiliate. Customer will be responsible for the actions or omissions of its Affiliates and its Affiliates’ Personnel. Customer’s indemnification obligations under the Agreement will apply to the actions or omissions of the Customer’s Affiliates.
(b) Documentation. Marqeta has or will provide Customer with Documentation.
(c) Marqeta Service Providers. Marqeta may use any entity controlling, controlled by, or under common control with a Marqeta Affiliate or a third party when performing under the Agreement (each, a “Marqeta Service Provider”). Marqeta will be solely responsible for (i) the acts or omissions of any such Marqeta Service Provider, as if they were Marqeta’s acts and omissions under this Agreement; and (ii) ensuring such Marqeta Service Provider’s compliance with the terms of this Agreement.
(d) Card Fulfillment Services. If Customer elects to receive Marqeta’s Card fulfillment services, Customer may order physical Cards by accessing Marqeta’s API. Physical Cards ordered through Marqeta’s card fulfillment services must comply with the Card specification requirements. Customer will be responsible for ensuring that the art, design, and content of physical Cards, Card carriers, and other packaging materials comply with the card specifications and do not infringe proprietary rights of any third party. Customer will be responsible for the cost of Card fulfillment and any additional requested services for any physical Card ordered regardless of whether such Card is used.
2. Customer’s Obligations.
(a) Use of Services. Customer agrees to use the Services in accordance with (i) the Documentation, (ii) the applicable Order Form(s), including the Configuration Schedule in the applicable Order Form(s), and any geographic restrictions relating to use of the Cards, Services or location of Cardholders or Authorized Users, and (iii) as set forth in the applicable schedule(s) to this Agreement. Customer will bear all risk and cost of compliance with Applicable Law, Card Brand Rules, credit losses, negative balances, load failures due to Customer’s acts or omissions, chargebacks, international decline charges, identity theft, fraud (including transaction fraud, cloning, phishing, over/under limit processing and related Issuer actions or recover) or any other losses on the Cards serviced by Marqeta pursuant to the Agreement (collectively, “Card Losses”), except to the extent that Marqeta’s gross negligence or intentional breach caused the Card Losses. Marqeta will have no responsibility or liability for any such Card Loss, or any disputes related thereto.
(b) Instructions and Reports. Customer will provide Marqeta and/or Marqeta Service Providers all materials, information, data, and instructions reasonably required or requested by Marqeta to perform the Marqeta Services (“Customer Instructions”). Customer Instructions will be accurate and complete and Marqeta will not be liable for any inaccurate or incomplete Customer Instructions. Marqeta may rely on Customer Instructions without additional inquiry. Customer will regularly review Customer Instructions for accuracy and completeness and will promptly notify Marqeta of any changes or errors in such Customer Instructions.
(c) Customer Service Providers. Customer may use the services of a Customer Service Provider in exercising its rights or performing its obligations in connection with the Agreement, If Customer or any Customer Service Provider performs any functions related to the Services or the Agreement, or accesses the Services, the System, Cards, Documentation or any other technical information about or incorporated in the Services. Customer will be solely responsible for (i) obtaining all authorizations, licenses, and consents, and for paying all amounts, necessary for the System to interface with Customer’s systems or those of its Customer Service Provider; (ii) the acts or omissions of any such Customer Service Provider, as if they were the Customer’s acts and omissions under this Agreement; and (iii) ensuring such Customer Service Provider’s compliance with the terms of this Agreement.
(d) Sanctions Compliance. Customer will (i) prohibit any person or entity that is the target of applicable Sanctions from being a Cardholder, and (ii) prohibit the use of Cards or Services in violation of any applicable Sanctions or other Applicable Law and (iii) not conduct any business in a comprehensively sanctioned jurisdiction (as defined by OFAC).
(e) Due Diligence and Information Requests. Customer acknowledges that Marqeta’s obligation to make the Services available to Customer is conditioned upon Customer’s ongoing compliance with and satisfaction of Marqeta’s due diligence and information requirements, including providing financial statements on a periodic basis upon request, and Marqeta may terminate this Agreement in the event that Customer no longer complies with or satisfies such requirements. Customer agrees to provide all due diligence information or other information provided under this Agreement in a form reasonably requested by Marqeta or Issuer. Customer will notify Marqeta as soon as reasonably possible if there is a material change to its financial state or ownership.
3. Mutual Obligations.
(a) Representations and Warranties. Each Party represents and warrants that at all times (i) it has the requisite corporate power and authority to enter into the Agreement and perform under it, (ii) it is not a party to any other agreement that would hinder its ability to perform its obligations under the Agreement, and (iii) it is duly qualified and licensed to do business and to carry out its obligations as required by Applicable Law, and (iv) no natural or legal person that is subject to any Sanctions has any material ownership interest such Party, and that no such person controls such Party. Except as otherwise expressly provided in the Agreement, and to the extent permitted by Applicable Law neither Party, nor, when applicable, the Marqeta Service Provider, makes any representations or warranties of any kind, nature, or description to the other Party, whether statutory, express, or implied, including any warranty of non-infringement, error-free operation, merchantability, or fitness for a particular purpose (and all such representations or warranties or any kind, nature, or description are excluded to the maximum extent permitted by Applicable Law). Each Party will notify the other if any of the foregoing representations and warranties is no longer true.
(b)
PCI DSS: Each Party will comply with Payment Card Industry Data Security Standards (“
PCI DSS”) 4.0 or newer. Each Party acknowledges that it has read and understands the PCI Responsibility Matrix for PCI DSS 4.0 as described on the Marqeta website at
https://www.marqeta.com/pci-responsibility-matrix, which may be updated by Marqeta from time to time. Upon Marqeta’s request (no more than once every twelve (12) months), Customer will verify its compliance with PCI DSS, to the extent applicable, and provide the results of the verification to Marqeta in writing.
4. Intellectual Property.
(a) Parties’ Marks. Each Party owns all right, title, and interest in and to any materials provided by or on its behalf in connection with the Agreement, including but not limited to its names, trademarks, service marks, or logos (“Marks”). Except for the licenses granted under these Terms, neither Party will have any right, title, interest, or license to the other Party’s Marks. During the Term, each Party grants to the other a royalty-free, non-exclusive, non-transferable, non-sublicensable, limited right and license to use, reproduce, and distribute the other Party’s Marks exclusively in connection with or in order to provide the Services. The Parties agree that usage of a Party’s Marks in a manner that merely refers to the Party without suggestion of endorsement or sponsorship is not restricted by this Agreement. Customer may use Marqeta's Marks solely for the purposes of non-public materials that disclose the Services provided by Marqeta under this Agreement. Marqeta may list Customer in its marketing materials using the Customer's Marks and generally describe the Services provided by Marqeta under this Agreement. The Parties will obtain one another’s prior approval before any other public distribution of marketing or promotional materials that use the other Party’s Marks.
(b) Ownership and License. Marqeta may provide Customer with project deliverables, plans, Documentation, reports, analyses, and other tangible materials in connection with the Agreement (collectively, the “Deliverables”). Marqeta owns all right, title, and interest, including all intellectual property rights, in and to the Deliverables, the Services, and the System and all derivatives thereof. Marqeta grants to Customer a royalty-free, non-exclusive, non-transferable, non-sublicensable, limited right and license to use the Deliverables, the Services, and the System exclusively in connection with Customer’s receipt of the Services. Customer will not, directly or indirectly, reproduce, retransmit, republish, reverse engineer, decompile, disassemble, or otherwise attempt to derive source code, trade secrets, Confidential Information, or other Intellectual Property from any of the Deliverables, the Services, or the System.
(c) Enhancements. Marqeta will be the sole and exclusive owner of all intellectual property rights in any Enhancement to the System or Services, including any suggestions, enhancement requests, recommendations or other feedback, and the Parties agree that any such Enhancement will not be a “work made for hire” or a “joint work of authorship” (each as defined under the United States Copyright Act) or in any way constitute the intellectual property or other rights of the Customer or its third parties.
5. Confidentiality and Non-Disclosure.
(a) General. Each Party may receive (“Receiving Party”) or otherwise become familiar with Confidential Information about the other Party (“Disclosing Party”).
The Receiving Party agrees to take all reasonable measures to maintain the confidentiality and secrecy of the Confidential Information of the Disclosing Party and to avoid its disclosure, including all precautions the Receiving Party employs with respect to its confidential materials of a similar nature. Receiving Party may not disclose the Disclosing Party’s Confidential Information to any third party, except: (i) where Marqeta is the Receiving Party to its Affiliates, (ii) where Marqeta is the Receiving Party to Marqeta Service Providers and (iii) to Issuer, in each case, for the purpose of providing the Services. In the event the Disclosing Party’s Confidential Information is disclosed to any third party pursuant to one of the exceptions noted in the preceding sentence, the Receiving Party must ensure that the third-party recipients do not use or disclose the Confidential Information other than in accordance with the terms of the Agreement. The Receiving Party may also disclose Disclosing Party’s Confidential Information to the extent required by Applicable Law or court order, provided that the Receiving Party uses reasonable efforts to limit such disclosure and has, to the extent reasonably possible and not prohibited under Applicable Law, provided commercially reasonable notice to the Disclosing Party of the legal disclosure requirement prior to the disclosure of Disclosing Party’s Confidential Information . Subject to Section B, if either Party receives confirmation of a material issue resulting in unauthorized access to the other Party’s Confidential Information, which could have a material impact on the other Party, such Party will promptly notify the other Party in writing and describe the circumstances surrounding such unauthorized access. In addition, each Party will promptly take reasonable steps to minimize such unauthorized access and reasonably cooperate with the other Party to minimize any damage resulting therefrom.
6. Fees and Payment.
(a) Fees. Customer will pay Marqeta or Marqeta will pay Customer the fees detailed in the applicable Order Form.
(b) Early Termination.
(i) If, other than as a result of Marqeta’s uncured material breach of this Agreement, any Order Form is terminated prior to expiration of the Term set forth in such Order Form, Customer will pay Marqeta an amount equal to the greater of (A) the average monthly revenue received by Marqeta related to the terminated Card Program(s) or Order Form(s) for the six (6) months prior to the termination, or (B) the highest possible Monthly Access Fee or Monthly License Fee, as applicable, or similar recurring monthly fee, described in the Order Form, with the applicable of the greater of (A) or (B) multiplied by the number of months (including a pro-rata portion for any partial month) remaining in the Initial Term or the Renewal Term, as applicable (“Early Termination Damages”)
(ii) Customer will pay the Early Termination Damages within one (1) month of the effective date of any such termination. The Early Termination Damages are not a penalty and constitute liquidated damages as a genuine and reasonable estimate of the damages that Marqeta will incur for the lost revenue resulting from such a termination. The payment of the Early Termination Damages by Customer does not preclude liability to Marqeta for other damages incurred under this Agreement.
7. Termination.
(a) Termination for Cause.
(i) A Party may terminate the Agreement, upon written notice to the other Party, in the event that the other Party commits a material breach of the Agreement and fails to cure such material breach within thirty (30) days after receipt of notice, provided, that, if such material breach is a non-monetary breach and is not reasonably curable within thirty (30) days, the cure period will be extended so long as the other Party commences such cure within such thirty (30) day period and diligently pursues such cure to completion within ninety (90) days after notice is first provided.
(ii) A Party may terminate the Agreement, upon written notice to the other Party, in the event that the other Party becomes subject to any voluntary or involuntary bankruptcy, insolvency, reorganization, or liquidation proceeding, has a receiver appointed for it, makes an assignment for the benefit of its creditors, or admits its inability to pay its debts as they become due, or any analogous procedure or step is taken in any jurisdiction.
(iii) Marqeta may (a) terminate the Agreement or (b) suspend the provision of services pursuant to an Order Form in the event Customer fails to pay undisputed charges when such payments are due and payable (as set forth in the Order Form) and fails to cure such material breach within five (5) days after receipt of notice. Marqeta’s right to terminate pursuant to this Section (iii) does not prejudice or waive its right to payment.
(iv) Marqeta may terminate or suspend performing, in whole or in part, under the Agreement upon notice (a) if if Customer fails to perform a regulatory or compliance obligation or directive or comply with Issuer Program Requirements (if applicable), (b) if Customer violates Applicable Law or Card Brand Rules, or (c) at the directive of Issuer. Marqeta may suspend performing under this Agreement during its reasonable investigation into (y) whether (a) or (b) has occurred or (z) whether there has been any (1) material fraud, (2) misuse of the Marqeta Services, or (3) use of the Services in a manner that compromises the security, integrity, or performance of the Marqeta Services. Marqeta may also decline to authorize particular transactions if Marqeta reasonably believes that such transactions violate Applicable Law or Card Brand Rules or would compromise the security, integrity, or performance of the Marqeta Services or have a material adverse impact on the Issuer.
(b) Termination Not for Cause.
(i) A Party may (a) terminate the Agreement on ninety (90) days’ prior written notice and/or (b) suspend providing, in whole or in part, Services under the Agreement, if there is a change in Applicable Law or Card Brand Rules that would have a material adverse impact upon a Party’s ability to perform its obligations under the Agreement. The Party terminating or suspending the Agreement pursuant to this Section will provide ninety (90) days’ notice of such termination unless otherwise a shorter period required in order to comply with Applicable Law or Card Brand Rules.
(ii) Marqeta may (a) terminate the Agreement and/or (b) suspend providing, in whole or in part, Services under the Agreement if directed to do so by an Issuer, Card Brand or Regulator. Marqeta will provide one hundred eighty (180) days’ notice of such termination unless it is required by a Card Brand or a Regulator to provide less notice.
(iii) Marqeta may terminate this Agreement, on thirty (30) days' prior written notice, if the Card Program does not have material transaction or issuing activity for more than three hundred and sixty five (365) days after the Go-Live Date (as defined in the applicable Order Form).
(c) Transition. Any notice of termination by either Party will include a proposed date for initiation of transition, if any. Except for termination of the Agreement by Marqeta for cause or at the direction of, if applicable, Issuer, a Card Brand, or a Regulator, Marqeta will provide transition assistance reasonably necessary to transition the accounts for which Marqeta provides the Services to a successor service provider as agreed by the Parties in writing (the “Transition Services”). The Agreement will continue on the same commercial terms and conditions until the completion of the transition and Customer will be responsible for all costs and expenses in connection with the Transition Services, including any fees earned by Marqeta but not yet paid by Customer and any fees for the Services during the transition. If Customer elects not to receive the Transition Services, the Parties will work in good faith to implement an orderly wind-down of the Services after termination of the Agreement. The wind-down period will not exceed six (6) months.
(d) In case of termination of the Agreement for any reason other than Marqeta’s breach, unless otherwise expressly provided herein, Customer is obligated to pay all applicable fees and other charges (e.g., the Monthly Access Fee) for the remainder of the Initial Term or Renewal Term (each as defined in the Order Form), as applicable.
8. Indemnification.
(a) Marqeta Indemnification. Marqeta will indemnify, defend, and hold harmless Customer and its officers, directors, and employees from and against all costs, penalties, fees, assessments, liabilities and other losses, including reasonable attorneys’ fees (“Damages”) as a result of any third-party claim or cause of action (“Claim”) arising out of, relating to, or alleging: (i) Marqeta’s breach of the Agreement, (ii) Marqeta’s gross negligence, willful misconduct, or fraud in connection with the Agreement, (iii) the gross negligence, willful misconduct, or fraud of any Marqeta Service Provider in connection with the Agreement, or (iv) Marqeta’s infringement of the intellectual property rights of any third party in connection with the Agreement. Marqeta’s indemnification obligations will not apply to any Damages that arise from or relate to (1) the combination of the Services with any products, services, or materials not supplied by Marqeta or a Marqeta Service Provider, (2) any modification to the Services not made by or on behalf of Marqeta, (3) any failure by Customer to implement any Enhancements to the Services, (4) any use of the Services other than as expressly permitted under the Agreement, or (5) Marqeta’s compliance with any Customer Instructions or reliance on any data or information received from Customer or any authorized third party on Customer’s behalf.
(b) Customer Indemnification. Customer will indemnify, defend, and hold harmless Marqeta, Issuer, and each of their respective officers, directors, employees from and against all Damages as a result of any Claim arising out of, relating to, or alleging: (i) Customer or Customer Service Providers’ breach of the Agreement, (ii) the gross negligence, willful misconduct, or fraud of Customer or any of Customer’s personnel or Customer Service Providers in connection with the Agreement, (iii) Customer’s and/or Customer Service Providers’ infringement of the intellectual property rights of any third party in connection with the Agreement, (iv) any fines, fees, penalties, assessments, or other amounts imposed by, or on, Issuer, or imposed by any Card Brand in connection with the Agreement, (v) the business or services of Customer relating to the Agreement, or, when applicable, a Customer Service Provider.
(c) Procedure. The party seeking indemnification (“Indemnified Party”) will promptly notify the indemnifying party (“Indemnifying Party”) in writing of any Claim along with a copy of any papers received. Failure to provide prompt notice of any Claim will not relieve the Indemnifying Party of its indemnification obligations, except to the extent such failure materially prejudices the Indemnifying Party in defending the Claim. The Indemnified Party will tender control of the defense and settlement of any such Claim to the Indemnifying Party at the Indemnifying Party’s expense and with the Indemnifying Party’s choice of counsel. The Indemnified Party will also cooperate with the Indemnifying Party, at the Indemnifying Party’s expense, in defending or settling such Claim and the Indemnified Party may join in the defense with counsel of its choice at its own expense.
9. Insurance. During the term of the Agreement and any transition period, each Party will maintain in full force and effect, at its own cost and expense: (i) insurance coverage sufficient to cover its potential indemnity or reimbursement obligations, and (ii) an appropriate insurance policy or policies providing coverage in the event of its loss of confidential data, including Cardholder Data and Transaction Data, the limit of which (i) for general liability insurance will be no less than five million dollars ($5,000,000) per occurrence or five million dollars ($5,000,000) aggregate, and (ii) for cyber insurance, will be no less than five million dollars ($5,000,000) per occurrence or five million dollars ($5,000,000) aggregate. Each insurance policy will be carried in the name of the Party. A copy of each policy, and any certificates of insurance evidencing the existence of such policy, will be provided to the other Party promptly following such Party’s written or e-mail request. Each insurance policy must be written by insurance carriers that have an A.M. Best rating of “A” or better and will name the other Party and, if Customer is receiving Managed by Marqeta Services, Issuer as an additional insured. Each Party will promptly provide notice to the other Party in the event of any notice of nonrenewal or cancellation, lapse, or termination of any insurance coverage required under the Agreement. Notwithstanding the foregoing, Customer acknowledges and agrees that the Issuer may require Customer to carry insurance in addition to the amounts set forth above.
10. General.
(a) Governing Law and Jurisdiction. This Agreement and the rights of the Parties hereunder will be governed by and construed in accordance with the laws of the State of Delaware, exclusive of conflict or choice of law rules.
(b) Dispute Resolution Process.
(i) In the event of a dispute between the Parties under the Agreement, the Parties will first attempt in good faith to resolve the dispute by negotiation between themselves, including at least one negotiation session attended by the relationship managers of each Party.
(ii) In the event that the negotiation described in section (i) above does not resolve the dispute, the Parties agree that any dispute, claim or controversy arising out of or relating to this Agreement or the breach, termination, enforcement, interpretation or validity thereof, including the determination of the scope or applicability of this agreement to arbitrate, will be determined by arbitration in San Francisco, California before one arbitrator. The arbitration will be conducted in English.
(iii) The Parties acknowledge that the Agreement evidences a transaction involving interstate commerce. Notwithstanding the Governing Law and Jurisdiction provision in Section 9(a) above with respect to applicable substantive law, any arbitration conducted pursuant to the terms of this Agreement shall be governed by the Federal Arbitration Act (9 U.S.C., Secs. 1-16).
(iv) i pursuant to its Commercial Arbitration Rules and in accordance with the Expedited Procedures in those Rules, to the extent they are applicable to the claim or claims at issue pursuant to the Rules. Where Customer's principal place of business is outside of the United States, the arbitration shall be administered by the International Centre for Dispute Resolution in accordance with its International Arbitration Rules. To the extent there is a conflict between the rules of the arbitration administrator and this Section 10, the terms of this Section shall control. JAMS pursuant to its International Arbitration Rules. Judgment on the arbitration award may be entered in any court having jurisdiction. This clause shall not preclude the Parties from seeking provisional remedies in aid of arbitration from a court of appropriate jurisdiction.
(v) The arbitration proceeding shall be confidential and the Parties shall maintain the confidential nature of the arbitration proceeding and the arbitration award, including any arbitration hearing, except as may be necessary to prepare for or conduct the arbitration hearing on the merits, or except as may be necessary in connection with a court application for a preliminary remedy, a judicial challenge to an arbitration award or its enforcement, or unless otherwise required by law or judicial decision.
(vi) In any arbitration arising out of or related to this Agreement, the arbitrator shall award to the prevailing party, if any, the costs and attorneys' fees reasonably incurred by the prevailing party in connection with the arbitration. If the arbitrator determines a party to be the prevailing party under circumstances where the prevailing party won on some but not all of the claims and counterclaims, the arbitrator may award the prevailing party an appropriate percentage of the costs and attorneys' fees reasonably incurred by the prevailing party in connection with the arbitration.
(c) Assignment. Neither Party may assign any rights or obligations under the Agreement without the other Party’s prior written consent; provided, however, that Marqeta may assign this Agreement or an Order Form subject to this Agreement to an Affiliate upon written notice. The Agreement will bind and inure to the benefit of the Parties and their respective successors and permitted assigns.
(d) Force Majeure. Except for delays in payment, if the performance of the Agreement or any obligation hereunder is prevented, restricted, or interfered with by any act or condition whatsoever beyond the reasonable control of the affected Party, the Party so affected, upon giving prompt notice to the other Party, will be excused from such performance, except for the making of payments hereunder, to the extent of such prevention, restriction, or interference.
(e) Modifications. No amendment or modification the Agreement will be valid unless in writing and signed by an authorized representative of each Party.
(f) Severability. If any provision of the Agreement conflicts with a law under which the Agreement is to be construed or is held invalid by a court of competent jurisdiction, that provision will be deemed to be restated to reflect, as nearly as possible, the original intentions of the Parties and the remainder of the Agreement will remain in full force and effect.
(g) Rights of Third Parties. The Agreement is between, and may be enforced only by, Customer and Marqeta and will not create any rights in third parties other than, if applicable, the Issuer and the KYC Service Provider (as defined in Section F (KYC Services)).
(h) Cumulative Remedies. Except as otherwise expressly provided in the Agreement, all remedies provided for in the Agreement will be cumulative and in addition to, and not in lieu of, any other remedies available to either Party at law, in equity, or otherwise.
(i) Notices. All notices under the Agreement shall be in writing, including via email. Each Party shall send notices to the other Party at the address or email address set forth in the Order Form.
(j) Counterparts. The Order Form may be executed in counterparts.
(k) Relationship of the Parties. Nothing in the Agreement is intended to, or will, create a partnership, or joint venture, or agency relationship between the Parties.
(l) Survival. The provisions of the Agreement that by their nature or terms are intended to survive the expiration or termination of the Agreement shall survive its expiration or termination.
(m) Entire Agreement. The Agreement, which is comprised of these Terms and the Order Form, including any schedules incorporated via an applicable Order Form, represents the Parties’ entire agreement and supersedes any and all prior written or oral communications, agreements, or understandings.
SECTION B
DATA SECURITY AND PRIVACY
1. Security Standards.
(a) Each Party will implement security measures and procedures designed to: (1) ensure the security and confidentiality of Cardholder Data and Transaction Data (as defined in Section (2)(a) below), (2) protect against anticipated threats or hazards to the security and integrity of Cardholder Data and Transaction Data, (3) protect against unauthorized access to or use of Cardholder Data and Transaction Data, (4) prevent unauthorized access to or use of the other Party’s system through its systems, (5) prevent unauthorized access to or use of its own systems and (6) comply with Applicable Law.
2. Transaction Level Fraud Data.
(a) Transaction Level Fraud Data. Customer will report to Marqeta data related to fraudulent transactions at a transaction level (“Transaction Level Fraud Data”). Specifically, as a part of the Transaction Level Fraud Data, Customer will report:
(i) Authorized transactions that are later determined to be fraudulent (the “Fraudulent Transaction False Negatives”); and
(ii) Declined transactions that are later determined to be genuine (the “Fraudulent Transaction False Positives”).
(b) Except for Fraudulent Transactions False Negative and Fraudulent Transactions False Positives, Marqeta will treat all authorized transactions as fraudulent transaction true negatives and all other declined transactions as fraudulent transaction true positives. Customer will report its Transaction Level Fraud Data to Marqeta through the Fraud Feedback API, and Marqeta will share Customer’s Transaction Level Fraud Data to the Card Brands in accordance with the Card Brand Rules.
SECTION B-1
DATA PROCESSING ADDENDUM (“DPA”)
1. Background. This DPA details the parties' personal data processing, privacy, and information security obligations. The Agreement and this DPA shall be construed to be consistent with each other to the greatest extent possible; however, in the event of a conflict between the provisions of this DPA and the Agreement, the provisions of this DPA will control with respect to the subject matter contained herein. This DPA will apply to all Services rendered by Marqeta under the Agreement. Capitalized terms not defined herein shall have the definitions set forth in the Agreement.
2. Definitions and Interpretation. For purposes of this DPA, the following words shall have the following meanings:
(a). Business, Controller, Processor, Sub-Processor, and Service Provider. These terms shall have the same meaning as defined under applicable Data Protection Laws.
(b). CCPA. “CCPA” means the California Consumer Privacy Act of 2018 as amended, including by the California Privacy Rights Act of 2020, and all implementing regulations.
(c). Data Incident. “Data Incident” means any loss or unauthorized or unlawful destruction, damage, alteration, processing, disclosure of, or access to Personal Data, or as otherwise defined in the Data Protection Laws. Data Incident includes any event defined as a “data breach”, “personal data breach” or “security breach” in applicable laws and regulations.
(d). Data Protection Laws. “Data Protection Laws” mean any statutes, laws, rules, regulations, and ordinances in any jurisdiction relating to privacy, data protection or security of Personal Data and applicable to the Services provided by Marqeta pursuant to the Agreement.
(e). DP Regulator. ”DP Regulator” means any governmental or regulatory body or authority with responsibility for monitoring or enforcing compliance with Data Protection Laws.
(f). Data Subject. ”Data Subject” means any identified or identifiable natural person whose Personal Data will be Processed by Marqeta in connection with its provision of the Services.
(g). Personal Data. ”Personal Data” means any information relating to an identified or identifiable natural person (i.e., a Data Subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, or as otherwise defined in applicable Data Protection Law. For the sake of clarity, Personal Data is (i) inclusive of Cardholder Data and Transaction Data (as such terms are defined in the Agreement), and (ii) limited to those data elements provided or collected by a Party in performance of its obligations in connection with the Card Program and the Agreement.
(f). Personnel. “Personnel” means any employee, contractor, work-for-hire or other person working under the authority of the relevant Party.
(i) Process or Processing. “Process” or “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, or as otherwise defined in applicable Data Protection Law.
3. Term. This DPA shall continue in force for the Term of the Agreement.
4. Roles of the Parties.
(a). Managed by Marqeta
Services. When Marqeta provides Managed by Marqeta Services, each of Marqeta and the Customer act as a Processor or Service Provider to the Issuer when Processing Personal Data in connection with the Agreement.
(b). Powered by Marqeta Services. When Marqeta provides Powered by Marqeta Services, Marqeta acts as a Processor or Service Provider to the Customer when Processing Personal Data in connection with the Agreement.
5. Data Protection Obligations.
(a). Marqeta
1. Managed by Marqeta Services. In carrying out the Managed by Marqeta Services, Marqeta shall comply with its obligations under the Data Protection Laws.
2. Powered by Marqeta Services. In carrying out the Powered by Marqeta Services, Marqeta shall:
(i) Comply with its obligations under the Data Protection Laws;
(ii) Process Personal Data only for the purposes permitted in this DPA and the Agreement, or as otherwise expressly authorized by a Cardholder or the Issuer;
(iii) Not disclose any Personal Data to a third party, other than as described in this DPA or the Agreement;
(iv) Maintain records of all Processing operations as required by the Data Protection Laws, and make relevant information available to any DP Regulator upon request;
(v) Ensure that any of its Personnel and any Sub-Processors who have access to Personal Data are under appropriate obligations of confidentiality and understand their obligations under this DPA;
(vi) Reasonably assist Customer with its compliance obligations under the Data Protection Laws, including, without limitation, providing information (to the extent such information is not also maintained by or cannot be directly accessed by the Customer) and commercially reasonable assistance to Customer relating to obligations to enable Data Subjects to exercise their rights, to maintain required records of Personal Data Processing, and to undertake a data protection impact assessment with respect to the Services; and
(vii) Where the Personal Data is subject to the CCPA, Marqeta acts as a Service Provider and shall not (a) “sell” or “share” (as defined in the CCPA) Personal Data; (b) retain, use, or disclose Personal Data outside the direct business relationship between Customer and Marqeta or for any purpose other than for the business purposes specified in the Agreement or this DPA or as otherwise permitted by the CCPA; or (c) combine any Personal Data with Personal Data that Marqeta receives from or on behalf of any other third party or collects from its own interactions with Data Subjects, provided that Marqeta may combine Personal Data for the business purposes specified in the Agreement or this DPA or as otherwise permitted under the CCPA. Marqeta will notify Customer to the extent Marqeta believes it is unable to comply with its obligations under the CCPA.
(b). Customer.
1. Managed by Marqeta Services. In receiving the Managed by Marqeta Services, Customer shall:
(i) Comply with its obligations under the Data Protection Laws;
(ii) Process Personal Data only for the purposes permitted in this DPA and the Agreement, or as otherwise expressly authorized by a Cardholder or the Issuer;
(iii) Not disclose any Personal Data to a third party, other than as described in this DPA or the Agreement;
(iv) Maintain records of all Processing operations as required by the Data Protection Laws, and make relevant information available to Marqeta or any DP Regulator upon request;
(v) Ensure that any of its Personnel and any Sub-Processors who have access to Personal Data are under appropriate obligations of confidentiality and understand their obligations under this DPA;
(vi) Reasonably assist Marqeta and the Issuer with their compliance obligations under the Data Protection Laws, including, without limitation, providing information (to the extent such information is not also maintained by or cannot be directly accessed by Marqeta) and commercially reasonable assistance to Marqeta and the Issuer relating to obligations to enable Data Subjects to exercise their rights, to maintain required records of Personal Data Processing, and to undertake a data protection impact assessment with respect to the Services; and
(vii) Where the Personal Data is subject to the California Consumer Privacy Act (“CCPA”) as part of the Services, Customer acts as a Service Provider and shall not (a) “sell”’ or “share” (as defined in the CCPA) Personal Data; (b) retain, use, or disclose Personal Data outside the direct business relationship between Customer and Marqeta or for any purpose other than for the business purposes specified in the Agreement or this DPA or as otherwise permitted by the CCPA; or (c) combine any Personal Data with Personal Data that Customer receives from or on behalf of any other third party or collects from its own interactions with Data Subjects, provided that Customer may combine Personal Data for the business purposes specified in the Agreement or this DPA or as otherwise permitted under the CCPA. Customer will notify Marqeta to the extent Customer believes it is unable to comply with its obligations under the CCPA.
2. Powered by Marqeta Services. In receiving the Powered by Marqeta Services, Customer shall comply with its obligations under the Data Protection Laws. Customer will obtain all consents or provide any notices necessary to ensure that Marqeta may Process and disclose Personal Data to provide the Services and perform the terms of this Agreement in compliance with Applicable Law.
6. Security and Data Incident Response.
(a). Marqeta.
1. Taking into account the state of the art, the nature, scope, context and purposes of the Personal Data Processing, and the risk of varying likelihood and severity of potential harm to the rights and freedoms of Data Subjects, Marqeta will implement and maintain a comprehensive written information security program designed to protect Personal Data from any Data Incident (including protection against any anticipated threats or hazards), including physical, technical, and organizational measures appropriate to the risk.
2. Marqeta will maintain compliance with AICPA Trust Services Criteria (SOC reports) or ISO27001 and PCI-DSS.
3. Marqeta will provide those Personnel who have access to Personal Data with appropriate education and training on their data protection and confidentiality responsibilities.
4. Marqeta agrees to promptly, and without undue delay, but in no case later than the prescribed period under applicable Data Protection Laws, notify Customer of any Data Incident impacting Customer. Marqeta shall ensure that such notice includes relevant details relating to such Data Incident including, to the extent then known:
(i) the nature and facts of such Data Incident including the categories and number of Personal Data records and the Data Subjects impacted;
(ii)
the contact details of the Data Protection Officer or other representative from whom Customer can obtain further information relating to the Data Breach; and
(iii) the measures taken or proposed to be taken by Marqeta to address the Data Breach and to avoid or mitigate any possible adverse effects.
5. Marqeta will take appropriate steps to investigate, mitigate, and remedy the harm to the Customer and any individuals impacted by a Data Breach and will reasonably cooperate with the Customer in the investigation and remediation efforts.
b. Customer
1. Taking into account the state of the art, the nature, scope, context and purposes of the Personal Data Processing, and the risk of varying likelihood and severity of potential harm to the rights and freedoms of Data Subjects, Customer will implement and maintain a comprehensive written information security program designed to protect Personal Data from any Data Incident (including protection against any anticipated threats or hazards), including physical, technical, and organizational measures appropriate to the risk.
2. Customer’s information security program shall be aligned to at least one or more of the following industry security standards: NIST Cybersecurity Framework, ISO 27001, Payment Card Industry Data Security Standard (“PCI-DSS”) or SANS/CIS Critical Security Controls.
3. Customer will provide those Personnel who have access to Personal Data with appropriate education and training on their data protection and confidentiality responsibilities.
4. Customer agrees to promptly, and without undue delay, but in no case later than the prescribed period under applicable Data Protection Laws, notify Marqeta of any Data Incident impacting Marqeta or the Card Program. Customer shall ensure that such notice includes relevant details relating to such Data Incident including, to the extent then known:
(i) the nature and facts of such Data Incident including the categories and number of Personal Data records and the Data Subjects impacted;
(ii) the contact details of the Data Protection Officer or other representative from whom Marqeta can obtain further information relating to the Data Breach; and
(iii) the measures taken or proposed to be taken by Customer to address the Data Breach and to avoid or mitigate any possible adverse effects.
5. Customer will take appropriate steps to investigate, mitigate, and remedy the harm to Marqeta and any individuals impacted by a Data Breach and will reasonably cooperate with Marqeta in the investigation and remediation efforts.
6. Customer shall ensure that access to the Marqeta System and Cardholder Data and Transaction Data is provided only to Customer or Customer Sub-processor Personnel who have been properly authorized by Customer.
7. Return or Destruction of Personal Data.
(a) Upon termination or expiry of this DPA or the Agreement, or, where a longer retention period is required by the Issuer or applicable law upon completion of any additional required retention period, Marqeta shall take reasonable steps to delete or destroy all Personal Data.
(b) To the extent that Marqeta is required by the Issuer or applicable law to retain all or part of the Personal Data (“Retained Data”) beyond termination or expiry of this DPA or the Agreement, Marqeta shall: (i) cease all Processing of the Retained Data other than as required by the Issuer or Applicable Law; and (ii) continue to comply with the provisions of this DPA in respect of such Retained Data.
8. Sub-processors & Customer Service Providers
(a)
Marqeta. In carrying out the each of the Services, Marqeta shall: ensure that its Sub-processors are required by contract to: (i) Process the Personal Data only for the purposes permitted in the Agreement and this DPA; and (ii) comply with data protection obligations substantially similar to those imposed on Marqeta under this DPA; remain responsible for any Processing by a Marqeta Sub-processor in breach of this DPA; and provide a list of current Sub-processors at
https://www.marqeta.com/sub-processors.
(b) Customer.
(i) Managed by Marqeta Services. When receiving Managed by Marqeta Services, Customer shall:
1. ensure that its Sub-processors are required by contract to: (i) Process the Personal Data only for the purposes permitted in the Agreement and this DPA; and (ii) comply with data protection obligations substantially similar to those imposed on Customer under this DPA;
2. remain responsible for any Processing by its Sub-processor in breach of this DPA; and
3. attach here a list of current Sub-processors of each Processor as Exhibit A-2 to the Order Form.
(ii) Powered by Marqeta Services. When receiving Powered by Marqeta Services, Customer shall ensure that Customer Service Providers who engage directly with Marqeta and access Personal Data via Marqeta’s tools and the Marqeta System will comply with Data Protection Laws and the terms of this DPA, inclusive of but not limited to maintaining at least the same level of data protection controls. Customer shall remain responsible for any Processing of data by Customer Service Providers, including any removal of data from the Marqeta System by a Customer Service Provider.
9. Cross-border Transfers. As part of the Services, Marqeta may transfer Personal Data to locations around the world provided that such transfers comply with applicable Data Protection Laws. Customer acknowledges that such transfers may be to the United States as well as other jurisdictions where Marqeta and any third party service providers provide the Services.
SECTION C
POWERED BY MARQETA
1. Marqeta’s Obligations.
(a) Services Description. Marqeta will provide the Services in order to provide Customer with a Card Program.
(b) Instructions. If Customer Instructions include enabling Commando Mode, Customer is responsible for all such transactions relating to the Cards, including any losses or complaints. Compliance with Law. Marqeta will comply with Applicable Law and Card Brand Rules that directly apply to Marqeta.
2. Customer’s Obligations.
(a) Use of Services. For Card Programs under this Section C, Customer will perform its responsibilities as set forth in the Documentation and will be solely responsible for the program management of each Card Program, including but not limited to designing and facilitating the marketing and advertising of each Card Program, managing the relationship with each Issuer and Card Brand, obtaining Issuer approvals, creating applicable Cardholder agreements, providing required customer service, Card dispute resolution services, and Card Program due diligence.
(b) Card Restrictions. Customer will be responsible for establishing, implementing, and enforcing any restrictions or controls on Cards (e.g., spending limits for Cards, restricting the merchants or merchant types at which Cards may be used).
(c) Audit. Each Party will fully cooperate with each Regulator of the other Party or Issuer (if applicable) in accordance with Applicable Law in conjunction with an audit of such Party by a Regulator. Furthermore, in conjunction with an audit of Customer by a Regulator, Marqeta will cooperate with any request of a Regulator to review the Services, including, without limitation, providing any information or material lawfully requested by such Regulator, and permitting such Regulator to inspect or audit Marqeta as to the Services in accordance with Applicable Law, and Marqeta will be entitled to a reasonable hourly rate for work performed in conjunction with such audit. The Party seeking to conduct an audit under this Section will provide at least 30 business days’ notice and the Parties will agree upon the scope of the audit and audit plan.
(d) Customer is responsible for ensuring that Sanctions screening is performed in order to ensure compliance with Section 2(d) in Schedule A.
(e) Customer represents and warrants that it has entered into a program management, BIN sponsorship, or other similar agreement with an Issuer for the issuance of Cards related to the Card Program(s). Customer will cooperate in good faith with Marqeta and such Issuer to enable Marqeta to enter into an agreement with such Issuer setting forth the Issuer’s rights and obligations related to the Card Program(s) for which such Issuer is issuing the Cards (“Sponsor Bank Agreement”). In the event that Marqeta, acting reasonably and in good faith, is unable to enter into a Sponsor Bank Agreement with such Issuer with commercially reasonable terms that are generally consistent with industry standard terms for Sponsor Bank Agreements, Marqeta and Customer will cooperate in good faith to resolve the issues prior to going live with the applicable Card Program(s) for which such Issuer is issuing the Cards.
(f) Customer will comply with any Applicable Law and Card Brand Rules that apply to or relate to this Agreement and / or the Card Program(s).
3. Card Funding and Settlement. Customer is responsible for all funds loaded, authorized, and settled in connection with the Cards and for the settlement of all transactions relating to the Cards.
4. Limitation of Liability.
(a) Except for (i) a Party’s breach of a Party’s intellectual property rights, or (ii) a Party’s indemnification obligations for third party Claims for infringement of intellectual property rights or (iii) liabilities which cannot be limited or excluded by Applicable Law; (each, an “Excluded Claim”), in no event will either Party or their respective representatives and suppliers, including any Marqeta Service Provider or Customer Service Provider, be liable to the other Party, whether in contract, tort (including breach of warranty, negligence, or strict liability), or otherwise, for any indirect, incidental, consequential, special, exemplary, or punitive damages regardless of whether such Party knew or should have known of the possibility of such damages.
(b) Except for an Excluded Claim or a Party’s payment or funding obligations under this Agreement, a Party’s total cumulative liability to the other Party will not exceed the revenue earned by Marqeta under this Agreement during the twelve (12) months immediately preceding the date on which the issue giving rise to a Party’s liability under this Agreement occurred.
(c) Notwithstanding anything to the contrary in this Agreement, neither Party will be in breach of this Agreement or otherwise responsible or liable for non-performance of its obligations to the extent such non-performance is attributable to (i) a breach by the other Party of its obligations under this Agreement, (ii) the other Party’s failure to cooperate with and perform activities reasonably required on a timely basis, or (iii) in the case of Marqeta, Marqeta’s reliance on information and Customer Instructions provided by Customer in accordance with Paragraph 2(b) in Section A above. In the event of the foregoing, where Customer has not performed its obligations under this Agreement, Marqeta will: (i) be excused from any resulting delays in performing the Services and be entitled to a corresponding adjustment in the SLA; and (ii) not be responsible to Customer for any claims by Customer or third parties arising from or relating to the failure of any third-party software, hardware, communications devices, Internet services, e-mail systems, or other systems or functions.
(d) No action, regardless of form, arising out of any claimed breach of this Agreement or the Services may be brought by either Party more than one (1) year after discovery of the breach.
(e) Each Party has a general duty to mitigate any losses suffered by such Party, including through the enforcement of its agreements with third parties.
5. Data Use. Marqeta may use Cardholder Data or Transaction Data for (i) performing its obligations under this Agreement, (ii) improving and developing Marqeta’s products and the services and performing services for Marqeta’s customers generally, including for performing fraud screening and verifying identities and information, and (iii) complying with Applicable Law or Card Brand Rules. Customer confirms that it has provided all required disclosures to and obtained any necessary authorizations from its Cardholders, and Customer agrees that it is permitted under Applicable Law to enable Marqeta to utilize the Cardholder Data and Transaction Data for the purposes described in this Agreement
SECTION D
MANAGED BY MARQETA
1. Marqeta’s Obligations.
(a) Card Program. Marqeta will provide Card program Services (the “Card Program”) to Customer. To do this, Marqeta will enter into an agreement with an Issuer.
(b) Instructions. If Customer Instructions include enabling Commando Mode, Customer is responsible for all such transactions relating to the Cards, including any losses or complaints.
2. Customer’s Obligations.
(a) Card Program Interface. Customer will provide Cardholders and any authorized users, who are designated by Cardholder to use a Card on Cardholder’s behalf or direction, with (i) any required website and/or mobile interface necessary to use the Card and to manage Card accounts, and (ii) any Card disclosures or permissions required by Applicable Law. Customer will not alter any information it receives from Cardholders or authorized users that Customer provides to Marqeta. Customer will obtain on an individual basis, and will maintain records of, a Cardholder’s or an authorized user's acceptance of each applicable version of (1) the Cardholder agreement and/or Card terms and conditions, and (2) the Issuer’s privacy policy and “opt-in” acceptance or withdrawal. Marqeta and Issuer may audit such list pursuant to Section 2(e) below.
(b) Non-Circumvention. Marqeta is solely responsible for (i) selecting the Issuer, Card Brand(s), and related requirements with respect to any Card Program and (ii) engaging and contacting Issuer and Card Brands with respect to the Services (in each case, Marqeta is the “Decision Maker”). Customer will not engage or contact Issuer or Card Brand(s) regarding the Services. During the term of the Agreement Customer will not, directly or indirectly, by contract or otherwise (1) circumvent, interfere with, or devalue Marqeta’s relationship with Issuer, any Card Brand, or any Marqeta Service Provider, or (2) solicit Issuer or any Marqeta Service Provider to provide Services directly to Customer. Customer represents and warrants that it does not have an existing agreement and is not discussing an agreement with an issuer or Card Brand relating to the issuance of cards. Nothing contained in this Section will prevent Customer from soliciting Issuer or any Marqeta Service Provider to perform services that are unrelated to the Agreement.
(c) Card Restrictions. Customer will be responsible for establishing, implementing, and enforcing any restrictions or controls on Cards (e.g., spending limits for Cards, restricting the merchant types where Cards may be used), pursuant to the Issuer Program Requirements (defined in Section 4(b) below). If Customer offers Cards to non-consumer customers (i.e., commercial or business customers) then Customer, unless otherwise agreed to by the Parties, will ensure Cards are (i) not used to pay employee wages, and (ii) used exclusively for business purposes (i.e., business expenses), and not for personal, family or household use.
(d) Third-Party Complaints. Customer will catalog maintain, and provide copies of all third-party complaints, including but not limited to Cardholder chargebacks or alleged unauthorized or erroneous transactions (“Complaints”), it receives, and its responses to such Complaints for the applicable time period required by Applicable Law or Card Brand Rules. Customer will provide Marqeta with a monthly summary of all such Complaints in a form reasonably acceptable to Marqeta. Customer’s handling of Complaints will comply with the Documentation. Marqeta will (i) at all times have access to pending and closed Complaints and Customer’s responses, and (ii) have the right to audit such Complaints. Marqeta will work with Customer and Issuer to resolve Complaints based on information in Marqeta’s possession or received by Customer in accordance with a process agreed to by the Parties and Issuer. Customer will be responsible for all third-party costs and expenses Marqeta incurs in connection with resolving any Complaints.
(e) Audit. During the term of the Agreement and for at least five (5) years thereafter (or longer if required by Applicable Law), Customer acknowledges and agrees that its compliance with the terms, conditions, and provisions of the Agreement, as well as its business practices (including, but not limited to, Customer’s AML/CTF, CMS and Sanctions programs), are subject to review and audit by Marqeta, Issuer, the applicable Card Brands, or a Regulatoror any third-party designee of Marqeta, Issuer, Card Brand, or a Regulator, (the “Auditing Parties”), and Customer will keep, maintain, and make available (i) books, records, information and data, and (ii) access to facilities, equipment, and systems related to the activities applicable to the use of the Services so that the Auditing Parties can determine Customer’s compliance with the terms, conditions, and provisions of the Agreement. Customer will be responsible for all costs and expenses for keeping, maintaining, and making available books and records.
(f) Retail Partner. If Marqeta agrees, such agreement not to be unreasonably withheld, Customer may partner with a retailer (“Retail Partner”) under a separate written agreement to make incentives, rewards, goods, or services available in connection with the Card Program.
(g) Digital Wallet. If applicable to the Card Program, Customer will comply with the terms and conditions of its agreements with all digital wallet providers for the provisioning of Cards into a digital wallet and will notify Marqeta and Issuer promptly upon the expiration or termination of any such agreements.
(h) Customer’s Lending Services. If Marqeta provides a Card Program in connection with Customer’s lending services, Customer agrees it must first either enter into a written agreement with a Marqeta-approved financial institution (“Lending Bank”) or obtain appropriate lending licenses for the purpose of originating loans for Customer’s lending customers. Customer shall be solely responsible for ensuring compliance with Applicable Law for its lending services. Customer acknowledges that Marqeta will have no obligation to comply with or facilitate Customer’s or any third party’s compliance with Applicable Law with respect to Customer’s lending services and business, and that neither Marqeta or the Issuer will be responsible for extending any credit to an end user.
(i) Right to Take Over Services. If Customer fails to perform a regulatory or compliance obligation or directive of Issuer under the Agreement, after reasonable notice and opportunity to cure or where necessary to ensure uninterrupted service for Cardholders, Marqeta or Issuer, upon notice to Customer, may, but is not obligated to, take over the performance of such obligation or directive and to continue operating the Card Program. Marqeta’s performance of an obligation or directive that Customer has failed to perform under this subsection will be at Customer’s sole cost and expense, and, if applicable, will be based on the pricing of that obligation or directive as it relates to Services set forth in the applicable Order Form.
(j) Issuer Custodial Deposit Agreement. Certain Card Programs may require a separate agreement between Customer and Issuer (“Issuer Custodial Deposit Agreement”) and Customer’s use of the Services and Cards will be conditioned upon entering into that Issuer Custodial Deposit Agreement to open and maintain a custodial account with the Issuer (“Custodial Account”). Customer acknowledges and agrees that to the extent the Issuer Custodial Deposit Agreement contains additional or conflicting terms relating to the Program Funding Account (as defined below) the terms set forth in the Issuer Custodial Deposit Agreement shall govern, control, and supersede this Agreement solely with respect to the subject matter covered therein.
(k) Legal Requests. Customer will promptly notify Marqeta of any subpoenas, garnishments, lawsuits, levies, regulatory inquiries, or other legal requests (each a “Legal Request”) that request Cardholder Data, Transaction Data, or relate to the Cards, Card Program, or this Agreement. Customer will not disclose any Cardholder Data or Transaction Data in response to a Legal Request without first notifying Marqeta (to the extent not prohibited by the Legal Request) and providing Marqeta and/or Issuer an opportunity to defend against such disclosure.
(l) Business Continuity. Customer has in place and will keep in place a reasonable business continuity plan and disaster recovery procedures.
(m) Response to Inquiries. Customer will promptly respond to any reasonable inquiries or referrals from Marqeta or Issuer relating to the Cards or Program but in no event more than three (3) business days. In the event that Customer fails to promptly respond or to provide the requested information, Customer acknowledges and agrees that Marqeta and/or Issuer may deactivate any Cards that are the subject of the inquiry or referral.
(n) Compliance Management. Customer will create, implement, and manage a Compliance Management System (“CMS”) for the Program acceptable to Marqeta and/or Issuer. The CMS will include, but will not be limited to, (a) policies and procedures, (b) employee training (where the program is approved by Marqeta, and the training logs are reported to Marqeta), and (c) regular testing and monitoring activities. Testing and monitoring results will be reported to Marqeta in accordance with agreed upon procedures and on a quarterly basis. The CMS will also include adequate oversight and active involvement from Customer’s Board of Directors which shall be reported on a quarterly basis to the Bank.
(o) Data Use.
(i) For clarity, and notwithstanding anything to the contrary in this Agreement, Cardholder Data and Transaction Data are not Customer’s Confidential Information.
(ii) Customer may use Cardholder Data and Transaction Data solely to perform obligations in accordance with operating a Card Program and Applicable Law and will maintain Cardholder Data and Transaction Data in strict confidence. This Section shall not apply to, limit or prohibit the use of information and data to the extent such information or data has been independently obtained by Customer for purposes independent of the Card Program, even if such information or data is duplicative of Cardholder Data or Transaction Data.
(iii) With respect to Customer personnel and / or Customer Service Providers that have access to Cardholder Data and / or Transaction Data, Customer will perform usual and customary initial, and regular follow-up, due diligence and / or background checks in accordance with Applicable Law, and Customer will regularly audit, monitor, and oversee such Customer personnel and / or Customer Service Providers to ensure compliance with the terms of this Agreement.
3. Mutual Obligations.
(a) In fulfilling their respective obligations under this Agreement, each Party will comply with this Agreement, Card Brand Rules and/or Applicable Law that applies to or relates to this Agreement and / or the Card Program(s).
(b) Each Party will comply with written policies, guidelines, or directives that Issuer provides to the Parties (collectively, “Bank Rules”). Marqeta may make changes to the Services, the System, the Card Program, or this Agreement to comply with changes to Applicable Law, the Card Brand Rules (including PCI DSS) and the Bank Rules. When this occurs, Marqeta will notify Customer as soon as reasonably possible.
4. Issuer.
(a) Bank Approval. The Parties understand that under Applicable Law, the Issuer is responsible for monitoring and enforcing the regulatory compliance of the Card Program. Thus, the Card Program is subject to the initial and ongoing approval and supervision of Issuer. Marqeta will be responsible for submitting Card Program requests and approvals to Issuer. Marqeta does not make any representations, warranties, or covenants to Customer with respect to Marqeta’s ability to obtain approvals from Issuer. Customer acknowledges that Issuer may withdraw its acceptance and approval of the Card Program and the provision of the Services to Customer if Customer breaches the Agreement or if circumstances arise that pose material and undue risks to the Issuer.
(b) Issuer Program Requirements. Marqeta or Issuer may establish parameters for the Card Program, including with respect to the types of transactions that may be initiated with Cards, the businesses at which Cards may be used, restrictions on the amounts and velocity of transactions, customer verification requirements, marketing collateral review, required disclosures, prohibited industries, customer service, reporting and other parameters (collectively, the “Issuer Program Requirements”). Issuer Program Requirements may be modified from time to time by Marqeta or Issuer upon notice to Customer. Customer agrees to adhere to the Issuer Program Requirements.
5. Fee Changes. If revenue sharing and/or any incentive payment is offered to Customer, it is with an understanding that there will not be a material change in the net cost from either of the Issuer or Card Brands and that Marqeta will maintain its Card Brand Decision Maker status as set forth in Section 2(b). If Marqeta’s costs or benefits from either of Issuer or Card Brands materially increase, or if Marqeta’s relationship with a Card Brand is reduced or removed with respect to a Card Program, Marqeta will notify Customer of a corresponding change in revenue sharing and/or incentive terms.
6. Card Funding and Settlement.
(a) Customer is responsible for all funding in connection with a Card Program as more specifically detailed in the Order Form. Marqeta will not be obligated to advance or otherwise provide Issuer, or any third party, funds related to the Card Program.
(b) Customer, directly or through approved third parties, will transfer funds to a deposit account established by the Issuer(the “Program Funding Account”)required in connection with this Agreement. Such funds will be sent via the method as specified in the Order Form.
(c) Customer is required to maintain a minimum balance in the Program Funding Account (the “Minimum Program Funding Amount”) as defined in the Order Form. The Minimum Program Funding Amount must be deposited into the Program Funding Account no later than seven (7) days prior to the Go Live Date (as defined in the Order Form). At all times, unless otherwise agreed upon in writing by the Parties, Customer will maintain the Minimum Program Funding Amount in the Program Funding Account. To cover unusual volatility, Marqeta may require that Customer initiate an additional transfer to cover additional funding obligations, upon twenty-four (24) hours’ notice. Customer must request return of any Program Funding Account funds via written request. Customer is not authorized, and will not attempt, to initiate a withdrawal of funds from the Program Funding Account. In addition to the Program Funding Account, Customer must comply with collateral requirements or other conditions set forth in the Configuration Schedule(s) to ensure that Customer can satisfy its financial obligations.
(d) If Customer fails to maintain sufficient funds in the Program Funding Account to cover loads, authorization, and settlement and/or fails to maintain the Minimum Program Funding Amount or any collateral requirements, Marqeta may terminate this Agreement or suspend performing the Services or authorizing transactions until Customer has met its obligations under this subsection. Marqeta will notify Customer and request immediate payment for all deficient amounts, which Customer will pay within one (1) Business Day and may charge interest for such failure at a daily rate of six (6) bps per day (0.06% per day) multiplied by such deficient amounts (the “Daily Interest Obligation”). Customer’s failure to pay deficient amounts within one (1) Business Day will constitute a material breach of this Agreement that is not subject to the cure periods set forth herein. Marqeta will withhold all revenue share payments until all deficient amounts are paid. In addition to any other remedies available to Marqeta or Issuer at law or under the Agreement and to the extent permitted by Applicable Law, Marqeta may, as a continuous right, set off any amounts owed to it against any outstanding amounts owed to Customer until Customer’s liability owed to Marqeta is fully paid.
(e) Customer acknowledges and agrees that for funds deposited by or on behalf of Customer to the Program Funding Account and / or any collateral account, as applicable, it has received reasonably equivalent value in, among other things, the services made available to Customer by and through Marqeta and Issuer without which deposits the services would not be available to Customer. Customer also agrees Marqeta and Issuer have provided reasonably equivalent value to Customer in consideration for each purchase made with a card issued under this Agreement, no such transfer has been made for or on account of an antecedent debt owed by Customer, and no such transfer is or may be voidable or subject to avoidance under any applicable bankruptcy, insolvency or other similar law.
7. Limitation of Liability
(a) Except for (i) a Party’s breach of a Party’s intellectual property rights, or (ii) a Party’s indemnification obligations for third party Claims for infringement of intellectual property rights or (iii) liabilities which cannot be limited or excluded by Applicable Law; (iv) Customer’s intentional misuse of personally identifiable information (“PII”) (each, an “Excluded Claim”), in no event will either Party or their respective representatives and suppliers, including any Marqeta Service Provider or Customer Service Provider, be liable to the other Party, whether in contract, tort (including breach of warranty, negligence, or strict liability), or otherwise, for any indirect, incidental, consequential, special, exemplary, or punitive damages regardless of whether such Party knew or should have known of the possibility of such damages. The Parties agree that fines, fees, penalties, or assessments from a Card Brand, Issuer, Regulator, or governmental agency (“Fees and Fines”), are direct and not indirect, incidental, consequential, special, exemplary, or punitive damages.
(b) Except for: (i) an Excluded Claim; (ii) a Party’s payment or funding obligations under this Agreement; or (iii) Customer’s obligation to pay or reimburse Marqeta for Fees and Fines as result of Customer’s, Customer’s Personnel, or Customer Service Provider’s action or inactions, a Party’s total cumulative liability to the other Party will not exceed the revenue earned by Marqeta under this Agreement during the twelve (12) months immediately preceding the date on which the issue giving rise to a Party’s liability under this Agreement occurred.
(c) Notwithstanding anything to the contrary in this Agreement, neither Party will be in breach of this Agreement or otherwise responsible or liable for non-performance of its obligations to the extent such non-performance is attributable to (i) a breach by the other Party of its obligations under this Agreement, (ii) the other Party’s failure to cooperate with and perform activities reasonably required on a timely basis, or (iii) in the case of Marqeta, Marqeta’s reliance on information and Customer Instructions provided by Customer in accordance with Section 2(b) in Section A above. In the event of the foregoing, where Customer has not performed its obligations under this Agreement, Marqeta will: (i) be excused from any resulting delays in performing the Services and be entitled to a corresponding adjustment in the SLA; and (ii) not be responsible to Customer for any claims by Customer or third parties arising from or relating to the failure of any third-party software, hardware, communications devices, Internet services, e-mail systems, or other systems or functions.
(d) No action, regardless of form, arising out of any claimed breach of this Agreement or the Services may be brought by either Party more than one (1) year after discovery of the breach.
(e) Each Party has a general duty to mitigate any losses suffered by such Party, including through the enforcement of its agreements with third parties.
8. Effect of Termination. Upon expiration or termination of the Agreement, Customer will be responsible for the payment of all fees accrued, due, and payable by Customer up to the later of the date of such expiration or termination or the completion of the transition. Marqeta may set off such fees owed by Customer by applying the remaining funds in the Program Funding Account. Within thirty (30) days after the wind down of the Card Program, the Issuer will return, by ACH or wire transfer, all remaining funds owned by Customer held in the Program Funding Account and/or remaining on Cards, as adjusted for settlement, disputes, and chargebacks on Cards occurring on and after the end of the Term.
SECTION E
SERVICE LEVELS
1. Performance Standard. The Performance Standard is a Monthly Transaction Success Rate of 99.99% (rounded) or greater in a calendar month. “Monthly Transaction Success Rate” means one hundred (100) multiplied by (1) minus the following: The number of transaction authorization attempts that Marqeta failed to properly process for Customer in a calendar month which resulted in a card network Stand-In Processing decline (“Marqeta-Responsible STIP Declines”) divided by the total number of transaction authorization attempts for Customer in the same calendar month. Marqeta-Responsible STIP Declines does not include transaction authorization attempts where a Card Brand or Customer caused the failure to properly process the transaction authorization attempts. The Monthly Transaction Success Rate is illustrated below:
Monthly Transaction Success Rate % = 100 * (1 - (Customer’s Marqeta-Responsible STIP Declines / Customer’s Attempted Transaction Authorizations))
2. Performance Standard Credits
(a) Marqeta Managed Performance Standard Credits. With regard to Customer’s receipt of Managed by Marqeta Services, in the event that Marqeta does not meet the Performance Standard in a calendar month and Customer experienced more than 10 Marqeta-Responsible STIP Declines in that month, then Marqeta will pay Customer the portion of its Monthly Incentive Payment that is equal to the difference between the Performance Standard and the Monthly Transaction Success rate, as illustrated in the example below:
Example: If the Monthly Transaction Success Rate is 99.59% in a calendar month and Customer experienced 11 Marqeta-Responsible STIP Declines in that month, then Marqeta will pay Customer 0.40% of its Monthly Incentive Payment for that month.
(b) Marqeta Powered Performance Standard Credits. With regard to Customer’s receive of Powered by Marqeta Services, in the event that Marqeta does not meet the Performance Standard in a calendar month and Customer experienced more than 10 Marqeta-Responsible STIP Declines in that month, Marqeta will pay Customer the portion of the total of its Monthly Access Fee, Settled Transaction Fee, Processed Transaction Fee and Volume Fee, as applicable, for that month that is equal to the difference between the Performance Standard and the Monthly Transaction Success rate for that month, as illustrated in the example below:
Example: If the Monthly Transaction Success Rate is 99.59% in a calendar month and Customer experienced 11 Marqeta-Responsible STIP Declines in that month, then Marqeta will pay Customer 0.40% multiplied by the total of Customer’s Monthly Access Fee, Settled Transaction Fee, Processed Transaction Fee, and Volume Fee, as applicable, for that month.
3. Service Reporting. In order to receive any Performance Standard Credits, Customer must report a failure to meet the Performance Standard to Marqeta via the communications channels provided during the Customer onboarding process within seven (7) calendar days of the failure to meet the Performance Standard.
4. API Response Time Performance Target. The API Response Performance Target is a response time of 1,000 milliseconds or less for 99.99% (rounded) or greater of all Critical API Calls made during a calendar month. The API Response Performance Target is measured by the time that it takes for the System to respond to a Critical API Call from Customer. “Critical API Call” means an API call other than an API call that is part of an authorization request (i) that operates on one account, one card and one transaction, as applicable for that API call, and (ii) where the response time to that API call directly impacts the Cardholder experience.
5. Schedule Maintenance. Marqeta will notify Customer of scheduled downtime for maintenance or upgrades at least ten (10) calendar days in advance (“Scheduled Maintenance”). Scheduled Maintenance will not exceed more than four hours per calendar month. Measurement of Marqeta’s compliance with the Performance Standard shall exclude any Scheduled Maintenance.
6. Technical Support. Technical support incidents will be addressed as follows:
(a) Technical Support Response Time Performance Target. Customer will notify Marqeta via support911@marqeta.com for Severity Level 0/1 incidents and support@marqeta.com for Severity Level 2/3 incidents.
(i)
Severity Level 0/1 – Marqeta resources will initially respond within fifteen (15) minutes of notice from Customer of the incident and will ensure continuous support to resolve all Severity Level 0/1 incidents. Marqeta will promptly (1) advise Customer of the status of remedial efforts being undertaken with respect to such incident; (2) implement a temporary workaround and/or correct the cause of the incident; and (3) report to Customer on the root cause(s) of such incident.
(ii) Severity Level 2/3 – Marqeta resources will initially respond within two Business Days of notice from Customer of the incident and will work to resolve Severity Level 2/3 incidents in order of their priority.
(b) Severity Level Descriptions. Initial incident severity level determinations will be set by Marqeta in good faith based on Customer’s notification and may be modified by Marqeta during resolution.
(i) Severity Level 0 – Complete Service Failure: Occurs when Marqeta is unable to process transactions and/or process Critical API Calls, is unable to send JIT authorization requests to Customer, or a complete loss of the Services or access to the Services.
(ii)
Severity Level 1 – Impaired Service Failure: Services are partially inoperative, and the inoperative portion of the Services severely restricts the ability 1) to process or authorize Customer’s transactions or 2) complete Critical API Calls.
(iii) Severity Level 2 – Reduced Performance: Operational performance of the Services is impaired while most critical operations remain functional.
(iv) Severity Level 3 – Minor Flaws: Minor impacts on Customer’s business operations.
7. Termination Failure. If Customer experiences Significant Incidents that total more than four hundred twenty (420) minutes per calendar month in (i) three (3) consecutive calendar months, or (ii) four (4) calendar months within a six (6) month period (each a “Termination Breach”), then Customer may elect to terminate the Agreement upon thirty (30) days prior written notice to Marqeta. Customer must provide such notice to Marqeta within seven (7) days of the date of the Termination Breach. For purposes of determining whether a Termination Breach has taken place, “Significant Incident” means sixty (60) or more consecutive minutes of a Severity Level 0 or 1 downtime.
8. Sole Remedy. This Service Level Agreement sets forth Customer’s sole remedy related to Marqeta’s failure to meet the Performance Standard or Performance Target.
Section F
DEFINITIONS
Capitalized terms used elsewhere in the Agreement have the definitions set forth below
1. “Affiliate” means with respect to any Person, each Person who directly or indirectly controls, is controlled by, or is under common control with a Party.
2. “API” means application programming interface.
3. "Applicable Law" means laws, regulations, statutes, codes, rules, orders, licenses, certifications, decrees, standards or written policies, guidelines, directives, or interpretations imposed by any authority, including any Regulator, potentially that has or has asserted jurisdiction over the Party or matter in question, that apply to or relate to this Agreement and / or the Card Program(s), including those relating to privacy, anti-corruption, anti-bribery, anti-slavery, fair lending and anti-discrimination, disclosure requirements and prohibitions on unfair, deceptive or abusive acts and practices.
4. “Bank Rules” means written policies, guidelines, or directives that Issuer provides to the Parties.
5. “Card” means a prepaid card, debit card, credit card or any other device, technology, or medium that is issued by the Issuer either as a physical card, virtual card, account access device or number containing a PAN that is associated with a card account.
6. “Card Brand” means any operator of a payment card network, such as Visa, Discover, or Mastercard.
7. “Card Brand Rules” means the rules, by-laws, and standards of any applicable Card Brand.
8. “Card Program” means a set of solutions, offerings, and services operated by or on behalf of the Customer, in connection with which Marqeta provides the Services and System under the terms of this Agreement.
9. “Cardholder” means that person or entity that is issued a Card.
10. “Cardholder Data” means information that is provided to or obtained by either Party in the performance of its obligations or use of Services under this Agreement or otherwise regarding Applicants and current or former Cardholders or applicants to become Cardholders.
11. “Commando Mode” means an optional feature pursuant to which the System makes authorization decisions based on business rules pre-defined by Customer in the event that Customer fails to respond to a JIT authorization request.
12. “Confidential Information” means the terms of this Agreement and information about the Disclosing Party’s technology, customer information, business activities, operations, and its trade secrets (as defined under Applicable Law), which are proprietary or confidential. Confidential Information also includes (without limitation) (i) existing or contemplated products, services, designs, technology, source code, processes, technical data, engineering, techniques, methodologies and concepts and any related information, (ii) information relating to business plans, sales or marketing methods and customer lists or requirements of a Party, (iii) all information about current and potential future customers of a Party, and (iv) any material marked or designated “confidential” or which by its nature or the circumstances surrounding its disclosure should reasonably be regarded as confidential. Confidential Information does not include information that a Receiving Party can demonstrate: (1) was in the public domain at the time of disclosure, (2) was in the legal possession of the Receiving Party at the time of disclosure without a duty of confidentiality, or (3) was independently developed by the Receiving Party without reference to the Disclosing Party’s Confidential Information.
13. “Customer Service Provider” means an Affiliate of Customer, Customer’s customers, Retail Partners, Lending Bank, or any other third party with whom Customer has a relationship, in each case, relating to Customer’s rights or obligations in connection with the Agreement.
14. “Documentation” means user manuals, responsibility matrices, and/or other information that describe the features, functions, and operations of the Services, which may be modified from time to time by Marqeta.
15. “Issuer” means the regulated financial institution with whom a Party enters into an agreement to issue Cards.
16. “JIT” or “Just In Time” means a method that enables Customer to automatically authorize or decline Card transactions in real time via Marqeta’s API.
17. “KYC Services” means customer identification verification services as set forth in an applicable Order Form.
18. “OFAC” means the Treasury Department’s Office of Foreign Assets Control.
19. “PAN” means primary account number.
20. “Person” means any corporation, company, partnership, firm, joint venture, association, trust government agency, political subdivision, other entity, or individual.
21. “Sanctions” means any and all economic or financial sanctions, sectoral sanctions, secondary sanctions, trade embargoes and restrictions and anti-terrorism laws, including but not limited to (i) those imposed by the U.S. government (including those administered by OFAC), (ii) the United Nations Security Council and (iii) all other lists from any other applicable sanctions regimes.
22. “Transaction Data” means any data, except Cardholder Data, about a transaction initiated with a Card.