Legal

TransactPay Master Services Agreement

Version: May 14, 2026
The information contained on this webpage is TransactPay Confidential Information and subject to the confidentiality agreements between Client and TransactPay.  If you do not have a confidentiality agreement in place with TransactPay, you are not authorized to access this webpage or view its contents.
  These Transact Payment Services Terms and Conditions (these “Terms”) are entered into between Transact Payments Limited or Transact Payments Malta Limited, as more fully set forth below (“TransactPay”), and Client (as defined in the Order Form).  Each of TransactPay and Customer is a “Party” and together referred to as the “Parties.”  The Terms are part of the agreement between the Parties (the “Agreement”), which consists of the Terms, together with the terms and conditions set forth in the document titled “Order Form” executed by the Parties (the “Order Form”), and the terms and conditions set forth in the Program Application Form executed by the Parties (the “Program Application Form”). These Terms constitute a binding contract between the Parties only if the Parties have executed: (i) an Order Form which incorporates these Terms by reference, and (ii) a Program Application Form.
Client acknowledges that the applicable TransactPay entity shall be a Party to the Agreement as set forth below: 

If Client Territory is in:

Applicable TransactPay entity is:

UK

Transact Payments Limited

EU

Transact Payments Malta Limited 


Notices shall be sent to TransactPay as follows:

TransactPay entity that is a Party:

Notice to:

Transact Payments Limited

Unit G02, Eurocity, Europort Avenue, Gibraltar GX11 1AA

Copy to:  Attn: Legal
transactpaylegal@transactpay.com 

Transact Payments Malta Limited

Transact Payments Malta Limited: Vault 14, Level 2, Valletta Waterfront, Floriana, FRN 1914, Malta

Copy to:  Attn: Legal
transactpaylegal@transactpay.com 

 
The following Schedules shall form part of these Terms and the Agreement: 

Schedule Number

Schedule Type


Schedule Name

Schedule A

Supplementary Schedule


Definitions & Interpretation

Schedule B

Supplementary Schedule


Global Data Processing Addendum (DPA)

Schedule C

Supplementary Schedule


Service Levels

Schedule D

Supplementary Schedule


Program Management Services

Schedule E

Supplementary Schedule


Issuer Services


  1. Background.
    1. TransactPay. TransactPay is a licensed electronic money institution authorised and regulated by the Regulator to issue Payment Instruments and is in the business of developing and marketing payment programs, payment services and establishing and maintaining related settlement accounts. TransactPay has membership of the Network and is authorised to offer settlement and BIN Sponsorship services via the Network. TransactPay is a subsidiary of Marqeta Inc. 
    2. Marqeta, Inc. Marqeta is a publicly listed corporation headquartered in the USA, it offers flexible and innovative payment and Payment Instruments management solutions for innovative businesses. Marqeta provides its clients with a platform that offers the infrastructure and tools necessary to offer digital, physical, and tokenised payment options without the need for a traditional bank.
    3. Client. Client is a Business Description and is incorporated in and regulated in Jurisdiction.
    4. The Parties. The parties wish to establish a contract for the sponsorship, operation, program management and marketing of Programs in accordance with the terms and conditions of this TransactPay Master Services Agreement (the “Agreement”).
  2. Program Specification
    1. Order Forms. Each Program shall be memorialized in an Order Form which sets forth the Services, associated Fees, Client’s obligations related to the Minimum Program Funding Amount, Client’s obligations related to any amounts owed to the Reserve Account. Additionally, each Order Form shall have attached to it a Program Application Form, and as necessary, a Roles and Responsibilities Matrix, a Compliance Requirements Table, funds flow details, and/or other terms describing the operation, management and control of the Service(s).  Each Order Form and all attachments thereto shall be governed by these Terms and the other terms of  this Agreement.
    2. Program Amendments. If the Parties agree to amend the Services the Client receives for a Program, the relevant Order Forms shall be reviewed and updated, and any additional schedules required shall be created. If the Parties agree that the Client will commence a new Program, the necessary Order Forms shall be created, executed and appended to this Agreement.
  3. Program Onboarding, Approval & Go-Live. 
    1. TransactPay Approval. The Parties understand that under Applicable Law, TransactPay is responsible for monitoring and enforcing the regulatory compliance of the Program. All Programs shall only be deemed approved following receipt of AC Endorsement following the applicable Approval Committee. TransactPay reserves the right to decline any Program prior to AC Endorsement without penalty. 
    2. Withdrawal of AC Endorsement. Client acknowledges that TransactPay may withdraw AC Endorsement prior to Go-Live if Client breaches this Agreement or if circumstances arise that pose material and undue risks to the TransactPay.
    3. Conditional Agreement to Provide Services. The Client acknowledges that in addition to the signature of this Agreement, the initiation of any new Program is subject to the following qualification and approval process. The process is as follows: 
      1. Approval Committee shall approve the Program Application Form (such approval, “AC Endorsement”). 
      2. following receipt of AC Endorsement, the Parties shall collaboratively finalise the Solution Design as expressed in a mutually agreed upon PRD;
      3. once the PRD is mutually agreed upon, Parties shall proceed to Implementation and Sandbox Testing;
      4. upon completion of Sandbox Testing (and any other testing), the proper funding of the Program Funding Account, Reserve Account, any other requirements imposed by TransactPay relating to the Program, Transact Pay shall issue a signed PAL; and 
      5. upon issuance of a signed PAL, Go-Live shall occur on a mutually agreed upon date.
    4. Declined Programs. TransactPay reserves the right to decline any Program at any stage of the approval process set out above where a Program does not continue to meet TransactPay’s risk appetite or regulatory standards.
    5. Cooperation Obligations. Client shall cooperate with TransactPay and Marqeta in the Solution Design and PRD completion phases. If the Client fails to cooperate or to agree to a signed PRD, TransactPay has the right to terminate the Agreement including all planned Implementation work upon notice with immediate effect.
    6. Fees. Any delay in Go-Live or termination of the Agreement arising under this clause shall be without any penalty or any Fees being owed or repaid to the Client.
    7. Implementation. This phase prior to Go-Live includes: (a) the provisioning of the sandbox; (b) the configuration of Program requirements (including JIT funding rules, velocity controls, and Payment Instrument design) in accordance with the PRD; (c) the technical integration of the Client’s systems with the API; (d) the successful execution of Production Readiness Testing; and (e) the setup of the BIN with the Network.
  4. Change Request Process.
    1. Submission of a Change Request.
      1. The Client may submit a Change Request to Marqeta at any time. Marqeta will then forward this Change Request to TransactPay.
      2. Each Change Request must be submitted in writing and must include sufficient detail for Marqeta and TransactPay to understand the nature, rationale, and impact of the proposed change.
      3. Upon receipt, Marqeta shall acknowledge the Change Request and confirm whether any further information is required.
    2. Outcome.
      1. Marqeta shall notify the Client in writing of whether a Change Request has been approved, rejected, or approved subject to conditions.
      2. If a Change Request is approved, the Parties and Marqeta shall document the agreed change in accordance with the process for updating or creating the applicable Order Forms.
      3. If a Change Request is rejected, that decision shall be final and the Change Request shall not proceed.
      4. If a Change Request is approved subject to conditions, those conditions must be satisfied in full before the approved change may be implemented or take effect.
    3. Scope of this Change Request Process.
      1. This Change Request process applies only to changes to the Services described in the Order Forms, and to the Systems used in connection with those Services.
      2. Any amendments to the main body of this Agreement, the Supplementary Schedules, or any other contractual documents outside the Order Forms shall require a variation to the Agreement.
    4. TransactPay Changes. TransactPay may make changes to any Programs, to the Services described in the Order Forms, and to the Systems used in connection with those Services, where such changes are required in order for TransactPay to comply with Applicable Law, Network Rules, requirements mandated by a Regulatory Authority, governmental directions, or the requirements of any relevant industry body. Any change made under this clause shall not constitute a Change Request and shall not be subject to the Change Request process. The Parties acknowledge that such changes may need to be implemented immediately and without prior notice.
  5. TransactPay’s Obligations.
    1. Services. TransactPay will deliver to Client or its Affiliates the Services and provide access to the Systems indicated on each of the Order Forms, as well as any related onboarding services.
    2. Enhancements:
      1. TransactPay or its Affiliates may enhance, revise, upgrade, improve, correct, or release new versions of the Services or the System (an “Enhancement”) at any time, provided an Enhancement does not materially degrade the Services. TransactPay and Client will meet in good faith to agree on any fees or charges and costs for which Client will be responsible related to the implementation of any Enhancement; provided that, in the event that an Enhancement arises from or relates to a change in Applicable Law or Network Rules or the requirements of any Banking Partner, TransactPay may charge Client a reasonable amount related to increased costs or expenses associated with such an Enhancement or for any enhanced functionality that results from such an Enhancement.
      2. If Client is required to update or otherwise alter its systems to make use of an Enhancement, then Client will be responsible for its own costs and expenses. Where a Client’s Affiliate will receive the Services, the Parties acknowledge and agree all references to ‘Client’ in this Agreement will also apply to such Affiliate. Client will be responsible for the actions or omissions of its Affiliates and its Affiliates’ Personnel. Client’s indemnification obligations under the Agreement will apply to the actions or omissions of the Client’s Affiliates.
    3. Documentation. TransactPay or a TransactPay Affiliate has or will provide Client with Documentation.
    4. TransactPay Service Providers. TransactPay may use any entity controlling, controlled by, or under common control with, a TransactPay Affiliate, or an independent third party, including Marqeta, when performing services under this Agreement (each, a “TransactPay Service Provider”). TransactPay will be solely responsible for (a) the acts or omissions of any such TransactPay Service Provider, including Marqeta, as if they were TransactPay’s acts and omissions under this Agreement; and (b) ensuring such TransactPay Service Provider’s compliance with the terms of this Agreement to the extent relevant to the services they provide TransactPay in respect of a Program.
  6. Client’s Obligations.
    1. Use of Services. Client agrees to use the Services in accordance with (i) the Documentation, (ii) the applicable Order Form, including, but not limited to the requirements contained therein related to: (1) any geographic restrictions relating to use of Payment Instruments or provision of the Services (2) the location of any Customers or Authorised Users, and (iii) as set forth in any applicable schedule(s) to this Agreement. Client will bear all risk and cost of compliance with Applicable Law, Network Rules, and Program Losses, except to the extent that TransactPay’s intentional breach caused the Program Losses. TransactPay will have no responsibility or liability for any such Program Losses, or any disputes related thereto.
    2. Instructions and Reports. Client will provide TransactPay and/or TransactPay Service Providers all materials, information, data, and instructions reasonably required or requested by TransactPay to perform the Services (“Client Instructions”). Client Instructions will be accurate and complete. TransactPay may rely on Client Instructions without additional inquiry and TransactPay shall not be liable for any inaccurate or incomplete Client Instructions. Client will regularly review Client Instructions for accuracy and completeness and will promptly notify TransactPay of any changes or errors in such Client Instructions. 
    3. Client Service Providers. Client may use the services of a Client Service Provider in exercising its rights or performing its obligations in connection with this Agreement, provided that Client must provide prior written notice to TransactPay, and obtain TransactPay’s prior written consent, prior to using the services of a Client Service Provider that will have access to User Data or Transaction Data. If Client or any Client Service Provider performs any functions related to the Services or this Agreement, or accesses the Services, the System, Payment Instruments, Documentation or any other technical information about or incorporated in the Services, Client will be solely responsible for (i) obtaining all authorisations, licences, and consents, and for paying all amounts, necessary for the System to interface with Client’s systems or those of its Client Service Provider; (ii) the acts or omissions of any such Client Service Provider, as if they were the Client’s acts and omissions under this Agreement; and (iii) ensuring such Client Service Provider’s compliance with the terms of this Agreement.
    4. Sanctions Compliance. Client will (i) prohibit any person or entity that is the target of applicable Sanctions from being a Customer or Authorised User (as applicable), (ii) prohibit the use of Payment Instruments or Services in violation of any applicable Sanctions or other Applicable Law, and (iii) not conduct any business in a comprehensively sanctioned jurisdiction (as defined by OFAC). 
    5. Due Diligence and Information Requests. Client acknowledges that TransactPay’s obligation to make the Services available to Client is conditioned upon Client’s ongoing compliance with and satisfaction of TransactPay’s Due Diligence and information requirements, including providing financial statements on a periodic basis upon request, and TransactPay may terminate this Agreement in the event that Client no longer complies with or satisfies such requirements. Client agrees to provide all Due Diligence information or other information that must be provided by it under this Agreement in a form reasonably requested by TransactPay. Client will notify TransactPay as soon as reasonably possible if there is a Material Change to its financial state or ownership. Any such change would be subject to TransactPay’s ongoing Due Diligence requirements referenced above. 
    6. Program Management Services Schedule. Client acknowledges and agrees that in order for TransactPay to provide the Services and support a Program, Client must comply with the terms set forth in the Program Management Services Schedule, attached hereto as Schedule D.
    7. Issuer Services Schedule. Client acknowledges and agrees that in order for TransactPay to provide the Services and support a Program, Client must comply with the terms set forth in the Issuer Services Schedule, attached hereto as Schedule E. 
  7. Mutual Obligations.
    1. In fulfilling their respective obligations under this Agreement, each Party will comply with this Agreement, Network Rules and Applicable Law that applies to or relates to this Agreement and / or the Program(s).
    2. Each Party will comply with Documentation. TransactPay may amend the main body of this Agreement, the Supplementary Schedules, or any other contractual documents outside the Order Forms where such amendment is required in order for TransactPay to comply with Applicable Law, the Network Rules, or the Documentation. TransactPay shall notify the Client of any such amendment as soon as reasonably practicable.
    3. Representations and Warranties. Each Party represents and warrants that at all times (i) it has the requisite corporate power and authority to enter into this Agreement and perform under it, (ii) it is not a party to any other agreement that would hinder its ability to perform its obligations under this Agreement, (iii) it is duly qualified and licensed to do business and to carry out its obligations as required by Applicable Law, and (iv) no natural or legal person that is subject to any Sanctions has any material ownership interest such Party, and that no such person controls such Party. Except as otherwise expressly provided in this Agreement, and to the extent permitted by Applicable Law, neither Party, nor, when applicable, the TransactPay Service Provider, makes any representations or warranties of any kind, nature, or description to the other Party, whether statutory, express, or implied, including any warranty of non-infringement, error-free operation, merchantability, or fitness for a particular purpose (and all such representations or warranties or any kind, nature, or description are excluded to the maximum extent permitted by Applicable Law). Each Party will notify the other if any of the foregoing representations and warranties is no longer true.
    4. PCI DSS. Each Party that has access to User Data and/or Transaction Data (including any Client Service Provider that has access to User Data and / or Transaction Data) will comply with Payment Card Industry Data Security Standard (“PCI DSS”) 4.0 or newer. Client acknowledges that it has read and understands the PCI Responsibility Matrix for PCI DSS 4.0 as described on the TransactPay website at https://www.marqeta.com/pci-responsibility-matrix and has provided access to such PCI Responsibility Matrix to any Client Service Provider that has access to User Data and / or Transaction Data, which may be updated by TransactPay from time to time. Upon TransactPay’s request (no more than once per twelve (12) month period, unless more frequently is required by a Regulator of Applicable Law), Client (including any Client Service Provider that has access to User Data and / or Transaction Data) will verify its compliance with PCI DSS, to the extent applicable, and provide the results of the verification to TransactPay in writing.
    5. Security Standards. Each Party will implement security measures and procedures designed to:
      1. ensure the security and confidentiality of User Data and Transaction Data;
      2. protect against anticipated threats or hazards to the security and integrity of User Data and Transaction Data;
      3. protect against unauthorised access to or use of User Data and Transaction Data;
      4. prevent unauthorised access to or use of the other Party’s system through its systems;
      5. prevent unauthorised access to or use of its own systems;
      6. protect against the unauthorised access to or use of Customer or Authorised User Payment Instruments that could result in substantial harm or inconvenience to any Customer or Authorised User; and
      7. comply with Applicable Law.
  8. Relationships.
    1. Networks. TransactPay is solely responsible for determining (i) activities as the issuer, and in respect of dealing with the Networks, and related requirements with respect to any Program; and (ii) engaging and contacting Networks with respect to the Services. Client will not engage or contact Networks regarding the Services. During the Term of this Agreement the Client will not, directly or indirectly, by contract or otherwise (1) circumvent, interfere with, or devalue TransactPay’s relationship with any Network, or any TransactPay Service Provider, or (2) solicit any TransactPay Service Provider to provide Services directly to Client. Client represents and warrants that it does not have an existing agreement and is not discussing an agreement with an issuer or Network relating to the issuance of Payment Instruments. Nothing contained in this clause will prevent Client from soliciting any TransactPay Service Provider to perform services that are unrelated to this Agreement.
    2. Banking Partners. The Client acknowledges that all Programs are subject to the continued support of any Banking Partner of TransactPay and must conform to the risk appetite and Regulatory Compliance Framework of the specific Banking Partner that is supporting any such Programs. The Client and the Program specification may need to be approved by the applicable Banking Partner and any Programs may be subject to modification in order to meeting a Banking Partner’s specified requirements.
    3. Lending Providers. Where the Client elects to operate a Program that includes lending services, the Client must either: (a) enter into a separate written agreement with a financial institution approved by TransactPay (a “Lending Bank”) for the purpose of originating loans to the Client’s lending customers; or (b) obtain and maintain all licences and authorisations required to originate such loans. The Client is solely responsible for ensuring that its lending services comply with Applicable Law. TransactPay shall have no obligation to comply with, or to facilitate the Client’s or any third party’s compliance with, Applicable Law in relation to the Client’s lending services or lending business, and TransactPay shall not be responsible for extending any credit to any Customer or Authorised User. The Client acknowledges that any agreement with a Lending Bank is solely between the Client and the Lending Bank, and that TransactPay shall have no contractual or operational obligations to any Lending Bank unless expressly agreed in writing.
    4. Retail Partners. If TransactPay agrees, such agreement not to be unreasonably withheld, Client may partner with a Retail Partner. TransactPay may consider regulatory, operational, financial crime, technical, and reputational factors, and the requirements of any relevant Regulatory Compliance Framework when deciding whether to approve a Retail Partner. The Client shall ensure that each Retail Partner complies with Applicable Law, the Network Rules, Regulatory Authority requirements, the Documentation, and the Regulatory Compliance Framework of TransactPay. The Client is solely responsible for the acts and omissions of each Retail Partner, and TransactPay shall have no liability for, or obligations to, any Retail Partner. TransactPay may withdraw its approval of a Retail Partner where TransactPay reasonably determines that the Retail Partner poses a regulatory, operational, or compliance risk. Upon notice, the Client shall promptly cease using that Retail Partner in connection with the Program. Nothing in this Agreement requires TransactPay to integrate with, support, or provide services directly to any Retail Partner unless expressly agreed in writing.
  9. Customer and Authorised User Outcomes.
    1. Business Continuity Plans.
      1. Preparation of Business Continuity Plans. Each Party shall prepare, maintain, and keep under regular review Business Continuity Plans in an easily accessible format of personal and non-personal data that are appropriate for the nature and scope of the Services, the activities of that Party, and the obligations it performs under this Agreement. The Business Continuity Plans shall be sufficient to enable the Party to continue, or promptly resume, the performance of its obligations under this Agreement in the event of contract termination, insolvency, resolution, discontinuation of business operations, a natural disaster, destruction of facilities or operations, utility or communications failures, cyber‑security incidents, or any similar interruption affecting the Party or any third party on which it relies.
      2. Records and Testing. Each Party shall provide copies of its Business Continuity Plans to the other Party on request and shall notify the other Party of any Material Change to those plans. Each Party shall periodically test its Business Continuity Plans at intervals appropriate to its business and regulatory obligations and shall provide the other Party with a summary of the results of such tests upon request.
    2. Operational Resilience.
      1. The Client shall comply with the operational resilience policy of TransactPay (as updated from time to time), which forms part of the Regulatory Compliance Framework for TransactPay. TransactPay’s policies shall govern the operational resilience standards applicable to the Services.
      2. The Client acknowledges that TransactPay, the Regulator and any Regulator Authority have certain legal rights of audit and investigation in relation to operational resilience practices.
    3. Right to Take Over Services.
      1. TransactPay may, acting reasonably and upon written notice to the Client, exercise its Step‑In Right at any time it determines such action is necessary or desirable to ensure regulatory compliance, operational continuity, risk management, or the proper performance of the Program. This includes where the Client fails to perform any obligation under this Agreement, fails to comply with a directive of TransactPay, or otherwise fails to act in a manner required to maintain uninterrupted service to Customers or Authorised Users.
      2. Upon exercising its Step‑In Right, TransactPay may override and replace the Client’s instructions to Marqeta as the Payments Processor and request the commencement of Issuer Directed Services. Marqeta, as Payments Processor, shall provide such services to TransactPay as if TransactPay were the Client. The Client remains solely responsible and liable for all costs, charges, and expenses associated with TransactPay’s exercise of the Step‑In Right, the provision of the Programs and/or the Services (including those arising from Marqeta’s fees as Payments Processor and any termination, Exit Plan or Transition Services).
      3. Following the exercise of the Step-In Right, the Client acknowledges that TransactPay is entitled to:
        1. receive all reports and information that Marqeta as Payments Processor previously provided to the Client, including Customer and Authorised User activity and risk management reports, and any additional reports reasonably required by TransactPay to comply with Applicable Law; and
        2. request that Marqeta as Payments Processor provide Issuer Directed Services to TransactPay and support any Transition Services or Exit Plan.
  10. Program Funding.
    1. Responsibility. The Program Funding Account shall be an account controlled solely by TransactPay for the purpose of holding the Program funding and satisfying Client’s financial obligations under this Agreement. The Client is responsible for all funding in connection with a Program, as more specifically detailed in the applicable Order Forms. TransactPay will not be obliged to advance or otherwise provide any third party with funds related to a Program.
    2. Funds Transfer. Client, directly or through approved third parties, will transfer funds to a Program Funding Account required for each Program in connection with this Agreement. Such funds will be sent via the method as specified in the Order Form or as otherwise directed by TransactPay from time to time. Client shall ensure that all incoming payments relating to Loads or other Program funding flows are received into the Program Funding Account or such other account as TransactPay may specify in writing.
    3. Maintaining Records. Client shall maintain internal records and reconciliations sufficient to verify all amounts due in connection with the Program and shall provide such reconciliations to TransactPay upon request.
    4. Minimum Program Funding Amount.
      1. Establishment and Timing. Client will ensure that a minimum amount of funds will be deposited into the applicable Program Funding Account (“Minimum Program Funding Amount”), using the formula agreed in the Order Form, and which shall be calculated on a rolling basis (with increased funding requirements for weekends and bank holidays). Unless otherwise specified in an Order Form, the Minimum Program Funding Amount must be deposited into the Program Funding Account no later than seven (7) calendar days prior to the Go-Live Date. At all times, unless otherwise agreed upon in writing by the Parties, Client will maintain the Minimum Program Funding Amount in the applicable Program Funding Account.
      2. Same-Day Remittance. Client shall ensure that all funds relating to Program activity are remitted to TransactPay on a same‑day basis (or such other timeframe as TransactPay may specify), and Client shall be liable for any delay or deficit arising from any third‑party remittance failure.
      3. Funding Adjustments. TransactPay shall review the Minimum Program Funding Amount on a regular basis and in accordance with the agreed timeframe as set forth in the applicable Order Form. If an increase in funding is required, the Client shall initiate the funds transfer within the timeframe provided in the fees table. Additionally, to cover unusual volatility or increased Program activity, TransactPay may require that Client initiate an additional transfer to cover additional funding obligations, including due to higher Transaction Settlement volumes, upon twenty-four (24) hours’ notice. If total Loads, authorisations, or Settlement obligations exceed the Minimum Program Funding Amount at any time, the Client shall immediately increase the balance in the Program Funding Account to cover such higher amount, and any resulting deficit shall automatically become payable to TransactPay.
      4. Withdrawals and Return Requests. Client must request return of any Program Funding Account funds via written request. Client is not authorised, and will not attempt, to initiate a withdrawal of funds from the applicable Program Funding Account.
      5. Collateral and Security. In addition to funding the applicable Program Funding Account, Client must comply with collateral requirements or other conditions set forth in the Order Forms to ensure that Client can satisfy its financial obligations. TransactPay may require that the Program Funding Amount or any collateral provided by Client be subject to a security interest or other form of security in favour of TransactPay or the applicable Network, enforceable upon the occurrence of specified events of default.
      6. Liability for Third-Party Failures. Client shall be fully liable to TransactPay for any deficit or shortfall in the Program Funding Account arising from the acts or omissions of any third party involved in the Program.
    5. Effect of Underfunding. If Client fails to maintain sufficient funds in the applicable Program Funding Account to cover loads, authorisation, and settlement and/or fails to maintain the Minimum Program Funding Amount or any collateral requirements, TransactPay may terminate this Agreement or suspend performing the Services or authorising transactions until Client has met its obligations under this clause. TransactPay will notify Client and request immediate payment for all deficient amounts, which Client will pay within one (1) Business Day and may charge interest for such failure at a daily rate of six (6) bps per calendar day (0.06% per calendar day) multiplied by such deficient amounts (the “Daily Interest Obligation”). Client’s failure to pay deficient amounts within one (1) Business Day will constitute a material breach of this Agreement that is not subject to the cure periods set forth herein. TransactPay will withhold all revenue share payments until all deficient amounts are paid. In addition to any other remedies available to TransactPay at law or under this Agreement and to the extent permitted by Applicable Law, TransactPay may, as a continuous right, set off any amounts owed to it against any outstanding amounts owed to Client until Client’s liability owed to TransactPay under this clause is fully paid. 
    6. Payment Authorisation. If requested by TransactPay, the Client, or the authorised party providing funding on Client’s behalf, will provide written consent which authorises TransactPay to initiate electronic funds transfers to or from the Client’s bank account to allow TransactPay to initiate debits to fund the applicable Program Funding Account and for allowing TransactPay to collect monies owed to TransactPay (either from a separate account or from the applicable Program Funding Account), and this authority will remain in effect until TransactPay receives notice from Client revoking it. The type of written consent required will be notified to the Client at the time when TransactPay requests it.
    7. Equivalent Value. Client acknowledges and agrees that for funds deposited by or on behalf of Client to the applicable Program Funding Account and / or any TransactPay specified collateral payment account, as applicable, it has received reasonably equivalent value in, among other things, the services made available to Client by and through TransactPay without which deposits the services would not be available to Client. Client also agrees TransactPay has provided reasonably equivalent value to Client in consideration for each purchase made with a Payment Instrument issued under this Agreement, no such transfer has been made for or on account of an antecedent debt owed by Client, and no such transfer is or may be voidable or subject to avoidance under any applicable bankruptcy, insolvency or other similar law.
    8. Revenue Share. If revenue sharing and/or any incentive payment is offered to Client, the Client understands that there will not be a material change in the net cost from Networks. If TransactPay’s costs or benefits from Networks materially change, or if TransactPay’s relationship with a Network is reduced or removed with respect to a Program, TransactPay will notify Client of corresponding change in such revenue sharing and/or incentive terms. Any agreed revenue sharing shall be documented in the Order Form.
    9. Additional Collateral. Certain Programs may require the Client to provide collateral funding in order for the Programs to operate. The Client’s use of the Services for those Programs is conditional upon providing such collateral. The specific collateral requirements shall be agreed and set out in the Order Form.
  11. Establishment. In addition to funding the applicable Program Funding Account, the Client shall transfer funds to the Reserve Account to hold the Non‑Payment Reserve Amount. The Reserve Account shall be used solely to secure the Client’s commercial obligations under this Agreement, including the payment of Regulatory Fines and the provision of collateral for any indemnities.
    1. Calculation. The Client shall maintain a balance in the Reserve Account equal to the Non-Payment Reserve Amount which shall be determined for each Program in accordance with the calculation methodology set out in the applicable Order Form and may be adjusted from time to time in accordance with that methodology. TransactPay may reasonably adjust this amount upon thirty (30) calendar days' notice based on the Customer’s or Authorised Users’ transaction volume or payment history.
    2. Application of Funds. If the Client fails to pay any undisputed Fees or other amounts due under this Agreement within five (5) Business Days of the due date, TransactPay shall have the right, without prior notice, to set off, transfer, or apply funds held in the Reserve Account towards satisfaction of such liabilities.
    3. Replenishment. If TransactPay withdraws funds from the Reserve Account, the Client must replenish the Reserve Account to the required Non-Payment Reserve Amount within three (3) Business Days of request. Failure to replenish the Reserve Account shall constitute a material breach of this Agreement.
  12. Fees and Payment.
    1. Fees. The fees owed and payable by the Client to TransactPay shall be set out in each Order Form for the applicable Services provided under that Order Form. Unless otherwise stated in an Order Form, the Pass-Through Costs (including Network assessments and banking charges) are variable and shall be billed to the Client.
    2. Invoice and Payment. TransactPay will invoice Client monthly in arrears for the fees or as otherwise specified in an Order Form. TransactPay’s payment will be due within thirty (30) calendar days of the invoice date Any undisputed amounts not paid by their due date will incur interest until paid, at the monthly rate of one and one-half percent (1.5%), prorated for any partial month. Client will bear all reasonable costs incurred by TransactPay associated with collecting fees due or other unpaid amounts. 
    3. Taxes. Unless otherwise agreed in an Order Form, all charges and fees are exclusive of any applicable withholding, sales, use, excise, value-added, or other taxes (collectively “Taxes”). Any such Taxes which TransactPay is legally responsible to collect from Client will be billed by TransactPay and paid by Client at the rate and in the manner for the time being prescribed by Applicable Law. If Client is required by Applicable Law to make a deduction or withholding from such a payment, the relevant sum payable will be increased by an additional amount to the extent necessary to ensure that, after the making of such deduction or withholding, TransactPay receives and retains (free from any liability in respect of any such deduction or withholding) a net sum equal to that which it would have received and so retained had no such deduction or withholding been made or required to be made.
    4. Set-off. Any amounts owed by Client will be set off with any amounts owed to Client in determining the net amount payable from one Party to the other on a monthly basis. If applicable, TransactPay reserves the right to withhold any revenue share payments which will be applied against any undisputed balances due from Client.
    5. Invoice Disputes. Client may dispute all or part of an invoice by providing a written statement, including via email, to TransactPay at least fifteen (15) calendar days prior to the invoice due date. The written statement must describe (i) the specific amounts in dispute, (ii) the basis of the dispute, and (iii) include documentation to support Client’s assertions. If Client disputes an invoice or part of an invoice, Client may, in good faith, withhold payment of the disputed amounts. Client's failure to pay undisputed amounts when such amounts are due will constitute a material breach of the Agreement. An invoice will be deemed undisputed if Client does not deliver the written statement at least fifteen (15) calendar days prior to the invoice due date. If TransactPay agrees with Client’s assertions and adjusts its invoice, then Client must pay the remaining amounts due (if any) within fifteen (15) calendar days of such resolution. 
    6. Early Termination.
      1. If, other than as a result of TransactPay’s uncured material breach of this Agreement, any Order Form is terminated prior to the expiration of its Term, Client will pay TransactPay an amount equal to the greater of:
        1. the average monthly revenue received by TransactPay related to the terminated Order Form(s) for the six (6) months prior to the termination; or
        2. the highest possible monthly fees for the applicable Order Form or, if more than one Order Form is being terminated, then the highest possible combined monthly fees for all the terminating Order Forms shall be used, and
        3. the greater of (1) or (2) shall be multiplied by the number of months (including a pro-rata portion for any partial month) remaining in the Term, as applicable (“Early Termination Damages”).
      2. Client will pay the Early Termination Damages within one (1) month of the effective date of any such termination. The Parties agree that the Early Termination Damages are not considered to be a penalty and constitute liquidated damages as a genuine and reasonable estimate of the damages that TransactPay will incur for the lost revenue resulting from such a termination. The payment of the Early Termination Damages by Client does not preclude liability to TransactPay for other damages arising under this Agreement.
  13. Intellectual Property.
    1. Parties’ Marks. Each Party owns, or has obtained all necessary rights, licences, and permissions to use and sub-licence to the other Party, all right, title, and interest in and to its Intellectual Property Rights. Each Party shall maintain appropriate licences with respect to any Intellectual Property Rights affecting any aspect of this Agreement. Except for the licences granted under this Agreement, neither Party will have any right, title, interest, or licence to the other Party’s Intellectual Property Rights. During the Term, each Party grants to the other a royalty-free, non-exclusive, non-transferable, non-sublicensable, limited right and licence to use, reproduce, and distribute the other Party’s Intellectual Property Rights (and any third-party Intellectual Property Rights provided by such Party in accordance with this clause) exclusively in connection with or in order to provide the Services. Each party warrants to the other that the use of that party’s Intellectual Property Rights by the other in the manner and for the purposes permitted by this Agreement does not infringe the Intellectual Property Rights of any third-party. The Parties agree that usage of a Party’s Intellectual Property Rights in a manner that merely refers to the Party without suggestion of endorsement or sponsorship is not restricted by this Agreement. Client may use TransactPay's Intellectual Property Rights solely for the purposes of non-public materials that disclose the Services provided by TransactPay under this Agreement. TransactPay may list Client in its marketing materials using the Client's Intellectual Property Rights and generally describe the Services provided by TransactPay under this Agreement. The Parties will obtain one another’s prior approval before any other public distribution of marketing or promotional materials that use the other Party’s Intellectual Property Rights. The Parties shall ensure that any aspects of the Program will not violate the Intellectual Property Rights of any third-party. Upon expiry or termination of this Agreement each party shall discontinue the use of the other party’s Intellectual Property Rights without compensation.
    2. Ownership and Licence. TransactPay (or a TransactPay Service Provider, Marqeta, as applicable) owns all right, title, and interest, including all Intellectual Property Rights, in and to the Services and the System and all derivatives thereof. TransactPay grants to Client a royalty-free, non-exclusive, non-transferable, non-sublicensable, limited right and licence to use the Services and the System exclusively in connection with the provision of the Services in accordance with this Agreement. TransactPay may provide Client with project deliverables, plans, Documentation, reports, analyses, and other tangible materials in connection with this Agreement (collectively, the “Deliverables”). TransactPay owns all right, title, and interest, including all Intellectual Property Rights, in and to the Deliverables and all derivatives thereof. TransactPay grants to Client a royalty-free, non-exclusive, non-transferable, non-sublicensable, limited right and licence to use the Deliverables, the Services, and the System exclusively in connection with Client’s use of the Services in accordance with this Agreement. Client will not, directly or indirectly, reproduce, retransmit, republish, reverse engineer, decompile, disassemble, or otherwise attempt to derive source code, trade secrets, Confidential Information, or other Intellectual Property from any of the Deliverables, the Services, or the System.
    3. Enhancements. TransactPay will be the sole and exclusive owner of all Intellectual Property Rights in any Enhancement to the System or Services, including any suggestions, Enhancement requests, recommendations or other feedback, and the Parties agree that any such Enhancement will not in any way constitute the Intellectual Property Rights or other rights of the Client or its third parties.
  14. Client Data Use.
    1. Notwithstanding anything to the contrary in this Agreement, User Data and Transaction Data are not Client’s Confidential Information.
    2. Client may use User Data and Transaction Data solely to perform contractual and legal obligations arising from a Program and in accordance with Applicable Law and will maintain User Data and Transaction Data in strict confidence. This clause shall not apply to, limit or prohibit the use of information and data to the extent such information or data has been independently obtained by Client for purposes independent of the Program, even if such information or data is duplicative of User Data or Transaction Data.
    3. With respect to Client Personnel and / or Client Third-Party Providers that have access to User Data and / or Transaction Data, Client will perform usual and customary initial, and regular follow-up, Due Diligence and / or background checks in accordance with Applicable Law, and Client will regularly audit, monitor, and oversee such Client Personnel and / or Client Service Providers to ensure compliance with the terms of this Agreement.
    4. Client (i) will not store User Data outside of the United Kingdom, European Economic Area or Switzerland and will ensure that Client Third-Party Providers do not store User Data outside of the of the United Kingdom, European Economic Area or Switzerland without the written approval of TransactPay and (ii) will ensure that User Data is not accessed from outside of the United Kingdom, European Economic Area or Switzerland, in each case, without TransactPay’s prior express written consent.
  15. TransactPay Data Use.
    1. Data Sharing. TransactPay shares data with Marqeta, who may act as an independent Controller solely for fraud prevention, identity verification, and System security monitoring purposes.
    2. Performance of Services. TransactPay (and any TransactPay Service Providers, including Marqeta) may undertake Processing of User Data and Transaction Data as necessary to perform applicable obligations under this Agreement, to process Transactions, and provide the Services in accordance with Applicable Law and Network Rules.
    3. Fraud Prevention and System Security (Legitimate Interest). TransactPay (and any TransactPay Service Providers) may undertake Processing of User Data and Transaction Data, including personally identifiable information, for the specific purposes of: (i) fraud screening, detection, and prevention; identity verification and sanctions and PEP screening to meet Regulatory Compliance Framework obligations; (iii) ensuring the security and integrity of the System; and (iv) complying with obligations Applicable Laws. The Client acknowledges that for these specific security and fraud prevention purposes, TransactPay and Marqeta determine the means of Processing and act as independent Controllers. TransactPay will provide the Client with specific privacy policy language for the Client to display to Customers and Authorised Users regarding TransactPay’s and Marqeta’s Processing for these purposes.
    4. Product Improvement and Development (Anonymised Data Only). TransactPay (and any TransactPay Service Providers) may also use data derived from the Services for the purpose of improving, developing, and analysing their respective products, services, and the Marqeta Platform functionality (“Product Improvement”). As part of this process, TransactPay (and TransactPay Service Providers) may undertake the Processing of Personal Data for the specific purpose of aggregating or de-identifying such data to create Anonymised Data. Once such data meets the standard of Anonymised Data, it shall no longer be considered Confidential Information or Personal Data under this Agreement, and TransactPay and Marqeta may use it for Product Improvement. For the avoidance of doubt, Anonymised Data does not constitute Personal Data and its use by Marqeta for Product Improvement purposes falls outside the scope of this clause and Data Protection Law.
    5. Aggregated Statistics. TransactPay (and any TransactPay Service Providers) may use Anonymised Data to compile, use, and disclose aggregated statistics, metrics, and insights regarding the performance of the Services, provided that such statistics do not identify the Client, any Customer, or any specific Authorised User.
    6. Disclosure. Client confirms that it has provided all required disclosures to and obtained any necessary authorisations from its Customers and Authorised Users, and Client agrees that it is permitted under Applicable Law to enable TransactPay and Marqeta to utilise the User Data and Transaction Data for the purposes described in this Agreement.
  16. Confidentiality and Non-Disclosure. Each Party may receive (“Receiving Party”) or otherwise become familiar with Confidential Information about the other Party (“Disclosing Party”). The Receiving Party agrees to take all reasonable measures to maintain the confidentiality and secrecy and security of the Confidential Information of the Disclosing Party and to avoid its disclosure, including all precautions the Receiving Party employs with respect to its confidential materials of a similar nature. Receiving Party may not disclose the Disclosing Party’s Confidential Information to any third party, except: (i) where TransactPay is the Receiving Party (i) to its Affiliates and (ii) to TransactPay Service Providers, in each case, for the purpose of providing the Services. In the event the Disclosing Party’s Confidential Information is disclosed to any third party pursuant to one of the exceptions noted in the preceding sentence, the Receiving Party must ensure that the third-party recipients do not use or disclose the Confidential Information other than in accordance with the terms of this Agreement. The Receiving Party may also disclose Disclosing Party’s Confidential Information to the extent required by Applicable Law or court order, provided that the Receiving Party uses reasonable efforts to limit such disclosure and has, to the extent reasonably possible and not prohibited under Applicable Law, provided commercially reasonable notice to the Disclosing Party of the legal disclosure requirement prior to the disclosure of Disclosing Party’s Confidential Information. If either Party receives confirmation of a material issue resulting in unauthorised access to the other Party’s Confidential Information, which could have a material impact on the other Party, such Party will promptly notify the other Party in writing and describe the circumstances surrounding such unauthorised access. In addition, each Party will promptly take reasonable steps to minimise such unauthorised access and reasonably cooperate with the other Party to minimise any damage resulting therefrom.
  17. Term and Termination.
    1. Term. The term of this Agreement commences on the Effective Date and continues for the Initial Term. Following the Initial Term, this Agreement will automatically renew for successive Renewal Terms unless terminated earlier in accordance with this Agreement. Notwithstanding the foregoing, this Agreement will in any event remain in effect until all Order Forms have expired or been terminated.
    2. Each Order Form will commence on the date on which TransactPay issues a PAL for the Program or Service to which that Order Form relates. Each Order Form will continue in full force and effect until terminated in accordance with this Agreement or as specifically set forth in such Order Form.
    3. Termination for Cause. 
      1. Mutual Termination for Material Breach. A Party may terminate this Agreement, or any Order Form, upon notice in the event that the other Party commits a material breach of this Agreement and fails to cure such material breach within thirty (30) calendar days after receipt of notice, provided, that, if such material breach is a non-monetary breach and is not reasonably curable within thirty (30) calendar days, the cure period will be extended so long as the other Party commences such cure within such thirty (30) calendar day period and diligently pursues such cure to completion within ninety (90) calendar days after notice is first provided. 
      2. TransactPay Termination for Compliance Breach. TransactPay may terminate this Agreement, or any Order Form, immediately upon notice as a material breach and without any reimbursement or repayment of any Fees paid to TransactPay if:
        1. the Client (or a Client Service Provider) has (a) any deficient Regulatory Compliance Framework processes or procedures; or (b) fails to adequately respond to requests or instructions from TransactPay requiring the Client to implement TransactPay’s required Regulatory Compliance Framework; 
        2. the Client (or a Client Service Provider) acts or omits to act in a manner that prevents TransactPay from meeting its obligations under Applicable Law as a regulated entity (including in dealing with concerns raised by a Regulatory Authority); or
        3. the Client fails to comply with its obligations under this Agreement, the Documentation, the Network Rules or any Applicable Law that applies to or relates to this Agreement and / or the Programs.
      3. Insolvency. A Party may terminate this Agreement, or any Order Form, upon notice in the event that the other Party becomes subject to any voluntary or involuntary bankruptcy, insolvency, reorganisation, or liquidation proceeding, has a receiver appointed for it, makes an assignment for the benefit of its creditors, or admits its inability to pay its debts as they become due, or any analogous procedure or step is taken in any jurisdiction.
      4. TransactPay Termination for Non-Payment. TransactPay may terminate this Agreement, or any Order Form, upon notice in the event Client fails to pay undisputed Fees when such Fees are due and payable and fails to cure such material breach within five (5) calendar days after receipt of notice. Such termination by TransactPay does not prejudice or waive its right to payment.
      5. Compliance Failures. TransactPay may terminate this Agreement, or any Order Form, upon notice if: (a) the Client fails to: (i) satisfy any regulatory or compliance
        1. obligation or directive; (ii) comply with the Program Parameters; or (iii) provide requested Due Diligence information; or (b) the Client violates Applicable Law or Network Rules. 
        2. Service Provision Concerns. TransactPay may terminate this Agreement, or any Order Form, upon notice, during its reasonable investigation into whether a potential Suspension Event (defined in clause 17(f), below) if during such investigation, TransactPay determines the likelihood of  (1) material fraud committed by Client, (2) Client’s misuse of the Services, or (3) Client’s use of the Services in a manner that compromises the security, integrity, or performance of the Services. TransactPay may also decline to authorise particular Transactions if TransactPay reasonably believes that such Transactions violate Applicable Law or Network Rules or would compromise the security, integrity, or performance of the Services or have a material adverse impact on TransactPay.
    4. Termination Not for Cause. 
      1. Change in Applicable Law or Network Rules. TransactPay may terminate this Agreement, or any Order Form, upon notice if there is a change in Applicable Law or Network Rules that would have a material adverse impact upon a Party’s ability to perform its obligations under this Agreement. The Party terminating or suspending this Agreement pursuant to this clause will provide ninety (90) calendar days’ notice of such termination unless a shorter period is required in order to comply with Applicable Law or Network Rules.
      2. Regulatory Direction. Either Party may terminate this Agreement, or any Order Form, upon notice if directed to do so by a Network, Banking Partner or Regulator. TransactPay will provide one hundred and eighty (180) calendar days’ notice of such termination unless it is required to provide less notice or cannot reasonably provide such notice, in which case it shall provide the Client with reasonable notice. 
      3. Program Inactivity. TransactPay may terminate this Agreement, or any Order Form, on thirty (30) calendar days' prior written notice, if a Program does not have material transaction or issuing activity for more than three hundred and sixty-five (365) calendar days after the date of mutual agreement or last signature, as applicable, of the latest PRD for that Program.
    5. Client Termination Rights. The Client may terminate this Agreement or a Program specified and agreed in an Order Form.
      1. TransactPay Material Breach of Obligations. Upon thirty (30) calendar days’ written notice to TransactPay if TransactPay commits a material breach of its obligations under this Agreement, and such breach is not remedied before the end of such thirty (30) calendar day period.
      2. TransactPay Violation of Applicable Law. Upon thirty (30) calendar days’ written notice to TransactPay (or some shorter notice period if allowed by Applicable Law), if TransactPay has violated Applicable Law in the provision of the Services. 
      3. Significant Incident Breach. For the avoidance of doubt, the Client's termination rights in respect of a Significant Incident Breach are as set out in Schedule C (Service Levels), clause 8.c.
    6. Suspension Rights. TransactPay may
      suspend the provision of Services, in whole or in part, pursuant to any Order Forms if, upon investigation, TransactPay discovers the occurrence of any of the following events (each, a “Suspension Event”): 
      1. Non-Payment. Client fails to pay undisputed Fees when such payments are due and payable and fails to cure such material breach within five (5) days after receipt of notice.
      2. Compliance Failures. Client fails to: (i) satisfy any regulatory or compliance obligation or directive; (ii) comply with the applicable Program Parameters; or (iii) provide Due Diligence information requested by TransactPay; or (b) the Client violates any Applicable Law or Network Rules.
      3. Service Provision Concerns. TransactPay may suspend performing Services during its reasonable investigation into the occurrence of any of the following: (1) Client’s material fraud, (2) Client’s misuse of the Services, or (3) Client’s use of the Services in a manner that compromises the security, integrity, or performance of the Services. TransactPay may also decline to authorise particular Transactions if TransactPay reasonably believes that such Transactions violate Applicable Law or Network Rules or would compromise the security, integrity, or performance of the Services or have a material adverse impact on TransactPay.
    7. Early Termination Damages. Unless such termination under this Agreement arises from TransactPay's material breach of this Agreement or an Order Form Client will pay TransactPay any applicable Early Termination Damages.
    8. Transition.
      1. Transition Services. Any notice of termination by either Party will include a proposed date for initiation of transition, if any. Except where this Agreement is terminated by TransactPay for cause or at the direction of, if applicable, Banking Partner, a Network, or a Regulator, TransactPay will provide the transition assistance reasonably necessary to transition the Payment Instruments or the services supporting the Payment Instruments (as applicable) to a successor service provider as agreed by the Parties in writing (the “Transition Services”).
      2. Costs and Timeframe. This Agreement will continue on the same commercial terms and conditions until the completion of the transition, and Client will be responsible for all costs, expenses and reasonable charges incurred by TransactPay in connection with the Transition Services, including any outstanding amounts due to TransactPay and any charges for the Services during the transition period. If the Client elects not to receive the Transition Services, the Parties will work in good faith to implement an orderly wind-down of the Services after termination of this Agreement. The wind-down period will not exceed six (6) months.
      3. Right to Decline. TransactPay shall not be required to provide any Transition Services to the extent that the requested activity:
        1. falls outside the scope of the Transition Services expressly agreed between the Parties or requires the creation of new functionality, bespoke development, or material changes to TransactPay’s systems or processes;
        2. would compromise the security, confidentiality, integrity, or operational resilience of TransactPay’s systems or those of its other clients;
        3. would require TransactPay to disclose proprietary information, trade secrets, or information that TransactPay is prohibited from disclosing under Applicable Law or contractual obligations owed to third parties;
        4. is not reasonably practicable due to the Client’s failure to provide timely cooperation, access, or information; or
        5. is unlawful, unsafe, or would expose TransactPay to regulatory, legal, or operational risk.
      4. Conditions. TransactPay may condition the provision of any Transition Services on the implementation of appropriate safeguards or on the Parties agreeing additional fees or terms. TransactPay will act reasonably and in good faith when assessing any such limitations and will provide written reasons where Transition Services are declined.
      5. Termination Process for Order Forms. Any termination of Services under an Order Form shall be terminated in accordance with the following process:
        1. Notice of Intent to Terminate. Written notice is provided in accordance with the applicable termination clause.
        2. Wind‑Down Period. During the notice period, the Parties will cooperate in good faith to wind down the relevant Program or Service. TransactPay will provide the Client with a detailed set of wind‑down requirements applicable to the relevant Program or Service, and the Client must comply with those requirements in full, including any steps relating to the treatment of funds, Customer and Authorised User communications, regulatory obligations, and settlement of outstanding fees.
        3. Effect of Termination. Upon expiry of the notice period:
          - The relevant Order Form will terminate;
          - the Parties will cease providing and receiving the Services under that Order Form; and
          - any surviving obligations expressly stated in that Order Form or this Agreement will continue.
      6. No Impact on Agreement. The termination of any Order Form (including all Order Forms relating to a Program) will not, by itself, result in the termination of this Agreement, which will continue in accordance with its terms, unless otherwise expressly terminated.
      7. Effect of Termination. Upon expiration or termination of this Agreement, Client will be responsible for the payment of all Fees accrued, due, and payable by Client up to the later of the date of such expiration or termination or the completion of the transition. TransactPay may set off such Fees owed by Client by applying the remaining funds in the applicable Program Funding Account. Within thirty (30) calendar days after the wind down of a Program, TransactPay will return all remaining funds owned by Client held in the applicable Program Funding Account and/or remaining on Payment Instruments, as adjusted for settlement, disputes, and chargebacks on Payment Instruments occurring on and after the end of the Term.
  18. Limitation of Liability.
    1. Except for (i) a Party’s breach of a Party’s Intellectual Property Rights, or (ii) a Party’s indemnification obligation for third party claims for infringement or Intellectual Property Rights, (iii) Client’s liability for Program Losses and Program-Related Fraud, or (iv) liabilities which cannot be limited or excluded by Applicable Law, including for fraud or fraudulent misrepresentation or for death or personal injury arising from a Party’s negligence (each, an “Excluded Claim”), in no event will either Party or their respective representatives and suppliers, included any TransactPay Service Provider or Client Service Provider, be liable to the other Party, whether in contract, tort (including breach of warranty, negligence, or strict liability), or otherwise for any indirect, incidental, consequential, special, exemplary, or punitive damages regardless of whether such Party knew or should have known of the possibility of such damages. The Parties agree that Regulatory Fines are direct and not indirect, incidental, consequential, special, exemplary, or punitive damages.
    2. Except for (i) an Excluded Claim (ii) a Party’s payment or funding obligations under this Agreement, or (iii) Client’s obligation to pay or reimburse TransactPay for Regulatory Fines as a result of Client’s, Client’s Personnel, or a Client Service Provider’s actions or inactions, a Party’s total cumulative liability to the other Party under the Agreement will not exceed the revenue earned by TransactPay under this Agreement during the twelve (12) months immediately preceding the date on which the issue giving rise to a Party’s liability under the Agreement occurred. Nothing in this Agreement shall be construed as limiting a Party's liability for fraud, death or personal injury caused by the other Party’s negligence.
    3. Notwithstanding anything to the contrary in this Agreement, neither Party will be in breach of this Agreement or otherwise responsible or liable for non-performance of its obligations to the extent such non-performance is attributable to: (i) a breach by the other Party of its obligations under this Agreement, (ii) the other Party’s failure to cooperate with and perform activities reasonably required on a timely basis.
    4. Notwithstanding anything to the contrary in this Agreement, TransactPay will not be in breach of this Agreement or otherwise responsible or liable for non-performance of its obligations to the extent such non-performance is attributable to: (i) TransactPay’s reliance on information or Client Instructions provided by Client in accordance with clause 6.b above (ii) any financial loss to a Customer, Authorised User, or the Client directly arising from the Client's own operational or administrative mistakes (e.g., incorrect load instructions, failure to respond or data entry errors) remain the responsibility of the Client or if the Client instructs the enabling of Commando Mode; or (iii) where the Marqeta Platform processes authorisation decisions based on Client-defined business rules (e.g. if the Client instructs the enabling of Commando Mode) when the Client fails to respond to a real-time request the Client is responsible and liable for all resulting transactions, losses and complaints.
    5. In the event of the foregoing, where Client has not performed its obligations under the Agreement, TransactPay will: (1) be excused from any resulting delays in performing the Services and be entitled to a corresponding adjustment in its Service Levels, and (2) not be responsible to Client for any claims by Client or third parties arising from or relating to the failure of any third-party software, hardware, communication devices, internet services, e-mail systems, or other systems or functions.
    6. No action, regardless of form, arising out of any claimed breach of this Agreement or the Services may be brought by either Party more than one (1) year after discovery of the breach. 
    7. Each Party has a general duty to mitigate any losses suffered by such Party, including through the enforcement of its agreements with third parties.
  19. Indemnification.
    1. TransactPay Indemnification. TransactPay will indemnify, defend, and hold harmless the Client and its officers, directors, and employees from and against all costs, penalties, fees, assessments, and other losses, including reasonable legal fees (“Damages”) as a result of any third-party claim or cause of action (“Claim”) arising out of, related to, or alleging: (i) TransactPay’s material breach of the Agreement, (ii) TransactPay’s wilful misconduct or fraud in connection with the Agreement (including the cost and expense of investigating any suspected or actual Regulatory Compliance Framework failures or regulatory non-compliance), (iii) the wilful misconduct or fraud of any TransactPay Service Provider in connection with the Agreement, or (iv) TransactPay’s infringement of the Intellectual Property Rights of any third party in connection with the Agreement, (v) TransactPay’s breach of its confidentiality obligation, or (vi) TransactPay’s intentional misuse of Personal Data. TransactPay’s indemnification obligations under this clause will not apply to, and to the extent of, any Damages that arise from or relate to (1) the combination of the Services with any products, services, or materials not supplied by TransactPay or a TransactPay Service Provider, (2) any modification to the Services not made by or on behalf of TransactPay, (3) any failure by Client to implement any Enhancement to the Services, (4) any use of the Services other than as expressly permitted under this Agreement, or (5) TransactPay’s compliance with any Client Instructions or reliance on any data or information received from Client or any authorised third party on Client’s behalf. 
    2. Client Indemnification. Client will indemnify, defend, and hold harmless TransactPay and each of their respective officers, directors, employees, and Affiliates, from and against all Damages as a result of any Claim arising out of, relating to, or alleging: (i) Client or Client Service Provider’s breach of the Agreement, (ii) the wilful misconduct or fraud of the Client and/or a Client Service Providers in connection with the Agreement (including the cost and expense of investigating any suspected or actual Regulatory Compliance Framework failures or regulatory non-compliance), (iii) the violation of any Applicable Law or Network Rules, (iv) the infringement of the Intellectual Property Rights of any third party in connection with the Agreement, (v) any Regulatory Fines (vi) the business or services of Client relating to the Agreement, or, when applicable, a Client Service Provider relating to the Agreement, (vii) TransactPay or a TransactPay service provider carrying out Client Instructions, (viii) Client’s breach of its confidentiality obligations, or (ix) Client’s intentional misuse of Personal Data.
    3. Procedure. The Party seeking indemnification (“Indemnified Party”) will promptly notify the indemnifying Party (“Indemnifying Party”) in writing of any Claim along with a copy of any papers served. Failure to provide prompt notice of any Claim will not relieve the Indemnifying Party of its indemnification obligations, except to the extent such failure materially prejudices the Indemnifying Party in defending the Claim. The Indemnified Party will tender control of the defence and settlement of any such Claim to the Indemnifying Party at the Indemnifying Party’s expense and with the Indemnifying Party’s choice of competent counsel. The Indemnified Party will also cooperate with the Indemnifying Party, at the Indemnifying Party’s expense, in defending or settling such Claim and the Indemnified Party may join in the defence with counsel of its choice at its own expense.
  20. Insurance. During the Term and any transition period, each Party will maintain in full force and effect, at its own cost and expense: (i) insurance coverage sufficient to cover its potential indemnity or reimbursement obligations, and (ii) an appropriate insurance policy or policies providing coverage in the event of its loss of confidential data, including User Data and Transaction Data, the limit of which: for general liability (a) will be no less than the GBP or Euro equivalent of five million dollars ($5,000,000) per claim or five million dollars ($5,000,000) aggregate and (b) for cyber insurance, will be no less than five million dollars ($5,000,000) aggregate. Each insurance policy will be carried in the name of the applicable Party. A copy of each policy, and any certificates of insurance evidencing the existence of such policy, will be provided to TransactPay promptly following such Party’s written or e-mail request. Each insurance policy must be written by insurance carriers that have an A.M. Best rating of ‘A’ or better and will name the other Party as an additional insured. Each Party will promptly provide notice to the other Party in the event of any notice of non-renewal or cancellation, lapse, or termination of any insurance coverage required under this Agreement. Notwithstanding the foregoing, Client acknowledges and agrees that TransactPay may require Client to carry insurance in addition to the amounts set forth above.
  21. Disclaimer of Statutory or Common Law Warranties. TransactPay specifically disclaims all warranties and clauses of any kind, express or implied, arising by statute or common law, related to this Agreement, including, any warranty of marketability, fitness for a particular purpose or non-infringement.
  22. Rights of Third Parties. In addition to the rights of third parties outlined in the Agreement, unless expressly provided in an Order Form, no term of this Agreement is enforceable pursuant to the Contracts (Rights of Third Parties) Act 1999 by any person who is not a party to it.
  23. Audit.
    1. During the Term and for at least six (6) years thereafter (or longer if required by Applicable Law), TransactPay, any applicable Network, any Regulatory Authority with jurisdiction over either Party, and any auditor or other representative appointed by TransactPay or such authorities (together, the “Auditing Parties”) may, on not less than seven (7) calendar days’ written notice (or shorter notice where required by Applicable Law or a Regulatory Authority), audit and inspect the Client’s relevant records, premises, systems, data, Personnel, and procedures, and those of its Affiliates, in order to:
      1. assess the Client’s and its Affiliates’ compliance with this Agreement, the Program Application Form, the PRD, Program Parameters, a Regulatory Compliance Framework, Network Rules, and/or Applicable Law;
      2. enable TransactPay to comply with any obligation, request, or requirement of a Regulatory Authority; and
      3. verify any sums payable or receivable by the Client or otherwise accountable to TransactPay.
    2. For the purposes of any Audit, the Client shall provide the Auditing Parties with timely access during normal business hours to its premises, relevant records, systems, procedures, and Personnel as reasonably required, and shall permit the Auditing Parties to take copies of relevant documents or electronic files.
    3. If an Audit identifies any material non‑compliance by the Client or its Affiliates with this Agreement or Applicable Law, the Client shall bear the reasonable costs of any follow‑up Audit undertaken by TransactPay to confirm that such non‑compliance has been remedied.
    4. Following an Audit, TransactPay may issue an audit report to the Client (the “Audit Report”). The Audit Report is provided solely for the Client’s internal use. Unless TransactPay gives prior written consent, the Client shall not reproduce, distribute, or disclose the Audit Report to any third party. TransactPay accepts no liability to any third party who relies on the Audit Report.
    5. The audit rights set out in this clause apply equally to the Client’s Affiliates, and the Client shall procure that equivalent audit rights are included in its contracts with its Affiliates to the extent relevant to the Services.
  24. Legal Requests. Client will promptly notify TransactPay of any subpoenas, garnishments, lawsuits, levies, regulatory inquiries, or other legal requests (each a “Legal Request”) that request User Data, Transaction Data, or relate to the Payment Instruments, Program, or this Agreement. Client will not disclose any User Data or Transaction Data in response to a Legal Request without first notifying TransactPay (to the extent not prohibited by the Legal Request) and providing TransactPay an opportunity to defend against such disclosure.
  25. Subcontractors. TransactPay may outsource the operation of Services to a TransactPay Service Provider, a Third-Party Provider or the Client (the “Outsourced Entity”). TransactPay retains full responsibility and accountability for any outsourced functions and for compliance with Applicable Law and all regulatory obligations. The Client may not subcontract any of its obligations under this Agreement without TransactPay’s prior written consent. The Client shall remain fully responsible for the acts and omissions of any approved subcontractor. The Client shall ensure that no subcontracting arrangement adversely affects TransactPay’s ability to comply with Applicable Law, including its regulatory, and oversight obligations as well as any obligations stemming from requirements in its Regulatory Compliance Framework.
  26. Exit.
    1. TransactPay agrees to provide Transition Services as outlined in clause 17.h above.
    2. Notwithstanding any Transition Services or exit and migration support set out elsewhere in the Agreement, unless prohibited by Applicable Law, a Regulatory Authority, or the Network, upon termination of the Agreement or any of the Services, TransactPay shall if requested by Client in writing (at the time of any termination notice, or within seven (7) calendar days of such notice being served):
      1. continue to provide the Services for up to six (6) months, subject to:
        1. continued payment by Client of all relevant Fees under the Agreement for such Services; and
        2. Client's continued compliance with the terms of the Agreement; and
      2. provide reasonable cooperation to Client, and provide access to relevant information held by TransactPay, to assist Client migrate to another supplier or to bring the relevant service in-house.
      3. The Parties shall cooperate in good faith to prepare and document an Exit Plan setting out the activities, responsibilities, and timelines applicable to the orderly transition or wind‑down of the Services. Each Party shall act reasonably and in good faith in developing the Exit Plan and in agreeing any updates to it from time to time. Once finalised, the Parties shall comply with the Exit Plan in the event that this Agreement or any of the Services is terminated.
    3. If Client elects not to receive such Transition Services, the Parties will work in good faith to implement an orderly wind-down of the Services after termination of the Agreement, with such wind-down period not to exceed six (6) months. Unless otherwise specifically provided for in the Agreement, all Transition Services, exit and migration or wind down support will be charged to Client monthly at the TransactPay hourly rate, together with any reasonable expenses. 
  27. General.
    1. Governing Law. This Agreement and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by and construed as follows: If the Territory where Services are provided pursuant to this Agreement is the United Kingdom, then in accordance with the law, and subject to the jurisdiction of the courts, of Gibraltar. If the Territory where Services are provided pursuant to this Agreement, then in accordance with the law, and subject to the jurisdiction of the courts, of Malta.  
    2. Dispute Resolution. Any dispute between the Parties arising out of or relating to this Agreement shall be resolved as follows:
      1. Upon the written request of either Party setting out the basis of the dispute in reasonable detail, each Party will appoint a designated representative having authority to resolve and settle such dispute. The designated representatives shall meet as often as the Parties reasonably deem appropriate to discuss the dispute and attempt to resolve the dispute. 
      2. This clause shall not be construed to prevent a Party from commencing court proceedings.
    3. Assignment. Neither Party may assign any rights or obligations under this Agreement without the other Party’s prior written consent; provided, however, that TransactPay may assign this Agreement or an Order Form subject to this Agreement to an Affiliate upon written notice. This Agreement will bind and inure to the benefit of the Parties and their respective successors and permitted assigns. 
    4. Force Majeure. Except for delays in payment, if the performance of this Agreement or any obligation under this Agreement is prevented, restricted, or interfered with by any act or condition whatsoever beyond the reasonable control of the affected Party, the Party so affected, upon giving prompt notice to the other Party, will be excused from such performance, except for the making of payments hereunder, to the extent of such prevention, restriction, or interference.
    5. Amendments and Waivers. No amendment to this Agreement will be valid unless in writing and signed by an authorised representative of each Party. The failure of either Party to insist on performance of any provision of this Agreement will not be construed as a waiver of such provision, and no waiver will be effective or enforceable unless signed by the Party against which such waiver will be enforced.
    6. Severability. If any provision of this Agreement conflicts with a law under which this Agreement is to be construed or is held invalid by a court of competent jurisdiction, that provision will be deemed to be restated to reflect, as nearly as possible, the original intentions of the Parties and the remainder of this Agreement will remain in full force and effect.
    7. Rights of Third Parties. This Agreement is between, and may be enforced only by, Client and TransactPay and will not create any rights in third parties.
    8. Cumulative Remedies. Except as otherwise expressly provided in this Agreement, all remedies provided for in this Agreement will be cumulative and in addition to, and not in lieu of, any other remedies available to either Party at law, in equity, or otherwise.
    9. All notices under this Agreement will be in writing, including via email. Each Party will send notices to the other Party at the address or email address set forth in the table on page 1 or such other address or email address as either Party may specify in writing. Notices to TransactPay must also be addressed to the Legal Department.
    10. Counterparts. This Agreement may be executed in counterparts.
    11. Relationship of the Parties. Nothing in this Agreement is intended to, or will, create a partnership, or joint venture, or agency relationship between the Parties.
    12. Survival. The provisions of this Agreement that by their nature or terms are intended to survive the expiration or termination of this Agreement (including but not limited to clauses 7(c), 7(e), 12(a)-(e), 13 (Intellectual Property), 14 (Client Data Use), 15 (TransactPay Data Use), 16 (Confidentiality and Non-Disclosure), 17(h) (Transition), 18 (Limitation of Liability), 19 (Indemnification), 25 (Audit), 30 (General), and Schedule B, will survive its expiration or termination.
    13. Entire Agreement. This Agreement, any applicable Order Form and any schedules, addenda, amendments, or exhibits incorporated via an applicable Order Form or Supplementary Schedule, represent the Parties’ entire agreement and supersedes any and all prior written or oral communications, agreements, or understandings.
    14. Order of Precedence. Subject to the following proviso, if there is any conflict or ambiguity between the terms used in the documents listed first above, the meaning of the same or functionally equivalent term contained in a document lower in the list will govern over a term contained in a document higher in the list. Notwithstanding any ordering of clauses of this Agreement, to the extent that there is a conflict between any terms of Issuer Services Schedule and other terms in the Agreement, solely with regard to Services provided under the same, the conflicting terms in the Issuer Services Schedule shall prevail. 

Schedule A
Definitions & Interpretation
1. Capitalised terms used elsewhere in the Agreement have the definitions set forth below:
AC Endorsement” means the written approval of the Approval Committee.
Account” means the payment account, e‑money account, or stored‑value balance associated with a Customer or Authorised User (as applicable) under the Program and used to initiate or receive Transactions.
Affiliate” means with respect to any Person, each Person who directly or indirectly controls, is controlled by, or is under common control with a Party. 
Anonymised Data” means data that has been irreversibly de-identified such that the Customer or Authorised User is no longer identifiable, and which can no longer be re-identified or attributed to any Data Subject by any party using means reasonably likely to be used, including through the use of additional information.
API” means application programming interface.
Applicable Law” means laws, regulations, statutes, codes, rules, orders, licences, certifications, decrees, standards or written policies, guidelines, directives, or interpretations imposed by any authority, including the Regulator and including the local laws of each Territory into which Payment Instruments are provided and Programs operated, and any Regulatory Authority that has or has asserted jurisdiction over the Party or matter in question, that apply to or relate to this Agreement and / or the Program(s), including those relating to privacy, anti-corruption, anti-bribery, anti-slavery, fair lending and anti-discrimination, disclosure requirements and prohibitions on unfair, deceptive or abusive acts and practices.
Approval Committee” means the TransactPay committee responsible for approving and authorising Services outlined in any Order Forms.
Authorised Transaction” means a Transaction that is approved based on available funds and valid use of ‘Strong Customer Authentication’ measures to mitigate fraud. 
Authorised User” means any person authorised by a Customer to use a Payment Instrument issued to that Customer.
Banking Partner” means credit institutions (banks) that partner with TransactPay to support a Program.
BIN” means a bank identification number (BIN) or issuer identification number (IIN) being a six-digit number assigned in association with an inter-bank card association number (ICA) and typically used to identify an issuing or acquiring portfolio for transaction authorisation and clearing purposes.
BIN Sponsorship
means the provision of access to a BIN by a regulated firm that is a Network member to enable branded Payment Instruments. 
Business Continuity Plans
means the documented policies, procedures, systems, and recovery measures maintained by an entity (and, where applicable, its service providers) to ensure the continued operation or timely restoration of its critical business functions in the event of a disruption, including disaster recovery arrangements, data backup and restoration processes, incident response procedures, contingency plans, and any related operational resilience measures required by Applicable Law or industry standards.
Business Day” means a day other than a Saturday, Sunday or public holiday in Gibraltar or Malta, as applicable, when banks in such jurisdictions are open for business.
Card” means a physical or virtual payment card that is issued by TransactPay under a Program containing a PAN that is associated with a TransactPay BIN that enables a Customer or Authorised User (as applicable) to initiate Transactions. 
Change Request” means a written request submitted by the Client seeking an amendment to a Program or to the Services described in the applicable Order Form.
Client Service Provider” means a Third-Party Provider with whom Client has a relationship that impacts or relates to Client’s rights or obligations in connection with the Agreement.
Commando Mode” means an optional feature pursuant to which the System makes authorisation decisions based on business rules pre-defined by Client in the event that Client fails to respond to a JIT authorisation request.
Compliance Requirements Table” means a schedule to an Order Form which sets forth any regulatory or compliance related requirements related to a Program, including but not limited to, reporting requirements and deadlines.  
Confidential Information” means the terms of this Agreement and information about the Disclosing Party’s technology, Client information, business activities, operations, and its trade secrets (as defined under Applicable Law), which are proprietary or confidential. Confidential Information also includes (without limitation) (i) existing or contemplated products, services, designs, technology, source code, processes, technical data, engineering, techniques, methodologies and concepts and any related information, (ii) information relating to business plans, sales or marketing methods and Client lists or requirements of a Party, (iii) all information about current and potential future Clients of a Party, and (iv) any material marked or designated ‘confidential’ or which by its nature or the circumstances surrounding its disclosure should reasonably be regarded as confidential. Confidential Information does not include information that a Receiving Party can demonstrate: (1) was in the public domain at the time of disclosure, (2) was in the legal possession of the Receiving Party at the time of disclosure without a duty of confidentiality, or (3) was independently developed by the Receiving Party without reference to the Disclosing Party’s Confidential Information.
Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data, as defined in applicable Data Protection Law, and “Controllers” shall be construed accordingly.
Customer” means the individual or entity to whom a Payment Instrument is issued or otherwise made available under the Program.
Data Incident” means any loss, or any unauthorised or unlawful destruction, damage, alteration, disclosure of, or access to, Personal Data, or as otherwise defined under applicable Data Protection Law. ‘Data Incident’ includes any event defined as a “data breach”, “personal data breach”, or “security breach” under applicable laws and regulations.
Data Protection Law” means all laws and regulations relating to the processing of Personal Data and privacy that apply to the Parties or to the Services, including: (i) the EU General Data Protection Regulation 2016/679; (ii) the UK General Data Protection Regulation and the Data Protection Act 2018; (iii) the Gibraltar General Data Protection Regulation and the Gibraltar Data Protection Act 2004; (iv) the Privacy and Electronic Communications Regulations 2003; and (v) any amendments, replacements, or successor legislation to the foregoing.
Data Subject” means any identified or identifiable natural person whose Personal Data will undergo or has undergone Processing by an entity in connection with the provision of the Services.
Documentation” means user manuals, policies, procedures, responsibility matrices, and/or other information that describe the features, functions, and operations of the Services, which may be modified from time to time by TransactPay or Marqeta, as applicable.
Due Diligence” means the identification, verification, screening, assessment, and ongoing monitoring activities carried out in respect of the Client, Customers, Authorised Users, and any Third‑Party Providers, and their respective beneficial owners and officers. Due Diligence includes, without limitation: identity verification; risk assessments; sanctions controls and screening; Politically Exposed Person (PEP) checks; adverse media checks; transaction verification and monitoring (separate from any checks on persons); ongoing monitoring of business relationships; record‑keeping obligations; and any other due‑diligence procedures required by Applicable Law.
Exit Plan” means the plan based on TransactPay's standard form approach, setting out the various roles and responsibilities of the Parties to affect an orderly exit and migration away from the Services. 
Fees” means all amounts, fees, charges, costs, expenses, Pass‑Through Costs, the Minimum Program Funding Amount, the Non-Payment Reserve Amount, and any other sums payable by the Client to TransactPay under or in connection with this Agreement, however described, whether fixed or variable, invoiced or not yet invoiced, accrued or contingent, and whether arising before or after termination of this Agreement. ‘Fees’ includes all amounts specified in or arising from any Order Form, Supplementary Schedule, or other document incorporated into this Agreement by reference, and “Fee” shall be construed accordingly.
Go-Live” means commencing live operations in a Production Environment.
Go-Live Date” means the date for Go-Live.
Implementation
means the technical and operational phase commencing upon the mutual agreement of a PRD and concluding upon the Go-Live Date. 
Initial Term
means the initial term of this Agreement as set out in the Order Form.
Intellectual Property Rights” means inventions, patents, utility models, trademarks, service marks, rights in design (registered and unregistered), semi-conductor topography rights, copyrights (including rights in computer software), database rights, business and trade names, domain names, know-how and all other industrial or other rights or forms of protection of a similar nature or having similar effect in any part of the world and rights in and in relation to any of them and the rights to apply for or claim priority in respect of any of them.
Issuer Directed Services” means the Payments Processing Services and related services that the Payments Processor must provide to TransactPay, instead of to the Client, when TransactPay exercises its Step‑In Right.
Issuer Services” means, to the extent applicable, the Payment Instruments services and ancillary and related services provided by TransactPay to the Client.
Issuer Services Schedule” means an exhibit to an Order Form that sets out the Issuer Services to be provided by TransactPay for a Program.
JIT” means ‘Just In Time’ which is a method that enables Client to automatically authorise or decline Payment Instrument transactions in real time via the Marqeta  API.
KYC” means ‘Know Your Customer’ which is the process by which a Party identifies and verifies the identity of a Client, Customer, Authorised User, or Third‑Party Provider, and confirms the identity of their respective beneficial owners and officers, as required by Applicable Law. This process forms part of, and is carried out through, the Party’s Due Diligence procedures.
Load” means any addition of funds to a Payment Instrument, whether by bank transfer, card funding, cash load, or any other permitted funding method, and includes any associated processing, verification, or reconciliation activities.
Marqeta” means Marqeta Inc. and its subsidiaries.
“Marqeta API” means the application programming interface associated with Marqeta and used to provide certain Services outsourced by TransactPay to Marqeta. 
Marqeta Dashboard” means the online platform(s) created and maintained by Marqeta through which the Client or Customer (as applicable) may view and access certain information related to the Program(s). 
Marqeta Platform” means the platform and systems operated by Marqeta to deliver the Services outsourced by TransactPay to Marqeta in respect of the Program and as specified in this Agreement.
Material Change” means any change, event, circumstance, or development that may reasonably be expected to have a material adverse effect on a Party’s ability to perform its obligations under this Agreement or on the risk profile, continuity, security, or regulatory compliance of the Services, including, without limitation: (a) any change to a Party’s ownership, control, or corporate structure; (b) any change to key Personnel involved in the performance of the Services; (c) any change to subcontracting arrangements relating to any critical or important functions; (d) any material change to the systems, processes, technologies, or locations used to perform the Services; (e) any deterioration in a Party’s financial standing; or (f) any legal, regulatory, or operational development that may adversely affect a Party’s ability to comply with this Agreement.
Network” means any operator of a payment card network, such as Visa, Discover, or Mastercard and/or any other electronic payment network or closed loop arrangement over which Transactions and Settlements are processed as agreed with TransactPay.
Network Rules” means the rules, by-laws, and standards of any applicable Network.
Non-Payment Reserve Amount” means the amount of the Client’s funds that the Client is required to deposit into, and maintain in, the Reserve Account, to be held by TransactPay as security for the Client’s payment obligations under this Agreement, including as collateral against any actual or anticipated non‑payment of Fees.
OFAC” means the Treasury Department’s Office of Foreign Assets Control. 
Order Form” means an order form governed by the Terms and incorporated into this Agreement that sets out the Services, Fees, funding requirements, operational requirements, Program requirements, and other features applicable to a particular Program provided by TransactPay or a TransactPay Service Provider. The Order Form includes: (a) the applicable Program Application Form; (b) all documents, schedules, specifications, standards, operational requirements, and Program requirements referenced in or appended to the Order Form, whether directly attached or provided by hyperlink; and (c) any additional terms agreed by the parties in writing. All elements of the Order Form constitute part of this Agreement and the Client shall comply with all requirements set out in or incorporated into the Order Form.
PAL” means the ‘Program Authorisation Letter’ which is the written instrument, signed by both Parties, that confirms the Client is authorised to launch and make publicly available the relevant Services provided under this Agreement for a specific Program. The PAL identifies all regulatory, operational, and contractual requirements applicable to that Service have been satisfied, and that TransactPay consents to the Client’s public deployment of the Program. No Program may be launched without a duly executed PAL.
PAN” means primary account number.
Pass-Through Costs” means any fees, costs, or charges levied by a third party (including Network fees and banking charges) that are passed on to the Client at cost by TransactPay.
Payment Instrument” means any Card, Account, or other method issued or enabled under the Program that allows a Customer or Authorised User (as applicable) to initiate or receive Transactions.
Payments Processing
Services” means the services performed by the Payments Processor that are necessary to support the Program, service Customers and Authorised Users, and process Transactions, including, without limitation, authorisation, clearing, Settlement, and the provision of reconciliation and Settlement information to TransactPay.
Payments Processor” means Marqeta, which provides the Payments Processing Services for the Program.
Person” means any corporation, company, partnership, firm, joint venture, association, trust government agency, political subdivision, other entity, or individual.
Personal Data” means any information relating to a Data Subject who is an identifiable natural person, being a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier, or to one or more factors specific to the person’s physical, physiological, genetic, mental, economic, cultural or social identity, or as otherwise defined in applicable Data Protection Law. For clarity, Personal Data includes User Data and Transaction Data, and excludes Anonymised Data.
Personnel” means any employee, contractor, work-for-hire or other person working under the authority of the relevant Party.
PRD
means the ‘Project Requirements Document’ which identifies the technical and operational specifications required to deliver a Program.
Principal Member” means the necessary licences held by TransactPay with the Network in order to undertake Transactions.
Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, or as otherwise defined in applicable Data Protection Law.
Processor” means a natural or legal person, public authority, agency or other body which conducts the Processing of Personal Data on behalf of the Controller, as defined in applicable Data Protection Law.
Production Environment” means the live, operational instance of the System which is connected to the Networks and authorised for the processing of live Transactions. Unlike the sandbox, the Production Environment enables the issuance of live Payment Instruments, the movement of Relevant Funds, and access to live services including 3D Secure, Marqeta ‘RiskControl', and tokenisation services.
Production Readiness Testing” means the mandatory suite of live-environment tests conducted by the Client or the Client Service Provider (as applicable) during the Implementation Phase but prior to the Go-Live Date. This testing is conducted using live funds with low values to verify the integrity of the funds flow and System connectivity. It specifically includes, without limitation: (a) a live BIN test with an e-commerce transaction; (b) a physical card personal identification number change (where applicable); (c) a chip point of sale transaction (where applicable); (d) verification of 3D Secure functionality; and (e) any scenario testing required by TransactPay to satisfy requirements in the applicable Regulatory Compliance Framework.
Program” means the marketing, evaluation, payments and transaction processing, administration, supervision, servicing, and maintenance of the Services provided for the benefit of the Client whether provided by TransactPay, a TransactPay Service Provider, the Client or any chosen Third-Party Provider and any other ancillary services established in accordance with this Agreement, where each Service is specified in a separate Order Form. 
Program Application Form” means a document related to a Program that is approved by TransactPay and which sets forth, at a minimum: (i) the Program name and description, (ii) Customer and Authorised User (as applicable) experience details, (iii) BIN classification information, (iv) risk and compliance obligations, (v) Payment Instrument usage limitations and Program specification, and (vi) any other necessary terms, including all Program Parameters. 
Program Funding Account” means the collateral account established by TransactPay to hold funds required to fund a Program.
Program Losses” means credit losses, balance debits, negative balances and load failures due to Client’s acts or omissions, chargebacks, international decline charges, identity theft liabilities and costs, fraud (including transaction fraud, cloning, phishing, over/under limit processing and related actions or recovery) and any other losses on the Payment Instruments serviced by TransactPay pursuant to this Agreement.
Program Management Services” means the comprehensive program management services provided by Marqeta, which is overseen by TransactPay. TransactPay assumes the primary operational, compliance management and coordination role when working with Marqeta and other Affiliates to support these services as specified in the relevant Schedule (but only to the extent agreed and specified in the relevant Schedule).
Program Management Services Schedule” means the schedule to an Order Form that sets out the Program Management Services to be provided in connection with a Program.
Program Parameters” means relevant information and controls related to a Program, including but not limited to: (i) controls on Payment Instruments for Customers and Authorised Users, (ii) controls required by Networks to implement the Program, (iii) geographic restrictions, (iv) usage limitations, and (v) any other parameters necessary for operation of the Program.
Regulator” means, as applicable to a Territory where Services are provided, the Gibraltar Financial Services Commission] or the Malta Financial Services Authority and/or the Financial Intelligence Analysis Unit and any person appointed by them.
Regulatory Authority” means as the context requires, any Network and/or any regulatory, statutory or other entity, committee, agency and/or body which, whether under statute, rules, regulations, codes of practice or otherwise, is entitled by Applicable Law to have jurisdiction and/or authority over TransactPay related to the issuance, marketing, sale, authorisation or usage of the Services, Systems or Programs provided under this Agreement, including without limitation the Regulator.
Regulatory Compliance Framework” means the policies, procedures, controls, standards, and operational measures implemented to ensure compliance with Applicable Law, the Network Rules, industry standards, and regulatory or governmental requirements, including those relating to financial crime prevention, fraud reporting, operational resilience, customer protection and conduct, and Due Diligence. 
Regulatory Fines” means any fines, fees, penalties, assessments from a Network, Regulator, Regulatory Authority, or governmental agency in respect of, or arising due to the operation of, a Program.
Relevant Funds” means any sums received from, or for the benefit of, a Customer or Authorised User for the purpose of executing a Transaction or issuing electronic money, including any funds received from a Third‑Party Provider on their behalf, from the moment such funds are received until they are redeemed, transferred, or otherwise returned in accordance with Applicable Law.
Renewal Term” means each renewal period of this Agreement as set out in the Order Form.
Reserve Account” means the account controlled by TransactPay to protect against any potential liability for unpaid fees in respect of the Services and Systems provided under this Agreement.
Retail Partner” means Client Service Provider that the Client partners with under a separate written agreement to make incentives, rewards, goods, or services available in connection with the Program.
Roles and Responsibilities Matrix” means the matrix setting out different operational, regulatory, contractual and interface obligations of the Parties and Marqeta and any Client Service Provider, as provided in the applicable Order Form.
Sanctions” means any and all economic or financial sanctions, sectoral sanctions, secondary sanctions, trade embargoes and restrictions and anti-terrorism laws, including but not limited to (i) those imposed by the U.S. government (including those administered by the Treasury Department’s Office of Foreign Assets Control (“OFAC”)); (ii) the United Nations Security Council; (iii) the United Kingdom; (iv) the European Union; and (v) all other lists from any other applicable sanctions regimes.
Sandbox Testing” means a secure environment that simulates the Production Environment, allowing the Client to test API requests, simulate Authorised Transactions, and validate JIT funding responses without processing live funds.
Service Levels” means the service level descriptions, performance standards, metrics, and related requirements applicable to a Service, as set out in the Service Levels Schedule or, where specified for a particular Service, in the relevant Order Form or PRD, including any updates or revisions made in accordance with this Agreement.
Service Levels Schedule” means the schedule to this Agreement that sets out the Service Levels, and any associated remedies or termination rights applicable to the Services.
Services” means the Program Management Services, the Payments Processing Services, and the other services selected by and provided to the Client as described in the Order Forms, and “Service” shall be construed accordingly. The Services shall not include any “Payment Services” as defined by Directive (EU) 2015/2366, Financial Services (Payment Services) Regulations 2020, or Financial Institutions Act (Chapter 376 of the Laws of Malta).
Settlement” means the movement and reconciliation of funds between TransactPay and Network members in accordance with the Rules or, where a Network is not involved, other payment service providers.
Solution Design” the technical and operational scoping phase where the Parties determine the funds flow, API integrations, and compliance flows required to generate the PRD.
Step‑In Right” means TransactPay’s right to assume the Client’s rights and responsibilities in relation to the Payments Processor (being Marqeta) and the Payments Processing Services, including issuing instructions directly to Marqeta as Payments Processor, where necessary to ensure regulatory compliance, operational continuity, risk management, or proper performance of the Program.
Sub‑processor” means any third party appointed by or on behalf of the Processor to who is Processing the Personal Data on behalf of the Controller in connection with the Agreement.
Supplementary Schedule” means any schedule to this Agreement . All such schedules shall be listed in the Terms. 
System” means the proprietary technology platforms used by TransactPay to perform Payment Instrument issuance, Program operation, and transaction processing, including the technology provided by Marqeta as a TransactPay Service Provider. The System includes APIs, the Marqeta API, Marqeta  Dashboard, the Marqeta Platform, sandbox environments, and related software, code, and infrastructure, together with any Enhancement thereto. 
Term” means the period commencing on the Effective Date and continuing through the Initial Term and any Renewal Terms, unless this Agreement is terminated earlier in accordance with its terms. For the avoidance of doubt, the Term of this Agreement is independent of, and is not affected by, the commencement, continuation, expiration, or termination of any Order Form.
Territory” means the jurisdictions into which the Parties agree the Programs may be provided as specified in a Program Application Form and as agreed to from time to time.
Third-Party Provider” means any third party, that is not TransactPay, Marqeta or the Client and is specified as service provider for services that are necessary for the functioning of a Program.
Transaction” means a transaction that is processed through the Network and its members or through the Payments Processor and TransactPay and includes: payments for goods or services, fund transfers (including to other Payment Instruments), refunds on to a Payment Instrument and fund withdrawals (from an ATM, bank or other service provider), and “Transactions” shall be construed accordingly.
Transaction Data” means any data, except User Data, about a transaction initiated with a Payment Instrument.
User Agreement” the agreement between TransactPay and a Customer or Authorised User (as applicable) governing the terms and use of a Payment Instrument and any supplemental terms and conditions of use for a Payment Instrument or any ancillary feature offered in connection with a Payment Instrument, as well as any privacy policies or other disclosures which may be deemed necessary depending on the scope and nature of a Program.
User Data” means information that is provided to or obtained by either Party in the performance of its obligations or use of Services under this Agreement or otherwise regarding applicants and current or former Customers, Authorised Users, or applicants to become any of them. 
2. The following definitions and rules of interpretation apply in this Agreement:
       (a) Clause, Schedule and paragraph headings shall not affect the interpretation of this agreement.
       (b) The Schedules form part of this Agreement and shall have effect as if set out in full in the body of this Agreement. Any reference to this Agreement includes the Schedules.
       (c) Unless the context otherwise requires, words in the singular shall include the plural and, in the plural, shall include the singular.
       (d) A reference to a company shall include any company, corporation, or other body corporate, wherever and however incorporated or established.
       (e) Unless expressly provided otherwise in this Agreement, a reference to a legislation or legislative provision shall include all subordinate legislation made from time to time under that legislation or legislative provision.
       (f) References to clauses and Schedules are to the clauses and Schedules of this Agreement and references to paragraphs are to paragraphs of the relevant Schedule.
       (g) Any words following the terms including, include, or
for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.
       (h) In the case of any ambiguity between any provision contained in the body of this Agreement and any provision contained in the Schedules, the provision in the body of this Agreement shall take precedence.
       (i) A reference to writing or written includes email.
       (j) Unless the context otherwise requires the reference to one gender shall include a reference to the other genders.
 
Schedule B
Processing Addendum (“DPA”)


  1. Background. This DPA details the Parties' personal data processing, privacy, and information security obligations. The Agreement and this DPA shall be construed to be consistent with each other to the greatest extent possible; however, in the event of a conflict between the provisions of this DPA and the Agreement, the provisions of this DPA will take precedence with respect to the subject matter contained herein. This DPA will apply to all Services rendered by TransactPay under the Agreement. Capitalised terms not defined herein shall have the definitions set forth in the Agreement.
  2. Term. This DPA shall continue in force for the Term of the Agreement.
  3. Relationship of the Parties. 
    1. All Services. TransactPay (and any authorised TransactPay Service Providers) act as independent Controllers when Processing User Data or Transaction Data for fraud prevention, fraud detection, or security monitoring. For those activities, TransactPay determines the purposes and means of the Processing, and the obligations in this DPA do not apply.
    2. Provision of Personal Data. The Parties will only undertake the Processing of Personal Data that is provided or made available by the other Party, or collected by a Party, in connection with the performance of the Agreement.
    3. Program Management Services. For all other purposes the Data Protection Law roles are as follows: TransactPay is the Controller when Processing Personal Data in respect of the Services provided by it in relation to a Program. It is expected that Client will likely also be an independent Controller in respect of Processing Personal Data on Customers and Authorised Users (other than to the extent that it does so on behalf of TransactPay). Marqeta acts as a Processor on behalf of TransactPay when Processing Personal Data in connection with the Agreement. 
    4. Regulatory Processing (Client as Processor): Notwithstanding the designations in Clause 3.a, the Parties acknowledge that where TransactPay is required by Applicable Law to perform a review of its Regulatory Compliance Frameworks, safeguarding functions or any other obligations imposed by a Regulatory Authority (“Regulatory Obligations”) TransactPay acts as the independent Controller of all Personal Data required to fulfil such Regulatory Obligations and the Client acts as a Processor on behalf of TransactPay. The Client acts as a Processor insofar as it collects, aggregates, or transmits such Personal Data to TransactPay or any TransactPay Service Providers to enable TransactPay to meet its Regulatory Obligations. For the avoidance of doubt, the Client acts as a Processor only for the purposes of:
      1. collecting and transmitting KYC data, Sanctions data, and fraud data required by TransactPay to satisfy its non-delegable Regulatory Obligations; and
      2. using User Data to provide Customers and Authorised Users with Payment Instruments and to update Customers and Authorised Users on changes to Network requirements.
  4. Data Protection Compliance Obligations.
    1. General Compliance: Each Party shall comply with its respective obligations under Data Protection Law. Neither Party shall perform its obligations in such a way as to cause the other Party to breach any of its applicable obligations under Data Protection Law.
    2. Processor Obligations: To the extent a Party acts as a Processor (the “Processing Party”) on behalf of the other Party acting as Controller (the “Controlling Party”), the Processing Party shall: 
      1. Instructions: ensure it is Processing Personal Data only on the documented instructions of the Controlling Party (including as set forth in this Agreement), unless required to do so by Applicable Law; 
      2. Confidentiality: Ensure that persons authorised to be Processing the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; 
      3. Security: Implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk (as detailed in Schedule B – Annex 4); 
      4. Assistance: Taking into account of the nature of the Processing, assist the Controlling Party by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controlling Party's obligation to respond to requests for exercising the Data Subject's rights; 
      5. Data Breaches: Notify the Controlling Party without undue delay upon becoming aware of a Data Incident affecting the Controlling Party's data; and 
      6. Deletion/Return: At the choice of the Controlling Party, delete or return all the Personal Data to the Controlling Party after the end of the provision of services relating to Processing, and delete existing copies unless Applicable Law requires storage of the Personal Data.
    3. Controller Obligations: To the extent a Party acts as a Controller, it warrants that:
      1. It has a valid lawful basis for the Processing of Personal Data; 
      2. It has provided, or procured the provision, of all necessary notices and disclosures to Data Subjects (including, where the Client is Controller, informing Customers and Authorised Users of TransactPay and Marqeta's roles); and 
      3. Any instructions given to the Processing Party regarding the Personal Data are lawful.
    4. TransactPay Specific Rights:
      1. Sub-processing: The Client generally authorises TransactPay to engage Marqeta and the Marqeta sub-processors listed in Schedule B – Annex 1.
      2. Anonymisation: Notwithstanding the foregoing, TransactPay (and any TransactPay Service Providers) may undertake the Processing of Personal Data for the purpose of creating Anonymised Data (which shall no longer constitute Personal Data) for product improvement and analytics purposes as set out in clause 14.d of this Agreement.
  5. Security and Data Incident Response.
    1. TransactPay.
      1. Taking into account the state of the art, the nature, scope, context and purposes of the Personal Data Processing, and the risk of varying likelihood and severity of potential harm to the rights and freedoms of Data Subjects, TransactPay will implement and maintain a comprehensive written information security program designed to protect Personal Data from any Data Incident (including protection against any anticipated threats or hazards), including physical, technical, and organisational measures appropriate to the risk.
      2. TransactPay shall procure that the relevant Marqeta entity involved in relevant Processing shall, maintain compliance with AICPA Trust Services Criteria (SOC reports) or ISO27001 and PCI DSS. 
      3. TransactPay will provide those Personnel who have access to Personal Data with appropriate education and training on their data protection and confidentiality responsibilities.
      4. TransactPay agrees to promptly, and without undue delay, but in no case later than the prescribed period under applicable Data Protection Law, notify Client of any Data Incident impacting Client. TransactPay shall ensure that such notice includes relevant details relating to such Data Incident including, to the extent then known:
        1. the nature and facts of such Data Incident including the categories and number of Personal Data records and the Data Subjects impacted;
        2. the contact details of the Data Protection Officer or other representative from whom Client can obtain further information relating to the Data Incident; and
        3. the measures taken or proposed to be taken by TransactPay to address the Data Incident and to avoid or mitigate any possible adverse effects.
      5. TransactPay will take appropriate steps to investigate, mitigate, and remedy the harm to the Client and any individuals impacted by a Data Incident and will reasonably cooperate with the Client in the investigation and remediation efforts.
    2. Client.
      1. Taking into account the state of the art, the nature, scope, context and purposes of the Personal Data Processing, and the risk of varying likelihood and severity of potential harm to the rights and freedoms of Data Subjects, Client will implement and maintain a comprehensive written information security program designed to protect Personal Data from any Data Incident (including protection against any anticipated threats or hazards), including physical, technical, and organisational measures appropriate to the risk.
      2. Client’s information security program shall be aligned to (1) at least one or more of the following industry security standards: AICPA Trust Services Criteria (SOC reports), NIST Cybersecurity Framework, ISO 27001, or SANS/CIS Critical Security Controls, and (2) PCI DSS. 
      3. Client will provide those Personnel who have access to Personal Data with appropriate education and training on their data protection and confidentiality responsibilities.
      4. Client agrees to promptly, and without undue delay, but in no case later than the prescribed period under applicable Data Protection Law, notify TransactPay of any Data Incident impacting TransactPay or the Program. Client shall ensure that such notice includes relevant details relating to such Data Incident including, to the extent then known:
        1. the nature and facts of such Data Incident including the categories and number of Personal Data records and the Data Subjects impacted;
        2. the contact details of the Data Protection Officer or other representative from whom TransactPay can obtain further information relating to the Data Incident; and
        3. the measures taken or proposed to be taken by Client to address the Data Incident and to avoid or mitigate any possible adverse effects.
      5. Client will take appropriate steps to investigate, mitigate, and remedy the harm to TransactPay and any individuals impacted by a Data Incident and will reasonably cooperate with TransactPay in the investigation and remediation efforts. 
      6. Client shall ensure that access to the TransactPay System and User Data and Transaction Data is provided only to Client or Client Sub-processor Personnel who have been properly authorised by Client.
  6. Return or Destruction of Personal Data.
    1. Upon termination or expiry of this DPA or the Agreement, or, where a longer retention period is required by Applicable Law upon completion of any additional required retention period, TransactPay shall take reasonable steps to either anonymise, return (as applicable and where Client does not have access to the information itself), delete, or destroy all Personal Data.
    2. To the extent that TransactPay is required by Applicable Law to retain all or part of the Personal Data (“Retained Data”) beyond termination or expiry of this DPA or the Agreement, TransactPay shall: (i) cease all Processing of the Retained Data other than as required by Applicable Law; and (ii) continue to comply with the provisions of this DPA in respect of such Retained Data.
  7. Sub-processors & Client Service Providers
    1. TransactPay. The Client provides a general written authorisation to TransactPay to engage Marqeta as a Processor and to authorise Marqeta to engage Sub-processors (as listed in Schedule B – Annex 1) for the performance of the Services. TransactPay remains fully liable to the Client for the performance of the data protection obligations of Marqeta and any such Sub-processors. In doing so, TransactPay shall:
      1. ensure that its Sub-processors are required by contract to: (i) undertake Processing of Personal Data only for the purposes permitted in the Agreement and this DPA; and (ii) comply with data protection obligations substantially similar to those imposed on TransactPay under this DPA;
      2. remain responsible for any Processing by a TransactPay Sub-processor in breach of this DPA; and
      3. attach a list of current Sub-processors as Schedule B – Annex 1. TransactPay may periodically update its Sub-processor list, which can be viewed by visiting the link found in Schedule B – Annex 1. 
    2. Client.
      1. Program Management Services. 
        1. When receiving Program Management Services, Client may appoint Sub-processors as part of the Agreement. In doing so, Client shall: 
          i. ensure that its Sub-processors are required by contract to: (i) undertake Processing of Personal Data only for the purposes permitted in the Agreement and this DPA; and (ii) comply with data protection obligations substantially similar to those imposed on Client under this DPA;
          ii. remain responsible for any Processing by its Sub-processor in breach of this DPA; and
          iii. attach a list of current Sub-processors as Schedule B – Annex 2. Client shall provide notice to TransactPay in a writing to transactpaylegal@transactpay.com in the event of any change to the list of Sub-processors set forth on Schedule B – Annex 2. 
  8. Cross-border Transfers. As part of the Services, TransactPay may transfer Personal Data to locations around the world provided that such transfers comply with applicable Data Protection Law. Client acknowledges that such transfers may be to the United States as well as other jurisdictions where TransactPay and any Third-Party Providers provide the Services. 

Schedule B – Annex 1
Marqeta’s Sub-Processors
A list of current Sub-processors is available at: https://www.marqeta.com/sub-processors/
Schedule B – Annex 2
Client’s Sub-Processors
As set forth in an attachment to the Order Form.
Schedule B – Annex 3
Personal Data Processing Details
A. List of Parties:
 
Data Controller: TransactPay

Name

As first set out above in this Agreement

Address

As first set out above in this Agreement

Contact details

As first set out above in this Agreement

Activities relevant to the data processes

Client as Processor. Related services as more fully described in the Agreement.

Role

For Program Management Services: TransactPay is an independent Controller. Marqeta acts as a Processor on behalf of TransactPay, except when acting as an independent Controller solely for the defined system security, fraud prevention, and identity verification purposes expressly permitted under this Agreement. 


Data Processor: Client 

Name

As first set out above in this Agreement 

Address

As first set out above in this Agreement 

Contact details

[XXXXXXX]

Activities relevant to the data processed

Client as Processor. Related services as more fully described in the Agreement.

Role

Processor to TransactPay.

 
B. Description of processing:

Categories of data subjects whose personal data is processed

Customers or Authorised Users who participate in the Program.

Categories of personal data processed

Customer or Authorised User data, which includes the Primary Account Number (“PAN”) which identifies the particular Customer or Authorised User: account; name; expiration data and/or service code (three-digit or four-digit value in the magnetic-stripe that follows the expiration date of the payment card on the track data), and sensitive authentication data such as card validation codes/values, full track data (from the magnetic stripe or equivalent on a chip), Personal Identification Number (“PIN”), and PIN blocks. 

Transaction Data, which is data related to the Transaction.

Payment Instrument Data which may consist of Customer or Authorised User data and/or sensitive authentication data, and can include a unique representation of data such as name and address, or mobile number and/or email.

Customer or Authorised User data or Due Diligence such as name, address, and other documentary evidence needed to conduct KYC. 

Sensitive data processed (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures:

No sensitive data is processed. 

Nature of the processing

Client as Processor related services as more fully described in the Agreement.

Purpose(s) of the data processing:

Client as Processor related services as more fully described in the Agreement.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period:

Personal Data is deleted after the termination of the Agreement, other than where a Party is required by applicable law to retain such data for additional periods, as more fully described in the Agreement. 


C. Competent supervisory authority:
As determined pursuant to Data Protection Law.

Schedule B – Annex 4
Technical and Organisational Security Measures
Introduction
Data protection is a top priority for TransactPay and Marqeta. TransactPay implements a comprehensive security program for its internal systems. This Annex 4 details the technical and organisational measures (“Measures”) implemented by Marqeta, as a TransactPay Service Provider, to secure the Services data processed on the underlying Marqeta Platform (“Service Data”). References herein to Marqeta are to read as references to Marqeta, the entity that performs these technical Measures on behalf of TransactPay.
Marqeta utilises commercially reasonable Measures to keep the Services Data secure. 
  1. Information Security Program and Training.
    1. Marqeta maintains a written information security program that:
      1. Is managed by a senior employee responsible for overseeing and implementing the program;
      2. Includes administrative, technical, and physical safeguards reasonably designed to protect the confidentiality, integrity, and availability of Services Data;
      3. Is appropriate to the nature, size, and complexity of Marqeta’s business operations.
    2. Marqeta provides training for its Personnel who are involved in the Processing of Services Data so that they understand their data protection obligations.
  2. Logical Access. Marqeta limits its Personnel’s access to Services Data as follows:
    1. Requiring unique user access authorisation through secure logins and passwords, including multi-factor authentication for remote access to our infrastructure;
    2. Limiting the Services Data available to Marqeta Personnel on a ‘need to know’ basis;
    3. Restricting access to Marqeta’s production environment by Marqeta Personnel on the basis of business need;
    4. Encrypting user credentials for production access; 
    5. Prohibiting Marqeta Personnel from storing Services Data on electronic portable storage devices such as computer laptops, portable drives, and other similar devices;
    6. Logically separating data relating to Client from other Clients’ data, and maintaining measures designed to prevent Services Data from being exposed to or accessed by other Clients; and
    7. Upon employee termination, whether voluntary or involuntary, promptly disabling all access to Marqeta systems, including Marqeta’s physical facilities.
  3. Data Encryption. Marqeta uses industry-standard encryption in alignment with NIST 800-175B, by Implementing encryption in transit over the public internet, and Implementing encryption of Services Data at rest, including any backups.
  4. Network Security, Physical Security and Environmental Controls
    1. Marqeta uses firewalls, network access controls and other techniques designed to prevent unauthorised access to systems processing Services Data.
    2. Marqeta maintains measures designed to assess, test and apply security patches to all relevant systems and applications used to provide Services. 
    3. Marqeta monitors privileged access to applications that process Services Data, including cloud services.
    4. Marqeta’s Services operate on a variety of infrastructure service providers and are protected by the physical security and environmental controls of these service providers. Marqeta ensures that these data centres are certified and compliant against industry standards such as SOC2 and ISAE 3402.
  5. Independent Security Assessments. Marqeta periodically assesses the security of its systems and services as follows:
    1. Marqeta hires accredited, independent third parties to audit and attest to various compliance and certifications annually:
      • Payment Card Industry: PCI DSS and PCI 3DS
      • American Institute of Certified Public Accountants (AICPA): Service Organisation Controls 1 (SOC1) and Service Organisation Controls 2 (SOC2)
      • International Auditing and Assurance Standards Board (IAASB): International Standard on Assurance Engagements 3402 (ISAE 3402)

        At Client’s request and pursuant to a non-disclosure agreement, Marqeta will provide such audit reports and/or summaries of audit reports to Client, so that it may verify Marqeta’s compliance with the adopted security framework.
    2. At least annual penetration testing of Marqeta systems and applications to test for exploits including, but not limited to, XSS, SQL injection, access controls, and cross-site request forgery.
    3. At least quarterly vulnerability scanning. Vulnerabilities identified and rated as critical risks are remediated or mitigated promptly after discovery.
  6. Incident Response. Marqeta maintains an incident response process to identify and respond to potential and actual Data Incident. Marqeta will take reasonable measures to mitigate the risks related to a Data Incident and will notify Client of any Data Incident impacting Client in accordance with the DPA. 
  7. Business Continuity Management. Marqeta maintains an appropriate Business Continuity Plans, including, processes to ensure failover redundancy with its systems, networks, and data storage.
  8. Due Diligence Over Subcontractors or Service Providers. Marqeta will:
    1. Conduct appropriate Due diligence prior to engaging any subcontractors or service providers to assist with the provision of the Services.
    2.   Apply written security measures that oblige subcontractors and service providers to adhere to security measures consistent with and no less protective of Services Data than these Measures.
    3.   Assess the security capabilities of any such subcontractors and service providers on a periodic basis to ensure each subcontractor and service provider’s ability to comply with these Measures.

Schedule B – Annex 5
TransactPay’s Sub-processors
TransactPay has authorised the use of the following Sub-processors set forth on: https://www.marqeta.com/sub-processors.
 
Schedule C
Service Levels
  1. Applicability. Each Service described in an Order Form shall be subject to the Service Levels set out in this Service Levels Schedule unless that Order Form specifies different Service Levels for that Service, in which case those specified Service Levels shall apply.
  2. Performance Standard.
    1. The ‘Performance Standard’ is a Monthly Transaction Success Rate of 99.99% or greater (rounded) in a calendar month.
    2. Monthly Transaction Success Rate” means:
      1. 100 x (1 – (Responsible STIP Declines ÷ Total Attempted Transaction Authorisations)), where:
        1. Responsible STIP Declines” means the number of transaction authorisation attempts in a calendar month that TransactPay failed to properly process for the Client and that resulted in a card‑network ‘Stand‑In Processing’ decline; and
        2. Total Attempted Transaction Authorisations” means all transaction authorisation attempts for the Client in the same calendar month.
    3. For clarity, Responsible STIP Declines exclude any transaction authorisation attempts where the failure to properly process the authorisation was caused by the Network or the Client.
  3. Performance Standard Credits.
    1. Managed Performance Standard Credits. If, in any calendar month, (i) TransactPay fails to meet the Performance Standard, and (ii) Client experiences more than ten (10) Responsible STIP Declines in that month, then TransactPay will pay the Client an amount equal to the percentage difference between the Performance Standard and the Monthly Transaction Success Rate, applied to TransactPay’s Monthly Incentive Payment for that month (the “Performance Standard Credit”).
    2. Monthly Incentive Payment. The “Monthly Incentive Payment” means a sum equal to the difference between the Performance Standard and the Monthly Transaction Success Rate, as illustrated in the Illustrative Example, below (“Monthly Incentive Payment”).
    3. Illustrative Example. If the Monthly Transaction Success Rate for a given month is 99.59% and Client experienced 11 Responsible STIP Declines, then the Performance Standard Credit would be 0.40% of the Monthly Incentive Payment for that month.
  4. Service Reporting. In order to receive any Performance Standard Credits, Client must report a failure to meet the Performance Standard to TransactPay via the communications channels provided during the Client onboarding process within seven (7) calendar days of the failure to meet the Performance Standard.
  5. API Response Time Performance Target.
    1. The ‘API Response Time Performance Target’ is a response time of 1,000 milliseconds or less for 99.99% or more of all Critical API Calls made during a calendar month.
    2. Critical API Call” means any API call, other than an API call that is part of an authorisation request, that:
      1. operates on a single account, card, or transaction (as applicable to that API call); and
      2. has a response time that directly impacts the Customer or Authorised User experience.
    3. The API Response Time Performance Target is measured by the elapsed time between Client’s submission of a Critical API Call and the System’s response to that call.
  6. Scheduled Maintenance. TransactPay will notify the Client of scheduled downtime for maintenance or upgrades at least ten (10) calendar days in advance (“Scheduled Maintenance”). Scheduled Maintenance will not exceed more than four hours per calendar month. Measurement of TransactPay’s compliance with the Performance Standard will exclude any Scheduled Maintenance.
  7. Technical Support. Technical support incidents will be addressed as follows:
    1. Technical Support Response Time Performance Target.
      1. Notification.
        1. Severity Level 0/1 incidents: Client will notify TransactPay via support911@marqeta.com
        2. Severity Level 2/3 incidents: Client will notify TransactPay via support@marqeta.com
      2. Response Time.
        1. Severity Level 0/1 incidents: TransactPay resources will initially respond within fifteen (15) minutes of notice from Client of the incident and will ensure continuous support to resolve all Severity Level 0/1 incidents. TransactPay will promptly:
          - advise Client of the status of remedial efforts being undertaken with respect to such incident;
          - implement a temporary workaround and/or correct the cause of the incident; and
          - report to Client on the root cause(s) of such incident.
        2. Severity Level 2/3 incidents: TransactPay resources will initially respond within two Business Days of notice from Client of the incident and will work to resolve Severity Level 2/3 incidents in order of their priority.
    2. Severity Level Descriptions. Initial incident severity level determinations will be set by TransactPay in good faith based on Client’s notification and may be modified by TransactPay during resolution. The severity levels are:
      1. Severity Level 0 – Complete Service Failure: Occurs when TransactPay is unable to process transactions and/or process Critical API Calls, is unable to send JIT authorisation requests to Client, or a complete loss of the Services or access to the Services; 
      2. Severity Level 1 – Impaired Service Failure: Services are partially inoperative, and the inoperative portion of the Services severely restricts the ability 1) to process or authorise Client’s transactions or 2) complete Critical API Calls;
      3. Severity Level 2 – Reduced Performance: Operational performance of the Services is impaired while most critical operations remain functional; and
      4. Severity Level 3 – Minor Flaws: Minor impacts on Client’s business operations.
  8. Significant Incident Breach.
    1. Significant Incident. A ‘Significant Incident’ occurs if the Client experiences sixty (60) or more consecutive minutes of Severity Level 0 or Severity Level 1 downtime.
    2. Threshold for Significant Incident Breach. A Significant Incident Breach occurs if, in any calendar month, the Client experiences Significant Incidents that, in aggregate:
      1. exceed four hundred twenty (420) minutes in three (3) consecutive calendar months; or
      2. exceed four hundred twenty (420) minutes in four (4) calendar months within any six (6) month period.
    3. Threshold for Significant Incident Breach. If a Significant Incident Breach occurs, the Client may elect to terminate this Agreement by providing thirty (30) calendar days’ prior written notice to TransactPay. The Client must deliver such notice within seven (7) calendar days after the date on which the Significant Incident Breach occurred. 
  9. Sole Remedy. This Service Level Schedule sets forth the Client’s sole remedy related to TransactPay’s failure to meet the Performance Standard or the Performance Target.

Schedule D
Program Management Services Schedule
The terms and definitions in this Schedule are to be read in addition to, and shall not replace or amend, the definitions and rules of interpretation set out in the main body of this Agreement, which shall continue to apply in full. Any terms contained herein shall govern Client’s use of the Services. The operational Services provided by TransactPay under this Schedule are outsourced to Marqeta and provided by Marqeta on behalf of TransactPay as a TransactPay Service Provider. 
  1. Program Requirements
    1. Program Interface Requirements. The Client will provide Customers and any applicable Authorised Users with:
      1. any required website and/or mobile interface necessary to use and manage the Payment Instruments,
      2. a User Agreement; and
      3. any Payment Instrument disclosures or permissions required by Applicable Law.
    2. Authenticity of Documents. The Client will not alter any information it receives from the Customers or Authorised Users that the Client provides to TransactPay. The Client will maintain on an individual basis (and make available for TransactPay to audit), a Customer’s or an Authorised User’s:
      1. signed User Agreement; and
      2. response to TransactPay’s privacy policy (meaning a copy of their ‘opt-in’ acceptance or their ‘opt-out’ withdrawal).
    3. Program Parameters. The Client will be responsible for adhering to the Program Parameters. The Client must properly construct the Program Parameters and adequately communicate them to its Customers and Authorised Users as required by Applicable Law.
    4. Non-Consumer Programs.
      This Program provides Payment Instruments for non-consumer Customers and/or Authorised Users (i.e., commercial or business customers and/or Authorised Users). The Client must therefore ensure the Payment Instruments are:
      1. not used to pay employee wages, and
      2. the Payment Instruments are used exclusively for business purposes (i.e., business expenses), and not for personal use.
  2. Card Fulfilment Services. If the Client elects to use the card fulfilment services, the Client may order physical Cards via Marqeta’s API. All such Cards must comply with the applicable Card specification requirements. The Client is responsible for ensuring that the artwork, design, and content of the Cards, Card carriers, and any associated packaging materials comply with the Card specifications and that there is no infringement on the proprietary rights of any third party. The Client shall be responsible for all costs associated with card fulfilment and any additional requested services for any physical Card ordered, whether or not such Card is ultimately used.
  3. Settlement Support. The Client shall cooperate fully with TransactPay in relation to the reconciliation of funds. The Client shall provide all data, information, documentation, and operational support reasonably required for TransactPay to perform reconciliation and Settlement activities with the Network. Such cooperation shall include, without limitation: (a) timely provision of Transaction and Load data; (b) access to relevant Program records; (c) assistance in resolving discrepancies identified during reconciliation; and (d) responding to TransactPay requests relating to Settlement activities within the timeframes specified by TransactPay or, if no timeframe is specified, within a reasonable period. The Client shall ensure that all information provided is accurate, complete, and in a format reasonably required by TransactPay.
  4. Marketing and User Agreement.
    1. The Client shall promote, market and distribute the Payment Instruments and the User Agreement to prospective Customers and Authorised Users in accordance with Applicable Law, the Network Rules, and the TransactPay’s branding and graphic standards.
    2. The Client shall maintain (a) an accurate list of each Territory in which this Program will be marketed, and (b) records of any approved Affiliates involved in such marketing, and shall provide unredacted copies of any related contracts to TransactPay upon request. 
    3. Unless otherwise agreed, the Client is responsible for all costs associated with marketing the Payment Instruments and the Program, and for ensuring that all advertising material, marketing methods, and User Agreements comply with Applicable Law.
    4. All User Agreements and advertising material are subject to TransactPay’s prior written approval, not to be unreasonably withheld or delayed. Such approval is solely for TransactPay’s own purposes and does not relieve the Client of its independent compliance obligations.
    5. TransactPay may, on sixty (60) calendar days’ written notice (or shorter where required to comply with Applicable Law), require changes to the User Agreement or advertising material.
    6. The parties shall cooperate to implement such changes and to provide updated User Agreements to existing Customers and Authorised Users.
    7. All costs associated with changes to User Agreements or advertising material shall be borne by the Client, except where such changes are required solely due to changes in Applicable Law.
    8. TransactPay shall use commercially reasonable efforts to assist the Client in obtaining any required Network approvals. Network approval is a condition precedent to launching the Program.
    9. TransactPay may decline any Payment Instrument application or terminate any Payment Instrument where reasonably necessary to comply with Applicable Law.
  5. Customer Service & Complaints.
    1. The entity listed in the Roles and Responsibilities Matrix (detailed in the Order Form for this Program) shall be responsible for customer service obligations for the Program (“Customer Services”).
    2. The Client may not subcontract the performance of Customer Services without TransactPay’s prior written approval not to be unreasonably withheld. Any such Client Service Provider shall be subject to the service level standards, monitoring and reporting obligations stipulated in the Issuer Services Schedule for this Program.
    3. The Client agrees:
      1. that all Customer Services, whether provided by the Client or through an approved Client Service Provider, shall comply with Applicable Law and Network Rules;
      2. that TransactPay may reasonably monitor the Customer Services practices as required for oversight purposes under Applicable Law through onsite and remote monitoring (where reasonably necessary) or such other reasonable means as TransactPay may require;
      3. to the extent required for oversight purposes under Applicable Law, to provide TransactPay with reports of its customer service activities as well as access to all Customer Services call recordings in such frequency and format as determined in writing by TransactPay from time to time, the Documentation or as TransactPay may otherwise require in order to comply with Applicable Law;
      4. to reasonably cooperate with TransactPay in the resolution of all complaints;
      5. to cooperate with TransactPay in assessing and evaluating the frequency, nature or underlying causes for any complaints or inquiries through the evaluation of the Program and Payment Instrument; and
      6. to the extent required to enable TransactPay to comply with Applicable Laws, it shall provide TransactPay with reports of its customer service activities.
    4. An approved complaints procedure (the “Complaints Procedure”) shall be agreed upon by the Parties for this Program prior to its launch and Client shall ensure that to the extent that the Client is involved with handling complaints it shall ensure the complaints:
      1. will be managed in accordance with the Complaints Procedure; and
      2. shall retain all information relating to complaints for the minimum amount of time required by Applicable Law (and for a minimum of six (6) years) and shall provide the same to TransactPay periodically on request. 
    5. The Client must follow the complaint escalation procedure set out in the applicable Complaints Procedure, ensuring that any complaint not resolved by the Client to the Customer’s and the Authorised User’s satisfaction is forwarded to TransactPay for handling. The Client shall use reasonable efforts to cooperate with TransactPay in resolving any complaint escalated to TransactPay and shall remain responsible and liable for any redress or refunds (including, without limitation, fee refunds) that TransactPay considers appropriate and reasonable.
    6. Where the Client or any Client Service Provider receives a complaint from any third party, the Client shall, where practicable and relevant to TransactPay’s issuance of the Payment Instruments, forward that complaint and any related written documentation to TransactPay as soon as practicable and lawful. Unless otherwise instructed or permitted by TransactPay, or required by Applicable Law, the Client shall not respond on TransactPay’s behalf to any Regulatory Authority, out‑of‑court redress body, consumer protection body, claims‑management company, or legal services firm.
  6. Program-Related Training.
    1. The Client shall be responsible for training its Personnel as well as other relevant Affiliates. The Client shall be responsible for updating the training it provides in accordance with TransactPay’s reasonable requirements. Unless otherwise agreed, the costs of such training shall be solely borne by the Client.
    2. The Client shall ensure that its Personnel as well as other relevant Affiliates receive appropriate training in all relevant operational aspects of the Program, including, but not limited to, the application of Applicable Law and the implemented Regulatory Compliance Framework for the Program.
    3. The Client shall submit a training plan to TransactPay for its review and approval at least two (2) weeks prior to the Go-Live Date of the Program and on an annual basis thereafter.
    4. The Client may request TransactPay’s assistance in the arrangement of such training, provided that the Client does so in writing at least six (6) weeks prior to the Go-Live Date of the Program.
  7. Program Management Services Fees. The Client acknowledges and agrees the fees for the Program Management Services under this Program Management Services Schedule as set out in the Order Form.
  8. Digital Operational Resilience Act (DORA). The Parties acknowledge that additional obligations relating to digital operational resilience apply to the Program. The provisions applicable to the Parties’ respective responsibilities under the Digital Operational Resilience Act shall be set forth in an appendix, schedule to an Order Form or in the Regulatory Compliance Framework. 

Schedule E
Issuer Services Schedule
The definitions and terms in this Schedule are to be read in addition to, and shall not replace or amend, the definitions and rules of interpretation set out in the main body of this Agreement, which shall continue to apply in full. Any terms contained herein shall govern Client’s use of the Services.
  1. Relevant Funds.
    1. Purpose and Scope. In some instances, certain funds in a Program Funding Account or any other account associated with a Program (as notified by TransactPay to the Client) shall be considered Relevant Funds. 
    2. Safeguarding Funds. The Relevant Funds will be transferred into a segregated account owned and controlled by TransactPay used solely for the purpose of safeguarding Relevant Funds (the “Safeguarding Account”). Relevant Funds shall be safeguarded from the moment they are transferred into the Safeguarding Account until they are redeemed, transferred, or otherwise returned in accordance with Applicable Law. Relevant Funds held in the Safeguarding Account shall at all times be held separately from TransactPay’s own capital and operational funds.
    3. Control and Insolvency Protection. TransactPay shall hold Relevant Funds on behalf of Customers, Authorised Users and the Client (as applicable). No third party (including the Client, except to the extent it represents Customers or Authorised Users) shall have any right of set‑off, security interest, lien, or other creditor right over any Relevant Funds. In the event of TransactPay’s insolvency, the Relevant Funds shall be excluded from TransactPay’s estate and shall be distributed to Customers and Authorised Users in accordance with Applicable Law.
    4. Permitted Withdrawals. TransactPay shall be entitled to withdraw funds from the Safeguarding Account only in the following circumstances:
      1. for payment of liabilities and fees due to the Network in respect of Transactions carried out by Customers or Authorised Users;
      2. to deduct payment for agreed Customer or Authorised User fees; and
      3. to redeem funds to Customers or Authorised Users upon their request.
    5. Freezes and Investigations. TransactPay shall have no obligation to make any payments or redemptions relating to any funds held in a Safeguarding Account during any period in which such funds, or any related Transactions, are subject to investigation, freezing, or other restrictions due to suspected fraud, money laundering, terrorist financing, sanctions concerns, or where TransactPay is prohibited from releasing such funds under Applicable Law.
    6. Reconciliation. TransactPay shall reconcile Relevant Funds held in the Safeguarding Account against its internal records in accordance with Applicable Law. The Client shall provide TransactPay with sufficient daily information, in a form specified by TransactPay, to enable TransactPay to reconcile all funds received to each individual Load. Any discrepancies identified shall be resolved promptly, and the Client shall provide all assistance reasonably required by TransactPay to complete such reconciliation.
    7. Interest and Economic Benefit. Unless expressly required by Applicable Law, Customers, Authorised Users and the Client shall not be entitled to earn any interest on Relevant Funds, or earn any other economic benefit arising from Relevant Funds. TransactPay may retain any interest or yield generated on Relevant Funds held in the Safeguarding Account.
    8. Load Mechanisms. Permitted Load mechanisms shall be stipulated in the Program Application Form or Order Form or as otherwise approved by TransactPay in writing. All Customer or Authorised User Loads shall be collected by TransactPay (or by Marqeta on TransactPay’s behalf if permitted in writing). Where an agent receives such funds, they shall forward them to TransactPay immediately via wire transfer or as otherwise specified by TransactPay in writing. The Client shall be responsible for ensuring that any Load mechanism, including the involvement of third parties, complies with Applicable Law.
    9. Unclaimed Funds. TransactPay may hold unclaimed Relevant Funds for the period permitted under Applicable Law. Thereafter, TransactPay may transfer such funds to the relevant authority or otherwise deal with them in accordance with Applicable Law. TransactPay shall have no further liability in respect of such funds once transferred.
    10. Liability. TransactPay shall not be liable for any loss arising from the Client’s failure to comply with Applicable Law, the Agreement, or TransactPay’s instructions relating to safeguarding or Load mechanisms. TransactPay’s liability in respect of Relevant Funds shall be limited to the extent required under Applicable Law.
  2. Network Collateral.
    1. Requirement. In some instances, a Network may require additional collateral funds to cover projected Settlement liabilities or otherwise support the operation of a Program (“Network Collateral”). In the event that a Network requires Network Collateral, Client shall pay the required amount to TransactPay upon written notice, and TransactPay will forward such amount to the applicable Network.
    2. Network Fees. Except as otherwise set forth in an Order Form,
      Client shall be liable for all Network fees, including Network membership fees, assessments, penalties, and any costs incurred by TransactPay in connection with its sponsored activity for the Program (“Network Fees”). Any fees, fines, or charges assessed by a Network due to the failure of any aspect of the Program to comply with the Network Rules or this Agreement shall be the responsibility of the Client.
    3. Condition to Program Operation. The operation of the Programs is contingent upon Client’s timely payment and ongoing maintenance of all Network Collateral and payment of Network Fees, as applicable.
    4. Non‑Payment. If Client fails to pay any Network Collateral or Network Fees when due, TransactPay may suspend or terminate this Agreement or the applicable Program immediately upon notice.
    5. Network Notices. TransactPay will provide the Client with copies of material notices received from a Network relating to the Program, unless such disclosure is prohibited by Applicable Law, this Agreement, or any Regulatory Authority.
    6. Optional Reduction Request. If Transaction volume materially declines below the level on which the Network Collateral amount was based, Client may request a proportional reduction. TransactPay will forward the request to the Network, which may approve or reject the reduction in its sole discretion.
  3. Regulatory Compliance Framework
    1. The Parties acknowledge and agree that this clause 3.a shall only apply  if Transact Payments Limited is the applicable Party to this Agreement. The Client shall ensure that its Regulatory Compliance Framework mirrors the provisions of TransactPay’s Regulatory Compliance Framework and Documentation. The Client agrees that it will provide TransactPay with details of its Regulatory Compliance Framework and Documentation for TransactPay upon mutual agreement of a PRD. If TransactPay determines that the Client’s Regulatory Compliance Framework requires amending to accord with the Program, then the Client must change the Client’s Regulatory Compliance Framework in accordance with TransactPay’s requirements and instructions. Once reviewed and approved, the Client must then implement its approved Regulatory Compliance Framework prior to the Go-Live Date for this Program. The Client must not change the way it implements the approved Regulatory Compliance Framework or Documentation without TransactPay’s prior written consent.
    2. The Parties acknowledge and agree that this clause 3.b shall only apply  if Transact Payments Malta Limited is the applicable Party to this Agreement. The Client shall ensure that it complies with the provisions of TransactPay’s Regulatory Compliance Framework and the Documentation. The Client agrees that it will provide TransactPay with details of its own Regulatory Compliance Framework for TransactPay upon mutual agreement of a PRD. The Client must implement this reviewed and approved Regulatory Compliance Framework prior to the Go-Live Date for this Program.
    3. The Client shall comply with the monitoring requirements set out in the applicable Regulatory Compliance Framework. TransactPay may determine, in its sole discretion, the frequency, timing, and method of such monitoring, including whether it is performed on a real‑time, near‑real‑time, batch, or daily basis. The Client shall implement and maintain the required processes and ensure that all relevant systems, data, and integrations support the method specified by TransactPay. TransactPay may amend the monitoring requirements at any time upon written notice, and the Client shall implement any such changes within the timeframe specified by TransactPay.
    4. Unless otherwise set forth in an Order Form, The Client shall ensure that any internal report made by the Client which flags unusual transactions or activity shall be submitted to TransactPay’s MLRO for consideration within twenty-four (24) hours of identification and it will be at TransactPay’s sole discretion to determine whether TransactPay should file a suspicious activity report (a “SAR”) with the relevant Regulatory Authority.
    5. Unless otherwise set forth in an Order Form, the Client shall establish, implement, and maintain a ‘Compliance Management System’ (“CMS”) for the Program. The Client shall provide TransactPay with the ability to monitor and review the CMS at any time. The CMS shall include, at a minimum: (a) policies and procedures; (b) Personnel training materials; and (c) evidence of regular testing and monitoring activities. Testing and monitoring results shall be reported to the Issuer in accordance with agreed procedures and, in any event, no less frequently than quarterly. The CMS shall include appropriate oversight and active involvement from the Client’s executive Personnel, who shall receive quarterly reports on the Client’s compliance monitoring activities.
    6. TransactPay has the right to monitor and review the Regulatory Compliance Framework implemented for this Program at any time (including spot and random checks) to ensure compliance with this Agreement. The Client shall cooperate and provide all reasonable access to TransactPay to enable such monitoring and review. The Client acknowledges that any records kept following this review may be viewed by the applicable Regulatory Authority. 
    7. The Client shall ensure that all aspects of its Due Diligence, including the obtaining, maintenance, retention, and destruction of Due Diligence information and materials, are at all times compliant with Applicable Law.
    8. KYC and Due Diligence Records. 
      1. KYC Services. If a Program requires any KYC-related Services (“KYC Services”) any terms associated with the use and provision of such Services shall be set forth in an exhibit or addendum to the Order Form. Additional terms related to KYC Services are set forth below, in this clause 3(h).
      2. Ownership and Control. TransactPay retains sole ownership and control of all KYC and Due Diligence records generated in connection with the Services (“Retained Records”).
      3. Regulatory Retention Obligations. TransactPay is responsible for maintaining the Retained Records in a complete, accurate, and readily retrievable form for the full period required under Applicable Law. These obligations are non‑delegable and remain with TransactPay at all times, including after termination of the Agreement.
      4. Client Data Provision Obligations. The Client shall provide TransactPay with all data required for the Retained Records, as requested by TransactPay from time to time and as set out in TransactPay’s Regulatory Compliance Framework. The Client acknowledges that TransactPay must have continuous access to up‑to‑date Due Diligence information.
      5. Purpose and Compliance Requirements. The preservation, accessibility, and periodic consolidation of the Retained Records are necessary for TransactPay to meet its regulatory obligations, including demonstrating the adequacy of its Due Diligence framework and responding to lawful requests from competent authorities. All Retained Records provided by the Client must be retained, transmitted, and controlled in a manner that ensures compliance with Applicable Law.
    9. The Client shall comply with all Applicable Laws governing the collection, use, disclosure, retention, transfer, and security of Personal Data within its control, including all applicable Data Protection Law in the UK, EU, and Gibraltar, and any requirements set out in the applicable Regulatory Compliance Framework.
  4. Termination of Payment Instrument
    1. The Client acknowledges that all Payment Instruments remain the property of TransactPay and may be cancelled by TransactPay at any time in accordance with this Agreement or Applicable Law, including where TransactPay reasonably believes that a Customer or Authorised User is using a Payment Instrument for fraudulent or illegal purposes. 
    2. Upon receiving notice from TransactPay to cancel a Payment Instrument, or upon termination of this Agreement, the Client shall, at its own expense and in accordance with TransactPay’s instructions: (i) close or destroy all relevant Payment Instruments in its possession; (ii) ensure that any Affiliates, Third‑Party Service Providers, or other agents do the same; and (iii) provide written certification to TransactPay confirming completion of these actions.
  5. Fraud and Recovery
    1. The Client shall be responsible and liable to TransactPay for all Customer and Authorised User negative balances and all Damages arising from identity theft, or any fraud related to the Program (“Program‑Related Fraud”). Program‑Related Fraud means any fraud occurring in relation to Payment Instruments, Customers, or Authorised Users, including, without limitation, value‑load fraud, point‑of‑sale or Transaction fraud, cloning, phishing, over‑limit or under‑floor‑limit processing, or unauthorised Transaction recovery. Program‑Related Fraud does not include fraud caused by TransactPay’s gross negligence.
    2. The Client shall develop and implement appropriate anti-fraud measures (including implementing anti-fraud campaigns) in accordance with good industry practice and the Documentation, in respect of identity theft or Program-Related Fraud to detect, prevent, and mitigate such fraudulent activities in connection with a Program. The Client shall submit details of the proposed arrangements to TransactPay for prior approval and shall implement TransactPay’s recommendations in this regard.
    3. The Client confirms that failure to comply with the requirements of this clause will result in the Client being wholly and fully liable for any fraud occurring in connection with the Program.
    4. If the Client Instructions include enabling Commando Mode, the Client is responsible for all such Transactions relating to the Payment Instruments, including any losses or complaints.
    5. The Client shall cooperate fully with TransactPay and engage in any commercially reasonable efforts to locate, and if deemed necessary, prosecute the perpetrator of any such unauthorised activity or fraud, and shall bear the costs thereof. 
    6. The Client confirms the apportionment of operational and financial responsibility for redemption requests from Customers or Authorised Users shall be set out in the relevant Cardholder Agreement.
    7. The Client shall implement appropriate policies and procedures to (i) protect against unauthorised access to or use of User Data maintained by the Client that could result in substantial harm or inconvenience to any Customer or Authorised User and (ii) ensure the proper disposal of User Data. 
    8. The Client shall take appropriate actions to address incidents of unauthorised access to User Data or other information, including notification to TransactPay, Customers and Authorised Users as soon as possible following any such incident. The Client shall further ensure that any Client Service Provider that has access to User Data shall maintain similar security measures and response policies and procedures.
    9. The Client will report to TransactPay data related to fraudulent Transactions at a Transaction level (“Transaction Level Fraud Data”) as set forth in an Order Form. 
    10. The Client acknowledges that TransactPay will share the Transaction Level Fraud Data it receives with the Networks, the Regulator, relevant financial intelligence units, and as otherwise required by Applicable Law.
  6. Recordkeeping, Reporting and Inquiries
    1. Unless otherwise set forth in an Order Form, the Client will keep complete Program records (the “Required Records”) which are maintained or in its possession that reflect:
      1. the identity of each Customer and Authorised User;
      2. the steps taken to verify the identity of each Customer and Authorised User, together with any information or documentation generated or obtained as part of the Due Diligence undertaken to verify their identity;
      3. if applicable, documents relating to source of funds obtained from prospective Customers and Authorised Users as well as actual Customers and Authorised Users;
      4. an inventory of each Payment Instrument made and/or activated by Customers and Authorised Users and all related Loads and Transactions (as applicable);
      5. if applicable, the remaining balance on each Account;
      6. all charges, Transactions and fees that have been made or charged to each Payment Instrument, Customer and Authorised User; and
      7. any other information relating to Payment Instruments, Customers and Authorised Users as required from time to time by TransactPay in accordance with Applicable Law.
    2. The Client shall segregate the Required Records from any other documentation belonging to the Client, any other Customer or any Authorised User.
    3. The Client shall retain all Required Records for the time period required by Applicable Law, and in any event, for no less than six (6) years after the termination of any User Agreement or the applicable Program, whichever is later. The Client will provide TransactPay with any or all Required Records via a secure file transfer protocol at such times and in such form as requested by TransactPay.
    4. The Client shall provide TransactPay with copies of the Required Records and such other accounting and management information in its possession or under its control as requested by TransactPay. The Client shall provide TransactPay with the Required Records at the indicated frequency and in the indicated format either directly, through the Payments Processor or any via the applicable Client Service Provider.
    5. The Client also agrees to:
      1. supply TransactPay with such information as may reasonably be necessary to enable it to monitor or review the operation of Programs and to assess the Client’s compliance with its obligations under this Agreement;
      2. provide TransactPay with electronic access to the Client’s computer systems as mutually agreed between the Parties in order to view User Data and Transactions and monitor the Client’s compliance with this Agreement.
    6. The Client acknowledges that:
      1. if the Client fails to promptly respond to any reasonable inquiries or referrals from TransactPay relating to the Payment Instrument or Program within three (3) Business Days, TransactPay reserves the right to block, freeze or suspend any Payment Instruments that are the subject of the inquiry or referral;
      2. TransactPay reserves the right to block, freeze or suspend any Payment Instrument for any other justified reason; and
      3. the Client can request that TransactPay block, freeze or suspend any Payment Instrument provided that the Client provides TransactPay with any requested explanatory information, but that TransactPay is not obliged to comply with such a request.
    7. The Client shall cooperate with any duly authorised representative of TransactPay or a Regulatory Authority in such reasonably required matters, including in connection with the discharge of any duty under this Agreement, under Applicable Law or Network Rule. Such cooperation may include access to relevant Personnel, documentation, information, data, systems, premises and communications networks in the Client’s possession, custody or control.
  7. Funds Flow. The funds flow applicable to this Program shall be implemented in accordance with the diagram as set out in an attachment to the Order Form.
  8. Approved Third-Party Providers. The Client is authorised to use the subcontractors for a Program as set out in an attachment to the Order Form. Any change requires prior written notice to TransactPay in accordance with the Agreement.
  9. Issuer Services Fees. The Client acknowledges and agrees the fees for the Issuer Services under this Issuer Services Schedule as set out in the applicable Order Form.

© 2026 Marqeta, Inc. 180 Grand Avenue, 6th Floor, Oakland, CA 94612