Privacy & Cookie Policy

Paystack Payments Kenya Limited (“Paystack”, “Company”, “we”, “us” or “our”) offers an online payment platform that allows Users to make seamless, stress-free payments online for desired goods and services. At Paystack, we are committed to protecting the privacy and security of our consumers’ and users’ personal data. We are committed to transparency, accountability and confidentiality of your personal data. This is why our Privacy and Cookie Policy (“Privacy Policy”) describes how we collect, use, store, share, and protect personal data from Website Visitors, Paystack Users, and/or Vendors (“Data Subjects”) who engage with our services. It applies to our website and all related sites, applications, services and tools (collectively, our “Services”).

While our services are primarily designed for businesses and organisations (“Merchants”), we recognise that individual consumers may interact with us through Merchants or website visits. As such, we are committed to responsibly processing personal data for everyone involved. We generally process personal data at the direction of and on behalf of Merchants. When we do, we do so as a service provider or a “Data Processor” to those Merchants, but we do not control and are not responsible for the privacy practices of those Merchants. If you are a Customer of a Paystack Merchant, this Privacy Policy does not apply to you and you should read that third party Merchant’s Privacy Policy and direct any privacy inquiries to that Merchant. If you are a Merchant, please see the Merchant Privacy Policy for information as to how we process the personal information you provide to us as a Merchant.

This Privacy Policy does not apply to services that are not owned or controlled by Paystack, including third-party websites and the services of Paystack’s Merchants. This Privacy Policy applies to all forms of systems, operations and processes within the Paystack environment that involve the processing of personal data. Paystack is a Stripe company; for more information about Stripe’s privacy practices, see the Stripe Privacy Policy https://stripe.com/en-gb/privacy.

When you opt in to use one of our products, we will use your data for specific purposes, such as providing and improving the service. We may also share your data with subprocessors and partners, but only as necessary to offer the service you have opted into. We will handle your personal data in line with the purposes and methods outlined in this Privacy Policy.

1. The Information we Collect

The personal data we collect depends on how you interact with us, the services you use, and the choices you make. We may collect information from different sources and in various ways, including information you provide directly, information collected automatically, third-party data sources, and data we infer or generate from other data that is publicly available.

1.1 Personal Data You Provide Directly

We collect personal data you provide to us. For example:

  • Contact information. As part of our operations, Paystack may collect information such as your name, telephone numbers, address, email address, etc. to provide you with certain services.

  • Payment information. If you make a purchase or other financial transaction, such as when you checkout with Paystack on a Merchant’s website, we collect cardholder data, financial account information, and other payment details.

  • Communications. If you contact us directly, for example with an inquiry or a support request, we may receive additional personal data about you, including your email address and the content of your communications.

1.2 Personal Data We Collect Automatically

  • Device Information. We receive information about the device and software you use to access our Services, including Internet Protocol (IP) address, web browser type, operating system version, and device identifiers.

  • Usage Information. To help us understand how you use our Services, including the Demo portion of our website, and to help us improve them, we automatically receive information about your interactions with our Services. This information includes records of your transactions and information about your other activities related to our services, such as the date and time of your sessions, the pages you view, links to/from any page, and time spent in a session. We gather some of this data through cookies and similar technologies as discussed below.

  • Location Information. When you use our Services, we collect or infer your general location information. For example, your IP address may indicate your general geographic region, which will be matched against our IP whitelist.

    1.3 Personal Data That We Receive from Others or Infer

    • Partners. We may retrieve additional personal data about you from third parties and other identification/verification services, such as your financial institution and payment processor where they have the authority to share your personal data with us. We may combine that data with other information we have about you.

    • Publicly available sources. We may also gather additional data about you from public sources of information such as open government databases.

    • Inferences. We may infer additional personal data based on the personal data described above. For example, for website visitors, we may infer your interests based on the web pages you view.

      When you are asked to provide personal data, you may decline. And you may use web browser or operating system controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for the provision of certain services or features, those services or features may not be available or fully functional.

      2. How We Use Personal Information

      We use the Personal Data we collect to:

      1. Provide you with the required services
      2. Respond to your questions or requests
      3. Improve features, website content and analyse data to develop products and services
      4. Address inappropriate use of our website
      5. Prevent, detect and manage risk against fraud and illegal activities using internal and third party screening tools
      6. Send you necessary service updates
      7. Send you marketing content, newsletters and service updates curated by Paystack (only with your explicit consent)
      8. Verify your identity and the information you provide in line with Paystack’s statutory obligations using internal and third party tools
      9. Maintain up-to-date records
      10. Resolve disputes that may arise, including investigations by law enforcement or regulatory bodies
      11. Any other purpose that we disclose to you in the course of providing Paystack services to you

      3. How We Share Personal Data

      Paystack does not sell, trade or rent personal data to anyone. Further, we will not share or disclose your personal data with or to a third party without your consent except as necessary to provide the Services or as described in this Privacy Policy.

      • Merchants. We may share your contact information with merchants as part of your purchase details for record purposes. We will not share this information with other third parties except as a necessary part of providing our website and services. We do not share your card information with merchants. Please review your merchant’s privacy policy to understand the privacy policies guiding the merchant you transact with.

      • Service providers. We share personal data with vendors or agents working on our behalf for the purposes described in this statement. For example, companies we've hired to provide customer service support, to assist in protecting and securing our systems and services, or to perform sanctions screening and identity verification services may need access to personal data to provide those functions. The processing by such third parties shall be governed by a written contract with Paystack to ensure adequate protection and security measures are put in place for the protection of personal data in accordance with the terms of this Privacy Policy.

      • Financial services & payment processing. When you provide payment data, for example to make a purchase, we will share payment and transactional data with banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, or other related financial services.

      • Affiliates. We enable access to personal data across our subsidiaries, affiliates, and related companies, for example, where we share common data systems or where access is needed to provide our services and operate our business.

      • Partners. We may share your data with companies that we partner with for industry networking events, mixers, and other learning and development opportunities, but only with your explicit consent, with the option to opt-out at any instance.

      • Corporate transactions. We may disclose personal data as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets.

      • Legal and law enforcement. We may access, disclose, and preserve personal data in accordance with applicable law and when we believe that doing so is necessary to comply with applicable law or respond to valid legal queries, including from law enforcement or other government agencies.

      • Security, safety, and protecting rights. We will disclose personal data if we believe it is necessary to:
        • protect our Users and others, for example to prevent fraud, or to help prevent the loss of life or serious injury to anyone;

        • operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or

        • protect the rights or property of ourselves or others, including enforcing our agreements, terms, and policies.

      • We leverage third-party analytics to analyse personal data collected through our website and apps including, account information, marketing and communications data, demographic data, content and files, geolocation data, usage data, and inferences associated with identifiers and device information (such as cookie IDs, device IDs, and IP address) as described in the Cookies section of this statement. This data is aggregated and enables us to perform analytics and track the performance of our website. For example, we use Google Analytics on our website to help us understand how users interact with our website; you can learn how Google collects and uses information at www.google.com/policies/privacy/partners.

        Finally, we may share de-identified information in accordance with applicable law.

        Please note that merchants, sellers, and other Users you buy from or contract with have their own respective privacy policies, and although Paystack’s Merchant Terms of Use does not allow the other transacting party to use your information for anything other than as authorised by you, Paystack is not responsible for their actions, including their data protection practices. If you provide personal data to any of those third parties, or allow us to share personal data with them, that data is governed by their privacy policies.

      4. Cookies

      We and our partners use cookies and similar technologies on our website to help collect information and operate the site. We use cookies to remember users and make your user experience easier; customise our services, content and advertising; help you ensure that your account security is not compromised, mitigate risk and prevent fraud,and promote trust and safety on our website. Cookies are small text files placed by a website and stored by your browser on your device. You can find more about the types of cookies we use through the Cookie Banner on our website.

      Our cookies hold a unique random reference to you so that once you visit the site, we can recognise who you are and provide certain content to you.

      Most web browsers are set to accept cookies by default. If you prefer, you can go to your browser settings to learn how to delete or reject cookies. If you choose to delete or reject cookies, this may impact your experience using our website.

      5. How We Protect your Information

      Paystack has established adequate technical and organisational controls in order to protect the integrity and confidentiality of personal data, both in digital and physical format, and to prevent personal data from being accidentally or deliberately compromised.

      Paystack is committed to managing your personal data in line with applicable data protection laws and best practices. We protect your personal data using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration, we also use industry-recommended security protocols to safeguard your personal data. Other security safeguards include but are not limited to data encryption, firewalls, and physical access controls to our building and files, and only granting access to personal data to employees who require it to fulfil their job responsibilities. Employees may have access to personal data only as is appropriate for the type and scope of the task in question and are contractually forbidden to use personal data for their own private or commercial purposes or to disclose them to unauthorised persons, or to make them available in any other way.

      In compliance with the Payment Card Industry Data Security Standard (PCI DSS Requirements”), we implement access control measures, security protocols and standards including the use of encryption and firewall technologies to ensure your card information is safe and secure in our servers, additionally, we implement periodical security updates to ensure that our security infrastructures are in compliance with reasonable industry standards.

      Two-factor authentication (“2FA”) is an additional layer of security we have

      added to your account. When 2FA is enabled, you will be required to enter a One

      Time Password (OTP) (which is a verification code we will send to you for

      authentication purposes), each time you checkout using Paystack on a Merchant’s

      website or platform. While we encourage you to enable this feature on every

      transaction, you may choose to disable the 2FA feature after your initial

      enrolment by clicking on the toggle button to disable it on your Paystack

      dashboard. However, if you choose to disable this feature, you agree that

      Paystack shall not be liable for any loss or damages incurred as a result of

      your action.

      Personal Data Breach

      At Paystack, we take the security of personal data seriously and have implemented measures to prevent data breaches from occurring. However, in the event of a data breach, we have established procedures for reporting and managing incidents concerning personal data or practices leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed. You may contact our Data Protection Officer (DPO) upon becoming aware of any breach of personal data or if your access credentials have been compromised to enable us to take the necessary steps towards ensuring the security of your personal data or account.

      When we become aware of a data breach that affects personal data, we will notify the affected individuals and relevant authorities in accordance with applicable data protection laws and regulations. The notification will include the following information:

      • A description of the nature of the data breach, including the categories of personal data involved

      • The likely consequences of the data breach

      • The measures taken or proposed to be taken by Paystack to address the data breach, including any measures to mitigate its possible adverse effects

      We will notify affected individuals without undue delay, but no later than 72 hours after becoming aware of the data breach, unless there are exceptional circumstances that prevent us from doing so. We will also keep a record of any data breaches and provide this information to the relevant authorities upon request.

      We encourage all users and customers to take reasonable steps to protect their personal data, such as using strong passwords, regularly updating their account information, and reporting any suspicious activity to us immediately.

      6. Storage Limitation

      We will retain your information for the following periods:

      • As long as reasonably necessary for the purpose of providing our Services to you

      • For the duration your Paystack account is active (if applicable) and we have your consent

      • For the period needed to comply with our legal and statutory obligations

      • As needed to verify your information with a financial institution

      Paystack is statutorily obliged to retain the data you provide in order to process transactions, ensure settlements, make refunds, identify fraud and comply with applicable laws and regulatory guidelines. Under applicable laws (National Payment Systems Act, Proceeds of Crime and Anti-Money Laundering Act and more), we are required to retain your transactional records for a minimum period of seven (7) years following the completion of the transaction. We keep our data retention policy under regular review. We keep our data retention policy under regular review.

      Upon expiration of the applicable storage limitation periods, we will delete, erase, anonymise or pseudonymise any information we hold about you.

      This Privacy Policy also applies when we retain your Personal Information after our relationship ends. We may also retain your Personal Information for the duration of any period necessary to establish, exercise or defend any legal rights and may keep Personal Information indefinitely in a de-identified format for statistical purposes, which may include for example, statistics of how you use the Services.

      7. Transfer of Data

      As part of our service provision, we may rely on third-party servers, resident in foreign jurisdictions, which constitutes the transfer of your personal data to computers or servers in foreign countries. An example of this is Paystack’s use of AWS as a cloud storage solution, with servers located in Ireland. We take steps designed to ensure that the data we collect under this Privacy Policy is processed and protected according to the provisions of this Policy and applicable law, wherever the data is located.

      At Paystack, we take the security of personal data seriously. When personal data needs to be transferred to a country outside of Nigeria, we implement adequate measures to ensure that the data remains secure. We comply with all relevant data protection regulations and guidelines to ensure that personal data is protected at all times. Specifically, we use contractual terms to ensure that the personal data is adequately protected, or we ensure that the country to which the data is being transferred has adequate data protection laws in place. We take additional measures to ensure that the country to which the data is being transferred meets our standards for data protection.

      Should you wish to transfer personal data to a country deemed to have inadequate data protection laws, Paystack will take all necessary steps to ensure that it is transferred under relevant appropriate safeguards, and where relevant, with your informed consent, and you are made aware of the risks entailed with such a transfer. In any instance, Paystack will ensure Personal Data is transmitted in a safe and secure manner. Details of the protection given when your Personal Data is transferred abroad, and details of the basis of such transfers shall be provided to you upon request.

      8. Grounds for Processing of Personal Data

      Processing of personal information by Paystack will be lawful if one of the following applies:

      • the Data Subject has given consent to the processing of his/her personal data for one or more specific purposes. You can revoke your consent by closing your Paystack account (where applicable) and/or by emailing us;

      • the processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract;

      • processing is necessary for compliance with a legal obligation to which Paystack is subject;

      • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official public mandate vested in Paystack; and

      • processing is necessary for the legitimate interests pursued by Paystack or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data.

      9. Choices and Rights

      At Paystack we respect the rights of our customers and users, and we provide you with the ability to exercise them under the applicable data protection laws and regulations. Individuals who have Personal Information held by Paystack are entitled to reach out to Paystack to exercise the following rights:

      • Right to request for and access any pPersonal iInformation collected and stored by Paystack. This right allows you to request a copy of your personal information that is held by Paystack. To exercise this right, you can submit a request to the Data Protection Officer (DPO) or to our Data Subject Rights Team at [email protected].

      • Right to be informed regarding the use of their Personal Information;

      • Right to be informed about appropriate safeguards in place whenever your personal information where data is transferred abroad;

      • Right to object to automated decision making and processing. You have the right to object to the processing of your personal information, and to exercise this right, you can submit a request to the DPO or to our Data Subject Rights Team;

      • Right to request rectification and modification wherever you want us to correct your inaccurate or incomplete personal information, which Paystack keeps;

      • Right to request the deletion of your personal information;

      • Right to request the movement of your personal information data from Paystack to a third party - this is the right to the portability of data;

      • Right to withdraw consent to Paystack processing your personal data;

      • Right to object to direct marketing and to request that Paystack restricts the processing of your information;

      • Right to institute civil proceedings and seek compensation through the Courts; and

      • Right to submit a complaint to the Data Commissioner.

      Your request will be reviewed and answered by Paystack’s Data Protection Officer within the prescribed statutory period upon receipt of the request. Where there are any delays in responding to your request, you will be notified of the reasons for the delay and the period within which your request will be processed. 

      10. Compliance to Children's Privacy

      Our Services are all directed to people who are at least 18 years old or older.

      We do not knowingly collect any “Personal Data” (as defined by the Data Protection Act) from anyone under 18 years of age without valid parental consent. If we become aware that we have collected such personal information without parental consent, we will take reasonable steps to delete it as soon as possible.

      We also comply with other age restrictions and requirements in accordance with applicable local laws.

      11. Policy Violations

      Any violation of this Privacy Policy should be brought to the attention of the Data Protection Officer (details below) for appropriate sanctioning and treatment.

      12. Changes to This Privacy Policy

      We may need to update, modify or amend our Privacy Policy as our technology evolves and as required by law. If we materially change the ways in which we use or share personal data previously collected from you through our Services, we will provide notice or obtain consent regarding such changes as may be required by law. The Privacy Policy will apply from the effective date provided on our website.

      13. Contact Paystack’s Data Protection Officer (DPO)

      If you have any questions relating to this Privacy Policy or would like to learn more about exercising your data privacy rights, please contact our DPO via email at [email protected].

      For any further queries, our Data Protection Officer may be reached at the following address:

      Team Investment Concept LTD,
      Peponi Road,
      Ikigai 
      Westlands
      00800, Kenya



      Acceptable Use Policy

      By accessing or using Paystack, you agree to comply with the terms and conditions of this Acceptable Use Policy.

      1. Restricted Activities

      You may not use Paystack in connection with any product, service, transaction or activity that:

      • violates any law or government regulation, or promotes or facilitates such by third parties;
      • violates any rule or regulation of Visa, MasterCard, American Express or any other electronic funds transfer network (each, a “Card Network”);
      • is fraudulent, deceptive, unfair or predatory;
      • causes or threatens reputational damage to us or any Card Network;
      • involves any of the business categories listed in clause 2; or
      • results in or creates a significant risk of chargebacks, penalties, damages or other harm or liability for customers, yourself as a merchant, Paystack, the service providers that we rely on to provide our services or any Card Network.

      2. Certain Business Categories

      You may not use Paystack in connection with any product, service, transaction or activity that falls within the prohibition list provided in the East African Community Customs Management Act, 2004 or any other Applicable Law.

      • relates to the sale and/or purchase of:
        1. banned narcotics, steroids, certain controlled substances or other products that present a risk a consumer's safety;
        2. blood, bodily fluids or body parts;
        3. burglary tools;
        4. counterfeit items;
        5. illegal drugs and drug paraphernalia;
        6. fireworks, destructive devices and explosives;
        7. identity documents, government documents, personal financial records or personal information (in any form, including mailing lists);
        8. lottery tickets, sweepstakes entries or slot machines without the required licence;
        9. offensive material or hate speech or items that promote hate, violence, racial intolerance, or the financial exploitation of a crime;
        10. chemicals;
        11. recalled items;
        12. prohibited services;
        13. unlicensed financial services, stocks or other securities;
        14. stolen property;
        15. items that infringe or violate any copyright, trademark, right of publicity or privacy or any other proprietary right under the laws of any jurisdiction;
        16. sales of currency without BDC licence, cryptocurrency operators;
        17. obscene material or pornography;
        18. certain sexually oriented materials or services;
        19. certain firearms, firearm parts or accessories, ammunition, weapons or knives;
        20. any product or service that is illegal or marketed or sold in such a way as to create liability to Paystack; or
        21. production of military and paramilitary wears and accoutrement, including those of the Police and the Customs, Immigration and Prison Services.
      • relate to transactions that:
        1. show the personal information of third parties in violation of applicable law;
        2. support pyramid or ponzi schemes, matrix programs, other "get rich quick" schemes or certain multi-level marketing programs;
        3. are associated with purchases of annuities or lottery contracts, lay-away systems, off-shore banking or transactions to finance or refinance debts funded by a credit card;
        4. pertain to ammunitions and arms; and
        5. involve gambling, gaming and/or any other activity with an entry fee and a prize, including, but not limited to casino games, sports betting, horse or greyhound racing, lottery tickets, other ventures that facilitate gambling, games of skill (whether or not it is legally defined as a lottery) and sweepstakes unless the operator has obtained prior approval from Paystack and the operator and customers are located exclusively in jurisdictions where such activities are permitted by law.

      3. Actions by Paystack

      If, in our sole discretion, we believe that you may have engaged in any violation of this Acceptable Use Policy, we may (with or without notice to you) take such actions as we deem appropriate to mitigate risk to Paystack and any impacted third parties and to ensure compliance with this Acceptable Use Policy. Such actions may include, without limitation:

      • Blocking the settlement or completion of one or more payments;
      • Suspending, restricting or terminating your access to and use of the Paystack’s Services;
      • Terminating our business relationship with you, including termination without liability to Paystack of any payment service agreement between you and Paystack;
      • Taking legal action against you;
      • Contacting and disclosing information related to such violations to (i) persons who have sold/purchased goods or services from you, (ii) any
        Service provider, Mobile Money Operator, banks or Card Networks
        involved with your business or transactions, (iii) law enforcement or regulatory agencies, and (iv) other third parties that may have been impacted by such violations; or
      • Assessing against you any fees, penalties, assessments or expenses (including reasonable attorneys’ fees) that we may incur as a result of such violations, which you agree to pay promptly upon notice.

      4. Updates, Modifications & Amendments

      We may need to update, modify or amend our Acceptable Use Policy at any time. We reserve the right to make changes to this Acceptable Use Policy.

      We advise that you check this page often, referring to the date of the last modification on the page.

      Events Policy

      This Privacy Notice describes how we process (collect, use, share, protect etc.) your personal data when you sign up for our events.

      1. The data we collect

      • Name and email address:To facilitate event registration and communication.

      Additionally, during the event, we may collect other types of data, including

      How we collect your data

      We collect your data through the form you fill when you register for our events.


      Terms of Use

      By using this website (www.paystack.com), any of our websites, and/or services, you agree to these Terms of Use. The website Privacy Policy, Acceptable Use Policy, and Merchant Terms of Service (where applicable) are incorporated by reference into these Terms of Use.

      About Us

      Paystack Payments Kenya Limited, (“we”, “us” or “our”) is an online payment
      gateway that makes it easy for merchants to accept payments online from users or customers.

      We are an independent contractor for all purposes, providing this website and our services on an independent service provider basis. We do not endorse, have control or assume the liability or legality for the products or services that are paid for with our service. We do not guarantee
      any user’s identity and cannot ensure that a buyer or seller will complete a transaction.

      This Terms of Use is an agreement between you and Paystack. It details Paystack’s obligations to you. It also highlights certain risks of using the services, and you must consider such risks carefully as you will be bound by the provision of this Agreement through your use of this website or any of our services.

      Privacy Policy

      Paystack is committed to managing your Personal Information in line with global industry best practices. You can read our Privacy Policy to understand how we use your information and the steps we take to protect your information.

      Age Restriction

      Our website and services are not directed to children under 18. We do not knowingly transact or provide any services to children under 18.

      Disputes & Reversal

      If you believe that an unauthorized or otherwise problematic transaction has taken place, you agree to notify us immediately to enable us to take action to help prevent financial loss.

      All claims against us related to payments should be made within 45 (forty-five) days after the date of such payment. It will be taken that you waive all claims against us, to the fullest extent of the law, after the said period of time.

      If you enter into a transaction with a merchant and have a dispute over the goods or services you purchased, Paystack has no liability for such goods or services, and your claim must be brought against the merchant. Paystack's only involvement with regard to such transactions is as a payment gateway.

      We may intervene in disputes between users and merchants concerning payments but have no obligation to do so.

      Your transaction ID and/or transaction details will be required to resolve all disputes.

      Acceptable Use Policy

      You are independently responsible for complying with all applicable laws related to your use of our website and services. However, by accessing or using Paystack, you agree to comply with the terms and conditions of our Acceptable Use Policy which you can read on our Acceptable Use Policy page.

      Disclaimers

      WE TRY TO KEEP PAYSTACK AVAILABLE AT ALL TIMES, BUG-FREE AND SAFE, HOWEVER, YOU USE IT AT YOUR OWN RISK.

      OUR WEBSITE AND SERVICES ARE PROVIDED “AS IS” WITHOUT ANY EXPRESS, IMPLIED AND/OR STATUTORY WARRANTIES (INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED OR STATUTORY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR USE OR PURPOSE, TITLE, AND NON-INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS). WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, PAYSTACK MAKES NO WARRANTY THAT OUR WEBSITE AND SERVICES WILL MEET YOUR REQUIREMENTS OR THAT OUR WEBSITE WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR FREE. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU THROUGH OUR WEBSITE OR FROM PAYSTACK, ITS PARENTS, SUBSIDIARIES, OR OTHER AFFILIATED COMPANIES, OR ITS OR THEIR SUPPLIERS (OR THE RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, OR AGENTS OF ANY SUCH ENTITIES) (COLLECTIVELY, "PAYSTACK PARTIES") SHALL CREATE ANY WARRANTY.

      Limitation of Liability

      IN NO EVENT WILL ANY OF THE PAYSTACK PARTIES BE LIABLE FOR ANY
      COSTS, CLAIMS, PENALTIES, ACTIONS, JUDGEMENTS, SUITS, EXPENSES,
      DISBURSEMENTS, FINES OR OTHER AMOUNTS WHICH YOU MAY SUSTAIN, BE
      THREATENED WITH OR SUFFER, OR DAMAGES WHATSOEVER (INCLUDING,
      WITHOUT LIMITATION, THOSE RESULTING FROM LOSS OF REVENUES, LOST
      PROFITS, LOSS OF GOODWILL, LOSS OF USE, BUSINESS INTERRUPTION, OR
      OTHER INTANGIBLE LOSSES), ARISING OUT OF OR IN CONNECTION WITH
      PAYSTACK'S WEBSITE OR SERVICES (INCLUDING, WITHOUT LIMITATION, USE,
      INABILITY TO USE, OR THE RESULTS OF USE OF PAYSTACK'S WEBSITES OR
      SERVICES), WHETHER SUCH DAMAGES ARE BASED ON WARRANTY,
      CONTRACT, TORT, STATUTE, OR ANY OTHER LEGAL THEORY, IN EXCESS OF
      THE AMOUNT OF THE TRANSACTION OR THE EQUIVALENT OF TWENTY
      THOUSAND UNITED STATES DOLLARS (US$20,000.00) DOLLARS, WHICHEVER
      IS LESSER.


      THE PAYSTACK PARTIES WILL NOT BE LIABLE FOR ANY INDIRECT, SPECIAL,
      CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES OF ANY KIND
      WHATSOEVER OR HOWSOEVER CAUSED (WHETHER ARISING UNDER
      CONTRACT, DELICT OR OTHERWISE, AND WHETHER THE LOSS OR DAMAGE
      WAS ACTUALLY FORESEEN OR REASONABLY FORESEEABLE), INCLUDING
      BUT NOT LIMITED TO ANY LOSS OF COMMERCIAL OPPORTUNITIES OR LOSS
      OF PROFITS, AND WHETHER AS A RESULT OF NEGLIGENT (INCLUDING
      GROSSLY NEGLIGENT) ACTS OR OMISSIONS OF THE PAYSTACK PARTIES.


      By agreeing to these Terms of Use, you agree to indemnify, defend and hold the Paystack Parties harmless against any claim by any third party for any costs, damages (including, without limitation, indirect, extrinsic, special, penal, punitive, exemplary or consequential loss or damage of any kind), penalties, actions, judgments, suits, expenses, disbursements, fines, or other amounts arising, whether directly or indirectly, from a breach of this Terms of Use by you.

      Exclusions

      Some jurisdictions do not allow the exclusion of certain warranties or the limitation or exclusion of liability for certain damages. Accordingly, some of the above disclaimers and limitations of liability may not apply to you. To the extent that any Paystack Party may not, as a matter of applicable law, disclaim any implied warranty or limit its liabilities, the scope and duration of such warranty and the extent of the Paystack’s Party's liability shall be the minimum permitted under such applicable law.

      Updates, Modifications & Amendments

      We may need to update, modify or amend our Terms of Use as our technology evolves. We reserve the right to make changes to this Terms of Use at any time by giving notice to users on this page.

      We advise that you check this page often, referring to the date of the last modification on the page. If a user objects to any of the changes to the Terms of Use, the User must cease using our website and/or services immediately as your continued use of the website and/or services will be deemed as your acceptance of the changes.

      Applicable Law

      These Terms of Use shall be interpreted and governed by the laws currently in force in the Republic of Kenya.

      Legal Disputes

      We shall make n effort to settle all disputes amicably. Any dispute arising out of this Terms of Use which cannot be settled by mutual agreement/negotiation within 1 (one) month shall be referred to arbitration by a single arbitrator in accordance with the Kenyan Arbitration Act 1995 (as amended from time to time). The arbitrator shall be appointed by both of us (we and you), failing which, within fourteen (14) business days, such arbitrator shall be appointed by the chairman for the time being of the Chartered Institute of Arbitrators of Kenya upon application of either party;

      The findings of the arbitrator and subsequent award shall, in the absence of manifest error, be binding on both of us. Each of us shall bear our respective costs in connection with the arbitration. The venue for the arbitration shall be in Nairobi, and the language of the arbitration shall be in English.

      Severability

      If any portion of these Terms of Use is held by any court or tribunal to be invalid or unenforceable, either in whole or in part, then that part shall be severed from these Terms of Use and shall not affect the validity or enforceability of any other part in this Terms of Use.

      Suspension of the website and/or services

      We may, without liability, temporarily suspend the website and/or services for any reason, including for repairs or upgrades to the website and/or services or as a result
      of the third-party services that we make use of. Paystack will take reasonable efforts to notify Users of such suspensions in advance.

      Terms of Service

      By signing up for an account on this website (www.paystack.com), any of our websites and/or services, you are deemed a merchant and agree to these Merchant Terms of Service (the “Agreement”).

      PLEASE READ THESE MERCHANT TERMS OF SERVICE CAREFULLY BEFORE SIGNING UP AS A MERCHANT. If you do not agree to any or all of these Terms of Service, DO NOT USE THIS SITE!

      About Us

      Paystack Payments Kenya Limited, (“we”, “us” or “our”) is an online payment gateway that makes it easy for merchants to accept payments online from users or customers.

      We are an independent contractor for all purposes, providing this website and our services on an independent service provider basis. We do not endorse, have control or assume the liability or legality for the products or services that are paid for with our Service. We do not guarantee any user’s identity and cannot ensure that a buyer or seller will complete a transaction.

      Agreement

      These Terms of Service is an agreement between you and Paystack. It is a binding agreement between Paystack and you (“you,” “the Merchant”), who has set up a Paystack account to access the Services offered by Paystack (“Paystack Account”). It details Paystack’s obligations to you. It provides a general description of the Services that Paystack may provide to you, including those that allow you to accept payments from purchasers of your goods or services or donors to your organization (your “Customers/Users”). It also highlights certain risks of using the services, and you must consider such risks carefully as you will be bound by the provisions of this Agreement through your use of this website or any of our services.

      If Paystack is providing you with services under a Merchant Services Agreement then in the event of any inconsistency between the terms of the Merchant Services Agreement (including any other document incorporated into the same) and these Terms of Use, then the Merchant Services Agreement shall take precedence.

      Registration

      To use Paystack, you have to create a Paystack account by registering. To register, you will provide us with certain information such as your email, first name, last name, business name and phone number, business registration or registered company number, URL, the nature of your business or activities, and any other document we may require us to complete our Know Your Customer ( KYC) obligations under the Proceeds of Crime and Anti-Money Laundering Act No.9 of 2009 and the regulations thereunder (the AML Regulations).

      We may also collect personal information (including name, date of birth, and government-issued identification number) about your beneficial owners, principals, and your Paystack Account administrator or Representative (meaning you or the person or people submitting the application). Until you have submitted and we have reviewed and approved all required information, your Paystack Account will be available to you on a preliminary basis only, and we may terminate it at any time and for any reason. We may seek to verify your information (by ourselves or through third parties), after which we will approve your account unless deemed risky. You hereby give us permission to perform all such actions.

      Any personal information that we process when registering your account will be processed in accordance with our privacy policy.

      Change of Information

      In the event that you change any information provided to us at registration, including your business name, address, financial institution, mode of payments, or the products and services that you offer, or where a corporate restructuring occurs, you agree to notify us within 14 days of such change. We may be unable to respond to you if you contact us from an address, telephone number, or email account that is not registered with us.

      and we reserve the right to suspend your use of our services where your information that is registered with us is not up to date.

      Representation and Warranties

      You represent and warrant to Paystack that:

      1. you have full power and authority to enter into, execute, deliver, and perform this Agreement;
      2. you are duly organised, authorised, and in good standing under the laws of the Republic of Kenya or any state, region, or country of your organisation and are duly authorised to do business in all other states, regions, or countries in which your business operates.

      Age Restriction

      Our website and Services are not directed to children under 18. We do not knowingly transact or provide any Services to children under 18.

      Dormant or Inactive Accounts

      Where a Paystack Account is dormant or inactive and deemed to be abandoned under the provisions of the Unclaimed Financial Assets Act, Paystack shall use its reasonable efforts to locate the account holder and notify the account holder of the Paystack Account. If Paystack is unsuccessful in locating the Paystack Account holder, Paystack shall deal with the abandoned property in accordance with the provisions of the Unclaimed Financial Assets Act.

      Where Paystack receives notification of the death or mental incapacity of a Paystack Account Holder, Paystack shall suspend all account activity until satisfied that the relevant provisions of the Law of Succession Act Chapter 160 of the Laws of Kenya or the Mental Health Act, Chapter 248 of the Laws of Kenya (as the case may be) have been followed.

      A person claiming access to funds by virtue of being a successor (in the event of death) or manager (in the event of permanent incapacity) shall, upon request by Paystack, produce letters of administration/grant of probate (in the event of death) or a court order authorizing the person to manage the estate (in the event of permanent incapacity) or such other document as may be prescribed.

      Account Security

      You agree not to allow anyone else to have or use your password details and to comply with all reasonable instructions we may issue regarding account access and security. In the event you share your password details, Paystack will not be liable to you for losses or damages. You will also take all reasonable steps to protect the security of the personal electronic device through which you access Paystack’s Services (including, without limitation, using PIN and/or password-protected personally configured device functionality to access Paystack’s Services and not sharing your device with other people).

      You must inform us immediately if there has been, or if you suspect, any breach of security, confidentiality, or of your account, and update your password details immediately to secure your account.

      Data Compliance and Security

      You agree to comply with all data privacy and security requirements of the Payment Card Industry Data Security Standard ("PCI DSS Requirements") and any applicable law or regulation that may be in force, enacted, or adopted regarding confidentiality, your access, use, storage, and/or disclosure of user information. Information on the PCI DSS Requirements can be found on the PCI Council's website. It is your responsibility to comply with these standards where they are applicable to you.

      We are responsible for the security and protection of Card Holder Data (CHD) we collect and store. Accordingly, we implement access control measures, security protocols, and standards, including the use of encryption and firewall technologies to ensure that CHD is kept safe and secure on our servers, in compliance with the requirements of the PCI DSS Requirement and the Data Protection Act Number 24 of 2019 and the regulations thereunder (Kenya Data Protection Regulation) We also, implement periodical security updates to ensure that our security infrastructures are in compliance with reasonable industry standards.

      We
      acknowledge that you own all your customers’ data. You hereby warrant that you have complied with the Kenya Data Protection Regulation, including making all required disclosures to the data subjects with respect to the processing of data and explaining to its customers the purpose for which the Data will be used and that the data will be shared with the service providers including Paystack and obtaining any required consent for such use of the data subjects in accordance with applicable Kenyan Data Protection Regulations.

      You hereby grant Paystack a perpetual, irrevocable, sub-licensable, assignable,
      worldwide, royalty-free license to use, reproduce, electronically distribute, and
      display your customers’ data for the following purposes;

      1. providing and improving our services;
      2. internal usage, including but not limited to, data analytics and metrics so long as individual customer data has been anonymized and aggregated with other customer data;
      3. complying with applicable legal requirements and assisting law enforcement agencies by responding to requests for the disclosure of information in accordance with local laws; and
      4. any other purpose for which consent has been provided by your customer.

      Software License

      We hereby grant you a revocable, non-exclusive, non-transferable licence to use Paystack’s APIs, developer’s toolkit, and other software applications (the “Software”) in accordance with the documentation accompanying the Software. This license grant includes all updates, upgrades, new versions, and replacement software for your use in connection with Paystack’s services. If you do not comply with the documentation and any other requirements provided by Paystack, then you will be liable for all resulting damages suffered by you, Paystack, and third parties.

      Unless otherwise provided by applicable law, you agree not to alter, reproduce, adapt, distribute, display, publish, reverse engineer, translate, disassemble, decompile or otherwise attempt to create any source code that is derived from the Software. Upon expiration or termination of this Agreement, you will immediately cease all use of any Software.

      Trademark License

      We hereby grant you a revocable, non-exclusive, non-transferable license to use Paystack’s trademarks used to identify our services (the “Trademarks”) solely in conjunction with the use of our Services. You agree that you will not at any time during or after this Agreement assert or claim any interest in or do anything that may adversely affect the validity of any Trademark or any other trademark, trade name, or product designation belonging to or licensed to Paystack (including, without limitation registering or attempting to register any Trademark or any such other trademark, trade name or product designation). Upon expiration or termination of this Agreement, you will immediately cease all display, advertising, and use of all of the Trademarks.

      Intellectual Property

      We do not grant any right or license to any Paystack intellectual property rights by implication, estoppel, or otherwise other than those expressly mentioned in this Agreement.

      Each party shall retain all intellectual property rights, including all ownership rights, title, and interest in and to its own products and services, subject only to the rights and licenses specifically granted herein.

      Publicity

      You hereby grant Paystack permission to use your name and logo in our marketing materials, including, but not limited to, use on our website, in customer listings, in interviews, and in press releases. Such Publicity does not imply an endorsement for your products and services.

      Confidential Information

      The parties acknowledge that in the performance of their duties under this Agreement, either party may communicate to the other (or its designees) certain confidential and proprietary information, including without limitation information concerning each party's services, know how, technology, techniques, or business or marketing plans (collectively, the "Confidential Information"), all of which are confidential and proprietary to, and trade secrets of, the disclosing party. Confidential Information does not include information that: (i) is public knowledge at the time of disclosure by the disclosing party; (ii) becomes public knowledge or known to the receiving party after disclosure by the disclosing party other than by breach of the receiving party's obligations under this section or by breach of a third party's confidentiality obligations; (iii) was known by the receiving party prior to disclosure by the disclosing party other than by breach of a third party's confidentiality obligations; or (iv) is independently developed by the receiving party.

      As a condition to the receipt of the Confidential Information from the disclosing party, the receiving party shall: (i) not disclose in any manner, directly or indirectly, to any third party any portion of the disclosing party's Confidential Information without the Disclosing Party’s prior written permission, except permission will not be required when the disclosure is: (a) to the Receiving Party’s Affiliates; and (b) where Paystack is the receiving party to Payment Method Acquirers and Payment Method Providers, and their respective Affiliates, and to Paystack third-party service providers; (ii) not use the disclosing party's Confidential Information in any fashion except to perform its duties under this Agreement or with the disclosing party's express prior written consent; (iii) disclose the disclosing party's Confidential Information, in whole or in part, only to employees and agents who need to have access thereto for the receiving party's internal business purposes; (iv) take all necessary steps to ensure that its employees and agents are informed of and comply with the confidentiality restrictions contained in this Agreement; and (v) take all necessary precautions to protect the confidentiality of the Confidential Information received hereunder and exercise at least the same degree of care in safeguarding the Confidential Information as it would with its own confidential information, and in no event shall apply less than a reasonable standard of care to prevent disclosure of the Confidential Information.

      The receiving party may also disclose the disclosing party’s Confidential Information
      to the extent required by Law or court order, as long as the receiving party uses reasonable efforts to limit disclosure and to obtain confidential treatment or a protective order and has, to the extent reasonably possible, allowed the disclosing party to participate in the proceeding.

      Know Your Customer

      You agree that you are solely responsible for verifying the identities of your customers in accordance with the AML Regulations, ensuring that they are authorised to carry out the transactions on your platform, and determining their eligibility to purchase your products and services.

      You are also required to maintain information and proof of service or product delivery to your customer. Where a dispute occurs needing resolution, you may be required to provide Paystack with these.

      Card Network Rules

      Each card network has its own rules, regulations and guidelines. You are required to comply with all applicable Network Rules that apply to merchants. You can review portions of the Network Rules at Mastercard, Visa, American Express and other payment cards. The Card Networks reserve the right to amend the Network Rules.

      Customer Payments

      You may only process payments when authorised to do so by your customer. We will only process transactions that have been authorised by the applicable Card Network or card issuer, bank, or financial service providers.

      We do not guarantee or assume any liability for transactions authorised and completed that are later reversed or charged back (see Chargebacks below). You are solely responsible for all reversed or charged back transactions, regardless of the reason for or timing of the reversal or chargeback. Paystack may add or remove one or more payment types or networks at any time. If we do so, we will use reasonable efforts to give you prior notice of the removal.

      Our Fees & Pricing Schedule

      You agree to pay us for the services we render as a payment gateway for your goods and services. Our Fees will be calculated as demonstrated on the Pricing page on the website and can be calculated on the same page using the “little calculator” we provided. The Fees on our Pricing page is integral to and form part of this Agreement.

      The Fees include charges for Transactions (such as processing a payment) and for other services connected with your Paystack Account. We may revise the Fees at any time. However, we will notify you within 5 days of such changes or such shorter notice as is reasonably possible if the change to the Fees is required to comply with a new Law or regulatory directive.

      In addition to the Fees, you are also responsible for any penalties or fines imposed in relation to your Paystack Account on you or Paystack by any Payment partner, Issuing bank, or financial service resulting from your use of Payment Processing Services in a manner not permitted by this Agreement or a Payment Method Provider’s rules and regulations. You agree to indemnify Paystack in respect of any such as penalties or fines.

      If you do not understand the Fees or
      you have a question about Fees, please contact us.

      You are also obligated to pay all taxes, fees, and other charges imposed by any governmental authority, including any value-added tax on the Services provided under this Agreement.

      Taxes and Other Expenses

      Our fees are exclusive of any applicable taxes, except as expressly stated to the contrary. You have sole responsibility and liability for (i) determining what, if any, taxes apply to the sale of your products and services, acceptance of donations, or payments you receive in connection with your use of the Services; and (ii) assessing, collecting, reporting, and remitting taxes for your business to the appropriate tax and revenue authorities. If we are required to withhold any taxes, or we are unable to validate any tax-related identification information you provide to us, we may deduct such taxes from amounts otherwise owed and pay them to the appropriate taxing
      authority. If you are exempt from payment of such taxes, you must provide us with a copy of the certificate that satisfies applicable legal requirements attesting to your tax-exempt status. Upon our reasonable request, you must provide us with information regarding your tax affairs.

      We may send documents to you and regulatory authorities for Transactions
      processed using the Services. We may receive requests from tax and regulatory authorities in relation to your use of the Services. If you use Payment Processing Services, you acknowledge that we will report the total amount of payments you receive as required by appropriate tax and regulatory authorities. We also may, but are not obliged to, electronically send you tax-related information

      Payouts

      Subject to the terms of this Terms, Paystack will send to your designated bank, Mobile Money Wallet, or card settlement account ("Payout/Bank Account") all amounts settled and due to you from your transactions with customers, minus our Fees as stated in the Fee Schedule, any Reversals, Invalidated Payments, Chargebacks, Refunds or other amounts that you owe to Paystack under this Agreement ("Payout"). If the Payout is not sufficient to cover the amounts due by you to Paystack, you agree that we may debit your Payout/Bank Account for the applicable amounts due and/or set off the applicable amounts against future Payouts due to you. By entering into this Agreement, you agree to provide us with all necessary Payout/Bank Account and related information on our request and grant us permission to debit amounts due by you from your Payout/Bank Account.

      After transfer of funds is initiated to your Bank Account, we will update the information on your Paystack Dashboard to reflect the settlement. Information regarding your transactions that are processed and settled using Paystack (“Transaction History”) will be available to you when you log in to your Paystack Dashboard.

      While we will provide Transaction History in your Paystack Dashboard, you are solely responsible for compiling and retaining permanent records of all transactions and other data associated with your Paystack account as may be required for your business. Paystack is not responsible for maintaining Transaction History or other records in a manner consistent with your record retention obligations.

      Payout Schedule

      Your Payout Schedule, which is the time it takes us to initiate a transfer to your Payout/Bank Account settled funds from transactions processed through us, is on your Paystack Dashboard. We reserve the right to change your Payout Schedule, suspend payouts to your Payout/Bank Account or initiate a Reversal should we deem it necessary due to pending disputes, excessive or anticipated excessive Chargebacks or Refunds, or other suspicious activity associated with your use of Paystack, or if required by law or court order.

      How we handle your Funds

      You authorise and instruct Paystack or its acquiring partner or Banks to hold, receive, and disburse funds on your behalf when such funds from transactions you submitted for processing are settled. By accepting this Agreement, you further authorise Paystack on how your transaction settlement funds should be disbursed to you as Payouts and the timing of such Payouts.

      You agree that you are not entitled to any interest or other compensation associated with the settlement funds held by Paystack pending settlement and Payout to your Payout/Bank Account.

      Settlement funds will be held in an account pending Payouts to you in accordance with the terms of this contract. We may periodically make available to you information about pending settlements yet to be received from the Card Networks,bank or financial service providers

      Your authorisations will remain valid and be of full effect until your Paystack Account is closed or terminated.

      Security and Fraud Controls

      Paystack is responsible for protecting the security of Payment Data including CHD in our possession and will maintain commercially reasonable administrative, technical, and physical procedures to protect all the personal information regarding you and your customers that is stored in our servers from unauthorised access and accidental loss or modification. Although, we cannot guarantee that unauthorised third parties will never be able to defeat those measures or use such personal information for improper purposes. We will however take all reasonable and commercially achievable measures to address any security breach as soon as we become aware.

      You agree to use other procedures and controls provided by us and other measures that are appropriate for your business to reduce the risk of fraud.

      In the event that you suspect any fraudulent activity by a customer, you agree to notify Paystack immediately and quit the delivery of the service. In addition, where we suspect that there have been frequent fraudulent transactions on your account, we reserve the right to cancel our service to you and/or your account.

      Notification of Errors

      You agree to notify us immediately any error is detected while reconciling transactions that have occurred using Paystack. We will investigate and rectify the errors where verified. In the event that we notice any errors, we will also investigate and rectify such errors.

      Where we owe you money as a result of such errors, we will refund the amounts owed to you by a bank transfer to your Bank Account.

      If a transaction is erroneously processed through your platform, report to us immediately. We will investigate any such reports and attempt to rectify the errors by crediting or debiting your Bank Account as appropriate.

      Failure to notify us within 45 (forty-five) days of the occurrence of an error will be deemed a waiver of your rights to amounts that are owed to you due to an error.

      Chargebacks

      A Chargeback usually happens when a customer files directly with or disputes through his or her credit or debit card issuer a payment on their bill. It may result in the reversal of a transaction. You may be assessed for chargebacks or disputes if (i) value is not given for transactions; (ii) transactions are unauthorised or improperly authorised; (iii) transactions do not comply with Card Network Rules or the terms of this Agreement or are allegedly unlawful or suspicious; (iv) your transactions have been flagged by a regulator or law enforcement agency or (v) any reversals for any reason by the Card Network, our processor, or the acquiring or issuing banks. Where a Chargeback occurs, you are immediately liable for all claims, expenses, fines and liability we incur arising out of that Chargeback and agree that we may recover these amounts by debiting your settlements or payout account. Where these amounts are not recoverable through your settlements or payout account, you agree to pay all such amounts through any other means.

      Fraud

      Fraud happens when an unauthorised transaction is made with a customer’s stolen payment details. The most common types of fraud are identity theft, phishing, account takeover, friendly fraud etc.

      At Paystack, we are committed to maintaining the highest standards of security and trust in our payment processing services. You are responsible for implementing additional security measures on your end to safeguard customer data and prevent unauthorised access to their accounts. We may impose transaction limits or other verification requirements for high-risk transactions to ensure the legitimacy of the transaction.

      In the event of a dispute initiated by a customer due to suspected fraud, we will review all relevant information, including transaction data and any evidence you have provided. In case of any discrepancy or if you are unable to provide proof of value within the specified timeframe, we will have no other option than to accept the fraud claim on your behalf. You are encouraged to maintain accurate transaction records and evidence to expedite the resolution process.

      Engaging in fraudulent activities, including chargeback abuse or unauthorised use of customer information, is strictly prohibited. If we identify any fraudulent activities on a merchant's account, we reserve the right to suspend or terminate the merchant's access to our services immediately.

      Dispute Policy

      This policy serves as a guide to establishing a robust and transparent system to manage and resolve transaction disputes. It outlines the principles, procedures, and mechanisms governing the resolution process, providing a roadmap for all parties involved. The Dispute Policy is now part of the Terms of Service and Merchant Service Agreement. When you sign the MSA or consent to the Terms of Service, you're also signing this Dispute Policy. By adhering to this policy, consumers, and stakeholders alike will benefit from a structured and consistent approach to dispute resolution.

      Aim

      The primary objective of this policy is to strike a balance between safeguarding the rights and interests of parties involved in a transaction and promoting timely and equitable resolutions. It is designed to promote transparency, accountability, and fairness throughout the dispute resolution process, minimising liability and disruption to ongoing business operations while also maintaining a positive reputation in the payment industry.

      Introduction

      A transaction dispute occurs when a cardholder or account holder registers a formal complaint against a merchant regarding a specific transaction. Common reasons for transaction disputes include unauthorized debits, no value received for payment made, defective products/goods, multiple transaction charges for one attempt, or services not rendered as promised.

      Resolving disputes involves communication between the Issuer or card scheme, Paystack and the sub-merchant. This communication requires evidence, such as receipts or transaction records and any other relevant information depending on the business category. In some cases, mediation or arbitration might be necessary to reach a satisfactory resolution.

      Swiftly addressing transaction disputes is essential to maintain trust and integrity in financial dealings and ensure fair outcomes for all parties involved.

      Timelines

      Fraud

      Fraud claims are transactions disputed as unauthorized or fraudulent. This means that the reporting customer has reached out to their bank to complain that they didn’t initiate the transaction.

      Fraud claims have a time frame of 24 hours to be resolved. If not resolved within this timeline, it auto-accepts.

      Sometimes, fraud reports can progress to a court order, law enforcement request or regulator request.

      We give Paystack merchants 3 business days to provide receipts, account statements and other relevant information needed to successfully defend our position or object to a ruling, and reply to a regulator or law enforcement agency request.

      1. Court Order: A court order is a written direction, decision, or command delivered by a court and signed by the judge. The ruling could specify the reversal of a transaction, the release of beneficiary information to an individual or a directive to watchlist a bad actor’s BVN (Nigerian Bank Verification Number). We receive court orders from area, magistrate, district and high courts.
      2. Law enforcement request: A law enforcement authority or agency may reach out to direct a refund or request more information on a transaction or merchant that has been deemed suspicious or fraudulent. This request could demand an in-person visit and Paystack is bound by laws to comply.
      3. Regulator request: Paystack is bound by regulatory bodies in the regions we operate in. If a regulator reaches out for transaction or merchant information or to direct a refund, we have to comply.

      Sometimes, fraud claims get reopened and this happens for various reasons, including discrepancies in receipts, incorrect beneficiary information provided during the initial resolution, and insufficient beneficiary details. Reopened fraud claims have a prompt resolution timeline of 8 hours. If not resolved within this timeline, the fraud claim auto-accepts.

      Chargebacks

      Chargebacks occur when a customer requests to have a payment they made reversed. It could happen due to a duplicate transaction charge, no value for payment made, a cancelled subscription that was still charged etc.

      Chargebacks have a time frame of 16 hours to be resolved in our Nigeria market and 48 hours in our Ghana, South Africa, and Kenya markets. If not resolved within this timeline, it auto-accepts.

      Sometimes, chargebacks could require transaction revalidation or progress to other stages; pre-arbitration and arbitration.

      • Revalidation: Revalidation is when the Issuing bank reaches out after a declined chargeback to ask that the provided evidence be reviewed again for accuracy.

        Chargebacks reopened for revalidation reasons have a resolution timeline of 8 hours in our Nigeria market and 24 hours in our Ghana, South Africa, and Kenya markets.
      • Pre-arbitration: Pre-arbitration refers to the process where an Issuer or card scheme requests further evidence from a merchant after the initial chargeback dispute, before proceeding to arbitration.
        Merchants have 72 hours to resolve pre-arbitration chargebacks in all markets.
      • Arbitration: Arbitration involves the relevant card association stepping in to help resolve the dispute between the acquiring and issuing banks and by extension the merchant and the cardholder. We do not allow chargebacks to go into arbitration because of the possibility of a fine of up to $750 fee from the card schemes.

      Liability

      According to this policy and Paystack’s Terms of Service, merchants are bound by rules that limit Paystack's responsibility. We are not liable for disputes incurred by merchants using our services. We are also not involved in the decision-making of dispute outcomes as this is left to the customer’s bank and card networks.

      The information merchants provide to Paystack directly or through a representative is expected to be accurate and complete. By using Paystack's Payments Services, they are responsible for paying the full amount of any disputes (chargebacks and fraud claims), refunds, fines, or penalties that may arise from their use of the service, regardless of any agreements to share liability. These obligations are described in more detail in the Paystack Terms of Service.

      Card Networks and Paystack don't accept high dispute rates from merchants. This is because high dispute rates suggest that the merchant(s) might not be delivering products or services to cardholders. A high dispute rate results in an increase in operational tasks and costs for all parties, including the Card Network, Issuing Bank, and Paystack.

      There are specific liability scenarios we’ve seen arise from time to time. These are outlined below and will be updated when new situations come up:

      1. Auto-accepted/Accepted disputes:
        Merchant liability
      2. Court Orders:
        Merchant Liability
      3. Fraud Chargebacks:
        Merchant Liability
      4. Pre-arbitration chargebacks:
        Merchant Liability
      5. Regulatory sanctions and fines:
        Merchant Liability (except directive originated from gap or loophole in Paystack processes)
      6. Card scheme fines such as remediation and arbitration fines:
        Arbitration fines: Merchant Liability
        Remediation fines: Merchant Liability (where a merchant is flagged & where a merchant contributes the most to the flagged fraud value or ratio)
      7. Law enforcement visits and requests:
        Paystack obligation. The affected merchant(s) gets looped in when directly referenced or invited by the requesting agency/authority.

      Dispute thresholds

      For thresholds set by the Card Schemes, we published an article on Dispute Monitoring Programs here.

      At Paystack, we track the dispute rates for our merchants and alert them when they are close to breaching the limit. This helps us detect spikes early enough and avoid the monthly fines and additional fees associated with monitoring programs from card networks.

      Paystack Chargeback Thresholds:

      Threshold

      Chargeback Count

      Chargeback Ratio

      Normal

      <100

      <0.1%

      Early Warning

      100 - 499

      0.1-0.49%

      High

      500 - 999

      0.5 - 1.0%

      Excessive

      >1000

      >1.0%

      Paystack Fraud Thresholds:

      Threshold

      Fraud Value

      Fraud Ratio

      Normal

      <USD 250

      <0.1%

      Early Warning

      USD 250 - USD 999

      0.1-0.49%

      High

      USD 1000 - USD 2000

      0.5 - 1.0%

      Excessive

      >USD 2000

      >1.0%

      Dispute cost

      Merchants do not get charged for receiving or resolving disputes. However, for any accepted or auto-accepted disputes, the transaction value is reversed in full (except where the merchant accepted a dispute partially) and deducted from the merchant’s next settlement. This is because our processing fees are not refundable.

      According to our Terms of Service, merchants are responsible and have indemnified Paystack against any claims (including legal fees) from third parties, such as Card Networks, Issuers, and Acquirers, resulting from the merchant's violation of the Merchant Service Agreement, applicable laws, or card network rules for the payment methods in use.

      Dispute period

      Disputes may happen long after a transaction, but even if the Merchant Service Agreement is terminated or a business is closed, Paystack is still entitled to recover dispute amounts, dispute fees, transaction reversals, and fines related to transactions processed during the agreement's term from the merchant.

      Resolution

      Disputes should be resolved within specified timeframes by merchants with either an accept or decline response:

      • Accept: Merchant accepting a dispute means they’re yet to give value or can recover value. After accepting, the transaction is refunded and the transaction value is deducted from the merchant’s next settlement.
      • Decline: Merchant declining a dispute means they’ve already delivered value and will be unable to recoup or salvage it. Declining a dispute requires a transaction receipt and for fraud claims, additional information such as beneficiary details and KYC, details of funds utilisation and details of any transfers or withdrawals made is needed.

      Right To Information Sharing

      Paystack has the right to share information about a merchant and their transactions with regulators, acquirers, issuers, law enforcement, and other authorities to comply with legal requirements. This sharing is important to prevent fraud, investigate suspicious transactions, and maintain the security of our payment systems.

      By cooperating with these entities, we help detect, prevent and give relevant information on financial crimes, ensuring the safety of everyone involved in the payment process. This information sharing is also crucial for us to fulfil our responsibilities as a trusted intermediary, allowing us to respond quickly to potential risks and support a transparent payment environment that promotes trust for all parties.

      Reserves

      In our sole discretion, we may place a Reserve on a portion of your Payouts by holding for a certain period such portion where we believe there is a high level of risk associated with your business. If we take such steps, we will provide you with the terms of the Reserve which may include the percentage of your Payouts to be held back, period of time and any other such restrictions that Paystack may deem necessary. Where such terms are changed, we will notify you. You agree that you will remain liable for all obligations related to your transactions even after the release of any Reserve. In addition, we may require you to keep your Bank Account available for any open settlements, Chargebacks and other adjustments.

      To secure your performance of this Agreement, you grant Paystack a legal claim to the funds held in the Reserve as a lien or security interest for amounts payable by you.

      Refunds

      You agree that you are solely responsible for accepting and processing returns of your products and services. We are under no obligation to process returns of your products and services, or to respond to your customers’ inquiries about returns of your products and services. You agree to submit all Refunds for returns of your products and services that were paid for through Paystack to your customers in accordance with this Agreement and relevant Card Network Rules.

      No Refund of Fees

      The fees charged for processing the original Transaction will not be refunded in part or in full to the Merchant if the Transaction is Refunded or made subject to a dispute.

      Information Sharing

      In cases of suspected fraud or criminal activities, we may share relevant information with regulators, law enforcement, and other authorities to ensure compliance with legal obligations.

      Merchants are obliged to cooperate fully with any investigations related to fraudulent activities, providing any necessary information promptly

      Termination

      You may terminate this Agreement by closing your Paystack Account.

      We may suspend your Paystack Account and your access to Paystack services and any funds, or terminate this Agreement, if;

      1. you do not comply with any of the provisions of this Agreement;
      2. we are required to do so by a Law;
      3. we are directed by a Card Network or issuing financial institution; or
      4. where a suspicious or fraudulent transaction occurs.

      Restricted Activities & Acceptable Use Policy

      You are independently responsible for complying with all applicable laws related to your use of our website and services. However, by accessing or using Paystack, you agree to comply with the terms and conditions of our Acceptable Use Policy and are restricted from the activities specified in it which you can read on our Acceptable Use Policy page.

      Privacy Policy

      Paystack is committed to managing your Personal Information in line with global industry best practices. You can read our Privacy Policy to understand how we use your information and the steps we take to protect your information.

      Disclaimers

      WE TRY TO KEEP PAYSTACK AVAILABLE AT ALL TIMES, BUG-FREE AND SAFE, HOWEVER, YOU USE IT AT YOUR OWN RISK.

      OUR WEBSITE AND SERVICES ARE PROVIDED “AS IS” WITHOUT ANY EXPRESS, IMPLIED AND/OR STATUTORY WARRANTIES (INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED OR STATUTORY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR USE OR PURPOSE, TITLE, AND NON-INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS). WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, PAYSTACK MAKES NO WARRANTY THAT OUR WEBSITE AND SERVICES WILL MEET YOUR REQUIREMENTS OR THAT OUR WEBSITE WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR FREE. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU THROUGH OUR WEBSITE OR FROM PAYSTACK, ITS PARENTS, SUBSIDIARIES, OR OTHER AFFILIATED COMPANIES, OR ITS OR THEIR SUPPLIERS (OR THE RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, OR AGENTS OF ANY SUCH ENTITIES) (COLLECTIVELY, "PAYSTACK PARTIES") SHALL CREATE ANY WARRANTY

      Limitation of Liability

      IN NO EVENT WILL ANY OF THE PAYSTACK PARTIES BE LIABLE FOR (A) ANY INDIRECT, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES OR (B) ANY DAMAGES WHATSOEVER IN EXCESS OF THE AMOUNT OF THE TRANSACTION OR TWENTY THOUSAND UNITED STATES DOLLARS (US$20,000.00) DOLLARS, WHICHEVER IS LESSER (INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM LOSS OF REVENUES, LOST PROFITS, LOSS OF GOODWILL, LOSS OF USE, BUSINESS INTERRUPTION, OR OTHER INTANGIBLE LOSSES), ARISING OUT OF OR IN CONNECTION WITH PAYSTACK’S WEBSITE OR SERVICES (INCLUDING, WITHOUT LIMITATION, USE, INABILITY TO USE, OR THE RESULTS OF USE OF PAYSTACK’S WEBSITES OR SERVICES), WHETHER SUCH DAMAGES ARE BASED ON WARRANTY, CONTRACT, TORT, STATUTE, OR ANY OTHER LEGAL THEORY.

      Exclusions

      Some jurisdictions do not allow the exclusion of certain warranties or the limitation or exclusion of liability for certain damages. Accordingly, some of the above disclaimers and limitations of liability may not apply to you. To the extent that any Paystack Party may not, as a matter of applicable law, disclaim any implied warranty or limit its liabilities, the scope and duration of such warranty and the extent of the Paystack’s Party's liability shall be the minimum permitted under such applicable law.

      Indemnity

      You, as the merchant, hereby agree to assume full responsibility for defending, indemnifying, and holding Paystack, its officers, directors, employees, agents, licensors, and suppliers harmless from any claims, actions, or demands, as well as liabilities and settlements, including but not limited to reasonable legal and accounting fees, arising from or alleged to arise from your violation of the terms outlined in this Agreement. By accepting these terms, you acknowledge that Paystack shall not be held liable for any consequences resulting from your actions or omissions, and you expressly release us from any such liabilities.

      Updates, Modifications & Amendments

      We may need to update, modify or amend our Merchant Terms of Service as our technology evolves. We reserve the right to make changes to this Merchant Terms of Service at any time by giving notice to users on this page.

      We advise that you check this page often, referring to the date of the last modification on the page If you have any objection to any of the changes to this Merchant Terms of Service, you must cease using our website and/or services immediately.

      Applicable Law

      These Terms of Use shall be interpreted and governed by the laws currently in force in the Federal Republic of Nigeria.

      Legal Disputes

      Should any dispute, claims of complaints arise, you may contact the details provided under the Merchant Services Agreement in accordance with Paystack’s complaint-handling procedures.

      Any dispute arising out of or in connection with this Agreement that is not resolved through Paystack’s complaint-handling procedures may be:

      (1.) submitted to any dispute resolution mechanisms provided by Paystack in partnership with other Payment Method Providers ;

      1.(2.) referred to arbitration under the following terms:

      a) Such arbitration shall be resolved under provisions of the Kenyan
      Arbitration Act 1995 (as amended from time to time);

      (b) The tribunal shall consist of one (1) arbitrator to be appointed by mutual agreement (you and Paystack), failing which, within fourteen (14) Business Days, such arbitrator shall be appointed by the chairman for the time being of the Chartered Institute of Arbitrators of
      Kenya upon application of either party;

      c) Each of us shall bear our respective costs in connection with the
      Arbitration. The place and seat of arbitration shall be in Nairobi, and
      the language of the arbitration shall be in English;

      d) The award of the arbitration tribunal shall be final and binding upon
      the parties to the extent permitted by law, and any party may apply to
      a court of competent jurisdiction for enforcement of such award. The
      award of the arbitration tribunal may take the form of an order to pay
      an amount or to prohibit certain activities;

      e) Notwithstanding the above provisions of this clause, a party is entitled to seek preliminary injunctive relief or interim or conservatory measures from any court of competent jurisdiction pending the final
      decision or award of the arbitrator.

      Severability

      If any portion of these Terms of Use is held by any court or tribunal to be invalid or unenforceable, either in whole or in part, then that part shall be severed from these Terms of Use and shall not affect the validity or enforceability of any other part in this Terms of Use.

      Force Majeure

      Neither party will be liable for any delays in processing or other non-performance caused by telecommunications, utility failures, or equipment failures; labour strife, riots, war, or terrorist attacks; non-performance of our vendors or suppliers, epidemic, pandemic, fires or acts of nature; or any other event over which the respective party has no reasonable control. However, nothing in this section will affect or excuse your liabilities or your obligation to pay Fees, Fines, Disputes, Refunds, Reversals, or Returns under this Agreement.

      Miscellaneous

      You agree that all agreements, notices, disclosures, and other communications that we provide to you electronically satisfy any legal requirement that such communications be in writing. All notices sent pertaining to this Agreement shall be sent to the email or physical addresses that you have provided when registering an account, or as updated by you from time to time. Paystack nominates the following address for the service of any legal notices: Team Investment Concept LTD, Peponi Road, Ikigai Westlands.

      Assigning or sub-contracting any of your rights or obligations under these Terms of Service to any third party is prohibited. We reserve the right to transfer, assign or sub-contract the benefit of the whole or part of any rights or obligations under these Terms of Service to any third party.

      Data Processing

      DATA PROCESSING AGREEMENT

      This Data Processing Agreement (“DPA”/ “Agreement”) is subject to and forms part of your Paystack Merchant Services Agreement, where applicable, and governs Paystack’s and its affiliates’ Processing of Personal Data.

      If your Paystack Account is located in Kenya, you enter this DPA with Paystack Payments Kenya Limited (“Paystack”).

      1. DEFINITION & INTERPRETATION

        1. In this Agreement, unless the context otherwise requires, the following expressions have the following meanings:

          “Controller” As defined under the Kenya Data Protection Act. In this Agreement, Merchant shall be the controller.
          “Data Protection Legislation”, “Data Protection Law(s)” means the Kenya Data Protection Act, and all other applicable laws or regulations relating to the processing of personal data and privacy, as such legislation shall be amended, revised or replaced from time to time.
          “Data Subject” is an individual who is the subject of Personal Data.
          “Instructions/Approved Purpose”
          As defined in Clause 2 below.
          “Main Agreement” means the Merchant Service Agreement entered into by the Parties (Paystack and the Merchant), where relevant.
          “Personal Data/ Data”, ”Merchant Data” means any information relating to a Data Subject that is processed by the Processor as a result of, or in connection with, the provision of the Services under the Main Agreement; including but not limited to a name, identification number, location data, an online identifier or  one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that Data Subject. For the avoidance of doubt, Personal Data/Data/Merchant Data shall include only the types of personal data listed under Schedule I, Part A of this DPA.
          “Personal Data Breach” means a security incident leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
          “Privacy Policy” means the Privacy Policy of Paystack displayed on its website at http://www.paystack.com/terms.
          “Processing” means any activity that involves the use of Personal Data or as applicable Data Protection Legislation may otherwise define processing, processes or process. It includes any operation or set of operations which are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Processing also includes transferring Personal Data to third parties.
          “Processor” As defined under the Kenya Data Protection Act. In this Agreement, Paystack shall be the processor. “Restricted Transfer” means a transfer of Personal Data to a Third Country.
          “Services” means the services the Processor provides to the Controller pursuant to the Main Agreement,  specifically the provision of payment processing and related services.
          “Sub-Processor” means any third-party processor appointed by and on behalf of the Processor in connection with this Agreement. A list of Paystack’s sub-processors is available here.
          “Supervisory Authority” means an independent public authority which is established under any Data Protection Law for the purpose of overseeing compliance with such legislation, in this case the Office of the Data Protection Commissioner.
          “Terms and Conditions” means Paystack’s  https://paystack.com/terms#terms and https://paystack.com/terms#terms-of-service  agreed to by the Merchant prior to the use of the Services.
          “Third Countries” means a country or territory outside the countries listed in Part B of the Schedule attached to this Agreement.
        2. In this DPA:

          1. The terms used in this DPA will have the meanings set out in this DPA. Capitalised terms not otherwise defined in this DPA will have the meaning given to them in the Main Agreement, where applicable. Except as modified below, the terms of the Main Agreement will remain in full force and effect, where a Main Agreement has been signed;
        3. In consideration of the mutual obligations set out in this DPA, the Parties agree that the terms and conditions set out below will be added to the Main Agreement. In cases where there is no Main Agreement, the terms of the DPA will still apply as a standalone Agreement;

        4. the schedules and appendices to this DPA form part of this DPA and will have the same force and effect as if set out in the body of this DPA and any reference to this DPA will include the schedules and appendices;

        5. the background section and all headings are for ease of reference only and will not affect the construction or interpretation of this DPA;

        6. unless the context otherwise requires, references to the singular include the plural and vice versa;

        7. unless the context otherwise requires, references to a “person” include any individual, body corporate, association, partnership, firm, trust, organisation, joint venture, government, local or municipal authority, governmental or supra-governmental agency or department, state or state agency or any other entity (in each case whether or not having separate legal personality);

        8. references to any statute or statutory provision will include any subordinate legislation made under it and will be construed as references to such statute, statutory provision and/or subordinate legislation as modified, amended, extended, consolidated, re-enacted and/or replaced and in force from time to time;

        9. any words following the words “include”, “includes”, “including”, “in particular” or any similar words or expressions will be construed without limitation and accordingly will not limit the meaning of the words preceding them;

        10. to the extent only of any conflict or inconsistency regarding the processing of Personal Data between the provisions of the Main Agreement (where relevant) and this DPA, this DPA will prevail;

        11. references to a Party to this DPA include references to the successors or assigns (immediate or otherwise) of that Party.

      2. SCOPE OF PROCESSING/APPROVED PURPOSE

        1. As part of Paystack providing the Service to the Merchant under the Main Agreement or general Terms and Conditions, Paystack shall comply with the obligations imposed upon it under Data Protection Law and agrees and declares as follows:

          (i) to process Personal Data in accordance with the  Merchant's documented instructions as set out in the Main Agreement (if applicable), Terms and Conditions, and this DPA for the specific purpose of providing the Service(s) to the Merchant, (ii) to retain, use, or disclose Personal Data only for the specific purpose of providing the Service(s) to the Merchant as set out in the Main Agreement (if applicable), Terms and Conditions, Privacy Policy, and this DPA and (iii) any other written instructions given by the Merchant and acknowledged by Paystack as constituting instructions under this Agreement (collectively, the “Instructions/Approved Purpose”). Paystack will comply with the Instructions unless it is otherwise unable to comply with an Instruction or prohibited by applicable Data Protection Law.

      3. ROLES OF THE PARTIES

        For the purposes of applicable Data Protection Law and this DPA, the Parties agree that in relation to the Merchant’s Personal Data Processed by Paystack pursuant to the Main Agreement (where applicable), the Merchant is the Controller and Paystack is the Processor. Both Parties shall comply with any obligations applicable to them under Data Protection Legislation with respect to the processing of Personal Data.

      4. PROCESSING OF PERSONAL DATA

        1. Paystack will:
          1. comply with all applicable Data Protection Laws in the Processing of the Merchant’s Personal Data on behalf of the Merchant and provide such assistance and information as required under Data Protection Legislation in order to assist the Merchant to comply with its obligations under Data Protection Laws;
        2. only Process the Merchant’s Personal Data and any Personal Data the Merchant provides in accordance with the Approved Purpose or on written instructions from the Merchant (or, if directed by the Merchant) for the purposes of performing the Services (including with respect to transfers of the Merchant’s Personal Data to a Third Country or an International Organisation, which shall be in compliance with the Data Protection Laws);
        3. not knowingly or negligently do anything or fail to do anything which would cause the Merchant to be in breach of its obligations as a Controller under Data Protection Laws;
        4. not modify, amend or alter the Merchant’s Personal Data or disclose or permit the disclosure of the Merchant’s Personal Data to any third party unless it is required for the performance of the Services, for the Approved Purpose or/is specifically authorized to do so in writing by the Merchant or permitted by Data Protection Law;
        5. not disclose nor allow any person to access the Merchant’s Personal Data from any Third Country or by any international organisation, other than for the performance of the Services, the Approved Purpose or on the written instructions of the Merchant; unless required to do so under any law to which Paystack is subject. In that event, Paystack will, to the extent permitted by law, promptly inform the Merchant of the legal requirement before Processing the Merchant’s Personal Data.
        6. Paystack shall immediately notify the Merchant prior to any Processing being carried out, if in Paystack’s opinion, any instruction from or on behalf of the Merchant infringes or is likely to infringe Data Protection Laws.
      5. PAYSTACK PERSONNEL

        1. Paystack will:
          1. take all reasonable steps to ensure the reliability of all Paystack employees, contractors and agents (“Paystack Personnel”) who have access to Personal Data;
        2. ensure that any access to the Merchant’s Personal Data by Paystack Personnel is provided on a strict "need to know" basis only and that Paystack Personnel do not Process the Merchant’s Personal Data except for the Approved Purpose or in accordance with the written instructions of the Merchant, unless required to do so by law;
        3. ensure that all Paystack Personnel involved in the performance of the Services have undergone appropriate data privacy training in relation to the Processing and security of the Merchant’s Personal Data.
        4. Without prejudice to the foregoing, Paystack will ensure that all Paystack Personnel:
          1. who have access to the Merchant’s Personal Data are informed of its confidential nature prior to disclosing any of the Merchant’s Personal Data to them; and
        5. are subject to professional secrecy (whether contractual or statutory) to maintain the Merchant’s Personal Data in confidence.
      6. DATA SECURITY AND CONFIDENTIALITY

        1. Taking into account the state of the art, the costs of implementation and the nature, scope, context, and purposes of Processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Paystack will in relation to the Merchant’s Personal Data, implement and maintain at all times appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate:
        2. the pseudonymisation and encryption of the Merchant’s Personal Data;
        3. the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of Processing systems and services;
        4. the ability to restore the availability and access to the Merchant’s Personal Data in a timely manner in the event of a physical or technical incident;
        5. a process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing.
        6. In assessing the appropriate level of security, Paystack will take into account the risks that are presented by Processing, in particular from a Personal Data Breach.
        7. Paystack will ensure that any Sub-Processor implements and maintains appropriate processes to promptly respond to a Personal Data Breach.
        8. Paystack shall ensure full compliance with applicable Data Protection Legislation, including any legislation in other jurisdictions that might be applicable taking into account both Parties’ global operations.
        9. Paystack shall obtain consent from any individual or establish another appropriate legal basis for Processing Personal Data when required by such Data Protection Laws.
        10. Paystack may retain documentation as Paystack deems reasonably necessary to comply or demonstrate compliance with any law that Paystack may be subject to.
        11. Paystack shall exercise the same degree of care as it uses with its own Data and confidential information, but in no event less than reasonable care, to protect the Personal Data from misuse and unauthorised access or disclosure in accordance with all applicable Data Protection Laws, including:
          1. maintaining adequate physical controls and password protections for any server or system on which the Data is stored;
        12. ensuring that Data is not stored on any mobile device (for example, a laptop or smartphone) or transmitted electronically unless encrypted; and
        13. taking any other measures reasonably necessary to prevent any use or disclosure of the Personal Data other than as allowed under this Agreement.
      7. DATA SUBJECT RIGHTS

        1. Taking into account the nature of the Processing, Paystack, where feasible, will assist the Merchant, insofar as this is commercially reasonable for Paystack, towards the fulfilment of the Merchant’s obligations to respond to requests by Data Subjects to exercise their rights under Data Protection Laws.
        2. Paystack will:
          1. notify the Merchant if Paystack or a Sub-Processor receives any query, complaint or request from a Data Subject to access, delete, block, or restrict access to their Personal Data, or to receive a machine-readable copy of their Personal Data within five (5) calendar days of Paystack receipt or notification of such request; and
        3. at the Merchant’s request, assist with responding to such queries, complaints, and requests
        4. If either Party receives any correspondence, enquiry or complaint from any individual), Supervisory Authority, other competent regulator or other third party in connection with Data Processed by Merchant or Personal Data shared by Merchant with Paystack under the Agreement (collectively, "Correspondence"), then the Parties shall cooperate in good faith as necessary to assist that Party to respond to such Correspondence, where possible, and fulfil their respective obligations under Data Protection Laws.
      8. REQUESTS FROM AUTHORITIES

        1. Where it is legally required, Paystack will use reasonable efforts to promptly inform the Merchant if Paystack or any Sub-Processor receives any request, inquiry, complaint, notice, subpoena or any other communication from a regulatory authority (including a Supervisory Authority) or other competent authorities (“Authority”) relating to the Processing of the Merchant’s Personal Data under the Main Agreement (where relevant) or in relation to any other matter under Data Protection Laws, except where Paystack is prohibited from doing so under any law that it is subject to.
        2. The Merchant will at Paystack’s request:
          1. Assist Paystack to respond to any communication from an Authority and to meet any applicable statutory or regulatory deadlines with regards to its Processing of Merchant’s Personal Data.
      9. LEGAL REQUESTS

        1. In the event national law, court or regulator requires Paystack or any of its Sub-processors to disclose Personal Data to a third party, Paystack shall first inform the Merchant of such legal or regulatory requirement and provide the Merchant with the opportunity to object or challenge the requirement, unless national law prohibits such notice.
      10. MANAGING AND REPORTING PERSONAL DATA BREACHES

        1. Paystack shall:
          1. notify the Merchant in accordance with applicable Data Protection Law of any Personal Data Breach involving the Merchant’s Personal Data, and in any event within thirty-six (36) hours of becoming aware of the Personal Data Breach, and shall take appropriate measures to mitigate its possible adverse effects; and
        2. provide the Merchant with sufficient information to permit it to meet any obligations to report the Personal Data Breach to a Supervisory Authority and/or to inform Data Subjects of the Personal Data Breach under Data Protection Laws.
      11. DATA PROTECTION IMPACT ASSESSMENTS

        1. Paystack, upon request, will provide the Merchant with commercially reasonable information and assistance, taking into account the nature of the processing and the information available to Paystack, to help the Merchant conduct any Data Protection Impact Assessment, data transfer impact assessment or prior consultation it is required to conduct under Data Protection Law.
      12. RETURN, DELETION OR DESTRUCTION OF PERSONAL DATA

        1. Unless storage is required by law, Paystack shall return, delete or destroy Personal Data in accordance with the Paystack Data Retention Schedule:
          1. after the end of the provision of the Services relating to the Processing of the Merchant’s Personal Data; or
        2. after termination or expiration of the Main Agreement; or
        3. after a Merchant’s request to return, delete or destroy
        4. Neither Paystack, nor any Sub-Processor or Paystack personnel will retain copies of any of the Merchant’s Personal Data in any form unless required to do so by any law to which they are subject and only to the extent and for such period as required by such law. In that event, Paystack shall ensure the confidentiality of all Merchant’s Personal Data and shall ensure that Merchant’s Personal Data is only Processed as needed for the purpose(s) specified under Applicable Laws requiring its storage, and for no other purpose. Paystack’s obligation to protect Merchant’s Personal Data in accordance with Data Protection Laws will continue until all Merchant’s Personal Data has been returned to the Merchant or deleted or destroyed.
      13. AUDIT RIGHTS

        1. The Parties acknowledge that Paystack uses external auditors to verify the adequacy of its security measures and validate the level of compliance of Paystack with its obligations under this DPA.. These audits:
        2. will be performed at least annually;
        3. will be performed according to requirements of the applicable International Standard(s) including ISO (International Organization for Standardization), mandatory industry rules and standards including, to the extent applicable, the Payment Card Industry Data Security Standard ("PCI-DSS") or such other alternative standards that are substantially equivalent to such frameworks;
        4. will be performed by independent third-party security professionals at Paystack’s selection and expense; and
        5. will result in the generation of certificate(s) and/or an audit report(s) affirming that Paystack’s data security controls achieve prevailing industry standards in accordance with attestation standards established by the International Standards Organisation or such other alternative standards that are substantially equivalent (“Report”).
        6. At the Merchant’s written request and without charge, Paystack will provide the Merchant with a redacted summary of the Report (“Summary Report”). The Summary Report will constitute Paystack’s confidential Information under the confidentiality provisions of Paystack's Main Agreement. Where a Main Agreement is not in place, confidentiality provisions are available upon request.
        7. To the extent the Merchant’s audit obligations under applicable Data Protection Law are not reasonably satisfied through a Summary Report or other documentation Paystack makes generally available to its Merchants, the Merchant may request to conduct an audit of Paystack under Data Protection Law (“Data Protection Audit”) upon at least thirty (30) calendar days’ advance written notice to Paystack and at the Merchant’s expense. The notice requirement in this Clause 13.3 shall not apply if Merchant reasonably believes that a Personal Data Breach has occurred or is occurring, or Paystack is in material breach of any of its obligations under this DPA (“Exceptional Circumstances”). In such an event, Paystack shall bear the responsibility of conducting a Data Protection Audit. Should the Merchant be dissatisfied with the results of Paystack’s Internal Audit, the Merchant may request a subsequent external-led Audit at its own expense.
        8. Following receipt by Paystack of a request under Section 13.3, Paystack and the Merchant will discuss and agree in advance on: the reasonable start date, scope and duration of and security and confidentiality controls applicable to any audit. Provided that such Data Protection Audit shall be conducted no more than once during any twelve-month period with the exceptions of Clause 13.3., during normal business hours with reasonable duration, and shall not interfere with Paystack’s operations. Only the systems and areas applicable and relevant to the processing of Merchant-provided data shall be accessed.
        9. The Merchant in conducting such Data Protection Audit may use an independent, accredited third-party audit firm subject to an appropriate duty of confidentiality with Paystack. Paystack may object in writing to an auditor appointed by the Merchant to conduct any audit under this Section, if the auditor is, in Paystack’s reasonable opinion, not suitably qualified or independent, a competitor of Paystack, or otherwise manifestly unsuitable. Any such objection by Paystack will require the Merchant to appoint another auditor or conduct the audit itself.
        10. No Data Protection Audit shall involve access to any data relating to any other Paystack Merchant or to systems or facilities not involved in the processing of Personal Data for Merchant and in no event shall a Data Protection Audit cause Paystack to violate its confidentiality obligations to any other third party.
        11. The Merchant shall be responsible for all costs and expenses relating to a Data Protection Audit conducted under this Section 13. Any report generated in connection with such a Data Protection Audit shall be considered Paystack’s confidential information and shall be promptly provided to Paystack. Clause 13.7. shall not apply when a Data Protection Audit is being carried out under the Exceptional Circumstances mentioned in 13.3 above.
      14. SUB-PROCESSING

        1. Subject to compliance by Paystack with the terms of this DPA, the Merchant authorises Paystack to engage the Third-Party Sub-Processors listed here to Process the Merchant’s Personal Data in the performance of the Services, provided always that:
        2. Before any Sub-Processor Processes the Merchant’s Personal Data, Paystack carries out appropriate due diligence to ensure that the Sub-Processor can provide the level of protection for the Merchant’s Personal Data required by this DPA;
        3. Paystack and each Sub-Processor have signed an agreement including terms which contain the same (or equivalent) obligations in relation to the Merchant’s Personal Data as those set out in this DPA and meet the requirements of applicable Data Protection Laws, (“Sub-Processing Agreement”) prior to any Processing of the Merchant’s Personal Data being carried out;
        4. Paystack has complied with its obligations in respect of Sub-Processors and any transfer of the Merchant’s Personal Data in accordance with this DPA; and
        5. each Sub-Processor complies with the terms imposed on them under the relevant Sub-Processing Agreement with Paystack.

        14.2 Paystack will remain fully liable to the Merchant for the performance of any Sub-Processor's obligations, and for any acts or omissions of any Sub-Processor.

        14.3 Paystack shall appoint new Sub-processors for Processing Merchant Personal Data only if Merchant is provided with an opportunity to object to the appointment of each Sub-processor within thirty (30) calendar days after Paystack issues such notice to Merchant in writing regarding such Sub-processor. For each new Sub-processor appointment, all terms of this Clause 14 shall be deemed applicable.

      15. MERCHANT OBLIGATIONS

        1. As part of the Merchant receiving the Services under the Main Agreement and/or Terms and Conditions, the Merchant agrees to abide by its obligations under Applicable Data Protection Laws between the Parties,
        2. Should Paystack decide to process data outside the instructions of the Merchant, Paystack will be deemed to act as a “Controller” (or equivalent concept) of the Merchant’s Data.
        3. Where applicable, the Merchant shall ensure that it has legal capacity in utilizing Paystack’s Services to process Personal Data of a Data subject.
        4. Merchant’s Security Responsibilities. Without prejudice to Paystack’s obligations under Clause 6 (Data Security) and 10 (Data Breach), and elsewhere in the Agreement, Merchant is responsible for its use of the Services and its storage of any copies of Merchant Data outside Paystack’s or Paystack’s Sub-processors’ systems, including:
          1. using the Services and additional security controls to ensure a level of security appropriate to the risk to the Merchant’s Data;
          2. securing the account authentication credentials, systems and devices the Merchant uses to access the Services; and
          3. backing up or retaining copies of its Data as appropriate.
        5. Merchant’s Security Assessment. The Merchant agrees that the Services, security measures implemented and maintained by Paystack, and Paystack’s commitments under Clause 6 (Data Security) provide a level of security appropriate to the risk to the Merchant’s Data (taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of the Merchant’s Personal Data as well as the risks to individuals).
        6. The Merchant shall obtain consent from any individual or establish another appropriate legal basis for Processing where required by Data Protection Laws.
        7. The Merchant shall reasonably cooperate with Paystack's reasonable periodic requests for information regarding Merchant's privacy and security practices and compliance with this DPA and their own Privacy Policy, including information Paystack deems reasonably necessary to comply or demonstrate compliance with Data Protection Law.
      16. LIMITATION OF LIABILITY

        1. Both Parties agree that in no event shall Paystack’s aggregate liability exceed the value of all fees paid by Merchant to Paystack in the last twelve (12) months immediately preceding the incident that gave rise to Merchant’s claim (“Supercap”). In the event of a conflict between the provisions of this DPA and the MSA, the provisions of the DPA shall prevail.
        2. This section shall not be construed as limiting the liability of either Party with respect to claims brought by Data Subjects or under the Data Protection Legislation
      17. INDEMNITY

        1. The Merchant acknowledges that Paystack is reliant on the Merchant for direction as to the extent to which it is entitled to use and process the Personal Data. Consequently, Paystack shall not be liable for any claim arising from any action or omission by Paystack to the extent that such action or omission resulted from the Merchant’s express instructions.
      18. GOVERNING LAW AND JURISDICTION

        1. The parties to this DPA submit to the choice of jurisdiction stipulated in the Main Agreement (where applicable, otherwise in line with the jurisdiction referenced in this Agreement) with respect to any disputes or claims howsoever arising under this DPA, including disputes regarding its existence, validity or termination or the consequences of its nullity; and
        2. This DPA and all non-contractual or other obligations arising out of or in connection with it are governed by the laws of the country or territory stipulated for this purpose in the Main Agreement, where applicable.
      19. COUNTERPARTS

        1. This DPA may not be amended or modified except in writing and signed by both Parties. This DPA may be signed in any number of counterparts, (including a PDF file), each of which will be an original, but which together will constitute one and the same document. Each Party’s rights and obligations concerning assignment and delegation under this DPA shall be as described in the Main Agreement (where relevant). Subject to the foregoing restrictions, this DPA will be fully binding upon, inure to the benefit of and be enforceable by the Parties and their respective successors and assigns. This DPA, along with the Main Agreement and/or Terms and Conditions, constitutes the entire understanding between the Parties with respect to the processing of personal data, and shall supersede any other arrangements, negotiations or discussions between the Parties relating to that subject-matter.
      20. SEVERANCE

        1. If any provision of this DPA is held to be invalid or unenforceable, then the remainder of this DPA will remain valid and in force. The invalid or unenforceable provision will be either:
          1. amended as necessary to ensure its validity and enforceability, while preserving the Parties’ intentions as closely as possible or, if this is not possible;
          2. construed in a manner as if the invalid or unenforceable part had never been included.

      Service Providers, Sub-processors, and Affiliates

      Given the dynamic nature of our operations, our business requirements and sub-processor relationships may change. We may discontinue the use of a sub-processor or include a new sub-processor, depending on our business needs.

      This page will be regularly revised to reflect any additions or removals to our roster of sub-processors, and affiliates. If you are a Merchant or otherwise a Controller (as defined under data protection laws), you are entitled to a notice when a change is made to our list of sub-processors, and you may object to that change within 30 days in accordance with the Data Processing Agreement you signed with us.

      List of Sub-Processors & Service Providers

      Sub-processor | Service provider Description of Processing | Services to be provided Location
      Zendesk Customer service platform Germany/Ireland
      Pipedrive Sales customer relationship management Germany
      Dropbox sign eSignatures U.S.A
      Google Workspace Email, file storage, collaboration tools, and services U.S.A
      Microsoft 365 File storage and collaboration tools U.S.A
      Bento Marketing tool U.S.A
      Notion Internal workspace U.S.A
      Greenhouse Recruitment platform U.S.A
      Amazon Web Services Cloud service provider Ireland
      Refinitiv Compliance and sanctions’ screening United Kingdom
      Smile ID ID verification United Kingdom
      Infobip User authentication (OTP) United Kingdom
      Twilio User authentication (OTP) U.S.A
      Termii User authentication (OTP) Nigeria
      Safaricom Payment Processing Kenya
      GT Bank Ghana Payment Processing Ghana
      ABSA/Barclays Payment Processing Ghana
      Vodafone Payment Processing Ghana
      MTN Payment Processing Ghana
      NSANO Payment Processing Ghana
      One Africa Payment Processing Ghana
      Airtel Payment Processing Ghana
      Access Bank Payment Processing Nigeria
      Sterling Bank Payment Processing Nigeria
      Titan Trust Bank Limited Payment Processing Nigeria
      Zenith Bank Payment Processing Nigeria
      Kuda Microfinance Bank Limited Payment Processing Nigeria
      First City Monument Bank Limited Payment Processing Nigeria
      Stanbic IBTC Bank PLC Payment Processing Nigeria
      Wema Bank Payment Processing Nigeria
      Union Bank Payment Processing Nigeria
      United Bank for Africa Payment Processing Nigeria
      Providus Bank Payment Processing Nigeria
      VAS2Nets Payment Processing Nigeria
      Seamfix Nigeria Ltd Payment Processing Nigeria
      Partech Innovation Payment Processing Nigeria
      NIBSS Payment Processing Nigeria
      MasterCard Payment Processing Nigeria
      Interswitch Payment Processing Nigeria
      IATA Payment Processing Nigeria
      Lightspeed Development Computer Services Payment Processing Nigeria
      Zazu Africa Limited Payment Processing/Issuing Nigeria
      ABSA Bank Ltd Payment Processing, Acquiring Bank South Africa
      Altron TMT (Pty) Ltd (Altech Card Solutions) Payment Processing South Africa
      Call Pay Payment Processing South Africa
      Nedbank Payment Processing, Acquiring Bank South Africa
      Ozow Payment Processing, EFT Collections South Africa
      Stitch Money Payment Processing South Africa
      Xero Payment Processing South Africa
      Transaction junction Payment Processing South Africa
      Altron Fintech (ACS) Payment Processing South Africa
      CyberSource Payment Processing South Africa
      BankServ Africa Card payment authentication South Africa
      Ukheshe Technologies Provider: scan to pay and snapscan collections South Africa

      List of Paystack’s Affiliates

      Depending on your location and the nature of Paystack service involved, one or more of our affiliates will be providing the service to you.

      Paystack Payments Limited

      Nigeria

      Paystack Ghana Limited

      Ghana

      Paystack South Africa (PTY) Limited

      South Africa

      Paystack Payments Kenya Limited

      Kenya

      Paystack Ivory Coast SARLU

      Côte d’Ivoire

      Paystack Rwanda Limited

      Rwanda

      Paystack Egypt S.A.E

      Egypt

      Effective Date: Friday, Feb 16, 2024