Privacy & Cookie Policy
Paystack Payments Limited (“Paystack”, “Company”, “we”, “us” or “our”) offers an online payment platform and a Point-of-Sale (PoS) Terminal deployment and support service that allows customers to make seamless, stress-free payments for desired goods and services online and at physical retail locations. This Privacy and Cookie Policy (“Privacy Policy”) describes how we collect, use, store, share, and protect personal data from Website Visitors, Customers, and/or Vendors (“Data Subjects”) who engage with our services. It applies to our website and all related sites, applications, PoS Terminals, services and tools (collectively, our “Services”).
Our Services are primarily intended for and provided to businesses and other organisations (“Merchants”), and not individual consumers. Thus, we generally process personal data at the direction of and on behalf of Merchants. When we do, we do so as a service provider or a “Data Processor” to those Merchants, but we do not control and are not responsible for the privacy practices of those Merchants. If you are a Customer of a Paystack Merchant, you should read that Merchant’s Privacy Policy and direct any privacy inquiries to that Merchant. If you are a Merchant, please see the Merchant Privacy Policy.
This Privacy Policy does not apply to services that are not owned or controlled by Paystack, including third-party websites and the services of Paystack’s Merchants. This Privacy Policy applies to all forms of systems, operations and processes within the Paystack environment that involve the processing of personal data. Paystack is a Stripe company; for more information about Stripe’s privacy practices, see the Stripe Privacy Policy https://stripe.com/en-gb/privacy.
By using or accessing our Services, you agree to the collection, use, and disclosure of your personal data as described in this Privacy Policy. Your use of our Services is also subject to Paystack’s Terms.
1. The Information we Collect
The personal data we collect depends on how you interact with us, the services you use, and the choices you make. We may collect information from different sources and in various ways, including information you provide directly, information collected automatically, third-party data sources, and data we infer or generate from other data.
1.1 Personal Data You Provide Directly
We collect personal data you provide to us. For example:
- Contact information. As part of our operations, Paystack may collect information such as your name, telephone numbers, address etc.
- Payment information. If you make a purchase such as when you checkout with Paystack on a Merchant’s website or make a payment using our PoS Terminal, we collect payment card numbers, financial account information, and other payment details.
- Communications. If you contact us directly, for example, with an inquiry or a support request, we may receive additional personal data about you, including your email address and the content of your communications.
1.2 Personal Data We Collect Automatically
- Device Information. We receive information about the device and software you use to access our Services, including Internet Protocol (IP) address, web browser type, operating system version, and device identifiers.
- Usage Information. To help us understand how you use our Services, including the Demo portion of our website, and to help us improve them, we automatically receive information about your interactions with our Services. This information includes records of your transactions and information about your other activities related to our services, such as date and time of your sessions, the pages you view, links to/from any page, and time spent in a session. Some of the data we gather through the use of cookies and similar technologies as discussed below.
- Location Information. When you use our Services, we may collect or infer your general location information. For example, your IP address may indicate your general geographic region.
1.3 Personal Data That We Receive from Others or Infer
- Partners. We may retrieve additional personal data about you from third parties and other identification/verification services such as your financial institution and payment processor. We may combine that data with other information we have about you.
- Publicly available sources. Public sources of information such as open government databases.
- Inferences. We may infer additional Personal Data based on the Personal Data described above. For example, for site visitors, we may infer your interests based on the web pages you view.
When you are asked to provide personal data, you may decline. And you may use web browser or operating system controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for certain services or features, those services or features may not be available or fully functional.
2. How We Use Personal Information
We use the Personal Data we collect to:
- Provide you with the required services
- Respond to your questions or requests
- Improve features, website content and analyse data to develop products and services
- Address inappropriate use of our website
- Prevent, detect and manage risk against fraud and illegal activities using internal and third party screening tools
- Send you marketing content, newsletters and service updates curated by Paystack (only with your explicit consent)
- Verify your identity and the information you provide in line with Paystack’s statutory obligations using internal and third party tools
- Maintain up-to-date records
- Resolve disputes that may arise, including investigations by law enforcement or regulatory bodies
- Any other purpose that we disclose to you in the course of providing Paystack services to you
3. How We Share Personal Data
Paystack does not sell, trade or rent personal data to anyone. Further, we will not share or disclose your personal data with a third party without your consent except as necessary to provide the Services or as described in this Privacy Policy.
-
Merchants. We may share your contact information with merchants as part of your purchase details for record purposes. We will not share this information with other third parties except as a necessary part of providing our website and services. We do not share your card information with merchants. Please review your merchant’s privacy policy to understand the privacy policies guiding the merchant you transact with.
-
Service providers. We share personal data with vendors or agents working on our behalf for the purposes described in this statement. For example, companies we've hired to provide customer service support, to assist in protecting and securing our systems and services, or to perform sanctions screening and identity verification services may need access to personal data to provide those functions. The processing by such third parties shall be governed by a written contract with Paystack to ensure adequate protection and security measures are put in place for the protection of personal data in accordance with the terms of this Privacy Policy.
-
Financial services & payment processing. When you provide payment data, for example to make a purchase, we will share payment and transactional data with banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, or other related financial services.
-
Affiliates. We enable access to personal data across our subsidiaries, affiliates, and related companies, for example, where we share common data systems or where access is needed to provide our services and operate our business.
-
Corporate transactions. We may disclose personal data as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets.
-
Legal and law enforcement. We may access, disclose, and preserve personal data in accordance with applicable law and when we believe that doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies.
-
Security, safety, and protecting rights. We will disclose personal data if we believe it is necessary to:
- protect our customers and others, for example to prevent fraud, or to help prevent the loss of life or serious injury of anyone;
- operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or
- protect the rights or property or ourselves or others, including enforcing our agreements, terms, and policies.
Third party analytics and advertising companies also collect personal data through our website and apps including, account information, marketing and communications data, demographic data, content and files, geolocation data, usage data, and inferences associated with identifiers and device information (such as cookie IDs, device IDs, and IP address) as described in the Cookies section of this statement. These third party vendors may combine this data across multiple sites to improve analytics for their own purpose and others. For example, we use Google Analytics on our website to help us understand how users interact with our website; you can learn how Google collects and uses information at www.google.com/policies/privacy/partners.
Finally, we may share de-identified information in accordance with applicable law.
Please note that merchants, sellers, and other Users you buy from or contract with have their own respective privacy policies, and although Paystack’s Merchant Terms of Use does not allow the other transacting party to use your information for anything other than as authorised by you, Paystack is not responsible for their actions, including their data protection practices. If you provide personal data to any of those third parties, or allow us to share personal data with them, that data is governed by their privacy policies.
4. Cookies
We and our partners use cookies and similar technologies on our website to help collect information and operate the site. We use cookies to remember Users and make your user experience easier; customise our services, content and advertising; help you ensure that your account security is not compromised, mitigate risk and prevent fraud; and to promote trust and safety on our website. Cookies are small text files placed by a website and stored by your browser on your device.
Our cookies hold a unique random reference to you so that once you visit the site we can recognise who you are and provide certain content to you.
Most web browsers are set to accept cookies by default. If you prefer, you can go to your browser settings to learn how to delete or reject cookies. If you choose to delete or reject cookies, this may impact your experience using our website.
5. How We Protect your Information
Paystack shall establish adequate controls in order to protect the integrity and confidentiality of personal data, both in digital and physical format and to prevent personal data from being accidentally or deliberately compromised.
Paystack is committed to managing your personal data in line with best practices. We protect your personal data using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration, we also use industry recommended security protocols to safeguard your personal data. Other security safeguards include but are not limited to data encryption, firewalls, and physical access controls to our building and files, and only granting access to personal data to employees who require it to fulfil their job responsibilities. Employees may have access to personal data only as is appropriate for the type and scope of the task in question and are contractually forbidden to use personal data for their own private or commercial purposes or to disclose them to unauthorised persons, or to make them available in any other way.
In compliance with the Payment Card Industry Data Security Standard (PCI DSS Requirements”), we implement access control measures, security protocols and standards including the use of encryption and firewall technologies to ensure your card information is safe and secure in our servers, additionally, we implement periodical security updates to ensure that our security infrastructures are in compliance with reasonable industry standards.
Two factor authentication (“2FA”) is an additional layer of security we have added to your account. When 2FA is enabled, you will be required to enter a One Time Password (OTP) (which is a verification code we have sent to you for authentication purposes), each time you checkout using Paystack on a merchant’s website or platform. While we encourage you to enable this feature on every transaction, you may choose to disable the 2FA feature after your initial enrolment by clicking on the toggle button to disable. However, if you choose to disable this feature, you agree that Paystack shall not be liable for any loss or damages incurred as a result of your action.
Paystack also maintains a data breach procedure in order to deal with incidents concerning personal data or practices leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. You may contact our Data Protection Officer (DPO) upon becoming aware of any breach of personal data or if your access credentials have been compromised, to enable us to take the necessary steps towards ensuring the security of your personal data or account. We will report any breaches that will compromise your rights and freedoms to the Relevant Authority within 72 hours of discovery.
6. Storage Limitation
We will retain your information for the following periods:
- As long as reasonably necessary for the purpose of providing our services to you
- For the duration your account is active and we have your consent
- For the period needed to comply with our legal and statutory obligations
- As needed to verify your information with a financial institution
Paystack is statutorily obliged to retain the data you provide in order to process transactions, ensure settlements, make refunds, identify fraud and to comply with applicable laws and regulatory guidelines.
7. Transfer of Data
As part of our service provision, we may rely on third-party servers, databases co-located with hosting providers, resident in foreign jurisdictions, which constitutes the transfer of your personal data to computers or servers in foreign countries. We take steps designed to ensure that the data we collect under this Privacy Policy is processed and protected according to the provisions of this Policy and applicable law wherever the data is located.
Where personal data is to be transferred to a country outside Nigeria, Paystack shall put adequate measures in place to ensure the security of such personal data. Any transfer of personal data out of Nigeria will be in accordance with the provisions of relevant data protection regulations. In particular, Paystack shall, among other things, use contractual terms to ensure protection of the data or ensure the country has adequate data protection laws (i.e. listed in Nigeria’s National Information Technology Development Agency’s [“NITDA”] White List of Countries, or the General Data Protection Regulation’s [“GDPR”] Adequacy List).
Should you wish to transfer personal data to a country deemed to have inadequate data protection laws, Paystack will take all necessary steps to ensure that informed consent is obtained from you, and you are aware of the risks entailed with such transfer. In any instance, Paystack will ensure personal data is transmitted in a safe and secure manner. Details of the protection given when your personal data is transferred abroad, and details of the basis of such transfers shall be provided to you upon request.
8. Grounds for Processing of Personal Data
Processing of Personal Information by Paystack shall be lawful if at least one of the following applies:
- the Data Subject has given consent to the processing of his/her Personal Information for one or more specific purposes;
- the processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which Paystack is subject;
- processing is necessary in order to protect the vital interests of the Data Subject or of another natural person; and
- processing is necessary for the performance of a task carried out in the public interest or in exercise of official public mandate vested in Paystack.
9. Choices and Rights
Individuals who have Personal Information held by Paystack are entitled to reach out to Paystack to exercise the following rights:
- Right to request for and access any Personal Information collected and stored by Paystack;
- Right to be informed regarding their Personal Information;
- Right to be informed about appropriate safeguards in place where data is transferred abroad;
- Right to object to automated decision making and processing;
- Right to request rectification and modification of Personal Information which Paystack keeps;
- Right to request the deletion of their data;
- Right to request the movement of data from Paystack to a third party - this is the right to the portability of data;
- Right to revoke consent;
- Right to object to direct marketing, and to request that Paystack restricts the processing of their information; and
- Right to submit a complaint to the National Information Technology Development Agency (NITDA).
Your request will be reviewed and answered by Paystack’s Data Protection Officer within a 30-day period.
10. Changes to This Privacy Policy
We may need to update, modify or amend our Privacy Policy as our technology evolves and as required by law. If we materially change the ways in which we use or share personal data previously collected from you through our Services, we will provide notice or obtain consent regarding such changes as may be required by law. The Privacy Policy will apply from the effective date provided on our website.
11. Policy Violations
Any violation of this Privacy Policy should be brought to the attention of the Data Protection Officer (details below) for appropriate sanctioning and treatment.
12. Contact Paystack’s Data Protection Officer (DPO)
If you have any questions relating to this Privacy Policy or would like to find out more about exercising your data protection rights, please reach out to our DPO via email at [email protected].
For any further queries, our Data Protection Officer, may be reached at the following address:
126 Joel Ogunnaike Street,
Ikeja GRA, Ikeja,
Lagos, Nigeria.
Acceptable Use Policy
By accessing or using Paystack, you agree to comply with the terms and conditions of this Acceptable Use Policy.
1. Restricted Activities
You may not use Paystack in connection with any product, service, transaction or activity that:
- violates any law or government regulation, or promotes or facilitates such by third parties;
- violates any rule or regulation of Visa, MasterCard, Verve or any other electronic funds transfer network (each, a “Card Network”);
- is fraudulent, deceptive, unfair or predatory;
- causes or threatens reputational damage to us or any Card Network;
- involves any of the business categories listed in clause 2; or
- results in or creates a significant risk of chargebacks, penalties, damages or other harm or liability.
2. Certain Business Categories
You may not use Paystack in connection with any product, service, transaction or activity that:
- falls within the Prohibition List of the Nigerian Customs Administration of the Federal Republic of Nigeria
- relates to the sale and/or purchase of:
- banned narcotics, steroids, certain controlled substances or other products that present a risk a consumer's safety;
- blood, bodily fluids or body parts;
- burglary tools;
- counterfeit items;
- illegal drugs and drug paraphernalia;
- fireworks, destructive devices and explosives;
- identity documents, government documents, personal financial records or personal information (in any form, including mailing lists);
- lottery tickets, sweepstakes entries or slot machines without the required licence;
- offensive material or hate speech or items that promote hate, violence, racial intolerance, or the financial exploitation of a crime;
- chemicals;
- recalled items;
- prohibited services;
- unlicensed financial services, stocks or other securities;
- stolen property;
- items that infringe or violate any copyright, trademark, right of publicity or privacy or any other proprietary right under the laws of any jurisdiction;
- sales of currency without BDC licence, cryptocurrency operators;
- obscene material or pornography;
- certain sexually oriented materials or services;
- certain firearms, firearm parts or accessories, ammunition, weapons or knives;
- any product or service that is illegal or marketed or sold in such a way as to create liability to Paystack; or
- production of military and paramilitary wears and accoutrement, including those of the Police and the Customs, Immigration and Prison Services.
- relate to transactions that:
- show the personal information of third parties in violation of applicable law;
- support pyramid or ponzi schemes, matrix programs, other "get rich quick" schemes or certain multi-level marketing programs;
- are associated with purchases of annuities or lottery contracts, lay-away systems, off-shore banking or transactions to finance or refinance debts funded by a credit card;
- pertain to ammunitions and arms; and
- involve gambling, gaming and/or any other activity with an entry fee and a prize, including, but not limited to casino games, sports betting, horse or greyhound racing, lottery tickets, other ventures that facilitate gambling, games of skill (whether or not it is legally defined as a lottery) and sweepstakes unless the operator has obtained prior approval from Paystack and the operator and customers are located exclusively in jurisdictions where such activities are permitted by law.
3. Actions by Paystack
If, in our sole discretion, we believe that you may have engaged in any violation of this Acceptable Use Policy, we may (with or without notice to you) take such actions as we deem appropriate to mitigate risk to Paystack and any impacted third parties and to ensure compliance with this Acceptable Use Policy. Such actions may include, without limitation:
- Blocking the settlement or completion of one or more payments;
- Suspending, restricting or terminating your access to and use of the Paystack’s Services;
- Terminating our business relationship with you, including termination without liability to Paystack of any payment service agreement between you and Paystack;
- Taking legal action against you;
- Contacting and disclosing information related to such violations to (i) persons who have sold/purchased goods or services from you, (ii) any banks or Card Networks involved with your business or transactions, (iii) law enforcement or regulatory agencies, and (iv) other third parties that may have been impacted by such violations; or
- Assessing against you any fees, penalties, assessments or expenses (including reasonable attorneys’ fees) that we may incur as a result of such violations, which you agree to pay promptly upon notice.
4. Updates, Modifications & Amendments
We may need to update, modify or amend our Acceptable Use Policy at any time. We reserve the right to make changes to this Acceptable Use Policy.
We advise that you check this page often, referring to the date of the last modification on the page.
Terms of Use
By using this website (www.paystack.com),any of our websites and/or services, you agree to these Terms of Use. The website Privacy Policy, Acceptable Use Policy and Merchant Terms of Service (where applicable) are incorporated by reference into these Terms of Use.
About Us
Paystack (“we”, “us” or “our”) is a payment solution provider that facilitate online payment through its payment gateway and in-person payment through its Point-of-Sale (PoS) Terminal which makes it easy for merchants to accept credit and debit card payments online and at physical retail locations from users or customers.
We are an independent contractor for all purposes, providing this website and our services on an independent service provider basis. We do not have control or assume the liability or legality for the products or services that are paid for with our service. We do not guarantee any user’s identity and cannot ensure that a buyer or seller will complete a transaction.
This Terms of Use is an agreement between you and Paystack. It details Paystack’s obligations to you. It also highlights certain risks on using the services and you must consider such risks carefully as you will be bound by the provision of this Agreement through your use of this website or any of our services.
Privacy Policy
Paystack is committed to managing your Personal Information in line with global industry best practices. You can read our Privacy Policy to understand how we use your information and the steps we take to protect your information.
Age Restriction
Our website and services are not directed to children under 18. We do not knowingly transact or provide any services to children under 18.
Disputes & Reversal
If you believe that an unauthorized or otherwise problematic transaction has taken place, you agree to notify us immediately, to enable us take action to help prevent financial loss.
All claims against us related to payments should be made within 45 (forty-five) days after the date of such payment. It will be taken that you waive all claims against us, to the fullest extent of the law after the said period of time.
If you enter into a transaction with a third party and have a dispute over the goods or services you purchased, we have no liability for such goods or services. Our only involvement with regard to such transactions is as a payment gateway and a PoS Terminal provider.
We may intervene in disputes between users and merchants concerning payments but have no obligation to do so.
Your transaction ID and/or transaction details will be required to resolve all disputes.
Acceptable Use Policy
You are independently responsible for complying with all applicable laws related to your use of our website and services. However, by accessing or using Paystack, you agree to comply with the terms and conditions of our Acceptable Use Policy which you can read on our Acceptable Use Policy page.
Disclaimers
WE TRY TO KEEP PAYSTACK AVAILABLE AT ALL TIMES, BUG-FREE AND SAFE, HOWEVER, YOU USE IT AT YOUR OWN RISK.
OUR WEBSITE AND SERVICES ARE PROVIDED “AS IS” WITHOUT ANY EXPRESS, IMPLIED AND/OR STATUTORY WARRANTIES (INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED OR STATUTORY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR USE OR PURPOSE, TITLE, AND NON-INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS). WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, PAYSTACK MAKES NO WARRANTY THAT OUR WEBSITE AND SERVICES WILL MEET YOUR REQUIREMENTS OR THAT OUR WEBSITE WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR FREE. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU THROUGH OUR WEBSITE OR FROM PAYSTACK, ITS PARENTS, SUBSIDIARIES, OR OTHER AFFILIATED COMPANIES, OR ITS OR THEIR SUPPLIERS (OR THE RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, OR AGENTS OF ANY SUCH ENTITIES) (COLLECTIVELY, "PAYSTACK PARTIES") SHALL CREATE ANY WARRANTY.
Limitation of Liability
IN NO EVENT WILL ANY OF THE PAYSTACK PARTIES BE LIABLE FOR (A) ANY INDIRECT, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES OR (B) ANY DAMAGES WHATSOEVER IN EXCESS OF THE AMOUNT OF THE TRANSACTION OR TWENTY THOUSAND UNITED STATES DOLLARS (US$20,000.00) DOLLARS, WHICHEVER IS LESSER (INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM LOSS OF REVENUES, LOST PROFITS, LOSS OF GOODWILL, LOSS OF USE, BUSINESS INTERRUPTION, OR OTHER INTANGIBLE LOSSES), ARISING OUT OF OR IN CONNECTION WITH PAYSTACK’S WEBSITE OR SERVICES (INCLUDING, WITHOUT LIMITATION, USE, INABILITY TO USE, OR THE RESULTS OF USE OF PAYSTACK’S WEBSITES OR SERVICES), WHETHER SUCH DAMAGES ARE BASED ON WARRANTY, CONTRACT, TORT, STATUTE, OR ANY OTHER LEGAL THEORY.
Exclusions
Some jurisdictions do not allow the exclusion of certain warranties or the limitation or exclusion of liability for certain damages. Accordingly, some of the above disclaimers and limitations of liability may not apply to you. To the extent that any Paystack Party may not, as a matter of applicable law, disclaim any implied warranty or limit its liabilities, the scope and duration of such warranty and the extent of the Paystack’s Party's liability shall be the minimum permitted under such applicable law.
Updates, Modifications & Amendments
We may need to update, modify or amend our Terms of Use as our technology evolves. We reserve the right to make changes to this Terms of Use at any time by giving notice to users on this page.
We advise that you check this page often, referring to the date of the last modification on the page If a user objects to any of the changes to the Terms of Use, the User must cease using our website and/or services immediately.
Applicable Law
These Terms of Use shall be interpreted and governed by the laws currently in force in the Federal Republic of Nigeria.
Legal Disputes
We shall make an effort to settle all disputes amicably. Any dispute arising out of this Terms of Use, which cannot be settled, by mutual agreement/negotiation within 1 (one) month shall be referred to arbitration by a single arbitrator at the Lagos Multi-Door Courthouse (“LMDC”) and governed by the Arbitration and Conciliation Act, Cap A10, Laws of the Federal Republic of Nigeria. The arbitrator shall be appointed by both of us (we and you), where both of us are unable to agree on the choice of an arbitrator, the choice of arbitration shall be referred to the LMDC. The findings of the arbitrator and subsequent award shall be binding on both of us. Each of us shall bear our respective costs in connection with the Arbitration. Venue for the arbitration shall be Lagos, Nigeria.
Severability
If any portion of these Terms of Use is held by any court or tribunal to be invalid or unenforceable, either in whole or in part, then that part shall be severed from these Terms of Use and shall not affect the validity or enforceability of any other part in this Terms of Use.
Terms of Service
By signing up for an account on this website (www.paystack.com), any of our websites and/or services, you are deemed a merchant and agree to these Merchant Terms of Service (the “Agreement”).
PLEASE READ THESE MERCHANT TERMS OF SERVICE CAREFULLY BEFORE SIGNING UP AS A MERCHANT. If you do not agree to any or all of these Terms of Service, DO NOT USE THIS SITE!
About Us
Paystack (“we”, “us” or “our”) is a payment solution provider that facilitate online payment through its payment gateway and in-person payment through its Point-of-Sale (PoS) terminal which makes it easy for merchants to accept credit and debit card payments online and at physical retail locations from users or customers. (our “service(s)”)
We are an independent contractor for all purposes, providing this website and our services on an independent service provider basis. We do not endorse, have control or assume the liability or legality for the products or services that are paid for with our Service. We do not guarantee any user’s identity and cannot ensure that a buyer or seller will complete a transaction.
Agreement
These Merchant Terms of Service is an agreement between you and Paystack. It details Paystack’s obligations to you. It also highlights certain risks on using the services and you must consider such risks carefully as you will be bound by the provision of this Agreement through your use of this website or any of our Services.
Registration
To use Paystack, you have to create a Paystack account by registering. To register, you will provide us with certain information such as your email, first name, last name, business name and phone number and we may seek to verify your information, (by ourselves or through third parties), after which we will approve your account unless deemed risky. You give us permission to do all these.
Change of Information
In the event that you change any information provided to us at registration including your business name, address, financial institution, mode of payments or the products and services that you offer, or where a corporate restructuring occurs you agree to notify us within 14 days of such change. We may be unable to respond to you if you contact us from an address, telephone number or email account that is not registered with us
Representation and Warranties
You represent and warrant to Paystack that:
- you have full power and authority to enter into, execute, deliver and perform this Agreement;
- you are duly organised, authorised and in good standing under the laws of the Federal Republic of Nigeria or any state, region or country of your organisation and are duly authorised to do business in all other states, regions or countries in which your business operates.
Age Restriction
Our website and Services are not directed to children under 18. We do not knowingly transact or provide any Services to children under 18.
Account Security
You agree not to allow anyone else to have or use your password details and to comply with all reasonable instructions we may issue regarding account access and security. In the event you share your password details, Paystack will not be liable to you for losses or damages. You will also take all reasonable steps to protect the security of the personal electronic device through which you access Paystack’s Services (including, without limitation, using PIN and/or password protected personally configured device functionality to access Paystack’s Services and not sharing your device with other people).
Data Compliance and Security
You agree to comply with all data privacy and security requirements of the Payment Card Industry Data Security Standard (“PCI DSS Requirements”), and under any applicable law or regulation that may be in force, enacted or adopted regarding confidentiality, your access, use, storage and disclosure of user information. Information on the PCI DSS can be found on the PCI Council’s website. You also agree that in the event that you would develop software applications by leveraging our Terminal marketplace to be used on Paystack Terminal Devices, you shall at all times comply with the Paystack Terminal App Store Security Policies. It is your responsibility to comply with these standards.
We are responsible for the security and protection of Card Holder Data (CHD) we collect and store. Accordingly, we implement access control measures, security protocols and standards including the use of encryption and firewall technologies to ensure that CHD is kept safe and secure on our servers, in compliance with the PCI DSS Requirement. We also implement periodical security updates to ensure that our security infrastructures are in compliance with reasonable industry standards.
We are responsible for the security and protection of Card Holder Data (CHD) we collect and store. Accordingly, we implement access control measures, security protocols and standards including the use of encryption and firewall technologies to ensure that CHD is kept safe and secure on our servers, in compliance with the PCI DSS Requirement. We also implement periodical security updates to ensure that our security infrastructures are in compliance with reasonable industry standards.
We acknowledge that you own all your customers’ data. You hereby grant Paystack a perpetual, irrevocable, sub-licensable, assignable, worldwide, royalty-free licence to use, reproduce, electronically distribute, and display your customers’ data (as may be permitted by applicable law) for the following purposes:
- providing and improving our services;
- internal usage, including but not limited to, data analytics and metrics so long as individual customer data has been anonymized and aggregated with other customer data;
- complying with applicable legal requirements and assisting law enforcement agencies by responding to requests for the disclosure of information in accordance with local laws; and
- any other purpose for which consent has been provided by your customer.
Software License
We hereby grant you a revocable, non-exclusive, non-transferable licence to use Paystack’s APIs, developer’s toolkit, and other software applications (the “Software”) in accordance with the documentation accompanying the Software. This licence grant includes all updates, upgrades, new versions and replacement software for your use in connection with Paystack’s services. If you do not comply with the documentation and any other requirements provided by Paystack, then you will be liable for all resulting damages suffered by you, Paystack and third parties. Unless otherwise provided by applicable law, you agree not to alter, reproduce, adapt, distribute, display, publish, reverse engineer, translate, disassemble, decompile or otherwise attempt to create any source code that is derived from the Software. Upon expiration or termination of this Agreement, you will immediately cease all use of any Software.
PoS Terminals Use and License
You may have our PoS Terminal (the “Device”) and its accompanying software (together the “Equipment”) deployed for your business needs, either through the payment of an upfront purchase fee for the Device or by opting to lease the Device for a fixed period. Where you opt for an upfront or instalments purchase of the Device, ownership will pass to you upon the payment completion of the purchase fee, however, Paystack will charge fees on the maintenance of the Device on your behalf as well as for the licence to use the accompanying software.
Where on the other hand, you subscribe to lease the Device, we hereby grant you a revocable, non-exclusive, non-transferable licence to use the Equipment in accordance with all accompanying documentation which sets out the substantial terms by which your rights, obligations and use, of our PoS Terminals will be governed. This licence grant includes all updates, upgrades, new versions and replacement of the Equipment for your use in connection with the PoS Terminal service. If you do not comply with the documentation and any other requirements provided by Paystack, then you will be liable for all resulting damages suffered by you, Paystack and any third parties. Unless otherwise provided by applicable law, you agree not to alter, disassemble or otherwise tamper with the Equipment without our prior written authorization. Upon expiration or termination of this Agreement or any accompanying documentation, you will immediately return the Equipment to Paystack. You also agree that you would handle the Device with reasonable care and skill and that Paystack reserves the right to decommission and recall such Device for any reason; following which you shall ensure the immediate return of the Device. Paystack always reserves the right to review the applicable fees for either the Device or the software licence.
You agree to ensure that only your employees, contractors, agents or other parties working on your behalf ("Authorized Users") will use the Equipment and that such Authorized Users are notified of the terms and conditions of this Licence and any accompanying documentation prior to using the Equipment. You will also ensure that all use of the Equipment by such Authorized Users is in accordance with the terms of the Agreement or any accompanying documentation.
Trademark License
We hereby grant you a revocable, non-exclusive, non-transferable licence to use Paystack’s trademarks used to identify our services (the “Trademarks”) solely in conjunction with the use of our Services. You agree that you will not at any time during or after this Agreement assert or claim any interest in or do anything that may adversely affect the validity of any Trademark or any other trademark, trade name or product designation belonging to or licensed to Paystack (including, without limitation registering or attempting to register any Trademark or any such other trademark, trade name or product designation). Upon expiration or termination of this Agreement, you will immediately cease all display, advertising and use of all of the Trademarks.
Intellectual Property
We do not grant any right or licence to any Paystack intellectual property rights by implication, estoppel or otherwise other than those expressly mentioned in this Agreement.
Each party shall retain all intellectual property rights including all ownership rights, title, and interest in and to its own products and services, subject only to the rights and licences specifically granted herein.
Publicity
You hereby grant Paystack permissions to use your name and logo in our marketing materials including, but not limited to use on our website, in customer listings, in interviews and in press releases. Such Publicity does not imply an endorsement for your products and services.
Confidential Information
The parties acknowledge that in the performance of their duties under this Agreement, either party may communicate to the other (or its designees) certain confidential and proprietary information, including without limitation information concerning each party’s services, know-how, technology, techniques, or business or marketing plans (collectively, the “Confidential Information”) all of which are confidential and proprietary to, and trade secrets of, the disclosing party. Confidential Information does not include information that: (i) is public knowledge at the time of disclosure by the disclosing party; (ii) becomes public knowledge or known to the receiving party after disclosure by the disclosing party other than by breach of the receiving party’s obligations under this section or by breach of a third party’s confidentiality obligations; (iii) was known by the receiving party prior to disclosure by the disclosing party other than by breach of a third party’s confidentiality obligations; or (iv) is independently developed by the receiving party.
As a condition to the receipt of the Confidential Information from the disclosing party, the receiving party shall: (i) not disclose in any manner, directly or indirectly, to any third party any portion of the disclosing party’s Confidential Information; (ii) not use the disclosing party’s Confidential Information in any fashion except to perform its duties under this Agreement or with the disclosing party’s express prior written consent; (iii) disclose the disclosing party’s Confidential Information, in whole or in part, only to employees and agents who need to have access thereto for the receiving party’s internal business purposes; (iv) take all necessary steps to ensure that its employees and agents are informed of and comply with the confidentiality restrictions contained in this Agreement; and (v) take all necessary precautions to protect the confidentiality of the Confidential Information received hereunder and exercise at least the same degree of care in safeguarding the Confidential Information as it would with its own confidential information, and in no event shall apply less than a reasonable standard of care to prevent disclosure.
Know Your Customer
You agree that, you are solely responsible for verifying the identities of your customers, ensuring that they are authorised to carry out the transactions on your platform and at physical retail locations, and determining their eligibility to purchase your products and services.
You are also required to maintain information and proof of service or product delivery to your customer. Where a dispute occurs needing resolution, you may be required to provide Paystack with these.
Card Network Rules
Each card network has its own rules, regulations and guidelines. You are required to comply with all applicable Network Rules that are applicable to merchants. You can review portions of the Network Rules at Mastercard, Visa, Verve and other payment cards. The Card Networks reserve the right to amend the Network Rules.
Customer Payments
You may only process payments when authorised to do so by your customer. We will only process transactions that have been authorised by the applicable Card Network or card issuer.
We do not guarantee or assume any liability for transactions authorised and completed that are later reversed or charged back (see Chargebacks below). You are solely responsible for all reversed or charged back transactions, regardless of the reason for, or timing of, the reversal or chargeback. Paystack may add or remove one or more payment types or networks at any time. If we do so we will use reasonable efforts to give you prior notice of the removal.
Our Fees & Pricing Schedule
You agree to pay us for the services we render as a payment solution provider through our gateway and PoS Terminal for your goods and services. Our Fees will be calculated as demonstrated on the Pricing page on the website and can be calculated on the same page using the “little calculator” we provided. The Fees on our Pricing page is integral to and forms part of this Agreement.
We reserve the right to revise our Fees. In the event that we revise our fees we will notify you within 5 days of such change.
Payouts
Subject to the terms of this Agreement, Paystack will send to your designated bank or card settlement account (“Bank Account”) all amounts settled and due to you from your transactions, minus our fees as stated in the Fee Schedule, any Reversals, Invalidated Payments, Chargebacks, Refunds or other amounts that you owe to Paystack under this Agreement (“Payout”). If the Payout is not sufficient to cover the amounts due, you agree that we may debit your Bank Account for the applicable amounts, and/or set-off the applicable amounts against future Payouts. Upon our request, you agree to provide us with all necessary bank account and related information and grant us permission to debit amounts due from your Bank Account.
After transfer of funds is initiated to your Bank Account, we will update information on your Paystack Dashboard to reflect settlement. Information regarding your transactions that are processed and settled using Paystack (“Transaction History”) will be available to you when you login to your Paystack Dashboard. While we will provide Transaction History in your Paystack Dashboard, you are solely responsible for compiling and retaining permanent records of all transactions and other data associated with your Paystack account as may be required for your business. Paystack is not responsible for maintaining Transaction History or other records in a manner consistent with your record retention obligations.
Payout Schedule
Your Payout Schedule, which is the time it takes us to initiate a transfer to your Bank Account settled funds from card transactions processed through us is on your Paystack Dashboard. We reserve the right to change your Payout Schedule, suspend payouts to your Bank Account or initiate a Reversal should we deem it necessary due to pending disputes, excessive or anticipated excessive Chargebacks or Refunds, or other suspicious activity associated with your use of Paystack, or if required by law or court order.
How we handle your Funds
You authorise and instruct Paystack to hold, receive, and disburse funds on your behalf when such funds from your card transactions settle from the Card Networks. By accepting this Agreement, you further authorise Paystack on how your card transaction settlement funds should be disbursed to you as Payouts and the timing of such Payouts.
You agree that you are not entitled to any interest or other compensation associated with the settlement funds held by Paystack pending settlement and Payout to your Bank Account.
Settlement funds will be held in a deposit account at Paystack’s settlement bank pending Payouts to you in accordance with the terms of this contract. We may periodically make available to you information about pending settlements yet to be received from the Card Networks, and other applicable partners.
Your authorisations will remain valid and be of full effect until your Paystack Account is closed or terminated.
Security and Fraud Controls
Paystack is responsible for protecting the security of Payment Data including CHD in our possession and will maintain commercially reasonable administrative, technical, and physical procedures to protect all the personal information regarding you and your customers that is stored in our servers from unauthorised access and accidental loss or modification. Although, we cannot guarantee that unauthorised third parties will never be able to defeat those measures or use such personal information for improper purposes. We will however take all reasonable and commercially achievable measures to address any security breach as soon as we become aware.
You agree to use other procedures and controls provided by us and other measures that are appropriate for your business to reduce the risk of fraud.
In the event that you suspect any fraudulent activity by a customer, you agree to notify Paystack immediately and quit the delivery of the service. In addition, where we suspect that there have been frequent fraudulent transactions on your account, we reserve the right to cancel our service to you and/or your account.
Notification of Errors
You agree to notify us immediately any error is detected while reconciling transactions that have occurred using Paystack. We will investigate and rectify the errors where verified. In the event that we notice any errors, we will also investigate and rectify such errors.
Where we owe you money as a result of such errors, we will refund the amounts owed to you by a bank transfer to your Bank Account.
If a transaction is erroneously processed through your platform, report to us immediately. We will investigate any such reports and attempt to rectify the errors by crediting or debiting your Bank Account as appropriate.
Failure to notify us within 45 (forty-five) days of the occurrence of an error will be deemed a waiver of your rights to amounts that are owed to you due to an error.
Chargebacks
A Chargeback usually happens when a customer files directly with or disputes through his or her credit or debit card issuer a payment on their bill. It may result in the reversal of a transaction. You may be assessed Chargebacks for (i) customer disputes; (ii) unauthorised or improperly authorised transactions; (iii) transactions that do not comply with Card Network Rules or the terms of this Agreement or are allegedly unlawful or suspicious; or (iv) any reversals for any reason by the Card Network, our processor, or the acquiring or issuing banks. Where a Chargeback occurs, you are immediately liable for all claims, expenses, fines and liability we incur arising out of that Chargeback and agree that we may recover these amounts by debiting your Bank Account. Where these amounts are not recoverable through your Bank Account, you agree to pay all such amounts through any other means.
Reserves
In our sole discretion, we may place a Reserve on a portion of your Payouts by holding for a certain period such portion where we believe there is a high level of risk associated with your business. If we take such steps, we will provide you with the terms of the Reserve which may include the percentage of your Payouts to be held back, period of time and any other such restrictions that Paystack may deem necessary. Where such terms are changed, we will notify you. You agree that you will remain liable for all obligations related to your transactions even after the release of any Reserve. In addition, we may require you to keep your Bank Account available for any open settlements, Chargebacks and other adjustments.
To secure your performance of this Agreement, you grant Paystack a legal claim to the funds held in the Reserve as a lien or security interest for amounts payable by you.
Refunds
You agree that you are solely responsible for accepting and processing returns of your products and services. We are under no obligation to process returns of your products and services, or to respond to your customers’ inquiries about returns of your products and services. You agree to submit all Refunds for returns of your products and services that were paid for through Paystack to your customers in accordance with this Agreement and relevant Card Network Rules.
Termination
You may terminate this Agreement by closing your Paystack Account.
We may suspend your Paystack Account and your access to Paystack services and any funds, or terminate this Agreement, if;
- you do not comply with any of the provisions of this Agreement;
- we are required to do so by a Law;
- we are directed by a Card Network or issuing financial institution; or
- where a suspicious or fraudulent transaction occurs.
Restricted Activities & Acceptable Use Policy
You are independently responsible for complying with all applicable laws related to your use of our website and services. However, by accessing or using Paystack, you agree to comply with the terms and conditions of our Acceptable Use Policy and are restricted from the activities specified in it which you can read on our Acceptable Use Policy page.
Privacy Policy
Paystack is committed to managing your Personal Information in line with global industry best practices. You can read our Privacy Policy to understand how we use your information and the steps we take to protect your information.
Disclaimers
WE TRY TO KEEP PAYSTACK AVAILABLE AT ALL TIMES, BUG-FREE AND SAFE, HOWEVER, YOU USE IT AT YOUR OWN RISK.
OUR WEBSITE AND SERVICES ARE PROVIDED “AS IS” WITHOUT ANY EXPRESS, IMPLIED AND/OR STATUTORY WARRANTIES (INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED OR STATUTORY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR USE OR PURPOSE, TITLE, AND NON-INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS). WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, PAYSTACK MAKES NO WARRANTY THAT OUR WEBSITE AND SERVICES WILL MEET YOUR REQUIREMENTS OR THAT OUR WEBSITE WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR FREE. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU THROUGH OUR WEBSITE OR FROM PAYSTACK, ITS PARENTS, SUBSIDIARIES, OR OTHER AFFILIATED COMPANIES, OR ITS OR THEIR SUPPLIERS (OR THE RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, OR AGENTS OF ANY SUCH ENTITIES) (COLLECTIVELY, "PAYSTACK PARTIES") SHALL CREATE ANY WARRANTY
Limitation of Liability
IN NO EVENT WILL ANY OF THE PAYSTACK PARTIES BE LIABLE FOR (A) ANY INDIRECT, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES OR (B) ANY DAMAGES WHATSOEVER IN EXCESS OF THE AMOUNT OF THE TRANSACTION OR TWENTY THOUSAND UNITED STATES DOLLARS (US$20,000.00) DOLLARS, WHICHEVER IS LESSER (INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM LOSS OF REVENUES, LOST PROFITS, LOSS OF GOODWILL, LOSS OF USE, BUSINESS INTERRUPTION, OR OTHER INTANGIBLE LOSSES), ARISING OUT OF OR IN CONNECTION WITH PAYSTACK’S WEBSITE OR SERVICES (INCLUDING, WITHOUT LIMITATION, USE, INABILITY TO USE, OR THE RESULTS OF USE OF PAYSTACK’S WEBSITES OR SERVICES), WHETHER SUCH DAMAGES ARE BASED ON WARRANTY, CONTRACT, TORT, STATUTE, OR ANY OTHER LEGAL THEORY.
Exclusions
Some jurisdictions do not allow the exclusion of certain warranties or the limitation or exclusion of liability for certain damages. Accordingly, some of the above disclaimers and limitations of liability may not apply to you. To the extent that any Paystack Party may not, as a matter of applicable law, disclaim any implied warranty or limit its liabilities, the scope and duration of such warranty and the extent of the Paystack’s Party's liability shall be the minimum permitted under such applicable law.
Indemnity
You agree to defend, indemnify, and hold Paystack, its officers, directors, employees, agents, licensors, and suppliers, harmless from and against any claims, actions or demands, liabilities and settlements including without limitation, reasonable legal and accounting fees, resulting from, or alleged to result from, your violation of these Agreement.
Updates, Modifications & Amendments
We may need to update, modify or amend our Merchant Terms of Service as our technology evolves. We reserve the right to make changes to this Merchant Terms of Service at any time by giving notice to users on this page.
We advise that you check this page often, referring to the date of the last modification on the page If you have any objection to any of the changes to this Merchant Terms of Service, you must cease using our website and/or services immediately.
Applicable Law
These Terms of Use shall be interpreted and governed by the laws currently in force in the Federal Republic of Nigeria.
Legal Disputes
We shall make an effort to settle all disputes amicably. Any dispute arising out of this Agreement which cannot be settled, by mutual agreement/negotiation within 1 (one) month shall be referred to arbitration by a single arbitrator at the Lagos Multi-Door Courthouse (“LMDC”) and governed by the Arbitration and Conciliation Act, Cap A10, Laws of the Federal Republic of Nigeria. The arbitrator shall be appointed by both of us (we and you), where both of us are unable to agree on the choice of an arbitrator, the choice of arbitration shall be referred to the LMDC. The findings of the arbitrator and subsequent award shall be binding on both of us. Each of us shall bear our respective costs in connection with the Arbitration. Venue for the arbitration shall be Lagos, Nigeria.
Severability
If any portion of these Terms of Use is held by any court or tribunal to be invalid or unenforceable, either in whole or in part, then that part shall be severed from these Terms of Use and shall not affect the validity or enforceability of any other part in this Terms of Use.
Miscellaneous
You agree that all agreements, notices, disclosures and other communications that we provide to you electronically satisfy any legal requirement that such communications be in writing. Assigning or sub-contracting any of your rights or obligations under these Terms of Use to any third party is prohibited. We reserve the right to transfer, assign or sub-contract the benefit of the whole or part of any rights or obligations under these Terms of Use to any third party.
Paystack Terminal App Store Security Policies
In order for a third-party application to be permitted on the Paystack terminal device, it needs to be developed and maintained with security best practices in mind. In addition, it will be required to pass various malware detection and vulnerability tests from Paystack’s internal reviews team.
To help developers adhere to security best practices, Paystack has created a verification checklist modelled on the OWASP(Open Web Application Security Project) Mobile Application Security Verification Standard. It is required that a Third-party, at minimum, creates an application that meets all “L1” security standards outlined in the guide. The security requirements defined in this checklist must be used as a reference tool during the development phase of an application or as a last-stage checklist, as by submitting an application, the Third-party agrees to meet the minimum standard.
In addition, applications submitted will NOT be accepted if common vulnerabilities are present. As such, Paystack encourages all Third-parties to utilise code review, binary analysis and dynamic testing tooling, to prevent the occurrence of easily detectable vulnerabilities before submission.
Third-party applications will undergo further review by Paystack internally, to ensure adherence to the PMASVS and ensure there is no presence of malicious activity. All third-party applications are subjected to vulnerability scanners. These scanners are required to gain full coverage by reviewing each line of code post-decompilation.
Requirements
In order for a third party to be considered for Paystack PoS Terminal deployment it must meet the minimum PMASVS L1 standards and present no medium or higher risk vulnerabilities from relatively reputable security scanners, based on the OWASP risk rating methodology.
Failure to Meet Requirements
If an application does not meet the minimum security requirements through the internal Paystack review process, the applicants will be sent a report with reasons a failure occurred. Once applicants have addressed the concerns, they may repeat the submission process, for an additional security review.
Resources
Below one can find the Paystack Mobile Application Security Verification Standard checklist:
Paystack Mobile App Security Checklist v0.2.xlsx
Below are a few reputable resources around secure development, that may be used as aids at any point:
Effective Date: Thursday, Dec 15, 2022