Merchant Services
Terms & Conditions

Parties

This Merchant Services Agreement ("Agreement") is entered into between:

and Merchant ("you," "your," or "Merchant") as identified in the account registration and onboarding documentation.

Definitions

Gateway and Processing Services

Convrt provides a software-as-a-service (SaaS) payment gateway platform that enables Merchant to:

1. Accept multiple Payment Methods from Customers globally, including credit cards, debit cards, ACH transfers, digital wallets (Apple Pay, Google Pay, etc.), and alternative payment methods
2. Securely transmit Transaction data to Acquirers and Card Networks for authorization and settlement
3. Tokenize and securely store payment credentials for recurring billing and customer convenience
4. Access real-time transaction reporting, analytics, and reconciliation tools via the Convrt dashboard
5. Utilize fraud detection, risk scoring, and prevention tools integrated within the platform
6. Manage refunds, voids, and partial captures through API and dashboard interfaces
7. Receive technical support and integration assistance as described in Section 11

Service Scope and Limitations

Convrt acts solely as a payment gateway technology provider and service facilitator. We are not:

1. A bank, financial institution, or money transmitter (except where separately licensed)
2. A direct issuer of credit or lender
3. A party to the sale of goods or services between Merchant and Customer
4. Responsible for product quality, delivery, customer service disputes, or fulfillment obligations
5. An acquirer or merchant of record, unless specifically contracted

Actual payment processing, card authorization, and settlement are performed by TPSPs including Acquirers and Card Networks under separate agreements incorporated by reference.

Service Availability

We strive to maintain high service availability but do not guarantee uninterrupted or error-free access. Scheduled maintenance will be communicated with reasonable advance notice. Emergency maintenance may occur without prior notice.

Service Modifications

We reserve the right to:

1. Add, modify, or discontinue features, Payment Methods, or supported currencies with thirty (30) days' advance notice
2. Implement changes immediately if required by law, Card Network rules, or to address security vulnerabilities
3. Update API specifications, integration requirements, and technical documentation, with backward compatibility maintained for a reasonable transition period

Eligibility Requirements

To use the Services, Merchant must:

1. Be a duly organized legal entity or sole proprietor authorized to conduct business in its jurisdiction
2. Have legal capacity to enter into binding contracts
3. Maintain principal place of business or significant operations in a jurisdiction where Convrt offers Services
4. Not appear on any US, EU, UK, or UN sanctions lists (OFAC SDN, EU Consolidated List, UN Security Council lists, etc.)
5. Provide accurate, complete, and truthful information during registration and onboarding
6. Maintain a valid bank account in a supported jurisdiction for Settlement purposes
7. Not be engaged in Prohibited Activities (Section 6)
8. Comply with all applicable laws, regulations, and Card Network rules

Know Your Customer (KYC) and Verification

As part of onboarding, Merchant must provide:

1. Business registration documents (articles of incorporation, business license, etc.)
2. Tax identification numbers (EIN, VAT number, or equivalent)
3. Identity verification for beneficial owners and authorized signatories (government-issued ID, proof of address)
4. Bank account verification documentation
5. Business website URL and description of goods/services offered
6. Projected processing volumes, average transaction size, and business model details
7. Any additional documentation reasonably requested by Convrt to verify legitimacy and assess risk

We reserve the right to conduct ongoing verification, request updated documentation annually or as needed, and use third-party services for identity verification, credit checks, and background screening.

Account Security

Merchant is responsible for:

1. Maintaining confidentiality of API keys, credentials, passwords, and access tokens
2. Restricting access to the Convrt dashboard and APIs to authorized personnel only
3. Implementing role-based access controls and multi-factor authentication (MFA) where available
4. Promptly notifying Convrt of any suspected or actual security breach, unauthorized access, or credential compromise
5. Using secure, up-to-date software and networks when accessing the Services

Merchant is liable for all activity conducted using its Account credentials, whether authorized or unauthorized, until Convrt receives written notice of compromise and has a reasonable opportunity to respond.

PCI DSS Compliance

Merchant must comply with the Payment Card Industry Data Security Standard (PCI DSS), currently version 4.0.1, including all requirements effective as of March 31, 2025. PCI DSS 4.0.1 mandates twelve (12) core requirements:

1. Install and maintain network security controls (firewalls, network segmentation)
2. Apply secure configurations to all system components (disable defaults, harden systems)
3. Protect stored account data (minimize storage, encrypt where necessary)
4. Protect cardholder data with strong cryptography during transmission (TLS 1.2+, secure protocols)
5. Protect all systems and networks from malicious software (anti-malware, patching)
6. Develop and maintain secure systems and software (patch management, secure development)
7. Restrict access to cardholder data by business need to know (least privilege, role-based access)
8. Identify users and authenticate access to system components (unique IDs, MFA for remote access)
9. Restrict physical access to cardholder data (facility controls, device security)
10. Log and monitor all access to system components and cardholder data (audit logs, SIEM)
11. Test security of systems and networks regularly (vulnerability scans, penetration tests)
12. Support information security with organizational policies and programs (policy governance, training, incident response)

Security Incident Notification

Merchant must notify Convrt within twenty-four (24) hours of discovery of any data breach or suspected compromise of Cardholder Data or Personal Data, unauthorized access to systems connected to Convrt APIs, loss or exposure of API keys or credentials, or malware affecting Transaction processing systems.

Anti-Money Laundering (AML) and Sanctions Compliance

Merchant must comply with the Bank Secrecy Act (BSA), USA PATRIOT Act, and all applicable AML and countering the financing of terrorism (CFT) laws. Merchant must not conduct business with individuals, entities, or jurisdictions subject to US economic sanctions administered by OFAC, EU sanctions, UN sanctions, or other applicable sanctions regimes.

Controller and Processor Roles

1. Merchant is the Data Controller for Customer data collected in connection with sales of goods or services
2. Convrt is a Data Processor acting on Merchant's behalf to process payment Transactions
3. Convrt is also a Data Controller for Merchant account data, business relationship data, and fraud/risk data used for its own business purposes

A separate Data Processing Addendum (DPA) is available upon request for Merchants subject to GDPR or similar laws requiring written processor agreements.

Data Retention

1. Transaction records: Seven (7) years from Transaction date
2. Merchant Account data: Duration of the business relationship plus seven (7) years
3. Security logs and audit trails: Minimum one (1) year, up to seven (7) years
4. Personal Data: Deleted or anonymized when no longer necessary for the stated purpose, subject to legal retention obligations

International Data Transfers

Convrt may transfer Personal Data to TPSPs and subprocessors located outside the country of data origin. For transfers from the EU/EEA/UK to the US or other non-adequate jurisdictions, Convrt implements appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, supplementary technical and organizational measures, and Binding Corporate Rules or adequacy decisions where applicable.

Prohibited Business Types

Merchant may not use the Services for the following activities:

1. Illegal goods or services, including controlled substances, illegal drugs, drug paraphernalia
2. Unlicensed gambling, betting, lotteries, raffles, or casino operations
3. Adult content and services (pornography, escort services, adult entertainment venues)
4. Weapons, firearms, ammunition, explosives, or related accessories (without pre-approval and appropriate licenses)
5. Counterfeit goods, replica items, or intellectual property infringing products
6. Money laundering, terrorist financing, or sanction-violating transactions
7. Pyramid schemes, multi-level marketing with no legitimate product, Ponzi schemes
8. Cryptocurrency mining equipment, unregulated cryptocurrency exchanges, or high-risk crypto offerings (without pre-approval)
9. Tobacco, e-cigarettes, vaping products in jurisdictions where restricted
10. Hacking services, malware distribution, DDoS services, or other cybercrime tools
11. Fraudulent or deceptive business practices, including fake reviews, misleading advertising, or non-delivery scams
12. Unlicensed financial services, money transmission without appropriate licenses, investment schemes promising unrealistic returns
13. Sale of personal data, social security numbers, identity documents, hacked accounts
14. Illegal telemarketing, spam, or phishing operations
15. Any activity prohibited by US law, Card Network rules, or Acquirer policies

Restricted and High-Risk Business Types

The following business types are considered high-risk and require pre-approval and enhanced due diligence:

1. Nutraceuticals, dietary supplements, and health products with unverified claims
2. Travel agencies, timeshares, and advance-booking travel services
3. Subscription services with free trials converting to paid
4. High-ticket items (luxury goods, jewelry, electronics) with average transaction values exceeding $5,000
5. Online pharmacies and telemedicine services
6. Fantasy sports, skill-based gaming, social casino gaming
7. Debt collection, credit repair services
8. Crowdfunding platforms
9. Marketplaces and payment facilitators aggregating sub-merchants
10. Recurring billing services with long commitment periods

Fee Structure

Merchant agrees to pay Convrt fees as set forth in the Pricing Schedule provided during onboarding or as separately agreed in writing. Fees may include:

1. Transaction Fees: Percentage of Transaction amount plus fixed per-Transaction fee
2. Currency Conversion Fees: Percentage markup on foreign exchange for multi-currency Transactions
3. Cross-Border Fees: Additional percentage for international card Transactions
4. Chargeback Fees: Fixed fee per Chargeback (typically $15 to $25 per incident)
5. Monthly Account Fees: Flat fee for Account maintenance or premium features
6. Refund Processing Fees: Fee charged when issuing refunds (if applicable)
7. Payout Fees: Fee for transferring Settlement funds to bank accounts
8. Compliance and Regulatory Fees: Pass-through fees imposed by Card Networks, Acquirers, or regulatory authorities

All fees are exclusive of taxes unless otherwise stated. Convrt may change fees upon sixty (60) days' advance written notice.

Settlement Calculation

Settlement amounts are calculated as follows:

If the calculation results in a negative balance, Merchant owes the negative amount to Convrt, payable within five (5) Business Days of invoice.

Chargeback Thresholds

Excessive Chargebacks may result in enrollment in Card Network monitoring programs. Thresholds typically include a chargeback ratio exceeding 0.9% to 1.5% of Transactions, or more than 100 Chargebacks per month. Merchants in monitoring programs are subject to increased fines ($5,000 to $25,000+ per month), enhanced Reserve requirements, and potential termination of processing privileges.

Convrt IP Ownership

All intellectual property in the Services, including software, APIs, SDKs, documentation, trademarks, logos, and proprietary technology, is and remains the exclusive property of Convrt and its licensors. Merchant acquires no ownership rights through use of the Services.

License Grant to Merchant

Convrt grants Merchant a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to access and use the Convrt payment gateway and dashboard during the term of this Agreement, and to integrate the APIs and SDKs into Merchant's systems solely for the purpose of processing Transactions. This license terminates automatically upon termination of this Agreement.

Restrictions

Merchant must not reverse engineer, decompile, or disassemble the Services; modify or create derivative works; remove proprietary notices; rent, lease, resell, or sublicense the Services; or use the Services to develop competing products.

Mutual Representations

Each party represents and warrants that it has full power and authority to enter into this Agreement, execution and performance does not violate any other agreement or obligation, and it will comply with all applicable laws, regulations, and industry standards.

Disclaimer of Warranties

Term

This Agreement commences upon Merchant's acceptance (by clicking "I Agree," submitting an application, or using the Services) and continues indefinitely until terminated in accordance with this Section.

Termination by Merchant

Merchant may terminate this Agreement for any reason by providing thirty (30) days' written notice to Convrt and ceasing use of the Services. Merchant remains responsible for all fees accrued and obligations arising prior to termination.

Termination by Convrt

Convrt may terminate this Agreement immediately upon written notice if Merchant: breaches this Agreement and fails to cure within ten (10) days of notice; engages in Prohibited Activities; becomes insolvent or makes an assignment for the benefit of creditors; poses unacceptable fraud, chargeback, or reputational risk; violates Card Network rules or applicable law; provides false or misleading information; or is required to be terminated by Card Networks or Acquirers.

Post-Termination Obligations

Upon termination: all licenses granted to Merchant under this Agreement terminate immediately; Merchant must cease all use of the Services and APIs; Convrt may hold Reserve funds for up to 180 days post-termination to cover potential Chargebacks or other obligations; Merchant remains liable for all pre-termination obligations; and all provisions that by their nature should survive termination will survive, including Sections 5, 10, 11, 13, and 14.

Governing Law

This Agreement is governed by and construed in accordance with the laws of the State of Florida, United States, without regard to its conflict of laws provisions. The UN Convention on Contracts for the International Sale of Goods does not apply.

Mandatory Arbitration

Any dispute, claim, or controversy arising from or related to this Agreement or the Services that cannot be resolved through informal negotiation shall be resolved exclusively through binding arbitration administered by JAMS under its Comprehensive Arbitration Rules and Procedures, conducted by a single arbitrator in Miami, Florida (or virtually), with proceedings in English.

Informal Resolution

Before initiating arbitration, the party raising a dispute must provide written notice describing the claim and proposed resolution. Both parties agree to negotiate in good faith for thirty (30) days. Contact: legal@convrtpayments.com

Entire Agreement

This Agreement, together with the Pricing Schedule, Privacy Policy, and any applicable Data Processing Addendum, constitutes the entire agreement between the parties regarding the Services and supersedes all prior agreements, representations, or understandings.

Amendments

Convrt may amend this Agreement by posting the revised version at least thirty (30) days before the effective date. Continued use of the Services after the effective date constitutes acceptance. If Merchant disagrees with an amendment, Merchant's sole remedy is to terminate this Agreement.

Contact Information