Apiture Service Terms

Last Updated: 23-April-2024

The Service Terms below are subject to the terms and conditions of the Master Services Agreement, SaaS Order or other agreement with Apiture (collectively, the “Agreement“) and govern the use of certain Apiture supported Services as of the Effective Date of the SaaS Order or other applicable digital banking Agreement with Apiture. By using the Services, you agree to be bound by the terms of these Service Terms. Capitalized terms used in these Service Terms but not defined below are defined in the Agreement. For purposes of these Service Terms, Institution understands and agrees that the obligations of Apiture with respect to the provision of the Services described in these Service Terms may be performed by a Third Party Provider contracted by Apiture to provide such services and Apiture disclaims any liability for the actions or omissions of its Third Party Providers; provided, however, Apiture shall use commercially reasonable efforts to enforce the terms of its agreement with the Third Party Provider in the event of a breach, failure to perform or otherwise for unsatisfactory performance. In the event of a conflict between these Service Terms and the terns of the Agreement, these Service Terms shall control with respect to the individual Service. These Service Terms may be modified by Apiture from time to time in its sole and absolute discretion, however, no modification of these Service Terms, except for those required to maintain compliance with Legal Requirements, will be binding until the Parties execute an amended or restated SaaS Order, Addendum, Schedule or Apiture otherwise provides written notice to Institution.

PART I: Institution Terms

Universal Terms
Institution will not create and will ensure no third party creates derivative works of or attempts to reverse engineer or recreate any of the products or services set out in these Service Terms by any means (whether by discovering or recreating underlying ideas, interface techniques, processes, or algorithms or by copying, modifying, translating, decompiling, or disassembling) or make any other attempt by any means to discover or obtain the source code or other proprietary information included in the Services, Apiture Systems, Software, Documentation or Third Party Provider products, systems, or any related service, other than the limited rights expressly granted in the Agreement. Institution will not and will ensure no third party directly or indirectly copies the Services, Apiture Systems, Software, Documentation or Third Party Provider products or systems, except as technically necessary to access and use the Services and Third Party Services in accordance with the Agreement and these Service Terms. Institution will not modify and will ensure no third party modifies the Services, Apiture Systems, Software, Documentation or Third Party Provider products or systems and will not remove, alter, cover, or obfuscate any proprietary rights notices therefrom. Institution will not conduct and will ensure no third party conducts penetration testing, load testing or vulnerability scans of any Third Party Provider products, systems or services without Apiture’s prior written consent. Institution will not attempt and will ensure no third party attempts to circumvent or disable any of the security features of the Apiture Systems or any Third Party Provider products or systems. Institution will not provide the Apiture Systems, Services, Software or Third Party Provider products or systems to any third party as a time-sharing service, service bureau, or consortium. Institution will neither disclose the results of any benchmarking of the Services, Apiture Systems, Software, Documentation or Third Party Provider products or system nor use such results for its own competing software development activities, without the prior written permission of Apiture.

Bill Payment and Presentment Universal Terms
1. Institution agrees, and agrees to require its Users (including business users), to use and receive the bill pay, bill presentment and related Services under this Section (Bill Pay Services) in accordance with Apiture’s and its Third Party Provider’s then-current terms and conditions, which will be presented in conjunction with the User registration process or otherwise upon written request.
2. Institution shall indemnify Apiture and its respective Third Party Providers from, defend and hold each harmless from any loss, claim or liability incurred by Apiture or its respective Bill Pay Service Third Party Provider from Institution’s breach of its obligations to secure a User Agreement with each User in accordance with the Agreement. Compliance with Federal Reserve Bank Regulation E is the Institution’s responsibility.
3. Institution shall provide content for any Bill Pay Service web subsite to Apiture in HTML format or will pay for such conversion of content to HTML at Apiture’s then-current hourly rate or at an otherwise agreed to, project-specific, price. Institution is responsible for providing all content in accordance with Third Party Provider development guidelines for the web subsite. Institution agrees that Institution-branded webpages for the Bill Pay Service, together with associated URLs and web addresses and the design elements and features for the webpages remain the exclusive property of Apiture and/or its Third Party Provider(s). Institution represents and warrants that it holds a valid copyright or license to any and all text and images it supplies for display on its Institution-branded webpages for the Bill Pay Service. Institution grants Apiture (and its Third Party Provider, if any) a non-exclusive, royalty-free license to display the text and images on the World Wide Web for this purpose for so long as the Agreement is in effect.
4. Institution will provide Apiture with 90 days’ prior written notice of any material changes to its systems, and 20 days’ prior written notice for any minor changes requiring regression testing or testing of bill payment files.
5. Subject to the terms in these Service Terms and the Agreement, Institution grants to Apiture and its Third Party Provider the non-exclusive right to use any Institution or User provided data to improve and enhance the Bill Pay Services or other services to Institution as well as develop data analytics models to produce analytics-based offerings that will be the sole and exclusive property of Apiture or Apiture’s Third Party Provider, as the case may be; provided, however, that this does not mean that Apiture or Apiture’s Third Party Provider is claiming any ownership of the underlying Institution or User provided data, which remain the property of the respective owners of such.
1. CheckFree Bill Payment, Presentment and Fraudnet with Risk Assist (Retail Consumer and Business)
  1. When Users initiate a bill payment or bill presentment transaction through the Services, Institution acknowledges and agrees that the User’s Account will be debited via an Automatic Clearing House (ACH) debit or draft.
  2. Institution will provide to Apiture and its Third Party Provider, for the purpose of testing, certification and other non-production services or activities solely related to the Bill Pay Services, at no charge to Apiture or the Third Party Provider and at Institution’s cost and expense, such access to the Institution’s systems as may be reasonably required to perform the Bill Pay Services or supporting activities. Institution will obtain, at Institution’s cost and expense, any necessary third party authorizations or consents necessary for Apiture and its Third Party Provider to use and execute any Institution systems to the extent reasonably required to perform the Services. Notwithstanding anything to the contrary in the Agreement, Apiture shall not be required to use or execute any Institution system if Apiture reasonably believes that the use or execution of such Institution system would constitute an infringement of the intellectual property rights of any third party.
  3. The Third Party Provider will have the right, in its sole discretion, to deny Bill Pay Services to any User that has not completed the required user registration process or indebted to the Third Party Provider in connection with other bill payment services or transactions, including, but not limited to, services provided through another financial institution. Apiture will notify Institution via e-mail the following business day of any application concluding in a denial of service.
  4. Institution shall maintain editorial control over and be solely responsible for maintaining its web site and providing access through it to the Services and shall be solely responsible for regulatory compliance of its web site and its functionalities with all applicable federal, state and local laws, rules, and regulations.
  5. Institution shall provide copyright attribution to Apiture’s Third Party Provider as creator and designer of the web subsite and graphical user interface by preserving the Third Party Provider’s copyright legends wherever appropriate based on the unique and specific nature of the web subsite.
  6. Institution shall be responsible for registering and maintaining registration of its Internet domain name address.
  7. The risk override or similar feature allows Institution to provide and to permit its Users to override Apiture’s Third Party Provider’s risk processing rules, and to assign a modified risk limit for that User, be it above, below, or the same as Apiture’s Third Party Provider default limit specified on the Third Party Provider’s system. In utilizing and allowing the risk override or similar feature, Institution acknowledges and agrees that it is financially responsible for and guarantees the full dollar amount of transactions that such User or other users transact through all impacted Bill Pay Service(s) within the risk limits selected by Institution or its User without any financial contribution from Apiture or its Third Party Provider, and agrees to fund Apiture or its Third Party Provider the full amount of transactions up to the modified risk limit regardless of the availability of funds in such User’s account. Notwithstanding the foregoing, if any risk override or similar feature has been invoked for a User for at least one transaction type, but a risk limit has not been specified for other transaction type(s), then Institution will still be financially responsible for the full amount of all transactions of all types, up to the default risk limit established by Apiture’s Third Party Provider risk processing rules regardless of the availability of funds in such User’s account.
  8. The Institution hereby accepts the risk for, as well as any fraud and chargebacks associated with, any and all User enrollments and transactions in the Bill Pay Services and shall additionally indemnify and hold harmless Apiture from any and all liability, including reasonable attorneys’ fees, arising from the failure of the User to have adequate funds available as a result of fraud or otherwise, including but not limited to any liability Apiture may incur to the Third Party Provider as a result of the User’s use of the Bill Pay Services.
  9. Institution will use commercially reasonable efforts to make corresponding changes to its systems to use the then-current release of the applicable Bill Pay Service, but in any case, will not be on any release of the applicable Bill Pay Service after such release is discontinued by Apiture’s Third Party Provider. Each release of the Bill Pay Services will be provided for at least 24 months after making such release generally available to Apiture’s clients of the applicable Bill Pay Service. Apiture will inform Institution at least 2 months prior to discontinuing a release of the Bill Pay Services, unless required to discontinue earlier for security or legal reasons. If Institution is in violation of the first sentence of this section, then Apiture and its Third Party Provider reserve the right to upgrade Institution to a release of the Bill Pay Services that complies with such sentence. All feature packs for the Bill Pay Services are mandatory and will be placed into production when made generally available to all Apiture clients for the applicable Bill Pay Services, with the sole exception of any specific functions within a feature pack that require a separate written agreement between Apiture and Institution for any fees for such function.
  10. Apiture’s Third Party Provider shall be responsible for Transaction Losses (defined below) solely to the extent that the debit of a User’s account for the transaction was returned for an insufficient available balance from the User regardless of funding method (e.g., NACHA Reason Codes R01 (Insufficient Funds) or R09 (Uncollected Funds)), but not if due to a closed or frozen User account or due to an unauthorized or fraudulent transaction. Apiture’s Third Party Provider will have the right to collect funds against such Transaction Losses for which it is responsible. Institution shall be responsible for all other Transaction Losses regardless of the amount or circumstance of the Transaction Loss. Without limiting the preceding sentence, Institution will research complaints that it receives from any User that an unauthorized transaction has occurred through the Bill Pay Services, and for funding any Transaction Losses or other amounts due Users or another party resulting from such unauthorized transaction. As part of the Bill Pay Services, neither Apiture nor its Third Party Provider is in any way responsible for authenticating User credentials for access to the Bill Pay Services. Institution acknowledges that with respect to the Bill Pay Service transactions, Institution or its User is the originator under the ACH Operating Rules. Institution, Apiture and its Third Party Provider agree to notify one another in the event of fraud being investigated by either party as it relates to the Bill Pay Services; such notification should be made within 2 business days of the party learning of the issue. In the event notice is prohibited by law enforcement or another government entity, then Institution will provide notice to Apiture as soon as practicable or permissible thereafter. “Transaction Loss” is a loss that occurs because the associated Bill Pay Services transaction was rescinded as unauthorized or has been returned and is un-collectable.
  11. Institution agrees to work in a commercially reasonable manner with Apiture’s Third Party Provider’s customer care center for first tier customer support for Bill Pay Services. Institution and Apiture’s Third Party Provider shall establish clear escalation criteria and processes whereby the Third Party Provider’s customer care may transfer, escalate, or turn over User related questions which do not directly deal with Bill Pay Services back to the Institution. These areas include, but are not limited to, technical and application support, general banking or bank account questions. Institution must use the Third Party Provider’s customer care system for any escalation by placing claim in urgent status. If expectations are still not met, Institution must contact the Apiture relationship contact. The Third Party Provider will provide management of merchant relationships; manage the Third Party Provider’s merchant database, process payments as instructed by Institution and its User, and will research payment posting discrepancies with the payees and use commercially reasonable efforts to support problem resolution in accordance with the Third Party Provider’s then-current standard practices.
  12. Neither Apiture nor its Third Party Provider is responsible for any risk (including without limitation, any User claims) associated with services which Institution requests that Apiture or its Third Party Provider copy a User account to a different account.
  13. Institution acknowledges that with respect to services transactions resulting in ACH Payments, Institution is the Originator under the NACHA Rules (defined as the National Automated Clearing House Association Operating Rules and Guidelines) for ACH payments that a subscriber submits for processing and Institution will have all responsibilities and liabilities of an Originator under the NACHA Rules for such ACH payments.
  14. Institution and Fiserv will be Third-Party Senders (as defined in the NACHA Rules) with respect to such ACH Payments and will have all of the responsibilities and liabilities of a Third-Party Sender under the NACHA Rules with respect to such ACH payments. Institution will comply with all applicable NACHA Rules and will not originate transactions in violation of any applicable law.
  15. Institution will not itself act as a Third-Party Sender on behalf of any other Originator under the Agreement without Apiture or Fiserv’s prior written consent. Apiture or Fiserv may withhold consent for any reason, including in circumstances in which the Originating Depository Financial Institution (“ODFI”) (as defined in the NACHA Rules) utilized for the Services does not provide consent.
  16. Fiserv will facilitate processing ACH Payments submitted by subscribers by transmitting ACH files to one or more ODFIs that has agreed to originate ACH payments for the Service. Institution authorizes Apiture and Fiserv and the ODFI to originate entries on behalf of Institution to the accounts designated in the Payment Instructions (defined as the information for a payment to be made for the service). When Fiserv receives a Payment Instruction, Institution authorizes Apiture and Fiserv to debit the subscriber’s account for the amount of any such Payment Instruction plus any related fees in effect (and as disclosed by Institution to the subscriber) at the time the subscriber initiates the Payment Instruction, and to remit funds on Institution’s behalf. Institution also authorizes Apiture and Fiserv to credit the subscriber’s account for the receipt of payments, including but not limited to those payments returned from receivers to whom the subscriber sent payment(s) and those payments that were cancelled and returned to the subscriber because the processing of the Payment Instruction could not be completed.
  17. During the term of Institution’s Agreement and for a period of one (1) year following termination or expiration, Apiture or Apiture’s Third Party Provider , the ODFI or an independent third party selected by Institution will be entitled, following reasonable advance written notice to Institution, but not more than once during any calendar year, to audit the books and records of Institution wih respect to verifying compliance with the terms and conditions of this Section. Any such audit will be conducted during regular business hours, and in a manner so as not to unreasonably interfere with Institution’s business operations.
  18. If Apiture or its Third Party Provider reasonably believes that any Services, or an Institution’s or any subscriber’s conduct in using the Services (including without limitation any subscriber intentionally initiating fraudulent or unauthorized transfers, account access or violating any agreement under which it has been provided access to the Services) violates these Service Terms or any applicable laws, rules, regulations or industry standards, or otherwise poses a threat to Apiture’s or its Third Party Provider’s system, security, equipment, processes, intellectual property or reputation (“Threatening Condition”) and if, in the reasonable and good faith determination of Apiture or its Third Party Provider, the Threatening Condition poses an imminent or actual threat (including without limitation regulatory investigation, inquiry or penalty), Apiture or its Third Party Provider may suspend any and all of Institution’s use of the applicable Services until such Threatening Condition is cured. Apiture will promptly notify Institution of such suspension, including the identity of the affected Subscriber(s) as needed, and both parties will use reasonable efforts to cure or cause the correction of the Threatening Condition following such notice. Apiture may terminate Institution’s and/or subscriber’s use of the Services without further requirement of notice if the Threatening Condition remains uncured more than thirty (30) calendar days after Fiserv notifies Apiture and Institution the Threatening Condition.
  19. With Fraudnet with Risk Assist, an alert will be generated for each online bill payment or consumer payment that scores as a suspect payment. The Fraudnet team will monitor and evaluate all alerts and communicate with either the Institution or initially the bill pay subscriber when required to confirm the payment was submitted by the subscriber. Fraudnet will send an alert notification to Apiture and the Institution when these occur.
  20. The Fiserv Checkfree bill discovery service enables the automatic searching, identification, and retrieval of information about a subscriber’s payees and bills based on matching information about the subscriber’s identity. As part of the bill discovery service, a Fiserv-approved consent is required for each subscriber to authorize the access and use of information from the subscriber’s consumer report from a credit bureau, and Fiserv’s biller network to perform the bill discovery service.
  21. Insights Assist is a self-service reporting option that offers the ability for Institution to access and run reports without engaging Apiture or its Third Party Provider. A Subject Area is a group of reporting content with similar data (such as, but is not limited to subscriber activity), presented in one dashboard containing key metrics about the Subject Area, including reports that are pre-developed by Apiture’s Third Party Provider as well as a business objects universe in the dashboard which can be used by Institution to create custom reports. To gain access to a Subject Area Institution must contact Apiture in writing. Institution will then be billed for a minimum of twelve (12) months after enabling each specific Subject Area and will continue to be billed monthly for each such Subject Area until Institution provides 30-day written notice to Apiture to discontinue access to a Subject Area.
  22. The Business Bill Pay Services shall specifically provide the following features and functionality to Business Bill Pay Service Users:
    1. The web subsite will facilitate the transfer of an encrypted account number and PIN data from the Institution’s host system for verification, if required.
    2. Business Bill Pay Service Users can pay anyone from anywhere in the U.S., twenty-four (24) hours a day, seven (7) days a week. Business Bill Pay Service Users can also schedule payments up to one (1) year in advance.
    3. Business Bill Pay Service Users can initiate and authorize payments from their accounts to payees who have selected in advance to receive payments by means of the Bill Pay Service. Business Bill Pay Service Users will have the option of setting up payments as one of two bill payment types. (1) recurring; or (2) single. Recurring payments are payments of a fixed amount paid on a regular time interval, such as, but not limited to, monthly rent or mortgage payments; once a recurring payment is set up by the Business Bill Pay Service Users, the Business Bill Pay Service will automatically execute bill payments according to the Business Bill Pay Service User’s instructions until the Business Bill Pay Service User cancels or changes those instructions. Single payments are payments that vary in amount and/or date, such as, but not limited to, utility or credit card payments. Once a single payment is set up by the Business Bill Pay Service Users individually, the Bill Pay Service will execute the bill payment instructions according to the Business Bill Pay Service User’s instructions for each individual payment.
    4. The Business Bill Pay Service User can select from a pre-defined list of billers to receive electronic bills. Once the Business Bill Pay Service Users has activated the bill delivery service for a biller, the Business Bill Pay Service User will begin to receive future bills electronically within the Bill Pay Service.
    5. Business Bill Pay Service Users are permitted to transfer funds between accounts activated for the Bill Pay Service. The Bill Pay Service will execute such account transfer requests for each individual account transfer request.
    6. The Bill Pay Service provides two-way messaging which allows Business Bill Pay Service Users to send and receive messages regarding the bill payment service from the Third Party Provider’s customer care service.
    7. The Bill Pay Service provides a list of the Business Bill Pay Service User’s payments scheduled and processed.
    8. The Bill Pay Service allows Business Bill Pay Service Users to utilize multiple accounts as activated payment accounts. When scheduling payments, the Business Bill Pay Service User may make a payment from any activated payment account.
  23. Except as set forth in Section 1.1.11 hereof, Institution will be responsible for managing all contact with Business Bill Pay Service Users. This includes but is not limited to, sales, training, implementation, customer care, system support, customer disclosures required by applicable laws, rules and regulations and communications, including but not limited to communicating then-current terms and conditions of Bill Pay Service stipulated by Apiture’s Third Party Provider.
2. iPay Bill Payment and Presentment (Retail Consumer and Business)
  1. Apiture’s Third Party Provider may decline to provide Bill Pay Services to any Institution whose financial condition is not satisfactory to Apiture or its Third Party Provider in its/their reasonable, sole discretion; provided that should Institution believe its financial condition is suitable for providing Bill Pay Services, Institution will be required to provide a written guarantee from a documented, financially suitable third party (co-signer) of all obligations arising in connection with the Agreement, including payment of all charges for Bill Pay Services and Apiture will provide the Bill Pay Services.
  2. Prior to using the Bill Pay Services, Institution agrees that Users must enroll in the service. Institution is responsible for ensuring that the identity of Users has been authenticated pursuant to “know your customer” requirements and for OFAC screening of Users prior to making the Bill Pay Services available to them. Institution is responsible for the selection and use of user authentication techniques and other security features available through the Bill Pay Services and other sources. Neither Apiture nor its Third Party Provider shall be liable for fraudulent and otherwise unauthorized access to and use of the Bill Pay Service.
  3. The Institution agrees to install with each individual User one or more agreements, which contain, without limitation, (i) the User’s authorization to allow Institution to provide the Bill Pay Services to User; (ii) legally required disclosures; (iii) the User’s authorization for Institution to originate ACH entry debits to the User’s account; and (iv) authorization for Apiture’s and its Third Party Provider to access and retrieve information in the User’s biller accounts. Institution will deliver evidence of those authorizations to Apiture (or its Third Party Provider) upon written request.
  4. For any Institution billing files provided to Institution, Institution is responsible for the timely receipt and posting of the payment file. Cancellations must be complete before the cancellation cut off time.
  5. Payments scheduled prior to the established cut-off time on Business Days will be processed on that day. Apiture’s Third Party Provider processes these transactions and prepares debit files for the Institution to cover funds for bill payment transactions, which the Institution processes through its core system. Institution acknowledges that User payments are remitted through various partners, iPayNet (a proprietary payment gateway), ACH, or by printed check. Apiture’s Third Party Provider seeks to remit payments in the least costly, most efficient manner possible. Institution agrees the User is responsible for scheduling the payments to arrive at the payee no later than the bill’s actual due date by specifying the payment date in the payment instructions. The estimated delivery date is provided as a guide and is not guaranteed. Payments scheduled after the cutoff time or on non-Business Days will be considered entered in the Bill Pay Service on the next Business Day. Institution may cancel payments through the master site prior to the established deadlines.
  6. Whenever a User activates the eBill service for a particular biller, the User will be required to provide information necessary to access the User’s account with such biller, such as login credentials for that biller’s web site. The eBill service will use this information to regularly log into the User’s account at the biller’s site and extract information regarding the User’s most recent statement in order for the eBill Service to present this information to the User in conjunction with the Bill Pay Service. If a User does not have complete and accurate access information for a biller’s site, or if they are unwilling to provide this information to Apiture, then that User cannot use the eBill Service for that biller and Apiture and its Third Party Provider have no liability for any delays or failure to transact with that particular User’s biller. The eBill service is made available only as an integral part of the Bill Pay Services.
  7. The eBills/eBill Presentment Service includes the use of Data Analytics. “Data Analytics” means: (i) monitoring click activity (via tagging) of any eBill landing page that allows an end user to view eBills for an individual biller, and (ii) monitoring click activity (via tagging) of an embedded digital ad graphic so that biller may learn whether an eBill ad graphic appearing on its eBill landing page was clicked by an end user. No account or other personal information shall be collected and the use of the data shall be purely for collecting click events. Institution agrees to (a) provide Apiture written authorization to share anonymized Data Analytics results with iPay, iPay’s third party service providers, their permitted assigns, and their sub-contractors, agents and applicable eligible biller(s), and (b) comply with all applicable state and federal privacy, data security and user tracking laws.
  8. For as long as Apiture offers and supports a Hybrid Risk Model of funding Bill Pay Service transactions, the Institution may elect to process bill payment transactions using the Hybrid Risk Model where electronic payments are debited from the User’s account on the delivery date and all checks are drawn on the User’s account and clear when presented to the payee’s financial institution (Hybrid Risk Model). If Institution elects for the Bill Pay Services to be performed using the Hybrid Risk Model, then Institution agrees it is responsible for and shall indemnify, defend and hold Apiture harmless from claims arising from, the setting of the daily and monthly electronic processing risk limits which applies to electronic payments. Institution acknowledges that electronic payments always pay electronically unless the payment exceeds the risk limit established by the Institution and in that instance the payment is converted to a check for that specific transaction. When a User submits an electronic payment that exceeds the risk limit established by the Institution, the User must be advised by the Institution that the payment needs to be delivered as a check drawn on the User’s account. The User then has the option to either accept a conversion of the payment to check, or to cancel the payment. In addition to the existing payment limits (max transaction cap, email payment transaction cap, and the email payment processing cap), two new User limits are available: a daily maximum and monthly maximum processing dollar amount for electronic transactions. If a scheduled or edited electronic transaction causes either one of the maximums to be exceeded, the Institution acknowledges the transaction will be sent as a check. The Institution is responsible for setting daily maximum and monthly maximum dollar amount payment limits and manages those limits globally or at the individual User level. The existing global or individual User level limits for each electronic transaction and email payment (P2P) will still be validated before the new limits described above are invoked. All electronic payments are subject to the electronic risk limits established by the Institution and when any transaction exceeds the limit, the transaction is converted to a check. Users are notified of this conversion during the online session as the consumer Bill Pay interface prompts the User to provide a remittance address to use for that specific transaction. In addition, Institution may control the decision on Non-Sufficient Funds (NSF) fees and uncollected fees. The Institution is responsible for deciding its risk tolerance per User and setting limits accordingly based on its own assessment of the particular User. Real-time reporting provided by Apiture gives the Institution an opportunity to assess its risk tolerance relating to those Users exceeding established risk limits and thereby gives Institution the power to adjust its Users’ individual risk limits. In using this Hybrid Risk Model, Institution acknowledges that it retains all liability for all unfunded payments. An unfunded payment is defined, for the purpose of these Service Terms, as any electronic bill payment the Institution could not post due to any reason, including, but not limited to: insufficient funds, closed account, frozen account, etc. Check payments are drawn on the User’s account with Institution and the Institution has the option to honor the check and can also assess NSF or uncollected fees to the User. If Institution elects to operate under the Hybrid Risk Model, Institution understands that Institution will not have the opportunity to review and cancel payments.
  9. For as long as Apiture supports and Institution engages in the Good Funds Model of funding consumer/retail Bill Pay Service transactions, the Institution may elect to process bill payment transactions under the Good Funds Model where payments will be held overnight (Good Funds Model). For this funding model, the Institution has the ability to cancel electronic payments within designated timeframes but may not return any debits for electronic bill payments processed. Check payments may be drawn on accounts at Apiture (or its Third Party Provider’s) and settled with the Institution, enabling the Institution to cancel payments before they are paid. Alternately, check payments may be drawn on the User’s account enabling the Institution to clear the item once it is presented to the Institution.
  10. For as long as Apiture supports and the Institution engages in the Funds Verification Model, Apiture’s Third Party Provider is allowed to verify funds’ availability for electronic payments and hard post the debits for bill payments to the User’s account with the Institution on the same day the payment is processed (Funds Verification Model). This Funds Verification Model is only available for Institutions on a Jack Henry & Associates banking core platform (SilverLake, 20/20, or Core Director). Check payments can only be drawn on the User’s account with Institutions having the option to clear the item once it is presented to the Institution. Stop payments may be placed by the User within internet banking. Institution acknowledges that User fees for expedited payments, gift pay or bill pay do not go through the same funds verification process.
  11. Notwithstanding Apiture’s obligations in the Agreement to utilize commercially reasonable information security procedures and encrypt data and accept encrypted data, neither Apiture nor its Third Party Provider guarantees that data submitted through the Internet will be secure from unauthorized access or will be free of errors or omissions due to Internet transmission.
  12. Institution acknowledges that as of the effective date of the Agreement, the Third Party Provider’s data centers are hosted by Jack Henry & Associates, Inc. If, at any time Apiture’s Third Party Provider decides to utilize an unaffiliated service provider for that function then Apiture’s Third Party Provider has the option to do so as long as Apiture is given the opportunity to perform due diligence, including a security risk and technical and operational audit of the new service provider. If Apiture and its Third Party Provider cannot mutually agree on remediation and mitigation if Apiture determines the new service provider exposes Apiture and/or Institution to security or compliance risk, then Apiture may terminate the Bill Pay Services. Institution acknowledges that such termination will be Apiture’s sole remedy for its Third Party Providers substitution of its data center service provider.
  13. Where a User meets the requirements of this Section and a User’s bill payment transaction is not processed or is delayed as the result of an error by Apiture or its Third Party Provider, Apiture or its Third Party Provider will be responsible to the Institution for the amount of any late charges actually incurred by the User up to $50.00 in accordance with the below. Institution and/or User will otherwise be responsible as follows:
    
    In the event Apiture or its Third Party Provider is responsible for a late charge/penalty according to the above chart, Apiture (or its Third Party Provider) will either (i) contact the payee to have the late fee/penalty waived or (ii) reimburse Institution for the late fee/penalty, up to Fifty Dollars ($50.00) for each late payment where the User provided Apiture with complete and accurate payment instructions and scheduled the payment to process at least five (5) Business Days prior to the payment due date to allow for proper and timely receipt by the payee. Late fees/penalties will not be reimbursed by Apiture or its Third Party Provider for payments not initiated at least five (5) Business Days prior to the payment due date.
  14. Institution shall be responsible for, and defend, hold harmless and indemnify Apiture, its Affiliates, and any Third Party Provider from against all claims by a User relating to the authorization of Apiture (and its Third Party Provider, if any) to provide Bill Pay Services on behalf of the User as well as the attendant results from the provision of the Bill Pay Services including but not limited to insufficient funds, repudiation of authorization for payment, fraud on the User’s account, and, except as set forth in the preceding paragraph, late fees. Apiture (and its Third Party Provider, if any) will incur no liability because of the existence of any one or more of the following circumstances: (a) if, through no fault of Apiture (or its Third Party Provider, if any), any designated User account from which funds for bill payments are deducted does not contain sufficient funds to complete the transaction and is cancelled by the Institution; (b) the Services are not working properly and the Institution knows or had been advised by Apiture (or its Third Party Provider, if any) through the communication method of its choosing about the problem before the User executes the transaction; (c) the payee to whom an User designates a bill payment to be delivered mishandles or delays processing a payment sent by Apiture (or its Third Party Provider, if any); or (d) a User has not provided Apiture (and its Third Party Provider, if any) with the correct name, address, phone number, or account information for the payee, or a User has not provided Apiture (and its Third Party Provider, if any) with accurate personal information, of a User or has otherwise provided incomplete bill payment instructions.
  15. Institution will notify Apiture as soon as commercially practicable, but in no event later than 1 Business Day, if Institution becomes aware that any user is materially breaching its terms and conditions with respect to the Bill Pay Services. Apiture reserves the right to charge for research time in connection with investigation of disputed payment transactions. Institution remains liable for all fraudulent losses, including chargebacks.
  16. On a daily basis, Apiture’s Third Party Providers’ financial institution will originate an ACH debit entry to Institution to collect the funding for the bill payments initiated by Institution’s Users. Institution may not return such ACH debit entry for any reason. As soon as notice is provided to Institution that any debited funds have been returned, Institution shall immediately wire to a designated account at Apiture’s Third Party Provider’s financial institution on that same day immediately available funds in the amount of any returned ACH debit entry. All bill payment funds held overnight will be held in overnight investment accounts and any interest on such funds will be paid to Apiture’s Third Party Provider as part of its compensation for the Bill Pay Services.
  17. Should an error occur with the Bill Pay Services, if directed by Apiture, Institution will take all steps reasonably necessary to carry out procedures for resolving errors or malfunctions within a reasonable time after such procedures have been received from Apiture and/or its Third Party Provider. Institution is responsible for assisting with returns and exception handling, without limitation, providing Apiture and/or Third-Party Provider with access to User’s information to duplicate and resolve errors. Apiture and its Third Party Providers shall not be responsible for errors caused by Institution, Users, or billers. Apiture reserves the right to charge for research time in connection with investigation of disputed payment transactions.
  18. If Institution purchases Apiture’s Third Party Providers’ Compliance Package, then a daily report of potential OFAC SDN List matches of payees is made available to Institution on the site software. Institution is responsible for reviewing the report daily and determining whether to block any payment transactions.
3. Metavante Bill Payment and Presentment (Retail Consumer)
  1. Institution will provide any computer and communications hardware and related software required at its location(s) including its own internet access services, for Institution’s use in accessing the administrator module on Apiture’s Third Party Provider’s website via the internet in support of its User and Institution service obligations.
  2. Institution is responsible for migrating existing customer data to Apiture’s Third Party Provider database and the User is responsible for the accuracy of account and other information required for accessing User bills.
  3. Institution agrees to cooperate with Apiture or its Third Party Provider and provide Apiture or its Third Party Provider with all necessary information and assistance required for Apiture and its Third Party Provider to successfully make the Bill Pay Services operational and available to Institution. Institution agrees that Apiture or its Third Party Provider is under no obligation to provide any User with access to the Bill Pay Services unless and until Institution has provided Apiture or its Third Party Provider with all information and documentation required by Apiture or its Third Party Provider for User set-up. Apiture and its Third Party Provider will not have the contractual relationship with Users, and so must rely upon Institution to manage liability and risk issues. Institution will include appropriate provisions in its User Agreements regarding, and shall indemnify Apiture and its Third Party Provider from, defend and hold each harmless from claims arising from: (a) any User’s use of or inability to use the Bill Pay Service, specifically including, without limitation, any User’s claim for late charges or other economic loss or damages arising from the User’s use of the Bill Pay Service, (b) transactions effected with a lost, stolen, counterfeit or misused access code or identification number issued to any User; and (c) any payments initiated by a User which are not completed due to lack of funds in the User’s settlement account.
  4. Institution understands that it is fully responsible for the availability of good funds necessary to settle the bill payment activities of Users initiated through the use of the Bill Pay Services. Apiture’s Third Party Provider shall initiate debit ACH entries against each User’s designated account for bill payment activities initiated by the Use. Institution is and shall remain solely and exclusively responsible to Apiture for the entire amount of any bill payment processed for and on behalf of a User in accordance with instructions received through the Bill Pay Services and which is not funded by the User due to insufficient funds in the applicable depository account or for any other reason outside Apiture’s or its Third Party Provider’s control. A description of Apiture’s Third Party Provider’s collection procedures as of the date of these Service Terms is set out herein. Apiture’s Third Party Provider reserves the right to modify its collection procedures from time to time. Neither Apiture nor its Third Party Provider shall be responsible for losses with government payments. Institution shall be exclusively responsible for and, upon Apiture’s demand, reimburse Apiture for, the amount of any government payments which Apiture or its Third Party Provider reasonably believe it cannot collect from the User for any reason.
  5. Apiture’s Third Party Provider reserves the right to set and change its User support policies, procedures and availability as they apply to all users of its service (not just Institution’s Users) without the consent of Institution.
  6. Institution remains liable for all fraudulent losses, including chargebacks.
  7. Where a User meets the requirements of this Section and a User’s bill payment transaction is not processed or is delayed as the result of an error by Apiture or its Third Party Provider, Apiture or its Third Party Provider will be responsible to the Institution for the amount of any late charges actually incurred by the User up to $50.00 in accordance with the below. Institution and/or User will otherwise be responsible as follows:
    
    In the event Apiture or its Third Party Provider is responsible for a late charge according to the above chart, Apiture (or its Third Party Provider) will reimburse any payee-imposed late fees, up to $50.00, incurred by any User; provided that the User provides Apiture with payment instructions 5 business days prior to the due date to allow for proper and timely receipt by the payee. Late fees or penalties not initiated at least 5 business days prior to the due date will not be reimbursed by Apiture or its Third Party Provider.
  8. Payment instructions, paper bill images and e-bill images will be available for 12 months after which they will be purged, however, Apiture’s Third Party Provider will research and provide a response to User inquiries on transaction data and bill images for a period up to 7 years after the date of the transaction.
  9. Check payments will be issued using Apiture’s Third Party Provider’s Trust Check drawn on its bank account. All U.S. Postal rate increases will be passed-through as actual costs to Institution with or without prior notice.
  10. Payment transaction data and bill images will be stored and made available online for Users and Customer Service Tool (CST) users to view for a period of 24 months. Payment transaction data and bill images older than 24 months may be purged provided, however, Apiture’s Third Party Provider will research and provide in response to all User inquiries transaction data and bill images for a period up to and including 7 years after the date of the transaction.
  11. Apiture and its Third Party Provider will maintain check images for no more than 90 days after the check has cleared.
4. Payrailz Bill Payment, P2P and Fraud Monitor
  1. Institution’s right to use the Payrailz Bill Payment, P2P and Fraud Monitor Services (each, a “Payrailz Service”) is limited only to the use by its authorized clients and customers (PR Users) and not for further resale, relicense or other use by third parties and only at the sites and for the purposes specified in the Apiture Agreement.
  2. Certain portions of the Payrailz Services will be implemented and maintained by a third party provider of the Payrailz. Specifically, the following terms and conditions apply with respect to the Instant Account Verification Service. “Instant Account Verification Service” means those certain account authentication services and any other services provided in connection with the Payrailz Services that are provided by the Payrailz third party, Plaid, Inc. or its successor (“Plaid”). Notwithstanding anything herein to the contrary, client data entered into the Payrailz Services by a PR User in connection with the Instant Verification Information for purposes of these Service Terms shall not be Confidential Information and shall be maintained and processed by Plaid in accordance with Plaid’s privacy policy (currently available at www.plaid.com/legal). Institution shall provide all notices and obtain all consents required by law from PR Users for Plaid to process PR Users’ data in accordance with Plaid’s privacy policy (currently available at www.plaid.com/legal), which may be accomplished by including the provisions in the PR User license agreement as specified in Part II, Section 5 of these Service Terms.
  3. Institution agrees to make its facilities, personnel and information available to Apiture and/or Payrailz, as applicable, in a timely manner to permit the scheduled activities in accordance with the project plan. Institution’s failure to timely complete its required tasks, responsibilities or approvals may result in delay of the implementation and use of the Payrailz Service and Institution shall be solely responsible for any additional costs resulting from Institution’s delay or failure to provide the resources necessary.
  4. Any material changes to timing, deliverables or pricing under the project plan including, but not limited to, delays resulting from a failure of the Institution to timely meet its obligations under the project plan shall be set forth in a change order form and agreed to by the parties. Once the change order form is executed, the project plan will be amended as provided therein.
  5. APITURE DISCLAIMS ALL IMPLIED COVENANTS AND WARRANTIES OF ANY KIND IN CONNECTION WITH THE PAYRAILZ SERVICES, THE DOCUMENTATION, AND THE APITURE SYSTEM, INCLUDING ANY WARRANTIES OF QUALITY, MERCHANTABILITY, TITLE, NON-INFRINGEMENT, SUITABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.
  6. Institution shall not copy, reproduce, modify, or make derivative works of or improvements or enhancements to the Payrailz Services and shall not, by any direct or indirect action or inaction, impair or alter the functionality of the Payrailz Services.
  7. Institution shall not cause or permit the reverse engineering, disassembly, translation, adaptation, or de-compilation of the Payrailz Services, or any attempt to derive source code or algorithms of the Payrailz Services, and shall not use the results of such processes.
  8. Institution shall be bound by its confidentiality and non-use obligations in the Apiture Agreement with respect to any information related to the Payrailz Services as furnished or disclosed by Apiture or its Payrailz Service to Institution.
  9. Institution shall comply fully with all relevant laws, rules and regulations.
  10. Institution shall not assign or sublicense its license to use the Payrailz Services except in the instance of assignment to affiliates or in connection with a sale of substantially all of the Institution’s business or assets.
  11. Institution does not have any right, title or interest (including intellectual property rights) in or to the Payrailz Services.
  12. Prior to granting access, all PR Users shall be bound by a written agreement with Institution that governs the terms of the use of the Payrailz Services, which such agreement shall contain, at a minimum, those terms set forth in Part II, Section 5 (below) of these Service Terms.
  13. Institution shall provide support to its PR Users regarding the Payrailz Services. Except for providing training and training materials to Institution to train its customer care representatives on the Payrailz Services, Apiture shall have no liability or responsibility for any support to Institution PR Users. Institution shall promptly notify Apiture of any issue requiring support from Apiture and provide Apiture with reasonable detail of the nature and circumstances of the incident. If an incident requires support from Apiture or Payrailz, Institution shall provide access to its network environment, facilities, personnel and contractors as necessary to effectively perform the support.
    
    Neither Apiture nor Payrailz shall have any obligation to provide support for incidents that arise out of or result from, in whole or in part: (a) any fault or failure in any third party products or services; (b) use of the Payrailz Services in combination with any third party products and services; (c) negligence, abuse, misapplication or incorrect use of, or damage to, the Payrailz Services by Institution; (d) circumstances or causes outside of the control of Apiture or Payrailz, as applicable; (e) maintenance, updates, improvements or other modifications to the Payrailz Services by Institution; or (f) any breach by Institution of its obligations under the Apiture Agreement or these Service Terms.
  14. Indemnification. Institution shall indemnify and hold harmless Apiture, Plaid and Payrailz, including their respective affiliates and officers, directors, shareholders, employees, representatives, agents, subcontractors, successors and assigns (the “Indemnified Parties”) from and against all claims of third parties, and any and all loss, damage, settlement or expense (including reasonable attorney’s fees and legal expenses) incurred by the Indemnified Parties to the extent arising out of (a) Institution’s gross negligence or willful misconduct in performing any of its obligations under its Apiture Agreement or these Service Terms, or (b) Institution’s breach of any of its representations, warranties, covenants or agreements under its Apiture Agreement.
  15. Fraud Monitor Service. Fraud Monitor is provided by Jack Henry & Associates, Inc. (“JH”) on an “AS IS” basis and JH makes no warranties, express or implied, with respect to Fraud Monitor. Fraud Monitor is a cloud-native, AI-based solution that detects multiple fraud attributes and indicators and generates an actionable score when payment transactions are initiated. Institution can configure score ranges and other thresholds based on their unique risk tolerance. JH shall not be liable for any damages incurred by Institution arising out of Institution’s use of Fraud Monitor, including but not limited to any fraud-related losses incurred by Institution. The data shared by Institution with the Deny List, if any, is shared globally with JH’s other customers on Fraud Monitor, and JH does not verify the accuracy of data on the Deny List.
My Spending, Apiture IQ, PULSE, IAV & ID (Instant Account Verification) and MX Wealth Management
1. Institution, for itself and its affiliates, authorizes Apiture’s Third Party Providers for the My Spending, Apiture IQ, PULSE, IAV& ID and/or MX Wealth Management Services (My Spending Service Providers) to utilize application programming interfaces between the Apiture System and My Spending Service Providers’ systems for My Spending Service Providers to perform data extraction and retrieval services that are (a) authorized by an Institution User, and (b) independent from performing My Spending Services for Institution. These extraction and retrieval activities are in place of Apiture’s Third Party Providers using a single data script (i.e. screen scraping) to extract and retrieve data residing on the Apiture System. For purposes of these Service Terms, the term “MySpending Services” refers to any one or bundle of My Spending, Apiture IQ, PULSE, IAV& ID and Wealth Management Services.
2. Institution authorizes Apiture to provide My Spending Service Providers direct data feeds (via OFX version 2.2 or the current version of MDX) to/from Apiture Systems.
3. Institution will enter into an agreement with each User using, at minimum, the terms set out in the User Agreement in Part II, Section 1 of these Service Terms or as otherwise approved by Apiture in connection with the My Spending Services.
4. Apiture will use commercially reasonable efforts to work with My Spending Service Providers that provide data aggregation services for external accounts held-away at Institution or its third party financial institution(s) to provide functioning data aggregation services. Apiture makes no warranty that data aggregation services for external accounts held-away at Institution or its third party financial institution(s) will operate uninterrupted. Apiture will not be responsible for errors associated with data aggregation services for external accounts held-away at Institution or its third party financial institution(s), except for errors, the root cause of which, is attributable to Apiture’s My Spending Service Provider.
5. Institution will:
  1. notify Apiture as soon as reasonably practicable of any unauthorized access to or misuse of the MySpending Services.
  2. permit Apiture or its My Spending Service Provider masked user account and transactional information through the channels requested by Apiture.
  3. provide Apiture with a financial account that: (i) contains all of the financial account types offered by Institution (i.e., checking, savings, loans, credit cards, line of credit, mortgage, investments, etc.), (ii) has test transactional data for each account type updated on a monthly basis throughout the term of the Agreement to enable continuous testing of transaction functionality within the My Spending Services, and (iii) allows testing from the required testing and production environments.
  4. in order to provide proper functionality, quality control, and to ensure the best user experience for the My Spending Services, cooperate with Apiture and its My Spending Service Provider to access, whenever reasonably requested by Apiture, User account information.
6. Institution will not (a) make the MySpending Services available to anyone other than its authorized Users; (b) intentionally interfere with or disrupt the integrity or performance of the MySpending Services or third-party data contained therein, or (c) make any legally binding commitment, representation, or warranty on behalf of the My Spending Service Provider, or any of its affiliates, subcontractors or third party providers.
Out of Band Token Authentication
1. Apiture will provide Institution with the Service and related support services as set forth in these Service Terms to initiate and to maintain the Institution’s ability to provide the OoB Service to its authorized Users, who have agreed to Apiture’s Third Party Provider policy, referenced in Part II, Section 4 (below) and any other terms required by Apiture. Institution shall advise Users that they may incur additional charges from their telephone carriers and shall be solely responsible for such charges when sending and/or receiving any voice calls placed as part of the Token and Out of Band Token Authentication Services (collectively, OoB Services). The OoB Services include authentication hardware or software which displays a changing passcode. The changing passcode must be typed into an authentication screen by the registered User. The passcode is derived by a cryptographic process. Neither Apiture nor its OoB Third Party Provider shall be responsible to reimburse Institution or its Users for such charges including, but not limited to, inter-connection, access, termination, wireless, landline or any phone charges in the provision of the OoB Service.
2. Institution shall not use the OoB Service to transmit or authorize: (i) junk mail, spam, or unsolicited material to persons or entities that have not agreed to receive such material or to whom Institution does not otherwise have a legal right to send such material; (ii) material or data that is illegal, harassing, coercive, defamatory, libelous, abusive, threatening, obscene, harmful to minors, excessive in quantity, or the transmission of which could diminish or harm the reputation of Apiture or its Third Party Provider or any network carrier involved in the provision of the OoB Service, including but not limited to material that is related to alcoholic beverages, tobacco, guns or weapons, illegal drugs, pornography, crime, violence, death, or any other questionable subject matter. Institution will not use the OoB Service in support of or for any illegal, fraudulent, or improper purpose, and will immediately notify Apiture if Institution learns of any unauthorized use of the OoB Services.
3. Institution represents and warrants that: (i) Institution has obtained the necessary consents, right and licenses to, and authority over all data, required of registered Users necessary to lawfully provide to Apiture and permit Apiture to process the data as contemplated in the Agreement, (ii) Institution will use the OoB Service only in compliance with Legal Requirements including privacy and data protection requirements as well as applicable choice and notice requirements; (iii) Institution has reviewed Part II, Section 4 (below) and understands its obligations and will comply with these obligations; and, (iv) Institution will not use the OoB Service in support of or for any illegal, fraudulent, or improper purpose, and will immediately notify Apiture if Institution learns of any unauthorized use of the OoB Service.
4. Institution will be responsible for record retention and for compliance with all applicable Legal Requirements with respect to the retention and reproduction of all documents and records related to the OoB Services.
5. These Service Terms are expressly made subject to any laws, regulations, orders or other restrictions on the export from the United States of America of software, hardware, or technical information, which may be imposed from time to time by the government of the United States of America. Regardless of any disclosure made by Institution to Apiture of an ultimate destination of the OoB Service or the security credential, and, notwithstanding anything contained in these Service Terms to the contrary, Institution will not export, or re-export, either directly or indirectly, any part of the OoB Service, security credential or portions thereof, without first obtaining any and all necessary licenses from the United States government or agencies or any other country for which such government or any agency thereof requires an export license or other governmental approval at the time of modification, export, or re-export. Institution will be deemed to be the importer of record of for any portion of the OoB Service or security credential outside of the U.S., and shall be responsible for any related import filings, requirements, documentation, fees, taxes, duties, or other compliance obligations imposed by the applicable destination country or jurisdiction. Institution also agrees that it will not use the OoB Service or security credential for any purposes prohibited by United States law, including, without limitation, the development, design, manufacture or production of nuclear, missiles, or chemical or biological weapons.
6. Institution understands that the OoB Service will be provided from Apiture using technology licensed by a Third Party Provider. Institution acknowledges that, in provisioning the OoB Service, Apiture and its Third Party Provider depend on the facilities, networks, connectivity and other acts of parties not under their control, including wireless carriers, government entities and network operators. NEITHER APITURE NOR ITS THIRD PARTY PROVIDER SHALL BE LIABLE FOR ANY INTERRUPTION, DELAY, SUSPENSIONS, AND OTHER ACTS AND/OR OMISSION BY SUCH PARTIES THAT ARE NOT WITHIN THEIR CONTROL.
7. Institution will be deemed to be the importer of record of for any portion of the OoB Service or security credential outside of the U.S., and shall be responsible for any related import filings, requirements, documentation, fees, taxes, duties, or other compliance obligations imposed by the applicable destination country or jurisdiction. Institution also agrees that it will not use the OoB Service or security credential for any purposes prohibited by United States law.
8. Institution’s authentication hard token orders are offers to purchase products subject to this Section of the Service Terms. All orders are subject to Apiture’s OoB Third Party Provider’s acceptance. Apiture’s OoB Third Party Provider may decline or cancel any order for any reason at any time. Apiture’s OoB Third Party Provider’s acceptance of Institution’s order is limited to these terms without any modification or exception. Additional terms and conditions on any purchase document (e.g., order) will have no effect (i.e., will not change or add to these terms whether or not Apiture’s OoB Third Party Provider specifically objects to those terms and conditions). Institution, on behalf of itself and any end customer for whom the product is purchased, consents to the transfer of Institution’s and any end customer’s email addresses, when such transfer is required to complete a transaction. Institution represents and warrants that all of Institution’s employees and agents placing orders on behalf of Institution are duly authorized to commit Institution. All accepted orders are binding. Institution may not cancel or amend any accepted order without Apiture’s written consent, except in the event of a material default by Apiture’s OoB Third Party Provider with respect to such order which has not been cured by Apiture’s OoB Third Party Provider within a reasonable period of time (not less than ten (10) days) following receipt of written notice from Institution of such default. Any cancellation by Institution permitted hereunder must be in writing and specify in reasonable detail the nature of the default. Orders for non-standard products, including products configured to Institution’s specifications, are non-cancelable and non-returnable. Apiture’s OoB Third Party Provider’s acceptance of Institution’s order occurs at time of shipment.
9. Notwithstanding anything in the Agreement to the contrary, hard token orders may be purchased at the prices prevailing at the time of shipment, as determined by Apiture’s OoB Third Party Provider. Quoted prices are subject to change without notice and do not include taxes, handling, shipping, transportation, duties or other charges or fees.
10. All deliveries of products will be made EX WORKS (Incoterms 2010) Apiture’s OoB Third Party Provider’s designated location. Risk of loss or damage to products will pass upon Apiture’s OoB Third Party Provider’s surrender of the products to the transportation provider. Institution assigns all rights in the receivables resulting from sales to its Users until Apiture receives full payment of amounts owed. Transportation charges will be on a “prepay and add” basis, unless otherwise agreed in writing by an authorized signatory of Apiture. Neither Apiture nor Apiture’s OoB Third Party Provider is responsible for spotting, switching, demurrage or other transportation charges unless agreed in writing. Neither Apiture nor Apiture’s OoB Third Party Provider is liable for any delays in delivery or for partial or early deliveries. Transportation charges will be in accordance with Apiture’s OoB Third Party Provider’s shipping policy at the time of shipment. If Institution directs Apiture to charge transportation fees to a third-party account number or to ship “freight collect”, Institution is responsible for all transportation and accessorial charges associated with the order and is responsible for product loss and damage in transit claims with the transportation provider. Neither Apiture nor Apiture’s OoB Third Party Provider is liable for any Institution requirements not stated in these terms. Institution or the consignee receiving delivery must accept deliveries and must inspect the products and secure written acknowledgement from the transportation provider for any shortages, loss, damage or nonconformance. Institution must notify Apiture in writing within two (2) days of receipt of any delivery of any shortages, defects or non-conforming products. In the event Institution fails to notify Apiture with such two (2) day period of any shortages, defects or non-conforming products, the products will be deemed accepted.
11. Institution may only return products as permitted in these terms. Products otherwise will be non-returnable and the prices and fees will be non-refundable. Institution may only return erroneously shipped products or products that were damaged prior to shipment. Products damaged after shipment may not be returned. In order to be eligible to receive credit for returned products, Institution must adhere to Apiture’s OoB Third Party Provider’s then current returns processing guidelines. Institution must obtain a valid return authorization number (RMA) from Apiture’s OoB Third Party Provider for all returns prior to returning any product. Apiture’s OoB Third Party Provider has no obligation to issue RMAs. Institution is responsible for ensuring that the RMA is clearly visible on the address label of the product packaging and for complying with all other Apiture’s OoB Third Party Provider requirements provided to Institution when the RMA is issued. Unless otherwise agreed in writing by Apiture’s OoB Third Party Provider, all product returns from Institution are DDP (Incoterms 2010) Apiture’s OoB Third Party Provider’s designated facility, and title and risk of loss will transfer to Apiture’s OoB Third Party Provider upon receipt and acceptance of returned products at Apiture’s OoB Third Party Provider’s facility. If Institution desires to return any products, Institution must initiate a new order for the replacement products. Apiture’s OoB Third Party Provider may refuse delivery of any package without a valid, clearly visible RMA. All products erroneously shipped by Apiture’s OoB Third Party Provider must be returned with the original packaging intact (including manufacturer’s shrink wrap) and otherwise in unused, resalable condition. Credit, if any, will be provided for product returned in accordance with Apiture’s OoB Third Party Provider’s return policies at the time the RMA was issued, provided Institution is not in breach of any of these terms. If Institution returns any products without Apiture’s OoB Third Party Provider’s authorization or does not comply with Apiture’s OoB Third Party Provider’s return requirements, those products may be subject to return to the shipping location and, if refused, Apiture’s OoB Third Party Provider may consider the products abandoned and dispose of them, without crediting Institution’s account. Apiture reserves the right to charge a restocking fee for handling any product that is erroneously returned. Apiture’s sole liability for any returned products will be acceptance of their return and issuance of credits pursuant to Apiture’s OoB Third Party Provider’s then current returns processing guidelines.
12. Institution acknowledges that neither Apiture nor Apiture’s OoB Third Party Provider is the manufacturer of the products. Product warranties, if any, are provided by the manufacturer or publisher (Vendor) of the products.
  
  INSTITUTION WILL INDEMNIFY, DEFEND AND HOLD HARMLESS APITURE, APITURE’S OOB THIRD PARTY PROVIDER, ITS AFFILIATES, AND ITS VENDORS, AND EACH OF THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, AND AGENTS FROM AND AGAINST ANY LIABILITIES, LOSSES, DAMAGES, COSTS OR EXPENSES OF ANY KIND (INCLUDING REASONABLE ATTORNEYS’ FEES AND DISBURSEMENTS) ARISING OR RESULTING FROM CLAIMS, DEMANDS, ACTIONS OR PROCEEDINGS OF ANY KIND ARISING FROM OR RELATING TO: (i) INSTITUTION’S USE, MARKETING, DISTRIBUTION OR SALE OF PRODUCTS IN A MANNER OTHER THAN AS SPECIFIED IN PRODUCT/SERVICE DESCRIPTIONS OR SPECIFICATIONS; (ii) APITURE OR APITURE’S OOB THIRD PARTY PROVIDER’S OR ITS VENDOR’S COMPLIANCE WITH DESIGNS, SPECIFICATIONS, OR INSTRUCTIONS PROVIDED BY INSTITUTION; (iii) INSTITUTION’S BREACH OF THESE SERVICE TERMS OR ACTS OR OMISSIONS OF INSTITUTION, ITS AFFILIATES, ITS AGENTS, OR THEIR RESPECTIVE EMPLOYEES, OFFICERS OR DIRECTORS; OR (iv) VIOLATION OR ALLEGED VIOLATION OF ANY APPLICABLE LAWS OR REGULATIONS BY INSTITUTION OR ITS AFFILIATES.
13. Neither Apiture nor Apiture’s OoB Third Party Provider will have liability for: (i) failure to allocate or reserve any product for Institution; (ii) failure to deliver products within a specified time period; (iii) availability and/or delays in delivery of products, (iv) discontinuation of products, product lines, or any part thereof; or (v) cancellation of any orders.
  
  THE OBLIGATIONS OF APITURE’S OOB THIRD PARTY PROVIDER AND ANY AFFILIATE THEREOF, IF ANY, HEREUNDER ARE THE SEVERAL OBLIGATIONS OF EACH SUCH ENTITY, AND NOTHING HEREIN WILL BE DEEMED TO CREATE ANY JOINT AND SEVERAL LIABILITY BETWEEN OR AMONG APITURE’S OOB THIRD PARTY PROVIDER AND/OR ANY OF ITS AFFILIATES.
14. Institution agrees to adhere to Apiture’s OoB Third Party Provider’s and any of its applicable Vendor’s current Product Restrictions and Obligations Policy. Institution may not alter or modify the OoB Services in any way or combine the OoB Services with any other product or material not authorized by Apiture and/or its OoB Third Party Provider or the applicable Vendor. OoB Services may have additional restrictions on their distribution or use. Institution is solely responsible for ensuring its adherence to any and all such restrictions.
15. Apiture’s OoB Third Party Provider is a distributor of “Commercial Items” as defined in FAR 2.101. Only the clauses in the Federal Acquisition Regulation (FAR) and agency FAR supplements which Apiture’s OoB Third Party Provider has agreed to and that are required to be inserted in a subcontract for Commercial Items, as set forth in FAR 52.244-6(c)(1) or an applicable agency FAR supplement apply to these Service Terms. Institution will receive only those rights in technical data provided by Apiture’s OoB Third Party Provider. In no event will Institution receive unlimited rights in data, software, or intellectual property rights provided by Apiture’s OoB Third Party Provider or its Vendors or any other third party.
16. Notwithstanding anything to the contrary in the Agreement, if Apiture’s OoB Third Party Provider discontinues the general availability of the OoB Service or any features of the OoB Service, Apiture will provide Institution with at least two (2) months’ written notice of such discontinuance. Upon receipt of such notice, Institution; (i) shall provide notice to registered Users of such discontinuance; and, (ii) as applicable, Institution shall promptly cease distribution of any security credentials related to the OoB Service.
Voice Authentication
1. Voice One Time Password (OTP) Security Credentials are generated by a cryptographic algorithm that is delivered to the User’s phone through a call placed over a network carrier. The OTP value received is compared with the OTP value generated and provided to the User. If the OTP values match, the OTP security credential is authenticated before accessing and using any VA Services.
2. Institution’s Users must register to use VA Services and accept a User Agreement which must meet the minimum requirements approved in advance in writing by Apiture and its Third Party Provider.
3. Institution shall advise Users that they may incur additional charges from their telephone carriers and shall be solely responsible for such charges when sending and/or receiving any voice calls placed as part of the VA Service. Neither Apiture nor it Third Party Provider shall be responsible to reimburse Institution or its Users for such charges including, but not limited to, inter-connection, access, termination, wireless, landline or any phone charges in the provision of the VA Service.
4. Institution acknowledges that, in provisioning the VA Services, Apiture and its Third Party Provider depend on the facilities, networks, connectivity and other acts of parties not under their control, including wireless carriers, government entities and network operators. NEITHER APITURE NOR ITS THIRD PARTY PROVIDER SHALL BE LIABLE FOR ANY INTERRUPTION, DELAY, SUSPENSIONS, AND OTHER ACTS AND/OR OMISSION BY SUCH PARTIES THAT ARE NOT WITHIN THEIR CONTROL.
5. Institution will be responsible for record retention and for compliance with all applicable Legal Requirements with respect to the retention and reproduction of all documents and records related to the VA Service.
6. In the event that Apiture’s Voice Authentication Third Party Provider discontinues general availability of any Voice Authentication Service (VA Services), Apiture will notify Institution of such discontinuance at least 60 days after Apiture’s receipt of any such notice. Institution shall thereafter cease using the VA Services.
7. These Service Terms are expressly made subject to any laws, regulations, orders or other restrictions on the export from the United States of America of software, hardware, or technical information, which may be imposed from time to time by the government of the United States of America. Regardless of any disclosure made by Institution to Apiture of an ultimate destination of the VA Service or the security credential, and, notwithstanding anything contained in the Agreement or these Service Terms to the contrary, Institution will not export, or re-export, either directly or indirectly, any part of the VA Service, security credential or portions thereof, without first obtaining any and all necessary licenses from the United States government or agencies or any other country for which such government or any agency thereof requires an export license or other governmental approval at the time of modification, export, or re-export. Institution will be deemed to be the importer of record of for any portion of the VA Services or security credential outside of the U.S., and shall be responsible for any related import filings, requirements, documentation, fees, taxes, duties, or other compliance obligations imposed by the applicable destination country or jurisdiction. Institution also agrees that it will not use the VA Services or security credential for any purposes prohibited by United States law, including, without limitation, the development, design, manufacture or production of nuclear, missiles, or chemical or biological weapons.
8. Institution shall not use the VA Services to transmit or authorize: (i) junk mail, spam, or unsolicited material to persons or entities that have not agreed to receive such material or to whom Institution does not otherwise have a legal right to send such material; (ii) material or data that is illegal, harassing, coercive, defamatory, libelous, abusive, threatening, obscene, harmful to minors, excessive in quantity, or the transmission of which could diminish or harm the reputation of Apiture or its VA Service Third Party Provider or any network carrier involved in the provision of the VA Services, including but not limited to material that is related to alcoholic beverages, tobacco, guns or weapons, illegal drugs, pornography, crime, violence, death, or any other questionable subject matter. Institution will not use the VA Services in support of or for any illegal, fraudulent, or improper purpose, and will immediately notify Apiture if Institution learns of any unauthorized use of the VA Services.
Interactive Voice Response (IVR)
1. Definitions:
  1. Back Office Instructions means the processes, procedures, practices, scripts, content, and other written instructions used in connection with customer call center, live agent/operator, back office (including chargeback processing), and other Services that require or permit Apiture to contact or interact with Users.
  2. Contact Criteria means written criteria for contacting Users, including Institution settings used to determine which Users to contact and when to contact them, as well as the methods for contact (including e-mail, land-line or mobile voice call, voice or text messaging, or any other electronic means).
  3. Network Rules means the mandatory rules of VISA, MasterCard, the National Automated Clearing House Association, or any other association, network, or payments organization the parties agree to that apply to Institution’s business or its Users.
  4. Restricted List means any sanctions/restricted list of any United States governmental authority, including the Bureau of Industry and Security’s Denied Persons list and the Office of Foreign Assets Control’s Specially Designated Nationals and Blocked Persons list and prohibited countries list.
2. Institution will:
  1. be responsible for managing the relationship with Users (including obtaining all necessary consents from Users and making any necessary disclosures to Users);
  2. monitor, interpret, and comply with all Legal Requirements, Network Rules, and its agreements with third parties (including Users)
  3. decide which services and settings are needed to satisfy Institution’s business requirements and to comply with its Legal Requirements, Network Rules, and its agreements with third parties (including Users);
  4. regularly screen Users, and the transactions of Users, against all Restricted Lists and comply with any sanctions or restrictions relating to Users or the transactions of Users; and ensure that no Institution staff member or User who is confirmed as a true match to an individual identified on any Restricted List accesses or uses the IVR Services, Documentation, or software provided for loading and use of IVR Services, participates in Institution’s receipt of IVR Services, or has access to Apiture’s or its IVR Third Party Provider’s Confidential Information.
3. For Services that involve ACH, Institution will comply with the NACHA Operating Rules, including all applicable obligations of the Originating Depository Financial Institution, and decide the Institution settings to support User payments by ACH.
4. IVR Services that require or permit Apiture or its Third Party Provider to contact or interact with Users, Institution, must (i) provide or review all proposed Contact Criteria and all Back Office Instructions, (ii) monitor, interpret, and comply with and all Legal Requirements, Network Rules and its agreements with third parties (including Users), (iii) determine whether the Contact Criteria and Back Office Instructions agreed to by Institution and Apiture satisfy Institution’s Legal Requirements, Network Rules, and the requirements of Institution’s agreements with third parties (including Users) and meet Institution’s business requirements, and (iv) decide which services and settings are needed to satisfy Institution’s business requirements and to comply with its Legal Requirements, Network Rules, and its agreements with third parties (including Users), (v) obtain consents from Users sufficient to legally permit the contact or interaction, including ensuring that each User gives express consent for calls or text messages to mobile numbers that are provided to Apiture or its Third Party Provider on behalf of Institution or User’s behalf.
5. If Apiture and Institution agree to change existing Back Office Instructions or Contact Criteria and supporting the change would cause Apiture’s costs to increase, then Apiture may increase the fee for any affected Service after giving Institution advance notice.
6. Institution has no obligation to take any action that would cause Institution, in Institution’s reasonable opinion, to be in violation of its Legal Requirements or Network Rules.
7. Neither Apiture nor its Third Party Provider will be considered an Originator, Originating Depository Financial Institution or Third Party Sender as defined in the NACHA Operating Rules.
8. Neither Apiture nor its Third Party Provider will be responsible for: (i) providing Institution with legal or compliance advice; (ii) ensuring that Institution complies with its Legal Requirements, Network Rules, or the terms and conditions of the User accounts; or (iii) obtaining any consents from Users.
9. Apiture will have no obligation to take any action that would cause Apiture, in its reasonable opinion, to be in violation of its Legal Requirements or its Network Rules.
10. Help Desk. IVR Customer Support Services for the resolution of technical questions and IVR product or service errors must be directed to the Apiture Customer Success Manager (and not the Third Party IVR Provider directly). Apiture will route the support and/or maintenance obligation to its Third Party Provider, as needed. To the extent that Institution and Apiture mutually agree in writing that an IVR Service or product error was caused solely by a failure of the Institution’s systems or hardware or a breach of the Agreement or these Service Terms by Institution, then Institution shall credit Apiture for the time spent remedying the error at Apiture’s then-current rates.
11. Institution shall promptly notify Apiture in writing of any violations, claims or proceedings involving the IVR products of which Institution is or becomes aware.
12. Nothing contained in any agreement between Apiture and Institution shall grant or shall be deemed to grant to Institution any right, title, or interest in or to trademarks of Apiture’s Third Party IVR Provider. Institution’s use of Apiture’s Third Party IVR Provider trademarks shall cease immediately upon termination or expiration of Apiture’s Agreement with Institution for such services or otherwise upon written notice by Apiture if Apiture or its Third Party IVR Provider reasonably determines that Institution’s continued use of the Apiture Third Party IVR Provider trademarks is adverse to its business reputation. Apiture or its Third Party IVR Provider may also use the trademarks of Institution under the same conditions as above.
13. Without incurring any liability to Institution, Apiture retains the right to update, amend, modify, upgrade or change the IVR products or features and related documentation effective upon written notice to Institution, and to end of life IVR products or features upon sixty (60) days’ prior written notice to Institution.
14. Apiture may terminate the IVR Services and the right to use the IVR products upon five (5) days’ notice to Institution if Institution breaches its obligations under the Agreement or these Service Terms. Upon such termination, Institution shall either destroy (or permanently erase) all copies of the IVR software and any accompanying documentation or return the original IVR software and any accompanying documentation to Apiture or its designee.
15. All intellectual property related to the IVR products and software or to any materials provided therewith is proprietary to Apiture’s IVR Third Party Provider or its licensors, and Apiture’s IVR Third Party Provider and its licensors retain all right, title, and interest therein and thereto. All rights not expressly granted are hereby reserved to Apiture’s IVR Third Party Provider and its licensors. Apiture’s IVR Third Party Provider’s licensors are intended third party beneficiaries of the Agreement and have the express right to rely upon and directly enforce the terms set forth herein.
16. Apiture warrants the media on which the IVR product is furnished to be free from defects in workmanship under normal use for thirty (30) days from the date of receipt thereof. Apiture, its IVR Third Party Provider and its licensors’ entire liability and Institution’s exclusive remedy for a breach of the preceding limited warranty will be to repair or replace the media containing the IVR software. Any repair or replacement will be warranted for the remainder of the original warranty period or thirty (30) days, whichever is longer.
17. APITURE, ITS IVR THIRD PARTY PROVIDER AND ITS LICENSORS PROVIDE THE SOFTWARE “AS IS.” EXCEPT AS EXPRESSLY SET FORTH ABOVE, NO OTHER WARRANTIES OR CONDITIONS, EITHER EXPRESS OR IMPLIED, ARE MADE BY APITURE, ITS IVR THIRD PARTY PROVIDER OR ITS LICENSORS WITH RESPECT TO THE IVR SOFTWARE AND THE ACCOMPANYING DOCUMENTATION (STATUTORY OR OTHERWISE), AND APITURE, ITS IVR THIRD PARTY PROVIDER AND ITS LICENSORS EXPRESSLY DISCLAIM ALL WARRANTIES NOT EXPRESSLY STATED HEREIN, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE, TO THE EXTENT PERMITTED UNDER APPLICABLE LAW. NEITHER APITURE NOR ITS IVR THIRD PARTY PROVIDER OR ITS LICENSORS WARRANT THAT THE FUNCTIONS CONTAINED IN THE IVR SOFTWARE WILL MEET INSTITUTION’S REQUIREMENTS, BE UNINTERRUPTED OR ERROR FREE, OR THAT ALL DEFECTS IN THE IVR SOFTWARE WILL BE CORRECTED.
18. Pricing includes Set Up Fees. If the IVR Services are terminated for any reason prior to go-live (or Deemed Accepted, as applicable), Institution will be obligated to pay a reconciliation fee equal to Apiture’s standard Set Up Fee for the service.
External Transfers, ACH Transactions and Wire Transfers
1. Institution will take all necessary action to comply with all applicable laws necessary to enable its Users to engage in ACH transactions, wire transfers, and transfers of funds to other financial institutions (External Transfers), including the USA Patriot Act, the federal Bank Secrecy Act, federal and state laws and regulations relating to currency reporting and the prevention of money laundering and any rule or regulation issued by a regulatory body, including the U.S. Office of Foreign Assets Control. Institution shall prepare and file any necessary compliance forms or reports, including, without limitation, suspicious activity reports or currency transaction reports required to be filed in accordance with applicable law. Institution will immediately notify Apiture of instances of suspected fraud, money laundering, terrorist financing, or other illegal activities determined within Institution’s reasonable discretion and involving External Transfers, ACH transactions and wire transfers initiated or executed through the Services.
2. If Apiture reasonably believes that Institution or Institution’s Users conduct in using External Transfers, ACH transactions and wire transfers (including, without limitation, User intentionally initiating fraudulent or unauthorized payments) violate any applicable laws, rules, regulations or industry standards, or otherwise pose a threat to Apiture’s systems, equipment, processes, or intellectual property or reputation (Threatening Condition), Apiture will provide Institution with notice of the Threatening Condition and both parties will use reasonable efforts to cure or cause the correction of the Threatening Condition. If, in the reasonable and good faith determination of Apiture, the Threatening Condition poses an imminent or actual threat (including regulatory investigation, inquiry or penalty) to Apiture or Apiture’s systems, equipment, processes, or intellectual property, Institution agrees that Apiture may suspend any and all use of External Transfers, ACH transactions and wire transfers by such User until such Threatening Condition is cured. In any event, Apiture may terminate User’s use of External Transfers, ACH transactions and wire transfers without further requirement of notice if the Threatening Condition remains uncured more than 30 days after delivery of written notice of the Threatening Condition to Institution.
3. If any modification to External Transfers, ACH transactions and wire transfers is required by a change in applicable law or is necessary based on any payment processing requirements, Apiture will notify Institution as soon as practicable. Each party shall then use its commercially reasonable efforts to comply in a timely manner. At its expense and upon written notice to Institution, Apiture may make reasonable modifications, changes, adjustments or enhancements to External Transfers, ACH transactions and wire transfers that Apiture deems to be necessary, provided, however that such modifications, changes or adjustments shall not materially degrade the Services.
4. Institution represents and warrants that it shall comply with all applicable laws in connection with the supply, receipt or use of the Wire Transfer products or Services.
5. EXCEPT FOR THE EXPRESS WARRANTIES MADE HEREIN OR IN THE WIRE TRANSFER DOCUMENTATION, NEITHER APITURE NOR ITS THIRD PARTY PROVIDER MAKE ANY REPRESENTATION OR WARRANTY OF ANY KIND, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR ANY IMPLIED WARRANTY ARISING FROM STATUTE, COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE OF TRADE. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING NEITHER APITURE NOR ITS THIRD PARTY PROVIDER REPRESENT OR WARRANT THAT THE DATA OR ACCESS THERETO WILL BE UNINTERRUPTED. Portions of the data provided in the Wire Transfer products are derived from public sources and will be subject to source availability and content changes implemented by source. Certain content may be summarized, and all information should be considered within the full context available in the third-party sources to which source links are provided. Neither Apiture nor its Third Party Provider is responsible for the content of third-party sources. Institution and its End Users shall be responsible for its own conclusions based on relationships and categories in the information provided by third-party sources. Due to the nature of public record information, the public records and commercially available data sources used by Apiture’s Third Party Provider may be incomplete. Institution acknowledges that neither Apiture nor its Third Party Provider is a consumer reporting agency and none of the Wire Transfer products constitute a ‘consumer report’ as such term is defined in the Federal Fair Credit Reporting Act (FCRA), 15 U.S.C. sec. 1681 et seq. The data provided to Institution may not be used as a factor in consumer debt collection decisioning, establishing a consumer’s eligibility for credit, insurance, employment, government benefits, or housing, or for any other purpose authorized under the FCRA. By accessing the Wire Transfer products, Institution agrees not to use the products in relation to an adverse action relating to a consumer application.
6. EXCEPT FOR THE EXPRESS WARRANTIES MADE IN THE WIRE TRANSFER DOCUMENTATION, APITURE AND ITS THIRD PARTY PROVIDER MAKE NO WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. NEITHER APITURE NOR ITS THIRD PARTY PROVIDER WARRANT THAT SOFTWARE WILL RUN WITHOUT IMMATERIAL INTERRUPTION. NEITHER APITURE NOR ITS THIRD PARTY PROVIDER PROVIDE A WARRANTY REGARDING, AND WILL HAVE NO RESPONSIBILITY FOR, ANY CLAIM ARISING OUT OF: (A) A MODIFICATION OF THE SOFTWARE MADE BY ANYONE OTHER THAN APITURE’S THIRD PARTY PROVIDER, UNLESS APITURE OR ITS THIRD PARTY APPROVES SUCH MODIFICATION IN WRITING; OR (B) INSTITUTION’S USE OF THE SOFTWARE IN COMBINATION WITH ANY OPERATING SYSTEM NOT AUTHORIZED IN THE DOCUMENTATION OR BY APITURE’S THIRD PARTY PROVIDER IN WRITING WITH HARDWARE OR SOFTWARE SPECIFICALLY FORBIDDEN BY THE DOCUMENTATION.
7. If and to the extent that Apiture’s Third Party Provider is processing Personal Data on behalf of Institution, the terms of the LexisNexis Risk Solutions Group Data Processing Addendum, as well as any related attendant schedules and addendums, at https://risk.lexisnexis.com/group/dpa will apply.
8. Institution acknowledges and agrees that Apiture’s Third Party Provider may use Institution information (but not that of its End Users) in alignment with its Privacy Policy available at this location: https://risk.lexisnexis.com/group/privacy-policy.
9. Where applicable, as required of Apiture’s Third Party Provider under the transparency obligations of applicable data protection laws, Institution shall inform End Users, prospects whose Personal Data Apiture’s Third Party Provider receives as a controller, that Institution share their personal data with Apiture and its Apiture’s Third Party Provider as described in the Accuity Processing Notice at https://risk.lexisnexis.co.uk/processing-notices, and Institution shall make available to Apiture or Apiture’s Third Party Provider all information necessary to demonstrate such compliance with the foregoing.
10. Institution acknowledges and agrees that the Wire Transfer Services provided may include (i) compiling statistical and other information related to the performance, operation and use of the Services, and (ii) using data in aggregated and/or anonymized form for security and operations management or for research and development purposes or other business purposes, provided that such information and data will not identify or serve to identify Institution or any data subject nor be combined with any publicly-available information to identify, any individual person and does not reveal the Personal Information or other Confidential Information of Institution or any data subject (Anonymized Data). All Anonymized Data will be stored in a database behind Apiture’s Third Party Provider’s firewall.
11. Institution acknowledges that the scores, analysis and other insights supplied by Apiture’s Third Party Provider to Institution is not intended to be used as the sole basis for any decision significantly affecting a data subject and that Institution, not Apiture or its Third Party Provider, is responsible for any and all decisions or actions it takes.
12. If required by law, Institution agrees to obtain employee consent prior to providing employee Personal Data to Apiture or its Third Party Provider where such Personal Data will be processed by Apiture or its Third Party Provider.
13. The Wire Transfer products may contain links to third-party external sites, including but not limited to government regulators. Apiture, its Third Party Provider and their respective affiliates are not responsible for and have no control over the content of such sites and, to the extent permissible by law, disclaim all responsibility and liability in relation to information available on such sites or accessible from the products.
14. Apiture or its Third Party Provider may provide enhancements to the Wire Transfer products or withdraw from a particular network and make the products available through any additional or alternative network(s). Institution acknowledges that its failure to promptly and adequately implement any enhancements or network changes issued by Apiture or its Third Party Provider may render certain products unusable or nonconforming. The failure by Institution to implement any enhancement to any products or network change required to maintain compatibility shall relieve Apiture and its Third Party Provider of any obligation to provide continued maintenance or support for those products.
ACH Fraud Prevention
1. Definitions
  1. ACH Fraud Prevention Services means the technology-related and support services designed to (1) alert Users of suspicious transaction activity across multiple payment channels depending on service modules purchased and (2) to support automated pay/return decisions and dispute resolution.
  2. Delivery System means all equipment, networks, systems, software, applications, interfaces, skills, know how, methods, processes, procedures, telecommunication systems and equipment, personnel, training materials, manuals, procedures and other resources (including, in each case, those of its Third Party Provider) necessary for Apiture to provide the ACH Fraud Prevention Services.
2. Institution shall devote adequate resources to support the implementation, testing, training and ongoing maintenance of the ACH Fraud Prevention Services, including without limit, (i) network resources; (ii) hardware; (iii) communications facilities and connectivity; (iv) security resources; and (v) personnel resources. Following implementation, Institution is responsible for supporting the system testing pursuant to new release schedules. Institution will assist Apiture and its ACH Fraud Prevention Services Third Party Provider in establishing procedures for the validation of data for the testing, validation of daily or periodic input into the system and verification of the data and reports that result from processing. Institution shall train its staff in the proper use of the ACH Fraud Prevention Services and shall ensure that its Users’ access to and use of the ACH Fraud Prevention services are consistent with Legal Requirements in all respects.
3. Apiture or its Third Party Provider will retain transaction data submitted by Institution or the Federal Reserve for a period not to exceed 12 months.
4. Institution shall maintain a formal program for active monitoring and reporting of potential compliance issues and identification and compliance with Legal Requirements, including those associated with the ACH Fraud Prevention Services.
5. Institution will provide Users with all required disclosures and obtain all required consents associated with use of or access to the ACH Fraud Prevention Services. Institution is solely responsible for the accuracy, completeness and legal compliance of any disclosures, descriptions, or prompts for consent it provides to Users. Institution shall be responsible for notifying Users concerning any material changes to the ACH Fraud Prevention Services arising during the term of the Agreement. Institution shall ensure the accuracy and propriety of all User processing and configuration criteria. Further, Institution shall validate the accuracy of all data entered into and retrieved from the Delivery System and promptly notify Apiture of any errors.
6. To the extent Institution utilizes the SMS text functionality associated with the ACH Fraud Prevention Services, then Institution shall enter into an agreement with each impacted User which is consistent with Legal Requirements and which: (i) User’s consent to receive text messages; (ii) User’s ability to opt out of receipt of such text messages and the procedure for doing so; and (iii) includes a prominent notice that other charges may apply to User in connection with the receipt of such text messages.
7. To the extent that Apiture or its Third Party Provider requires or prescribes specific language or terms in Institution’s agreements with Users, Institution will promptly update such agreements upon Apiture’s written request.
8. Institution shall take all reasonable steps to ensure that its employees and agents maintain and protect all credentials and challenge questions utilized to access the Delivery System. If Institution determines or suspects that any unauthorized party has accessed the Delivery System, then Institution shall immediately notify Apiture in writing.
9. Institution acknowledges and agrees that if it fails to fulfill its obligations under this Section, that it shall indemnify, defend and hold harmless Apiture and its Third Party Provider for all resulting claims asserted by any User.
10. In the event that all or a portion of the ACH Fraud Prevention Services conclude for any reason prior to a 36-month period from the Institution’s go-live commencement of ACH Fraud Prevention Services, Institution will be obligated to pay an ACH Fraud Prevention Services reconciliation fee. This ACH Fraud Prevention Services reconciliation fee from Apiture shall be in addition to and shall not limit any other termination obligations, deconversion fees or other payments due under the Agreement.
Web Connect and Direct Connect to Quicken® and QuickBooks ®
1. Institution permits Apiture’s Third Party Provider to use its name in Intuit products in connection with Institution’s use of such Web Connect & Direct Connect Services to and Institution may only use its Third Party Provider’s trademarks in accordance with its Trademark Guidelines posted on www.intuit.com/legal/trademark.
2. Institution must upgrade to each new version of its selected Intuit Services annually or as publicly released.
3. Price increases for these Services may be implemented without prior written notice. Annual fees are based on asset size of Institution or holding company, if applicable.
4. QuickBooks® is a registered trademark of Intuit, Inc. and Quicken® is a registered trademark of Intuit, Inc., used under license.
5. Web Connect and Direct Connect for Quicken ® will only be supported in the most current version, however, the prior two versions may be supported temporarily. QIF download files will not be supported in Quicken® version years starting with 2004 and later. All prior version years (2003 and earlier) will still have QIF download capability.
6. Apiture will bill Institution $3,000 for a conversion to/from another internet banking provider. After this initial payment, Institution will be billed in the third quarter of each year for the following year version of the software.
7. Institution may terminate the service for the following year version by submitting written notice to Apiture Contracts Department no later than June 15th of the current year.
User Direct
1. Definitions
  1. “Back Office Instructions” means the expressly documented (whether electronically or otherwise in writing) and agreed processes, procedures, practices, scripts, content, prioritization schema, and other instructions used in connection with customer call center, live agent/operator, back office (including chargeback processing), and other Services that require or involve direct contact or interact between Apiture and Institution Users, including Institution’s customers and prospective customers.
  2. “Contact Criteria” means written criteria for contacting Users, including Institution instructions prescribing which Users to contact and when to contact them, as well as the methods for contact (including e-mail, land-line or mobile voice call, voice or text messaging, or any other electronic means).
  3. User Direct shall refer to Services provided by Apiture involving or constituting customer call center activities, live agent/operator activities, back office services, or other activities that require or involve direct contact or interaction between Apiture and Users.
2. User Direct Services provided to and on behalf of Institution are not intended, and will not be construed, to (a) constitute telemarketing, a telephone solicitation, or up-selling within the contemplation of the TCPA or the Telemarketing Sales Rule, or (b) trigger the application of any other law, regulation, or guidance relating to the offering of products or services via telephone or facsimile (including any duty to register or obtain a license to make such offers). Apiture shall in no event have any obligation or responsibility for undertaking any registration or obtaining any licensure to in order to perform the User Direct Services, and Apiture shall have no obligation to perform any Services which might implicate such registrations or licensure. Institution shall at all times be and remain responsible for ensuring that the Back Office Instructions and Contact Criteria are consistent with Legal Requirements.
3. User Direct will be performed during mutually agreed and explicitly documented hours. If Institution desires to change the hours of operation, Apiture will review the Fees for User Direct Services and provide an updated Fees proposal (if applicable). Any changes to the hours of operation together with associated new or modified Fees for User Direct Services will be mutually agreed upon in writing by Apiture and Institution prior to the effective date of any such changes.
4. Apiture will provide User Direct Services in the English language only unless otherwise expressly set forth in the Agreement. Support for any foreign language calls shall be subject to additional Fees.
5. Apiture personnel performing the User Direct Services will utilize internal Apiture administrative systems or, where feasible in Apiture’s sole discretion and expressly agreed in Back Office Instructions, Institution Systems, to access the Institution account information or User information.
6. Except as expressly agreed in the Agreement, User Direct Services shall only be performed and enabled through telephonic (voice) channels. The provision of User Direct Services via other channels must be memorialized in writing within the Agreement and shall be subject to associated subscriptions for required Software-as-a-Service Services.
7. Calls may be recorded and case information may be documented and furnished for Institution review, upon Institution’s written request. In addition to Fees for the User Direct Services, Institution will be responsible for payment of Fees and costs associated with the development, production and delivery of such recordings and reports at Apiture’s then current rates.
8. Apiture will develop a training program (including ‘train-the-trainer’ services) for Apiture personnel providing the /User Direct Services, based upon the Contact Criteria and Back Office Instructions.
9. Institution agrees to designate particular Institution personnel with overall responsibility for the User Direct program and who shall be responsible for, coordinating communication and implementation of the Contact Criteria and Back Office Instructions and any other servicing requirements. Institution shall provide adequate staff and technical resources to the extent required to resolve technical, business and compliance issues arising in connection with the User Direct Services. In addition, Institution assumes sole responsibility with respect to User servicing requirements and activities which are outside the documented scope of the Contact Criteria and Back Office Instructions.
10. Notwithstanding anything to the contrary in the Back Office Instructions or the Contact Criteria, any tasks, activities, workflows, or other services which involve the exercise of independent business discretion or business judgment are outside the permissible scope of User Direct Services and are not delegable by Institution to Apiture under the Agreement or these Service Terms. Apiture expressly disclaims responsibility and liability for any and all tasks, activities, workflows, or other services involving the exercise of independent business judgment, including, without limit, adjudication or decisioning of User applications or evaluating the legitimacy of applications or transactions. Notwithstanding anything to the contrary in the Agreement or these Service Terms, Back Office Instructions, or Contact Criteria, Institution releases Apiture from any and all liability related to tasks, activities, workflows, or other services which exceed the permissible scope of the User Direct Services. Further, Institution shall indemnify, defend, and hold Apiture harmless from and against any third party claims and related losses alleged to have resulted from tasks, activities, workflows, or other services which exceed the permissible scope of the User Direct Services.
11. Back Office Instructions shall set forth prioritization criteria providing clear direction to the Apiture personnel performing User Direct Services concerning management of competing issues, requests, or demands. By way of illustration, Institution may instruct User Direct personnel to prioritize account application processing activities ahead of other servicing requests and issues. In the absence of prioritization instructions, Apiture will address User requests, issues, and related tasks in the order in which they are received.
12. User Direct Services do not include any rights or licenses to Software-as-a-Service Services or any other software or tools. The use or engagement of Software-as-a-Service Services or other software or tools will require and be subject to distinct subscriptions as set out in the Agreement, or in applicable cases, third-party agreements. By way of illustration, User Direct Services delivered via video chat will be subject to a current subscription to Digital Customer Support Services and the associated Service Terms.
13. Institution acknowledges and agrees that User Direct shall be provided solely in the context of User inquiries and requests for assistance in connection with digital banking Software-as-a-Service Services provided by Apiture in support of Institution. Calls received outside the time period identified in the Agreement calls that do not pertain to Apiture Services, and calls that implicate activities falling outside the permissible scope of User Direct Services will be referred to Institution.
14. Fees for User Direct Services shall be subject to annual increases not to exceed 2x CPI. Notwithstanding anything to the contrary in the Agreement, User Direct Services shall not be subject to any other limitations, restrictions or prohibitions upon Apiture’s ability to modify Fees.
15. Institution acknowledges that Apiture currently provides User Direct Services from locations in the Eastern Standard Time zone.
16. Apiture shall utilize standardized scripts to assist in the consistent and efficient execution of User Direct Services. Institution will provide opening and closing statements for scripts. Any scripts or comparable materials developed by Apiture in connection with the User Direct Services shall constitute Apiture intellectual property.
17. Institution will provide Apiture at least 30 days prior written notice of changes to the Institution’s operations, processes, or procedures (including business hours) which may impact the performance of the User Direct Services.
18. Apiture agrees to devote adequate personnel and other resources to User Direct Services in light of actual and reasonably anticipated call volumes. The relevant Agreement may expressly provide for agreed minimum staffing levels or requirements related to dedicated teams which in each case shall occasion additional Fees. In cases where dedicated or specific teams are assigned, Apiture shall be under no obligation to provide supplemental personnel resources except to the extent expressly engaged to do so under the relevant Agreement or an amendment thereto. In the absence of a written agreement such express requirements and associated Fees, Apiture shall staff User Direct in accordance with its reasonable business judgement and discretion.
19. Institution, is responsible for (i) providing or approving and adopting all Contact Criteria and all Back Office Instructions, (ii) monitoring, interpreting, and complying with all Legal Requirements, Network Rules and agreements with third parties (including Users), (iii) determining whether the Contact Criteria and Back Office Instructions agreed to by Institution and Apiture satisfy Institution’s Legal Requirements, Network Rules, and the requirements of Institution’s agreements with third parties (including Users) and meet Institution’s business requirements, and (iv) deciding which services and settings are needed to satisfy Institution’s business requirements and to comply with its Legal Requirements, Network Rules, and its agreements with third parties (including Users), (v) obtaining consents from Users sufficient to under Legal Requirements permit to contact or interact with Users, including ensuring that each User gives express consent for calls or text messages to mobile numbers that are provided to Apiture on behalf of Institution or User’s behalf. Institution shall indemnify, defend, and hold Apiture harmless from and against any third-party claims and related losses alleged to have resulted from a failure of Institution to fulfill the foregoing responsibilities.
20. In the event of changes to existing Back Office Instructions or Contact Criteria which occasion a demonstrable increase in Apiture’s cost to provide User Direct Services, then Apiture may apply a corresponding increase to the Fees for User Direct Services after giving Institution advance notice.
21. Apiture has no obligation to take any action that would cause Apiture, in the reasonable opinion of its legal counsel, to be in violation of Legal Requirements or Network Rules.
22. Apiture will not be considered an Originator, Originating Depository Financial Institution or Third Party Sender as defined in the NACHA Operating Rules.
23. In no event shall Apiture be responsible for: (i) providing Institution with legal or compliance advice; (ii) ensuring or enabling Institution compliance with Legal Requirements, Network Rules, or its agreements with Users; or (iii) obtaining, retaining, or storing any User consents.
24. Institution acknowledges that the use of foreign translation services for User Direct may not result in an exact translation and the translation is not verified by Apiture. Any reliance on foreign language translations is at the risk of the Institution or User, as the case may be. Apiture does not warrant or make any promises, assurances, or guarantees as to the accuracy of the translations provided by Apiture’s Third Party Provider translation company. Apiture shall not be liable for any translation inaccuracies or errors.
25. Institution acknowledges that the foreign translation Services provided by Apiture’s Third Party Provider may be provided by their employees or independent contractors who reside in the country of the language that is being translated. Institution acknowledges and permits the performance of foreign translation User Direct Services outside of the United States.
26. Foreign translation Services may be subject to resource availability and Institution will be billed according to its User Direct subscription in the Apiture Agreement even during periods of call holding or return calls as a result of resource unavailability.
27. Users may provide personally identifiable information and personal data directly to Apiture’s Third Party Provider translation company and Institution is solely responsible for drafting, disseminating, obtaining, or retaining all consents or notices to Users necessary to ensure that such data is collected, accessed, disclosed and processed in accordance with all laws, statutes, regulations, executive orders, administrative orders, judicial orders, or interpretive guidance which has been, in each case, enacted, promulgated, issued, or published by governmental authorities to which Apiture and Institution are subject, including, without limit, applicable state, federal and international privacy laws and regulations.
SMS Text Message Alert Service
1. Definitions
  1. Network Operator means a mobile network carrier that, directly or indirectly (including through SMS Aggregators), performs, enables, or otherwise supports SMS messaging.
  2. Network Rules means the mandatory rules of VISA, MasterCard, the National Automated Clearing House Association, or any other association, network, or payments organization the parties agree to that apply to Institution’s business or its Users.
  3. Restricted List means any sanctions/restricted list of any United States governmental authority, including the Bureau of Industry and Security’s Denied Persons list and the Office of Foreign Assets Control’s Specially Designated Nationals and Blocked Persons list and prohibited countries list.
  4. SMS means short message service which uses standardized communications protocols to allow short text messages to be sent from one mobile device to another mobile device or from the web to a mobile device.
  5. SMS Aggregator means a service provider that maintains direct connections to multiple Network Operators and aggregates SMS messages for delivery.
  6. SMS Content means any SMS message, or any information or data contained in an SMS message, whether sent by or on behalf of Institution or an SMS End User in connection with the SMS-related services.
  7. SMS End User means a User that uses a Network Operator’s mobile network.
2. Institution acknowledges that SMS-related Services:
  1. are not intended for use and will not be used in, or in association with, the operation of any hazardous environments (such as operation of nuclear facilities, aircraft navigation, or any other use that may result in foreseeable risk of injury, death, or destruction of property) or critical systems. Institution or its Users are solely responsible for liability that may arise in association with such use.
  2. are not a replacement for traditional telephone or mobile phone services, including but not limited to calling, texting, or contacting emergency services, and does not function as such.
  3. do not support or carry emergency calling or messaging to any emergency services personnel or public safety answering points (Emergency Services), such as calls or texts to 911, and may not determine the physical location of the SMS End User device, which may be required when contacting Emergency Services. Institution understands and agrees that it will: (i) ensure the SMS End Users are responsible for contacting and accessing Emergency Services independently of Apiture, (ii) offer or purport to offer any Emergency Services, and (iii) inform all SMS End Users of these limitations.
  4. are not an Integrated Public Alert and Warning System (IPAWS) eligible system.
  5. may, from time to time, require upgrades, patches, bug fixes, or other maintenance (Maintenance) and Apiture agrees to use reasonable efforts to provide Institution with prior notice of any scheduled Maintenance (except for emergency Maintenance), and Institution agrees to use reasonable efforts to comply with any such Maintenance requirements.
  6. may only function if Institution and its Users comply with current technical documentation applicable to the SMS Services (including applicable developer guides) made available to Institution.
3. Institution will:
  1. be responsible for managing the relationship with Users (including obtaining all necessary consents from Users and making any necessary disclosures to Users;
  2. monitor, interpret, and comply with all Legal Requirements, Network Rules, and its agreements with third parties (including Users);
  3. decide which services and settings are needed to satisfy Institution’s business requirements and to comply with its Legal Requirements, Network Rules, and its agreements with third parties (including Users);
  4. regularly screen Users, and the transactions of Users, against all Restricted Lists and comply with any sanctions or restrictions relating to Users or the transactions of Users; and ensure that no Institution staff member or User who is confirmed as a true match to an individual identified on any Restricted List accesses or uses the SMS-related Services, Documentation, or software provided for loading and use of SMS-related Services, participates in Institution’s receipt of SMS-related Services, or has access to Apiture’s or its SMS Third Party Provider’s Confidential Information.
  5. obtain Apiture’s prior written consent before sending SMS messages for:
    1. charitable programs (e.g., soliciting donations for a non-profit organization);
    2. sweepstakes or contests;
    3. advertisements or promotions for commercial products, goods, or services; or
    4. location-based services (e.g., where a SMS End User receives messages based on the geographical location of the SMS End User’s wireless device).
4. For SMS-related Services that involve ACH, Institution will comply with the NACHA Operating Rules, including all applicable obligations of the Originating Depository Financial Institution, and decide the Institution settings to support User payments by ACH.
5. Institution has no obligation to take any action that would cause Institution, in Institution’s reasonable opinion, to be in violation of its Legal Requirements or Network Rules.
6. Neither Apiture nor its Third Party Provider will be considered an Originator, Originating Depository Financial Institution or Third Party Sender as defined in the NACHA Operating Rules.
7. Neither Apiture nor its Third Party Provider will be responsible for: (i) providing Institution with legal or compliance advice; (ii) ensuring that Institution complies with its Legal Requirements, Network Rules, or the terms and conditions of the User accounts; or (iii) obtaining any consents from Users.
8. Apiture will have no obligation to take any action that would cause Apiture, in its reasonable opinion, to be in violation of its Legal Requirements or its Network Rules.
9. Institution will pay fees for any assessments or other charges that are imposed on Apiture by a third party, or that Apiture incurs on Institution’s behalf, in connection with any SMS Service, including any network or other card-related dues, fees, and assessments (for example, base access fees, INET/INAS fees, switch fees, and interchange). If the network bills Institution directly for any dues, fees, or assessments, Institution will be responsible for paying them.
10. In the event of a wind-down or transition of SMS-related Services, Institution must pay the estimated amount in full (via wire transfer) before conversion tapes will be released.
11. For all SMS-related Services, Institution will additionally:
  1. Ensure that SMS Content, and the collection, access, use, or disclosure of SMS End User information, including but not limited to personally identifiable information by Institution, Users, or any of their respective agents or service providers, complies with all applicable Legal Requirements and that Institution will provide legally adequate privacy notices and obtain necessary consents for the processing of such data;
  2. Obtain consent from each SMS End User to receive SMS Content from Institution, Apiture and/or its Third Party Provider. Institution may not charge SMS End Users for receiving notifications by SMS unless Institution has obtained the SMS End User’s express consent.
  3. Advise SMS End Users receiving notification by SMS that telecommunication providers may charge the SMS End User to receive notifications by SMS.
  4. Be responsible for ensuring all necessary terms are in place with push notification service providers, including terms necessary to comply with data protection laws; and
  5. Provide each SMS End User the right to opt in and opt out of receiving SMS Content from Institution, Apiture and/or its Third Party Provider.
12. Institution will not permit any SMS-related Service to be used to transmit:
  1. Junk mail, spam, or unsolicited material to anyone who has not agreed to receive it or to whom Institution or an SMS End User does not otherwise have a legal right to send the material;
  2. any material that contains viruses, Trojan horses, worms, or any other malicious or harmful programs or code;
  3. Any material that: (1) violates any third party’s intellectual property rights or rights of confidentiality, privacy, or publicity; (2) violates the rights or obligations of any wireless service provider or any of the wireless service provider’s customers or subscribers; (3) materially violates or facilitates the material violation of any local or foreign law, rule, regulation, or order, including laws regarding the transmission of data or software; (4) is illegal, harassing, coercive, defamatory, libelous, abusive, threatening, obscene, or otherwise objectionable; (5) is harmful to minors; (6) is sexually explicit, relates to “adult services”, or contains sensitive financial or identifying information (such as social security numbers); (7) is excessive in quantity; (8) relates to alcoholic beverages, tobacco, weapons, illegal drugs, pornography, crime, violence, death, hate, gambling, or funeral services (all except to the extent that such material is relevant to the underlying transaction which is the subject of the SMS Content); (9) is false, misleading, or inaccurate; (10) could expose Apiture or its Third Party Provider any Network Operator, any SMS Aggregator, or any other third party to liability; (11) could diminish or harm the reputation of Apiture, any Network Operator, or any SMS Aggregator; (12) specifically mentions any Network Operator; or (13) copies or parodies the products or services of any Network Operator;
  4. Any signal or impulse that could cause electrical, magnetic, optical, or other harm to the equipment or facilities of Apiture, any Network Operator, any SMS Aggregator, or any other third party; or
  5. Any other prohibited material or content, as identified by a Network Operator or SMS Aggregator.
  6. SMS messages that include Premium Content (as defined in the Mobile Marketing Association Guidelines).
13. If Apiture or its SMS Third Party Provider notifies Institution of any issues with SMS Content, and Institution does not promptly remove the SMS Content at issue, then Apiture has the right to remove or block the SMS Content at issue, suspend SMS-related Services, or terminate SMS-related Services. Institution is responsible for any liability relating to any SMS Content originated by Institution.
14. Institution accepts the following:
  1. Institution understands and agrees that the SMS messages and the SMS Content will be transmitted over various third- party networks and systems.
  2. Once Apiture’s SMS Third Party Provider’s system sends an SMS message, Apiture cannot guarantee that the SMS message will be delivered to, received by, or opened by the SMS End User;
  3. Third party networks and systems are necessarily involved in the SMS-related Services, and Apiture is not responsible for (1) SMS messages, or any data related to SMS messages, once SMS messages have been transmitted outside of Apiture’s SMS Third Party Provider’s system or to any Network Operator, or (2) any Network Operator or SMS Aggregator’s compliance with any laws, regulations, guidance, rules (including network rules), standards, or obligations of any kind relating to the protection or use of SMS messages or data related to SMS messages. APITURE IS NOT RESPONSIBLE FOR THE SECURITY OF SMS MESSAGES AND THEIR CONTENT INCLUDING ANY DATA TO THE EXTENT THAT SUCH CONTENT OR DATA IS PROVIDED TO A MOBILE NETWORK CARRIER OR OTHER THIRD PARTY PROVIDER; and
  4. The format or content of any SMS message provided to a Network Operator may be changed by the Network Operator to conform to the Network Operator’s requirements and to the requirements of any mobile device.
15. Apiture may, with advance notice to Institution, suspend any or all of the SMS-related Services if (i) a governmental authority, Network Operator, or SMS Aggregator instructs or asks Apiture or its SMS Third Party Provider to do so, (ii) Apiture believes in good faith that Institution has failed to comply with these SMS Service Terms or (iii) a Network Operator, SMS Aggregator, or other service provider suspends services, or ceases providing services, on which the SMS-related Services depend.
16. Apiture (or its Third Party Provider) shall be obligated to deliver SMS messages only to Users who (a) give prior consent (Opt- In) to receiving the quantity, frequency and types of messages, as applicable, to be delivered through the Mobile Banking Service; and (b) have been informed via the Mobile Banking Service of the right to opt-out and the process of how to opt-out of receiving messages in the future (Opt-Out). Apiture (or its Third Party Provider) shall promptly honor any such Opt-Out requests. Institution must direct the User to perform all Opt-In and Opt-Out requests via the Mobile Banking Service in order to be considered a valid request. This provision may be updated by Apiture from time to time to include any reasonable additional requirements of the third-party SMS aggregator, wireless network operators, or other providers of third party services. To the extent reasonably practicable, Apiture attempt to notify Institution of changes to this provision necessitated by additional requirements of SMS aggregator, wireless network operators or other providers of third party services in writing in advance. If Institution delivers SMS alerts messages to Users via the Mobile Banking Service, Institution shall be responsible for the contents of the alert messages. Such alert messages must be directly associated with the User’s existing account and cannot include promotion or marketing of additional products or services without the written consent of Apiture and its Third Party Provider and additional Opt-In / Opt-Out terms being agreed to by the User via the Mobile Banking Service. If Apiture is notified or otherwise becomes aware that Institution’s use of the SMS-related Service violates the requirements of these Service Terms, Apiture may investigate the allegation and determine whether to remove or to request removal of Institution’s SMS Content from the SMS-related Service or upon written notice to Institution, block Institution’s SMS Content or suspend or terminate the SMS-related Service. Apiture will not be liable for any damages incurred by Institution because of any action taken pursuant to this section. In addition to the indemnification obligations set forth in the Agreement, Institution will indemnify, defend and hold Apiture (including its Third Party Providers and any wireless service providers related to the provision of the SMS-related Service) harmless from and against all claims, liabilities, damages, losses, costs and expenses, including reasonable attorney’s fees, investigation costs, expert witness fees and costs, incurred by Apiture as a result of any illegal acts, fraud or misconduct in the use of the SMS-related Service.
17. SMS messaging and short code fees set forth in the Agreement are with respect to U.S.-based operators only and are subject to change based on rate changes by operators or the SMS Aggregator at any time. Different fees may apply with respect to international operators
18. All U.S. short codes are subject to U.S. common short code administrator approval. All proposed messaging services are subject to each U.S. operator’s approval, which may be withheld in such operator’s sole discretion. Typical approval times are between sixty (60) and ninety (90) days. Short code monthly fees commence upon the date of application and not the date upon which the messaging services commence.
19. Institution shall be responsible for any fees or expenses charged by the SMS Aggregator related to messaging services provided to or utilized by Institution, including but not limited to connectivity fees (VPN, SMPP, etc.) and technical support fees.
20. Notwithstanding anything in the Agreement to the contrary, Institution understands and agrees that SMS messages and content shall be transmitted over various third party networks and systems and that Apiture and its Mobile Banking Third Party Provider shall not be responsible for the security of such information or data to the extent that such information or data is provided to a mobile network carrier or other service provider upon which the provision of the Mobile Banking Services are dependent.
21. Like many email service providers, to increase the security and reliability of email Institution may send, attempt to send, or receive using Simple Email Service (“SES Email”), Apiture (or its Third-Party Providers) may store and scan Institution’s SES Email and Institution’s Content included in SES Email to protect Institution and SES by preventing and blocking “spam” e-mails, viruses and spyware, and other harmful or unwanted items from being sent and received over SES.
22. Apiture may suspend or terminate Institution’s access to SES, or block or decline to send or receive any SES Email, if Apiture or its Third Party Provider determines that:
  1. the scan of SES Email or Institution’s Content included in SES Email reveals abusive or low quality email (such as “spam”),
  2. SES Email bounces back to Apiture’s Third Party Provider or abuse complaints (including complaints from third parties) are received in connection with the SES Email, or
  3. the source or ReturnPath email address Institution has provided for “address bounces” or complaints is not successfully receiving email.
23. If Institution’s SES Emails are blocked, delayed, or prevented from delivery by reasons outside of Institution’s control, Institution’s payment obligations continue.
24. Neither Apiture nor its SES Email Third Party Provider is the “sender” as defined in the CAN-SPAM Act or similar applicable law.
25. Apiture may terminate the SMS-related Service upon 60 days written notice (or such shorter period as may be imposed on Apiture by legal requirements, a governmental or regulatory body, Network Operator, or SMS Aggregator or Third Party Provider) in the event that any modification (i) to the existing contracts between a mobile network carrier and Apiture or any Apiture Third Party Provider of the SMS-related Service suspends provision of those services, (ii) to the Mobile Marketing Association Code of Conduct, or (iii) or any change in applicable law, which makes the provision of the SMS-related Service illegal, inconsistent or contrary to a law, regulation, or the Mobile Marketing Association Code of Conduct or prohibitively difficult or expensive. Nothing shall prohibit Apiture from immediately suspending the SMS-related Service if in Apiture’s reasonable judgment, Apiture is obliged or advised to comply with an order, instruction, directive or request of a governmental or regulatory body or the requirements of a mobile network carrier.
26. The SMS-related Services are available only for US Network Operator messaging.
27. Fees for SMS will apply regardless of whether delivery of the SMS notifications is prevented, delayed, or blocked due to reasons outside of the control of Apiture or its Third Party Provider.
28. Apiture’s Third-Party Provider for SMS aggregation may transmit Nonpublic Personal Information consisting of phone number, account number and limited transaction data off-shore for aggregation. Support services for Third-Party Provider’s hosting and disaster recovery providers may be conducted off-shore and Nonpublic Personal Information may be accessed while these services are performed.
29. Notwithstanding anything herein to the contrary, Apiture has the right to unilaterally change terms in connection with the SMS-related Services (Change in Terms) in response to and only as necessary to comply with changes in Legal Requirements. Institution will be notified via e-mail or other written method, of any Change in Terms before the Change in Terms take effect. Institution’s use of any SMS-related Service after that advance notice period means that Institution has accepted the Change in Terms for all SMS-related Services and has agreed to be bound by the Change in Terms for all SMS-related Services. If Institution does not wish to receive the SMS-related Services under the modified terms, Institution must give Apiture notice of termination of all SMS-related Services no later than 30 days after the date of the Change in Terms notification to Institution. Apiture may change, discontinue, or deprecate support for a third party push notification platform at any time.
Mobile Banking
1. Definitions
  1. Mobile Banking Service means the Apiture mobile banking and supported mobile services as made available to Institution.
  2. Content means the services, materials, information and products made available by Institution or its agents or affiliates for use or access by Users via the Mobile Banking Service, including but not limited to banking and financial services, financial or other data, trademarks, trade names, service marks, and iconography.
  3. Mobile Banking User Terms means the end user terms required by Institution with respect to the Mobile Banking Service, a current copy of illustrative terms are set forth in Part II, Section 2 of these Service Terms.
  4. Mobile App Store means the Google, Apple App, or similar store through which Apiture makes the Mobile Banking Service application available for User download.
2. Institution is responsible for the accuracy, applicability, updating and maintaining of all Content. Institution shall use commercially reasonable efforts to not use the Mobile Banking Service or permit the Mobile Banking Service to be used to transmit Inappropriate Content. For purposes of this Agreement, “Inappropriate Content” means any Content or other materials that: (a) are unsolicited, including without limitation, “spam,” “junk messages” or unauthorized “bulk” messages; (b) cause the introduction of “viruses,” “worms,” “Trojan horses,” “e-mail bombs,” “cancelbots” or other harmful computer programming routines into the Mobile Banking Service, or the technology of Apiture’s Third Party Providers or other third parties; (c) are unlawful (including, without limitation, obscene, defamatory or libelous) or offensive as Apiture determines in its sole discretion; (d) are misleading or inaccurate; or (e) infringe upon or violate the intellectual property rights or other rights of any person or entity.
3. With reasonable instruction from Apiture as to the requirements of the Mobile Banking Service, Institution shall make its systems and Content available to interoperate with the Mobile Banking Service in order that the Mobile Banking Service may be tested and deployed based on technology requirements.
4. The Mobile Banking Service is only made available to Users who have agreed to the Mobile Banking User Terms. Institution may add or modify provisions to the Mobile Banking User Terms or combine the Mobile Banking User Terms with other terms and conditions without Apiture’s prior approval, however all final Mobile Banking User Terms must be submitted to Apiture in a timely manner to enable User enrollment. Institution is responsible for making updates to the content of its Mobile Banking User Terms and conditions in continued compliance with Legal Requirements. Any post-production changes to such Mobile Banking User Terms shall be subject to additional fees at Apiture’s then-current professional fees rates.
5. Institution acknowledges that certain functionality of the Mobile Banking Service may be provided or implemented by Apiture’s) third party service (for example, SMS Mode as enabled by the SMS aggregator, or payment processing or remote capture services as may be enabled by another third party), and that such third party services may be terminated by such providers prior to termination of Institution’s Agreement with Apiture. Apiture shall promptly notify Institution and shall use commercially reasonable efforts to implement replacement Third-Party Services as soon as reasonably practicable, however, Apiture does not guarantee a workaround or replacement Third Party Provider. Apiture does not provide any representation or warranty or indemnification regarding any Mobile Banking third party service. Such third party service providers impose requirements related to the use of the third party services, which requirements may be revised from time to time. Apiture will notify Institution of such requirements, and provision of such third party services hereunder will be subject to Institution’s compliance with such requirements.
6. Institution should use best efforts to update its systems to accommodate new releases or versions of the Mobile Banking Service. Temporary workarounds may be feasible for a limited time, subject to additional fees. If Institution’s systems are incompatible with those of Apiture or its Third-Party Provider, then Institution shall bear any costs necessary to make such systems compatible. Institution, at its own expense, shall provide all required telecommunication circuits and any special cables or any other data transmission equipment in order to receive the Mobile Banking Services. Institution shall test and prove connectivity and interfaces.
7. Upon request, Institution agrees to ensure its Users upgrade or update their mobile device to the supported release of the Mobile Banking Service to maintain compatibility. Apiture will have no liability arising out of or relating to a User’s use of an unsupported release. Certain Mobile Banking Service updates or upgrades may be automatically downloaded.
8. Any open source or other software included in the Mobile Banking Service is licensed subject to the additional terms of the applicable open source or other license conditions and/or copyright notices that may be made available to Institution upon written request, or in other documentation or materials accompanying the Mobile Banking Service (Incorporated Terms), which Incorporated Terms are hereby incorporated into these Service Terms.
9. Institution shall ensure its privacy policy and related User disclosures satisfy the requirements, policies, practices, and procedures required by any Mobile App Store and shall comply with the Code of Conduct for Mobile Marketing promulgated by the Mobile Marketing Association, as amended from time to time. The current Code is located at: www.mmaglobal.com/policies/code-of-conduct.
10. With respect to any login or password information issued to Institution for access to the Mobile Banking Service (for example, in connection with certain functionality or usage reports), Institution shall disclose such information only to its employees and agents with a need to know such information for the purposes contemplated by its Agreement. Institution will take any reasonable security measures necessary to protect such information against unauthorized disclosure, copying or use. Logins and passwords are subject to cancellation or suspension at any time for security purposes in the sole discretion of Apiture (or its Third Party Provider). Institution shall immediately inform Apiture if Institution becomes aware of any possible or actual misuse or unauthorized use of the Mobile Banking Service.
11. Apiture may, upon notice to Institution, suspend any or all of the Mobile Banking Service functionality or features at any time in the event that: (i) Apiture is obliged or advised to comply with an order, instruction, directive or request of a mobile network carrier which requires it to do so, in the reasonable judgment of Apiture; or (ii) one or more of the mobile network carriers or other third-party upon which the provision of the Mobile Banking Services hereunder is dependent suspends its provision of those services to Apiture.
12. Apiture shall have the right to modify or terminate all or certain features of the Mobile Banking Services upon 60 days prior written notice (or such shorter period as may be imposed on Apiture by a regulatory or governmental body or service provider) in the event that any modification is required (i) by the existing mobile network carrier contracts of Apiture or its Third Party Provider, (ii) by the Mobile Marketing Association Code of Conduct, or (iii) pursuant to any change in applicable law makes the provision of the Mobile Banking Service illegal or contrary to a law, regulation, or the Mobile Marketing Association Code of Conduct, or prohibitively difficult or expensive for Apiture or its Third Party Provider, provided however that nothing shall prohibit Apiture from immediately suspending the Mobile Banking Services in accordance with other provisions of the Agreement. Apiture may additionally update, upgrade, enhance, change or remove certain features or functionality of the Mobile Banking Service upon 30 days prior written notice if, in Apiture’s reasonable discretion, such change is required to remain current with industry trends; provided that the material functionality of the Mobile Banking Service is not adversely impacted and no additional fees are incurred by Institution without Institution’s written consent.
13. Apiture shall have the right to unilaterally amend or modify any service description, feature, functionality or pricing terms related to the Mobile Banking Services based on changes in applicable law and such change shall be deemed to bind Institution; provided, that (i) Apiture provides written or e-mail notification of any such change to Institution at least 30 days prior to it taking effect (unless prior written notification is not possible in which case Apiture shall provide written notice as soon as reasonably practicable), and (ii) Institution shall have the right to terminate its use of the Mobile Banking Service in the event of a change provided that notice of such termination is provided to Apiture no later than 30 days from the date of Apiture’s notice of the change to Institution.
14. Apiture reserves the right, in its reasonable discretion, to terminate or suspend Institution or User access to the Mobile Banking Services, with or without advance notice, if Apiture has reason to believe, in its sole and reasonable discretion, that the Institution or User is in breach of applicable law or these Service Terms or the use by Institution or User of the Mobile Banking Services jeopardizes the integrity or security of the Mobile Banking Services or any supporting security network infrastructure.
15. Apiture shall have no responsibility for fraud or correcting errors transmitted by Institution or Users.
16. In the event implementation set up fees are waived for the Apple Watch Mobile Banking Services and it concludes for any reason prior to a 36-month period from the go-live commencement of the Apple Watch Mobile Banking Service (or Deemed Accepted date, as applicable), Institution will be obligated to pay a reconciliation fee equal to the Apple Watch Mobile Banking Service monthly fee for the remainder of the 36-month minimum committed term. This Apple Watch Mobile Banking Service reconciliation invoice from Apiture shall be in addition to and shall not limit any other termination obligations, deconversion fees or other payments due under the Agreement.
Remote Deposit Capture (RDC) and Mobile Check Deposit (MCD) Services Universal Terms

A. Remote Deposit Capture (RDC) Services enable authorized Users to initiate electronic deposits or payments, subject to limits established by Apiture, through a document scanner that meets the minimum specifications provided by Apiture and executes proprietary software provided by Apiture.

B. The Mobile Check Deposit (MCD) Services enables Institution’s Users to initiate electronic deposits, subject to limits established by Apiture, through a document scanning software contained in a smart phone or tablet computer that: (1) meets the minimum specifications provided by Apiture; and, (2) executes proprietary software provided by Apiture.

C. If Institution’s or User’s systems are incompatible with those of Apiture or its Third Party Provider, then Institution or Users shall bear any costs necessary to make such systems compatible. Institution and User at their own expense, shall provide all required telecommunication circuits and any special cables or any other data transmission equipment in order to receive the RDC and MCD Services. Institution (and User, if applicable) shall test and prove connectivity and interfaces.

D. Institution will ensure that all Users receive all such disclosures the Institution deems necessary or advisable under any applicable law and regulations in accordance with Institution’s own independent judgement. Institution will be responsible for record retention and for compliance with all applicable statutes and regulations with respect to the retention and reproduction of all documents and records related to the RDC and MCD Services. Payment data used by Institution or Users for research and report will be purged after 60 days. Payment data used for transaction file re-generation will be purged after 30 days. Institution acknowledges that Apiture exercise no control whatsoever over the content of the information passing through the RDC or MCD Services and that it is the sole responsibility of Institution to ensure that the information it and its Users transmit and receive is accurate and complies with applicable law and regulation. Apiture shall have no responsibility for correcting errors or for fraud transmitted to it by Institution or Users.

E. Institution shall be solely responsible to each User for the RDC and MCD Services. Institution will (i) contact the User to establish the installation time for RDC, specifically; (ii) provide telephone based support for installation, questions and issue escalation; (iii) provide User training, as applicable; (iv) provide project management resources for initial User installation; (v) identify primary and back-up contacts for the day-to-day operational process management; (vi) retrieve files and reports from an SFTP server in accordance with processing schedule; (vii) enter into a written agreement with RDC and MCD Users in accordance with Legal Requirements prior to granting access to the RDC and MCD Services; and (viii) ensure that authorized Users comply with the following requirements: (y) all equipment utilized for RDC and MCD Services will meet or exceed the specifications provided by Apiture; and (z) provide an internet connection.

Institution will additionally provide detailed information to establish or update RDC Users based on a standard template, provide Tier 1 support for RDC Users questions and issue escalations, and be responsible for compliance of its legal requirements regarding retention of image and data files used to process RDC Services transactions.

F. Users may scan checks (or payments for Business Users) and submit electronic deposits anytime, with the exception of identified system maintenance periods. Deposits (and payments for Business Users) submitted by Users will be delivered to the Institution in the next available file delivery as defined by the processing schedule. Back-end processing of deposits (or payments) received by Users, including MICR line correction, creation of an X9.37 or X9.100 (or similar) clearing file and a report showing deposit totals and transaction information can either be transmitted by Apiture to the Institution or retrieved by the Institution.
1. Wausau RDC and MCD (Consumer Retail)
  1. Where Institution purchases the Remote Capture mobile application independently of a mobile banking application’s functionality, the Mobile Capture solution allows the Institution and Remote Capture Users of the Institution to capture and transmit single check deposits through Apiture’s Third Party Provider’s Remote Capture Services System using a supported smartphone and/or mobile application. Work captured and transmitted to the Third Party Provider’s Operations Center via the Remote Capture Services will be made available to the Institution or the Institution representative and will be made available to the Institution or the Institution representative at the agreed upon file delivery time(s). Apiture will configure Mobile Capture solution using agreed upon settings determined via questionnaires answered by Institution.
  2. The Consumer Capture solution allows the Institution and Users of Institution to capture and transmit deposits through Apiture’s Third Party Provider’s Remote Capture Services System using a simplex Twain 1.9 compatible flat bed scanner or all-in-one copy printer fax device. Work captured and transmitted to the Third Party Providers’ Operations Center via Deposit 24/7™ Remote Capture Services will be made available to the Institution or the Institution representative and will be made available to the Institution or the Institution representative at the agreed upon file delivery time(s). Apiture will configure Consumer Capture solution using agreed upon settings determined via questionnaires answered by Institution. Training of the User is the Institution’s responsibility.
  3. Deposit 24/7™ Business Mobile solution allows the Institution and Users to capture and transmit checks and payment items through Apiture’s Third Party Provider’s Deposit 24/7™ Remote Capture Services System using a supported smartphone and/or mobile banking application. Deposited items scanned, captured and transmitted to the Third Party Provider’s Operations Center via the Deposit 24/7™ Remote Capture Services will be made available to the Institution or the Institution representative in the form of an X9.37 clearing file, X9.100 clearing file, or XML file to ingest into a downstream remittance solution, and will be made available to the Institution or the Institution representative at the agreed upon file delivery time(s). Apiture grants to Institution a non-exclusive, royalty-free, fully paid-up, sublicensable license to use any software (including APIs) provided by Apiture’s Third Party Provider for the purpose of supporting the functionality of the Deposit 24/7™ Business Mobile solution.
  4. Branch Capture solution allows the Institution and Users of Institution to capture and transmit branch work through Apiture’s Third Party Provider’s Remote Capture Services System. Work captured and transmitted to the Third Party Provider’s Operations Center via Remote Capture Services will be made available to the Institution or the Institution representative and will be made available to the Institution or the Institution representative at the agreed upon file delivery time(s). Depending on the Image Processing and Data Entry option selected by Institution, Apiture’s Third Party Provider may perform MICR repair, transaction balancing, internal general ledger adjustment creation, and reporting. Apiture will configure Branch Capture solution using agreed upon settings determined via questionnaires answered by Institution.
    
    Option 1: With “Capture and Go” Institution captures and transmits work as captured without having to do any keying or balancing. Courtesy Amount Recognition (CAR), the amount of check written in numbers, will be configured to identify MICR fields if CAR / Image friendly documents are used. Transaction file is created by the Third Party Provider’s Operations Center as it was captured and transmitted by the Institution.
    
    Option 2: With “Institution Keys and Balances” Institution is responsible for capture, keying and balancing batches of work prior to transmitting work to the Application Service Provider environment. Institution will be configured to require entry of all MICR fields and present balanced batches of work. CAR will be configured to identify all MICR fields if CAR/Image friendly documents are used. The transaction file is created by the Operations Center as it was captured and transmitted by the Institution.
    
    Option 3: With “Third Party Provider’s Operations Center Keys, balances and transmits balances file back to Institution” the Operations Center keys, balances and transmits balanced file back to the Institution. The Operations Center provides MICR repair of branch captured and transmitted work. Branch will not be required to repair or balance batches. CAR will be configured to identify MICR fields. The Operations Center will repair MICR lines and populate missing fields. Institution must be using CAR/Image friendly documents. Items with unreadable values, whether internal docs, money orders, onus checks, transit checks, will all be modified to be general ledger tickets that Institution will research. Out of balance transactions will have a balancing debit or credit entered to “force balance” after the Operations Center verifies all amounts are correct.
    
    Centralized duplicate checking will be performed. Items considered possible duplicates will be substituted for suspense general ledger tickets to be researched by the Institution. If adjustments need to be made they will be internal general ledger adjustments only. Apiture’s Third Party Provider operations staff will not contact Institution for adjustment verification. Adjustment notices will be made available to the Institution.
    
    These assumptions are applicable regardless of which option Institution selects:
    1. Apiture’s Third Party Provider’s Operations Center will have no communication with the branches on a daily basis. No outages will be researched. Unreadable items will be replaced with a suspense general ledger entry.
    2. Institution must use Image/CAR friendly documents. These must be in place when the Institution goes live with Branch Capture.
    3. The option selected will depend on the Institution’s item processing solution — if Institution has back office department to receive the transaction file and make adjustments or does the file go directly to a host processor who expects it clean. If Institution expects it clean, then the Institution will need to select option 3 or option 2 with the assumption that Apiture’s Third Party Provider’s Operations Center will not be doing any double checking of the data presented.
    4. If Institution transmits a batch and needs it deleted, Institution will be responsible for doing so within its own item processing system:
      1. If the file is being transmitted directly to a 3rd party processor
      2. Institution must submit deletion request to Apiture’s Third Party Provider at least 1 hour before scheduled file delivery time.
  5. Risk Monitoring allows the Institution and its risk management teams to better monitor and control risks associated with remote deposit capture. One of the key features allows for rule-based flags. If any items coming into the system fit a rule designated by Institution, a flag will be assigned to that item or transaction. Once the item has been flagged, it can be personally reviewed by the Institution and a decision can be made as to whether to move forward with the transaction, contact the User to alleviate risk or reject the item/transaction. If the item/transaction is rejected, a notification is sent back to the User and a correction item is automatically inserted into the transaction to balance it. “Must act” items require the Institution to review and either accept or reject the item/transaction before it can be processed and allowed to be included in the clearing file. Institution must decision all “must act” items ½ hour before the scheduled output file delivery time(s). If the “must act” items are not decisioned ½ hour before the scheduled output file delivery time(s), Apiture’s Third Party Provider will create the X9.37 (or similar) file with the “must act” items included.
  6. Location Awareness is additional functionality and an additional service that is made available through the Risk Monitoring application. Location Awareness provides the ability to track Remote Capture User IP addresses and/or proxy servers that transmissions pass through on their way to the central site for processing. It will also tell the Institution if a workstation has moved from its original (and expected) physical location, thus providing greater visibility to possible fraudulent activities. These changes in capture locations will be reported within new functionality available within Risk Monitoring so those suspect transactions can be reviewed and properly decisioned before downstream processing takes place. “Must act” items require the Institution to review and either accept or reject the item/transaction before it can be processed and allowed to be included in the clearing file. Institution must decision all “must act” items 1/2 hour before the scheduled output file delivery time(s). If the “must act” items are not decisioned 1/2 hour before the scheduled output file delivery time(s), Apiture’s Third Party Provider will create the clearing file with the “must act” items included in it.
  7. Integrated Mobile Capture can be integrated into the Apiture mobile banking application. This integrates the Mobile Check Deposit Solution with the Mobile Banking Service (the Application). Apiture will integrate the Mobile Check Deposit Solution with the Application. The Integrated Solution will allow the Institution and the Users of Institution to capture and transmit a check deposit through the Remote Check Deposit Solution using a smartphone supported by Apiture. Files containing the captured check images will be provided to the Institution or the designated Institution representative in the form of an X9.37 or X9.100 clearing file and will be made available to the Institution or the Institution representative at the agreed upon file delivery time(s). The Mobile Check Deposit Solution will be configured using agreed upon settings determined via questionnaire(s) answered by Institution.
  8. NEITHER APITURE NOR ITS THIRD PARTY PROVIDER CAN CONTROL THE FLOW OF DATA TO OR FROM APITURE’S THIRD PARTY PROVIDER’S NETWORK AND OTHER PORTIONS OF THE INTERNET. SUCH FLOW DEPENDS IN LARGE PART ON THE PERFORMANCE OF THE INTERNET SERVICES PROVIDED OR CONTROLLED BY THIRD PARTIES. AT TIMES, ACTIONS OR INACTIONS OF SUCH THIRD PARTIES CAN IMPAIR OR DISRUPT INSTITUTION’S OR USERS’ CONNECTIONS TO THE INTERNET (OR PORTIONS THEREOF). ALTHOUGH APITURE WILL USE COMMERCIALLY REASONABLE EFFORTS TO TAKE ALL ACTIONS IT DEEMS APPROPRIATE TO REMEDY AND AVOID SUCH EVENTS, NEITHER APITURE NOR ITS THIRD PARTY PROVIDER CAN GUARANTEE THAT SUCH EVENTS WILL NOT OCCUR. ACCORDINGLY, APITURE AND ITS THIRD PARTY PROVIDER DISCLAIM ANY AND ALL LIABILITY RESULTING FROM OR RELATED TO SUCH EVENTS.
2. Ensenta (Jack Henry) RDC and MCD (Consumer Retail and Business)
  1. Institution will communicate with the EnsentaNet Service via a VPN or leased line connection to be determined and mutually agreed. Institution will make the deposit images, magnetic code line (MICR) data, and transaction tracing data available to the EnsentaNet Service through mutually agreed connection and transmission. The EnsentaNet Service will enable the Institution to consolidate deposit item images and information from deposit transactions acquired at Institution’s Remote Capture.
  2. The Institution’s security obligations may be reviewed by Apiture’s Third Party Provider at any time. Institution hereby permits Apiture’s Third Party Provider to discuss directly with Institution any changes to Institution’s security obligations during the term of the Agreement and potential solutions, potential target dates for completion of such changes and solutions, and the fees, if any, to be paid to Apiture’s Third Party Provider for such additional efforts. In the event Apiture’s Third Party Provider and Institution cannot mutually agree to the proposed changes and the appropriate fees within a 60-day period, Apiture may, within 10 days after such period, terminate the RDC or MCD Service with the Institution. In the event of such termination, all deconversion fees and other termination fees set out in the Agreement will be due.
  3. MITEK MiSnap™ is a mobile device software developer kit that allows Users to integrate MITEK MiSnap™ with mobile device image capture applications in order to provide automatic image capture, document imaging, intelligent character and image recognition and document analysis. The Institution acknowledges the following if purchasing MITEK MiSnap™:
    
    The MITEK MiSnap™ Service feature set will be provided as an additional service under the limited license to provide the mobile device software developer kit that allows users to integrate MITEK MiSnap™ with mobile device image capture applications to provide automatic image capture, document imaging, intelligent character and image recognition, and document analysis. New features rendered through the MITEK MiSnap™ platform, such as multiple check capture, drivers’ license capture and other optional services, will be subject to additional fees. As a condition to the implementation and use of the MITEK MiSnap™ Service, Institution shall be required to complete a certification process, which will be conducted at Apiture’s Third Party Provider’s direction, addressing and encompassing the implementation training and use of MITEK MiSnap™. When Institution purchases the MITEK MiSnap™ Service , in addition to the licenses granted in the Agreement, the Institution is granted a limited, non-transferable , non-exclusive, non-sublicensable right to sublicense MlTEK MiSnap™ to Institution subcontractors who provide product integration and support services to Institution; provided , however, that: (i) such sublicense may only be used in connection with accessing and using the SmartPay Ensenta Remote Deposit Capture Service including MITEK MiSnap™ for the Institution in accordance with the license rights conferred under the Agreement ; (ii) the subcontractors must agree to be bound by the terms of these Service Terms and the Agreement, to the extent applicable; and (iii) use of MITEK MiSnap™ as granted herein shall only be in conjunction with the SmartPay Ensenta Remote Deposit Capture Service. Institution be responsible for the breach of any terms these Service Terms by its subcontractors.
  4. The SmartPay Ensenta Smart Alerts for Real-time Fraud MonitoringSM Service is available only in connection with Institution’s purchase of SmartPay Ensenta Consumer RDC-MobileSM Service, SmartPay Ensenta Consumer RDC-DesktopSM Service, SmartPay Ensenta Business RDC-MobileSM Service, SmartPay Ensenta Business RDC-DesktopSM Service and/or SmartPay Ensenta ATM Risk Management and Check Image ProcessingSM Service. Third party services provided by Institution’s designated fraud monitoring vendor (Institution’s Fraud Monitoring Vendor and Fraud Monitoring Third Party Services) are integrated into this Service for Apiture’s Third Party Provider to provide web service notifications to Institution’s Fraud Monitoring Vendor that a deposit has been submitted by a User of Institution (along with related check images). In order to acquire and use the Fraud Monitoring Third Party Services, and in addition to this solution section, Institution is also required to execute a separate agreement between Institution’s Fraud Monitoring Vendor and Institution (Fraud Monitoring Vendor Agreement). Institution acknowledges and agrees that, with regard to this SmartPay Ensenta Smart Alerts for Real-time Fraud Monitoring Service, Apiture’s Third Party Provider is only transmitting a notification that a deposit has been submitted by a User of Institution (along with related check images) to Institution’s Fraud Monitoring Vendor (Fraud Monitoring Vendor Required Data). Institution’s Fraud Monitoring Vendor is solely responsible for completing and communicating with Institution regarding Institution’s Fraud Monitoring Vendor’s deposit fraud analytics on Institution’s User’s deposits. Institution hereby authorizes and directs Apiture’s Third Party Provider to provide the Fraud Monitoring Vendor Required Data to Institution’s Fraud Monitoring Vendor. The Fraud Monitoring Third Party Services will be governed by the Fraud Monitoring Vendor Agreement executed between Institution’s Fraud Monitoring Vendor and Institution. Neither Apiture nor its Third Party Provider makes or extends any separate product warranties, guarantees, indemnities or liabilities with respect to the Fraud Monitoring Third Party Services. Without limiting the foregoing, upon transmission by Apiture’s Third Party Provider of the Fraud Monitoring Vendor Required Data to Institution’s Fraud Monitoring Vendor, Institution’s Fraud Monitoring Vendor is solely responsible for the protection and security of the Fraud Monitoring Vendor Required Data after the Fraud Monitoring Vendor Required Data is transmitted by Apiture’s Third Party Provider.
  5. If the Institution is a non-bank or otherwise uses a third party as the ‘depository bank’, as such term is defined in the Check for the 21st Century Act, Institution will facilitate, at Apiture’s request, a separate cash letter agreement directly between Apiture’s Third Party Provider and Institution’s depository bank prior to certain remote deposit capture services being made available to Institution. Institution additionally authorizes Apiture’s Third Party Provider to send the data files generated in connection with the remote deposit capture services on behalf of Institution to the respective depositary bank.
Family Banking
1. Definitions
  1. BaaS Institution means Community Federal Savings Bank or an alternative or successor financial institution which functions as the primary depositary institution for Greenlight accounts and is the issuer of Greenlight debit cards, and with whom Greenlight maintains a banking-as-a-service relationship
  2. Customer means the adult end user member/customer of Institution who is registered for the GL Services.
  3. Greenlight means Apiture’s Third Party Provider, Greenlight Financial Technology, Inc.
  4. NPI means any information which constitutes “non-public personal information” under the Graham-Leach-Bliley Act (15 U.S.C § 6801) and its implementing regulations.
2. Institution and Apiture agree that the Family Banking Services consist of a limited integration to technologies and related services provided by Greenlight. Greenlight provides direct-to-consumers services which may include, without limit, web and mobile applications which enable adults to originate, fund, and service debit cards and associated accounts for minor children (GL Services). The Family Banking Services consist of (i) a link which directs an Institution Customer from the Apiture Digital Banking Platform to a Greenlight web application which enables a Customer to register for GL Services; (ii) an API integration to the GL Services which enables Customers to view limited information related to the GL Services within the Apiture Mobile Banking Service experience; (iii) a link within the Apiture Mobile Banking Service application which transfers the Customer to a Greenlight mobile application for the purposes of accessing additional information and account/card servicing features and functions; and (iv) such other features and functions as Apiture may choose to make generally available in iterative releases of the Mobile Banking Service.
3. Institution acknowledges and agrees that the GL Services are distinct from and not included within the Family Banking Services or any other Apiture Services. Institution and Apiture agree that Apiture shall have no contractual or other liability and no operational responsibility for the performance of the GL Services and that each individual Customer who uses the GL Services will be required to establish a direct customer relationship with Greenlight which shall be subject to Greenlight’s standard end user terms and conditions. Customers must register for the GL Services, establish and fund a valid Greenlight account, and enter into all required and related agreements in order to utilize the GL Services and, by extension, the Family Banking Services. Greenlight or its designee will provide all direct end-user support required in connection with the GL Services.
4. Institution acknowledges and agrees that Greenlight maintains a banking-as-a-service relationship with the BaaS Institution, which functions as the primary depositary institution for Greenlight accounts and is the issuer of Greenlight debit cards. Institution acknowledges and agrees that its Customers will be required to enter into a cardholder agreement and any required ancillary agreements with the BaaS Institution. Subject to Greenlight’s discretion and in the event that Institution desires to enter into an arrangement whereby it holds deposits associated with Greenlight accounts, then Institution may be required to enter into a further agreement directly with Greenlight and/or a receive agreement, sweep agreement, or similar agreement directly with the BaaS Institution.
5. To the extent that Customers furnish data directly to Greenlight through the Greenlight registration web application, the Greenlight mobile application, the GL Services, or any other channel, then as between Greenlight, Apiture, and Institution, such data shall belong to Greenlight subject to the provisions of its direct agreement with the Customer and its then-current privacy policy. As such, Greenlight shall have no obligations to Institution or Apiture in connection with such data. For the avoidance of doubt, the fact that data is provided to Greenlight by Customers will not affect the ownership of data distinctly or separately provided directly to Institution or Apiture. Ownership of such data shall be subject to the provisions of the Master Agreement between Apiture and Institution. Institution acknowledges and agrees that no NPI or other personal information of Customers will be furnished to Greenlight through the API integration between the Family Banking Services and the GL Services.
6. APITURE MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, REGARDING THE GL SERVICES, AND SPECIFICALLY DISCLAIMS ANY AND ALL IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND/OR FITNESS FOR A PARTICULAR PURPOSE. APITURE DOES NOT WARRANT THAT THE GL SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE AND EXPRESSLY DISCLAIMS ANY AND ALL LIABILITY AND REPSONSIBILITY FOR THE GL SERVICES.
7. Institution shall indemnify, defend, and hold Apiture harmless from and against any and all Losses arising in connection with the GL Services, including, without limit, claims by Customers related to the GL Services, except to the extent such losses are proximately caused by the Family Banking Services.
8. NOTWITHSTANDING ANYTHING TO THE CONTRARY WITHIN THE MASTER AGREEMENT WITH APITURE, APITURE’S MAXIMUM AGGREGATE LIABILITY IN CONNECTION WITH THE APITURE FAMILY BANKING SHALL BE LIMITED TO THE AMOUNTS PAID BY INSTITUTION FOR THE APITURE FAMILY BANKING SERVICES IN THE SIX (6) MONTHS PRECEDING THE CLAIM UNDER WHICH THE LIABILITY ARISES.
9. Institution acknowledges and agrees that nothing in the Agreement conveys and right or interest in or any permission to use Greenlight trademarks, tradenames, trade dress, or other Greenlight intellectual property. Any advertising, marketing materials, promotional announcements, press release or other business generating communication to be issued or utilized by Institution related to the GL Services or the Family Banking Services must be approved in advance by both Greenlight and Apiture.
10. Greenlight may provide Institution with the ability to offer Customers a co-branded Greenlight mobile application which includes Institution’s logo or other theming. In such cases, Institution shall be responsible for providing Greenlight with specification and materials necessary to configure the co-branded application. Any such co-branded application shall constitute GL Services and not Apiture Family Banking Services. Apiture shall have no liability for Greenlight’s use of Institution logos or branding or other materials.
My Credit Score
1. Definitions
  1. “Co-Branded Website” means the portion of Apiture’s Third Party Credit Score Provider website, from which Users can access and use the My Credit Score Services.
  2. “Offer” means a financial offer, such as an offer to obtain a new or refinanced car loan, credit card, personal loan, mortgage or other type of financing.
  3. “Prequalify” means identifying Users who appear to qualify for Offers based on soft inquires of such Users’ credit reports, provided that final credit approval will be subject to Institution’s underwriting requirements and a hard inquiry of such Users’ credit reports.
2. Institution shall comply with all applicable law (including all applicable export laws, rules and regulations of the United States) in Institution’s use of the My Credit Score Services and in Institution’s making available the My Credit Score Services to Users. Institution will not import or export any My Credit Score Services in violation of any applicable law.
3. Institution hereby grants to Apiture and its Third Party Credit Score Provider a worldwide, non-exclusive, royalty-free, fully paid up, sub-licensable right and license, during the term of Institution’s agreement with Apiture, to:
  1. use, reproduce and display Institution trademarks, service marks, logos and other branding (“Institution Branding”) in connection with Apiture and its Third Party Credit Score Provider ’s performance of the My Credit Score Services, including without limitation within the Co-Branded Website. The foregoing license includes the right to make modifications to size, format or other aspects of the Institution Branding solely as necessary to incorporate or include such Institution Branding within the My Credit Score Services and the Co-Branded Website;
  2. use, reproduce and modify any content provided by Institution to appear within the Co-Branded Website and display such content within the Co-Branded Website; and
  3. establish and maintain one or more links from the Co-Branded Website to Institution’s website(s).
4. Single Sign-On Provisions. If Institution wishes to implement a single sign-on functionality (“SSO”) whereby Users of the Institution Site or Institution App, after having initially registered with Apiture’s Third Party Credit Score Provider via the Co-Branded Website, will thereafter have access to some (but not all) of the My Credit Score Services after signing on to the Institution Site or Institution App, without having to separately sign-on through their login credentials at the Co-Branded Website, then Institution agrees as follows:
  1. Institution will (and will require its authorization partner, if any, to) cooperate with Apiture’s Third Party Credit Score Provider in the implementation of the SSO. Neither Apiture nor Apiture’s Third Party Credit Score Provider will not be responsible for any costs incurred by Institution in implementing the SSO.
  2. Institution will provide to Apiture’s Third Party Credit Score Provider any and all User data and other information reasonably required by Apiture’s Third Party Credit Score Provider to permit Users to access the My Credit Score Services through the Co-Branded Website and Institution App via SSO. Such User data includes, without limitation: name, user name (or user ID number), home address (at which such User currently resides), date of birth, social security number, email address and phone number.
  3. Institution agrees that Users may continue to access the My Credit Score Services directly through the Co-Branded Website, even if SSO has been implemented in the Institution Site.
5. Right to Provide User Data. Institution represents and warrants that it has obtained all requisite permissions and consents from Users in compliance with applicable law and Institution’s stated privacy policy in order to provide User data to Apiture and Apiture’s Third Party Credit Score Provider.
6. Disclaimers and Limitations and Liability. Institution acknowledges that Apiture and Apiture’s Third Party Credit Score Provider disclaim any and warranties of any kind, express, implied, statutory or otherwise, including any warranties of merchantability, fitness for a particular purpose, title, non-infringement, freedom from computer viruses and all warranties arising from a course of dealing course of performance or usage of trade. Institution agrees that Apiture’s Third Party Credit Score Provider shall have no obligation or liability directly to Institution.
7. Third Party Beneficiary. Institution Agrees that Apiture’s Third Party Credit Score Provider is the intended direct third party beneficiary of the Institution Terms in this My Credit Score Section of these Service Terms, and that Apiture’s Third Party Credit Score Provider shall have the right to enforce the Institution Terms directly against Institution and seek damages and remedies directly from Institution for any breach by Institution of the Institution Terms.
8. Offers Made Available by Institution; Follow Up.
  1. Offers. As part of the My Credit Score Services, Institution may (but is not required to) enable the offer engine which displays Offers to Users through the My Credit Score Services, based on credit score and/or other criteria determined by Institution in its sole discretion. Offers may be made for the type of products and services of Institution which are supported by Apiture’s Third Party Credit Score Provider and may be posted within the Branded Website. If Institution has enabled the offer engine, then for each Offer made through the Branded Website, Institution will provide the information and criteria below, which may be provided via a link to a page within the Institution Site(s) that contains such information. Institution represents and warrants that all criteria used in establishing Offers and evaluating Users to determine their qualifications for Offers shall comply with applicable law.
    1. Product/ Service information: type of product, applicable APRs,
    2. Credit Score or range of Credit Score for each lending product
    3. Applicable credit or demographic eligibility criteria
    4. Transition links from product recommendation on Apiture’s Third Party Credit Score Provider website to Apiture website
    5. Applicable disclaimers or disclosures, if required
  2. User Offer Data. For each User who (a) has indicated (either by filling out and/or transmitting an application in response to an Offer, by affirmatively indicating that he/she is interested in obtaining additional information about an Offer, or by affirmatively taking any such other action in response to an Offer) that he/she would like to be contacted about an Offer for which he/she appears to qualify, or (b) has otherwise granted unrevoked permission to Apiture’s Third Party Credit Score Provider to provide personal information about such User to Institution relating to Offers, Apiture’s Third Party Credit Score Provider will provide the following contact information (to the extent Apiture’s Third Party Credit Score Provider has such information) to Institution: specified offer, name, username (or member ID number), home address (at which such User currently resides), email address, phone number and any other mutually agreed information about such User (“User Offer Data”). User Offer Data may be transmitted by Apiture’s Third Party Credit Score Provider either (i) immediately through a loan origination services provider and/or via a file which is transmitted to Institution on a daily/weekly/monthly basis, as agreed by the parties. Apiture’s Third Party Credit Score Provider shall not be required, and shall not, provide the credit score, financial account numbers or other financial information about such Users to Institution. Additionally, neither Apiture nor Apiture’s Third Party Credit Score Provider does or can guarantee that Users who appear to be qualified for Offers made available by Institution (based on information obtained by Apiture’s Third Party Credit Score Provider from Institution, Users, credit bureaus or other third parties) do in fact qualify or will in fact be approved for such Offers after having formally applied with Institution for such Offers. Institution hereby agrees that it shall use the User Offer Data solely for purposes of communicating with Users about the specified Offer, that it shall not further disclose or distribute such User Offer Data, and that it shall not contact any Users who have subsequently requested not to be contacted by checking all User Offer Data against the most recent scrub list prior to communications to such Users.
  3. User Follow Up Data. For each User who has affirmatively indicated that he/she would like to be contacted by Institution regarding such User’s income, expenses and/or spending or about programs or promotions offered by Apiture, Apiture’s Third Party Credit Score Provider will provide the following contact information (to the extent Apiture’s Third Party Credit Score Provider has such information) to Institution: name, item about which the User wishes to be contacted, username (or member ID number), home address (at which such User currently resides), email address, phone number and any other mutually agreed information about such User (“User Follow Up Data”). Apiture’s Third Party Credit Score Provider shall not be required, and shall not, provide the credit score, financial account numbers or other financial information about such Users to Institution. Institution hereby agrees that it shall use the User Follow Up Data solely for purposes of communicating with the User about the specific issue for which the User requested to be contacted, that it shall not further disclose or distribute such User Follow Up Data, and that it shall not contact any Users who have subsequently requested not to be contacted by checking all User Follow Up Data against the most recent scrub list prior to communications to such Users.
  4. Minimum Number of Offers. Institution agrees, that in order for Apiture’s Third Party Credit Score Provider to provide the offer engine portion of the My Credit Score Services, Institution must make available no less than one (1) Offer, so that all Users may be evaluated by Apiture’s Third Party Credit Score Provider based on the criteria for such Offer to determine if they appear to be qualified for such Offer.
  5. Use of User Credit Score. Institution agrees that it may not use Users’ credit scores provided to Institution through an API or otherwise (or any implied credit data of such Users) for the purpose of extending any credit approval to Users. For purposes of clarity, Institution may use Users’ credit scores and other information obtained from Users’ credit reports to Prequalify such Users.
9. Cooperation. Institution acknowledges that Institution’s timely provision of (and Apiture’s Third Party Credit Score Provider’s access to) assistance, cooperation, and complete and accurate information and data from Institution’s officers, agents and employees as is reasonably requested by Apiture’s Third Party Credit Score Provider and Apiture (collectively, “Cooperation”) is essential to the performance of the My Credit Score Services, and that Apiture and Apiture’s Third Party Credit Score Provider will not be liable for any deficiency, delay or failure in performing the My Credit Score Services if such deficiency, delay or failure results from Institution’s failure to provide full Cooperation as required hereunder. Cooperation includes, but is not limited to, designating a project manager to interface with Apiture’s Third Party Credit Score Provider during the course of Apiture’s Third Party Credit Score Provider’s performance of the My Credit Score Services, and providing all necessary review and feedback if requested by Apiture’s Third Party Credit Score Provider. Apiture’s Third Party Credit Score Provider and Apiture shall have the unrestricted right use or incorporate into the My Credit Score Services any suggestions, enhancement requests, recommendations or other feedback provided by Institution and/or Users, without any obligation or liability to Institutions and/or Users. Institution and its Users shall have no obligation to provide any such suggestions, enhancement requests, recommendations or other feedback to Apiture’s Third Party Credit Score Provider.
10. Analytics Data. “Analytics Data” means any data provided by Apiture’s Third Party Credit Score Provider as part of the Analytics services portion of the My Credit Score Services and includes User Offer Data and User Follow Up Data. Institution agrees that with respect to Analytics Data, in addition to the requirements in Section 14.8.1 above, (a) Institution may use Analytics Data for the sole purpose of Prequalifying Users and marketing and following up on Offer(s) made to Users; (b) Institution may not use Analytics Data (or any implied credit data of such Users) for the purpose of extending credit approval to Users, but may use the data obtained from a hard inquiry of a User’s credit report, based on Institution’s underwriting requirements, to determine whether to extend credit approval to a User; (c) Institution may use the Analytics Data for only a period of thirty (30) days after the date on which the Analytics Data was generated (thereafter, new Analytics Data may be used, but the Analytics Data which is older than thirty (30) days from the date it was generated may not be used, even if combined with other data); and (d) Analytics Data may no longer be used by Institution for an individual who ceases to be an User of Institution.
11. Access to Data; Analytics Portal. Apiture’s Third Party Credit Score Provider will make available Analytics Data on its Analytics services portal (“Analytics Portal”) provided by Apiture’s Third Party Credit Score Provider as part of the Analytics services. Institution agrees that access to the Analytics Portal will be given solely to current employees of Institution who will be assigned unique usernames and passwords (“Login Credentials”) by Apiture’s Third Party Credit Score Provider. If Institution wishes to provide access to the Analytics Portal to a contractor or any other third party, Institution must obtain Apiture’s Third Party Credit Score Provider’s prior written consent and a separate Login Credential for each such approved third party (“Approved Third Party”). Institution will be fully responsible and liable for all storage, use and disclosure of all the Analytics Data (by Institution, its authorized employees and Approved Third Parties) and agrees to manage and, where appropriate, revoke access to the Analytics Data from such employees and Approved Third Parties. Institution will be responsible for maintaining the confidentiality of all such Login Credentials and agrees not to (and to require such employees and Approved Third Parties) who are provided with unique Login Credentials not to) transfer, share, disclose or resell such Login Credentials to any third party. Institution will immediately notify Apiture’s Third Party Credit Score Provider of any unauthorized use of any of any of such Login Credentials, unauthorized access to the Analytics Portal through its account, or any other breach of security related to its account or the Analytics Portal. Institution will be liable and responsible (and Apiture’s Third Party Credit Score Provider will not be liable) for any loss or damage arising from Institution’s failure to comply with any of the foregoing obligations.
12. User Authentication. Upon Institution’s request, and subject to Apiture’s approval, Institution may elect to authenticate the identity of Users who are provided access to the My Credit Score Services, provided that: (a) Institution represents and warrants that it is a regulated financial institution and that the protocol used by Institution to verify the identities of Users (“Authentication Protocol”) has been accepted or permitted by its regulators and is in compliance with applicable law; (b) within ten (10) business days after request of Apiture’s Third Party Credit Score Provider, Institution will provide written verification of Institution’s Authentication Protocol; (c) Institution will comply with any current and future additional requirements of Apiture’s Third Party Credit Score Provider’s credit bureaus pertaining to Institution’s authentication of Users; and (d) Apiture’s Third Party Credit Score Provider may reasonably discontinue Institution’s authentication of Users by written notice to Institution and/or Apiture. Institution will indemnify and hold harmless Apiture and Apiture’s Third Party Credit Score Provider from and against any claims, expenses, costs and liabilities arising from Institution’s breach of this Section 14.12.
13. Institution will promptly notify Apiture and Apiture’s Third Party Credit Score Provider in the event of a merger involving Institution, sale of substantially all of Institution’s stock or assets, the acquisition by Institution of the stock or assets of third party, or similar transaction. Institution will certify the updated number of online banking users, if any, resulting therefrom and acknowledges that any updated number of online banking users may result in a recalculation of fees.
14. Institution acknowledges and agrees that Apiture’s Third Party Credit Score Provider may modify the terms and conditions of this My Credit Score Section of the Service Terms from time to time, with no less than thirty (30) days’ written notice to Institution, which modified terms will become effective upon the stated effective date of such notice to Institution. If Institution, acting reasonably, objects to any such modified terms, Institution will have the right to terminate the My Credit Score Services by written notice to Apiture and My Credit Score at any time up to the effective date of the modified terms.
15. Aggregated Data. Institution agrees that during and after the term of the Institution Agreement, Apiture’s Third Party Credit Score Provider shall have the right to use Aggregated Data for Apiture’s Third Party Credit Score Provider’s internal business purposes (such as improvement, enhancement, diagnostic, forecasting, planning and corrective purposes and to further develop the My Credit Score Services) and to disclose Aggregated Data in Apiture’s Third Party Credit Score Provider’s public statements and marketing materials describing and/or promoting the My Credit Score Services. “Aggregated Data” means any data or information (including data and information derived from Personal Data) that has been fully anonymized and does not identity an individual, cannot be used to identify an individual, Apiture, its Institutions or Users with or without the combination of other publicly-available information, and is neither attributable to Apiture, Institution or a User nor reveals any Confidential Information of Apiture, its Institutions or Users. Aggregated Data may be combined with other data.
16. Right to Terminate. Institution understands that Apiture shall have the right to terminate the My Credit Score Services, upon one hundred eighty (180) days prior written notice to Institution in the event that, notwithstanding Apiture’s Third Party Credit Score Provider’s commercially reasonable good faith efforts, Apiture’s Third Party Credit Score Provider is not able to renew the term of its existing agreement(s) with at least one credit bureau on commercially reasonable terms, without having to pay Institution any termination fees or wind-down costs or credit any fees to Institution as a result of such termination. My Credit Score Services cannot be cancelled or terminated by Institution during the initial twelve (12) months.
Zelle^®
1. Definitions
  1. “Account” means a checking, savings or money market account from which Services transactions are initiated.
  2. “Payee” means a party to whom a Subscriber has initiated and authorized a payment from its Account through the Services.
  3. “Receiver” means a natural, individual person who receives a Request Money request through the Zelle Services.
  4. “Recipient” a person other than the designated Subscriber to whom Subscriber transfers funds and provides the required account information to allow such transfer.
  5. “Requestor” means a natural, individual person who sends a Request Money request to a Receiver through the Zelle Services.
  6. “Subscriber” means Institution’s members or customers, as applicable.
  7. “Transaction Loss” means a loss that occurs because the associated transaction was rescinded as unauthorized or has been returned and is uncollectable.
  8. “User Data” shall mean: (a) the Subscriber’s, Recipient’s, Receiver’s or Requestor’s name, e mail address, zip or postal code; and (b) Account information (e.g. financial data, user identification, login and password and personal information (including without limitation birth date, IP address and social security number), as well as the ABA Routing and Transit Number that are specific to an Account).
2. Apiture, through its Third Party Providers, Fiserv and Early Warning Services, LLC, will provide payment services that allow payments to accounts owned by individual persons other than the designated Subscriber (“Zelle Services”). Institution and its Subscribers shall follow Apiture’s and its Third Party Provider’s standard operating procedures, including without limitation security procedures, with respect to use of the Zelle Services. Apiture shall make available to Institution, and the Zelle Services shall include, technical and administrative tools consistent with Fiserv Risk Procedures and supporting risk management, decisioning and investigation. Institution shall reasonably cooperate with Fiserv’s Risk Procedures, including (i) promptly responding to reasonable requests to verify account ownership or any fraud investigation with respect to a Deposit Account held at Institution, regardless of the transaction origin; (ii) promptly sending returns information to Fiserv via an ACH returns file, chargeback process, or daily batch feeds, as mutually agreed; (iii) requesting and obtaining a Written Statement of Unauthorized Debit signed and completed by its claimant or Subscriber prior to initiating a debit return pursuant to the ACH Rules; and (iv) in the event that Fiserv has to provide a Letter of Indemnity, hold harmless letter or related documentation (each an LOI) to another financial institution to recover Transaction Losses and there is a claim made under the LOI, then Institution shall be responsible for all amounts relating to such claim, including without limitation, the settlement amount and attorneys’ fees.
3. Institution shall only make the Zelle Services available to Subscribers for use with U.S.-based accounts subject to the terms of the Agreement. Account holders are required to have U.S. domestic addresses and U.S. domestic mobile numbers for use with the Service. Service payments via Debit Card Networks are only available in the 50 states of the United States and the District of Columbia.
4. Institution acknowledges that with respect to Zelle Services transactions, the Subscriber or Institution is the Originator under the ACH Operating Rules.
5. Neither Apiture nor Apiture’s Third Party Providers for the Zelle Services shall have liability or further obligations relating to any delays, inaccuracies or incomplete Zelle Services caused by the failure of Institution to properly or timely meet its obligations or requirements.
6. Institution shall comply with all laws, rules, regulations, statutes, regulations (and any interpretations thereof and rules promulgated thereunder) and industry requirements applicable to receiving and using the Zelle Services, including without limitation the USA Patriot Act, Regulation E of the Electronic Fund Transfer Act, the federal Bank Secrecy Act, the NACHA rules, the ACH rules, federal and state laws and regulations and industry requirements relating to electronic funds transfers, federal and state laws and regulations relating to money transmission, currency reporting and the prevention of money laundering and any applicable rule or regulation issued by a regulatory body, including the U.S. Office of Foreign Assets Control and the bylaws and operating regulations of any payment network or organization through which transactions are being processed, to enable it to offer and provide any payment or money transfer-related services to Subscribers, and to otherwise register and activate Subscribers to make use of any such services, including, but not limited to, any necessary pre-registrations, consents and authorizations from and notices to its Subscribers. Institution shall maintain all records and prepare and file any necessary forms, reports or other documentation, including without limitation, suspicious activity reports or currency transaction reports required to be filed in accordance with laws applicable to Institution. Institution will immediately notify Apiture and Fiserv of instances of suspected fraud, money laundering, terrorist financing, or other illegal activities determined within Institution’s reasonable discretion and involving the Zelle Services. Fiserv is relying on Institution’s performance as described in this Section in the performance of the Zelle Services.
7. Institution shall obtain any necessary consents or provide any necessary notices and disclosures to Subscribers in accordance with such laws, rules, regulations and requirements, including consents with respect to the use of any data regarding Subscribers including without limitation a Subscriber’s name, e mail address, zip or postal code, account information (e.g. financial data, user identification, password and/or personal information number, as well as the ABA Routing and Transit Number that are specific to a Subscriber’s account) and usage statistics. As part of the Zelle Services, neither Apiture nor its Third Party Providers shall be responsible for authenticating Subscriber credentials for access to the Zelle Services.
8. Institution will enter into a written agreement regarding the Zelle Services with Subscribers (Terms of Service). Institution acknowledges that the Terms of Service are between Institution and its Subscribers, not Apiture or its Third Party Providers. In its Terms of Service, Institution will include (i) disclaimers of incidental, indirect, consequential, special, punitive, and exemplary damages; and (ii) quantified limitations on direct damages that, with respect to both (i) and (ii), may be claimed or alleged by such Subscribers arising out of or relating to the Zelle Services. Such disclaimers and limitations must extend to Institution’s third-party suppliers or providers (but do not need to specifically reference Apiture or its Third Party Providers by name). Institution will enforce such disclaimers and limitations in claims, lawsuits and proceedings brought by its Subscribers. Institution shall disclose in the Terms of Service that (i) Institution is the sole party liable to Subscribers for transfers conducted using the Zelle Services; and (ii) as between the Institution and the Subscribers, Institution is solely liable to Subscribers, Recipients and Receivers to the extent any liability attaches in connection with the Zelle Services. Apiture’s and its supplier’s obligations under the Agreement and at law to Institution are not diminished by this Section. Any terms that are required by Fiserv to be present in such Terms of Service without substantial modification will be marked as such; provided that, Institution and Fiserv will collaboratively review and revise the Terms of Service to ensure that they address all of Institution’s Regulation E compliance requirements and any other enforceability concerns.
9. Institution shall not make any representation, warranty, or other legally binding commitments on behalf of Apiture’s Third Party Providers, any of its respective affiliates or any of their respective third-party providers.
10. Institution shall obtain the right for Apiture’s Third Party Providers to conduct standard credit screening as permitted under applicable law and regulations on Subscribers for purposes of authentication, conducting risk assessments, setting risk parameters and transaction limitations in connection with a Subscriber’s use of the applicable Zelle Services.
11. Institution shall provide the right for Apiture and its Third Party Providers to use any Institution trademarks, internet domain names, web addresses, telephone numbers, trade dress, service marks and/or trade names (including, without limitation, logos and slogans) for the purposes of providing the applicable Zelle Services. In addition, Institution hereby permits Apiture’s Third Party Providers to display Institution’s name and any logos or similar brand features made available to Apiture’s Third Party Providers in a list of Institutions for the Zelle Services that Apiture’s Third Party Providers makes available on the Zelle Web site or any successor personal payments service Web site. Institution shall be responsible for registering and maintaining the registration and legal compliance of its respective Internet address(es) and websites.
12. Institution and/or any Subscriber shall not: (a) transfer or otherwise sublicense the right to use the Zelle Services; (b) attempt to copy or otherwise reproduce the Zelle Services; (c) attempt to access, decompile, reverse engineer or otherwise derive the source code for the Zelle Services; (d) resell or use the Zelle Services for the benefit of any other U.S. Financial Institution or other such entity other than that Institution or any third party that is not a Subscriber; or (e) alter, remove or fail to include any copyright notice or other proprietary rights notices that appear on any user interfaces related to the Zelle Services or authorized reproductions thereof.
13. For any credentials provided to Institution to enable Institution to access data within the Apiture’s Third Party Provider systems, Institution agrees to, (a) take reasonable steps to safeguard the confidentiality and security of the credentials; (b) limit access to credentials to persons who have a need to know such information; (c) establish and monitor internal procedures which limit one (1) user ID to an authorized Institution representative and otherwise prevent the sharing of credentials; (d) notify Apiture immediately if Institution has any reason to believe the security or confidentiality required by this provision has been or may be breached; and (e) change any passwords that are part of the credentials immediately if Institution knows or suspects that the confidentiality of the credentials has been compromised in any way.
  
  Subject to Institution’s compliance with the obligations in this Section, Apiture can provide Institution with access to an online database containing recipient information (e.g., name and bank name) in connection with the Zelle Services. Institution agrees to access the database only: (a) to effect, administer, or enforce transactions that result from the Zelle Services; (b) to protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability related to the Zelle Services; (c) for internal audit and regulatory examination purposes; (d) to resolve consumer disputes or inquiries involving transactions that result from the Zelle Services, or (e) as permitted to access certain customer and transaction information in Apiture’s possession and shall only use the recipient information of non-Institution users within such database to complete Service transactions and for regulatory purposes. Institution will limit access to such database to its trusted employees and shall closely and regularly monitor such employees’ use of such database to ensure compliance with this provision. Institution will protect the database from security breaches at Institution by establishing, maintaining and updating policies, procedures, equipment and software that are designed to safeguard the security and integrity of the Institution computer systems used to access the database.
14. Institution shall not sue Apiture for the Zelle Services or name Apiture’s Third Party Providers as a party of any kind in any arbitration, proceeding or court action (including without limitation any and all lawsuits) instituted in connection with the products and Zelle Services. If Apiture’s Third Party Provider is named in any such arbitration, proceeding or court action, Institution shall cooperate in the removal of the Third Party Provider from each such arbitration, proceeding and court action, including without limitation through petitioning the arbitrator or applicable court. In the event of any dispute arising between Institution and Apiture from Institution’s use of a product or service from an Apiture Third Party Provider, Institution hereby (i) agrees and covenants that its only recourse shall be a claim against Apiture; and (ii) releases and holds Apiture’s Third Party Provider harmless from any claims, losses and damages of any kind (including, without limitation, actual, special, indirect, exemplary, incidental and consequential), known and unknown, disclosed and undisclosed, arising out of or in any way connected with such dispute regardless of whether such Third Party Provider was advised of the possibility or likelihood of such damages or costs occurring, and whether such liability is based on contract, tort, warranty, negligence, strict liability, products liability or otherwise (provided that the preceding release in no way limits or diminishes Institution’s right to recover losses and damages from Apiture; which shall be subject to any limitations of liability in Institution’s agreement with Apiture and in no way limits or diminishes Apiture’s right to recover losses and damages from its Third Party Provider arising out of or in any way connected to such dispute (such losses and damages are subject to the liability limitations in the agreements between Apiture and its Third Party Providers). Institution further agrees to waive, release and relinquish all rights, benefits and protections under the provisions of any state law limiting or prohibiting a general release under the law governing its Agreement, or in the event a court does not enforce the governing law clause in its Agreement with Apiture, under applicable state law, including without limitation California Civil Code § 1542 and any similar statutes.
15. Institution shall determine and be responsible for the completeness, authenticity and accuracy of all such information submitted to Apiture’s Third Party Providers’ systems and shall update such information promptly as applicable.
16. Institution will perform duties reasonably necessary to be on the then-current commercially-available release of the Zelle Services.
17. Fiserv and its service providers may use the User Data for the performance of the Zelle Services, as permitted by the Gramm-Leach-Bliley Act, its implementing regulations and other applicable laws, including (without limitation) any use to effect, administer or enforce a transaction or to protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability. If Recipients, Receivers or Requestors enter into direct contractual relationships with Fiserv, then Fiserv shall also have the right to use the User Data of such parties pursuant to such relationships. Provided that the source of the information is not disclosed and the information is used in conjunction with other independent information, Fiserv may use User Data for the performance of the Zelle Services and may use, store and disclose User Data and other such information acquired in connection with the Zelle Services in statistical form in aggregate form solely for pattern recognition, modeling, enhancement and improvement, system analysis and to analyze the performance of the Zelle Services. Fiserv may supply User Data to any law enforcement agency if Fiserv or any Fiserv client has suffered or may reasonably be expected to suffer a loss as a result of fraudulent or suspicious activity performed by the Subscriber, Recipient, Receiver or Requestor. Institution will identify a representative as a point of contact or a subject matter expert if such law enforcement agency requires supplementary information on such Subscriber, Recipient, Receiver or Requestor. In accordance with applicable law, Apiture’s Third Party Providers may also retain all User Data during and after termination of the Agreement for audit, regulatory compliance, risk management purposes or as otherwise permitted by applicable law and regulations and/or to the extent it is required to do so in connection with payment network or organization rules and regulations or similar applicable industry requirements. Institution will obtain sufficient authority and consent from Subscribers to transmit and disclose their User Data to Apiture’s Third Party Providers for the purposes set forth herein. Without limiting anything herein or any provisions of the Agreement, for the avoidance of doubt, the parties hereby agree that the User Data of Subscribers is information of the Institution for purposes of the Gramm-Leach-Bliley Act and its implementing regulations.
18. Institution additionally consents to Fiserv’s disclosure of the User Data to certain Fiserv supplier(s) solely in connection with the verification and authentication of the Subscribers and subject to the terms and conditions of these Service Terms. Institution acknowledge that such verification and authentication services are proprietary and confidential and shall be treated as Confidential Information under the Agreement. Institution grants to Fiserv and Fiserv’s applicable supplier(s) a non-exclusive, non-transferable, except as provided herein, right to use, copy, store, modify and display the User Data solely to the extent necessary to provide the Zelle Services pursuant to its Agreement. Institution will obtain all necessary Subscriber agreements or consents as may be reasonably required to grant such license rights to Fiserv and its suppliers.
19. Institution shall at all times remain responsible for making any consumer whole in connection with any failure to transmit money through the Zelle Services, subject to any rights of recovery Institution may have against Subscriber or Apiture, Apiture’s Third Party Provider, or any other party. As between the Institution and Subscribers, Institution will be solely liable to Subscribers for completion of Zelle Services transfers by payment of good funds in the correct amount and in a timely manner to the Recipient’s bank account (regardless of whether the bank account information was provided by Subscriber or collected from the Recipient) and the Institution is the “financial institution” for purposes of compliance with the Electronic Fund Transfer Act (EFTA), as implemented by Regulation E, including with respect to obligations under Section 910 of the EFTA.
20. Institution will promptly work with Apiture to analyze the cause of any Transaction Losses and to take appropriate measures to remedy their cause. If Apiture or its Third Party Provider (a) identifies a sudden unanticipated increase in Transaction Losses and believes it prudent to take immediate action to reduce Limits; or (b) identifies an unanticipated risk increase as to an individual Subscriber, then as to each of the preceding cases, Apiture or its Third Party Provider shall have the right at any time but not the obligation to (x) reduce Limits in an amount and for a duration determined by Fiserv in its sole discretion, (y) process transactions using a “good funds only” model, and/or (z) suspend the Zelle Service.
21. Institution shall promptly cooperate with Apiture and provide all reasonable assistance to Apiture regarding recovery of any Transaction Loss or any other investigation related to the Zelle Services.
22. Neither Apiture nor Fiserv shall be liable for any Transaction Losses incurred by Institution or its Subscribers for the Zelle Services, including but not limited to fraud losses or risk of loss, arising out of the use of the Zelle Services; liability for Transaction Losses is addressed in Early Warning’s Zelle Network® Participation Rules (“Network Rules”). Notwithstanding anything to the contrary in the Agreement, these Service Terms, or the Network Rules, Fiserv shall be liable to Institution for Transaction Losses caused by Fiserv’s gross negligence, Fiserv’s fraud or its willful misconduct. Further, none of Institution’s other rights against Fiserv at law or equity are excluded, limited or diminished by this section. Fiserv’s Risk Procedures only apply to Zelle transactions that are initiated via Subscriber interfaces hosted by Fiserv or APIs provided by Fiserv (e.g., not transactions that are processed by Early Warning via ZellePay.com).
23. If pursuant to the Zelle Services a credit is released and the debit or a portion of any such debit has failed, Apiture’s Third Party Provider reserves the right to resubmit for the uncollected portion of such debit. If following resubmission, the debit side remains in a failed status (or is returned for any reason), and the credit side cannot be reversed, Apiture’s Third Party Provider shall issue a new debit transaction in the amount of the uncollected portion of such debit. If Apiture’s Third Party Provider is unable to recover the uncollected portion of the debit, then Apiture’s Third Party Provider may additionally debit any of the Subscriber’s other accounts that are accessible via the Zelle Services to the extent necessary to offset the uncollected portion.
24. Institution acknowledges and agrees that Apiture’s Third Party Provider has the right to collect the applicable amount from the Subscriber underlying a Transaction Loss and agrees that Apiture’s Third Party Provider may (a) collect or attempt to collect directly from the applicable Subscriber any Transaction Loss, and (b) report the circumstances and amounts associated with such Transaction Losses to any credit bureau in accordance with applicable law. If Apiture’s Third Party Provider is unable to recover the Transaction Loss from the Subscriber, then Institution shall pay the pass-through cost from Fiserv for such loss, including chargebacks, upon receiving notice from Fiserv or Apiture, as the case may be.
25. Institution will at all times be solely liable to Subscribers for completion of the Zelle Services transactions by payment of good funds in the correct amount and in a timely manner to the Recipient’s bank account (regardless of whether the bank account information was provided by Subscriber or collected from the Recipient) and is the “financial institution” for purposes of Zelle and Known Third Party transfer transactions and their compliance with applicable laws. Without limiting the preceding sentence, Institution will at all times remain responsible for making any consumer whole in connection with any failure to transmit money through the Zelle Services. Institution will indemnify, defend, and hold harmless and release Apiture and its Third Party Providers and their officers, directors, and employees from and against any claims, actions and other proceedings by a Subscriber to the extent arising out of Institution’s breach of its obligation to make any consumer whole as set forth in this Section. The foregoing indemnification obligation shall not be subject to any limitations on Institution’s liability otherwise set forth in the Agreement.
26. Institution understands that all Payee contact is Apiture’s Third Party Providers’ responsibility, and Institution will not contact Payees at any time on behalf of Subscribers.
27. Institution shall obtain the right for Apiture’s Third Party Providers to use data gathered from confirmed cases of fraud to detect fraud for its other customers.
28. Apiture’s Third Party Service Provider Marks means any and all trademarks, service marks, tradenames, insignias, symbols and logos that are owned or exclusively licensed by Apiture’s Third Party Providers and that are designated to Institution for use in (or in relation to) the Zelle Services and/or the documentation provided for the Zelle Services. Apiture grants to Institution a limited, non-exclusive, nontransferable license during the term to reproduce, use and display the Apiture’s Third Party Providers’ Marks only in connection with Institution’s promotion, marketing and distribution of the Zelle Services under its Agreement. Institution will adhere to any guidelines regarding the Apiture’s Third Party Provider Marks that Apiture provides, the most recent copy of which Apiture will provide promptly to Institution upon request. Institution will publish any notices, including any notice of ownership of the Apiture’s Third Party Provider Marks, proprietary notice, copyright notice or restricted rights legend as directed by Apiture. The Apiture’s Third Party Provider Marks and all goodwill associated with the Apiture’s Third Party Provider Marks are and shall remain the exclusive property of Apiture’s Third Party Provider and these Service Terms give Institution no rights therein except for a limited license as described in this Section. Institution’s reproduction and use of the Apiture’s Third Party Provider Marks inures to the benefit of Apiture’s Third Party Provider. Apiture’s Third Party Provider may review Institution’s use and display of the Apiture’s Third Party Provider Marks and its marketing and promotional materials for the Zelle Services, and Institution shall comply forthwith upon receipt of any request from Apiture’s Third Party Provider for such review. In the event that Apiture’s Third Party Provider or Apiture (1) in its reasonable discretion, determines that Institution’s marketing or promotional material or use of the Apiture’s Third Party Provider Marks dilutes or diminishes the Apiture’s Third Party Provider Marks or the goodwill, quality or services associated with Apiture’s Third Party Provider or with any of the Apiture’s Third Party Provider Marks or is not in accordance with Apiture’s Third Party Provider’s direction or guidelines regarding the Apiture’s Third Party Provider Marks; and (2) notifies Institution of such determination; then (3) Apiture or Apiture’s Third Party Provider may revoke the license in this Section, unless Institution has resolved Apiture’s Third Party Provider’s or Apiture’s concerns identified in the preceding subsection (1) in a manner satisfactory to Apiture’s Third Party Provider within five (5) business days after Institution’s receipt of such notice. Institution shall cease to use the Apiture’s Third Party Provider Marks or any other marks or names of Apiture’s Third Party Provider upon the termination or expiration of its Agreement. Institution shall use the appropriate registered or common law trademark symbols in connection with the Apiture’s Third Party Provider Marks. Institution must not during the term of its Agreement or after its termination, apply for any registration as a trademark, service mark, domain name, business or company name, any word or logo that is the same as or substantially identical with or deceptively similar to any of Apiture’s Third Party Provider ‘s Marks, domain names or business or company names.
29. Institution must, at all times, comply with the NOW Network Rules and the Zelle Network Rules, as well as any other applicable payment network rules (e.g., Debit Card Network Rules). “NOW Network Services” means the Zelle Services that utilize the NOW Network, which include without limitation Zelle Real-Time Payments. Use of the NOW Network Services is subject to Institution’s participation in the NOW Network. Institution will execute a Real-Time Participation Agreement in connection with Institution’s use of the NOW Network Services, prior to commencement of the Zelle Services. If Institution holds more than $8 Billion in assets in its depository accounts, Institution will also execute a Reseller Participant Agreement – Person to Person (P2P) Payments Service (or the equivalent successor document required by Early Warning) with Early Warning prior to utilizing the Zelle Services. In all cases, Institution will comply with the bylaws and operating rules of the applicable payment networks that Institution utilizes with the NOW Network, which may include without limitation the NOW Network and Debit Card Networks. Neither Apiture nor Fiserv is responsible for the performance, speed, or other acts or omissions of third parties that use the NOW Network or interoperate with the NOW Network, such as Debit Card Networks.
  
  Notwithstanding anything to the contrary in Institution’s Agreement, NOW Network and Debit Card Network settlements are final except as set forth in the applicable NOW Network and Debit Card Network rules and recovery may not be possible; however, if such applicable rules allow for reversal of funds, Fiserv will attempt to recover such funds from the destination account. Fiserv shall not be obligated to comply with the Automated Clearinghouse (ACH) Rules in such recovery efforts or otherwise in connection with NOW Network Services. Fiserv will choose the method of delivery of NOW Network Service payment via the NOW Network in its sole discretion based on available end points for delivery of such payment. Other than Early Warning, third party operators of networks that connect to the NOW Network, such as Debit Card Networks, shall not be considered to be subcontractors for purposes of the Zelle Services. Fiserv will choose the Debit Card Networks in which Fiserv will participate in its sole discretion.
  
  For purposes of the Network Rules, Institution agrees that Fiserv is Institution’s agent as to the Zelle Services. Early Warning may direct Fiserv to terminate the Zelle Services if Institution is in breach of these Service Terms or its Agreement or if Early Warning determines that Institution does not meet the on-going vetting or due diligence requirements of the Network Rules. If Early Warning does so and Institution is unable to reasonably address Early Warning’s concerns, then Fiserv may be required to suspend or terminate the provision of the Zelle Services. Institution acknowledges and agrees that such suspension and termination may disrupt and interfere with the ability to use Zelle Services and may harm Institution. All such termination obligations will be exercised in such a way to minimize the disruption and harm that such Institution may suffer, which may involve reasonable extensions to cure periods and post-termination provision of the Zelle Services to Institution until Institution is in a position to receive the Zelle Services through other means or receive alternative services.
30. Fiserv is acting as an agent of the Institution with regard to the Zelle Services and shall not be held responsible for any outcome or decision that is rendered in accordance with the Rules. “Rules” means the business requirements and scoring thresholds provided by Institution in accordance with Fiserv’s Global Risk Administration System (currently accessible through the Compass Support Tool). For the avoidance of doubt, all services indicated as provided by Fiserv on behalf of Institution to Subscribers (including the collection of required account information of a Receiver or Recipient, whether from the Subscriber, Receiver or Recipient) are provided by Fiserv solely in its capacity as a service provider for, and on behalf of, Institution. Fiserv is authorized to rely on data provided by third parties and is not responsible for the accuracy of such data in connection with its performance of the Zelle Services, including without limitation application of the Rules. Institution acknowledges and agrees that: (a) third party data is obtained from databases whose accuracy, timelines and coverage are not guaranteed; (b) the data used to verify an Subscriber is obtained from third parties; (c) Fiserv does not warrant or guarantee the identity of the Subscriber, but merely receives a result from a third party provider (“Result”) which is derived, in part, from information entered by the Subscriber; (d) Fiserv will use the Result together with the Institution’s Rules to attempt to verify the identity of the Subscriber; and (e) the Result and related verification and authentication services will be only used for the purpose of verifying the identity of the Subscriber and will not be used, in whole or in part, as a basis for determining the eligibility of an Subscriber for credit, insurance or employment or to take ‘adverse action,’ as defined in the Fair Credit Reporting Act or similar laws. Institution agrees not to copy or retain any authentication questions or the Subscribers’ answers to such questions or use such questions for purposes other than identity verification and Subscriber authentication, except (i) as required by law and (ii) that Institution shall be permitted to use and retain the pass/fail indication returned by the Zelle Services along with any related explanatory information/codes for risk management or other internal purposes permitted by law. Finally, Institution agrees not to reverse engineer or create derivative works based on the identity verification and authentication elements of the Zelle Services (or the technology used to provide such Zelle Services).
31. Apiture or its Third Party Provider may suspend or deny access to Subscribers, Requestors (if applicable), Receivers (if applicable) and/or accounts associated with such Subscribers, Requestors, Receivers and/or any counterparties if it receives any returns from an account associated with them whether with Institution or another financial institution, if Apiture or its Third Party Provider is owed Transaction Losses in connection with the applicable Subscriber, or if Apiture or its Third Party Provider anticipates any potential losses arising from any such account(s), including without limitation due to concerns regarding fraud.
32. If Apiture or its Third Party Provider reasonably believes that any Zelle Services, or an Institution’s or any Subscriber’s conduct in using the Zelle Services (including without limitation an Subscriber intentionally initiating fraudulent or unauthorized transfers, account access or violating any agreement under which it has been provided access to the Zelle Services) violates these Service Terms or any applicable laws, rules, regulations or industry standards, or otherwise poses a threat to Apiture’s or its Third Party Provider’s system, security, equipment, processes, intellectual property or reputation (Threatening Condition) and if, in the reasonable and good faith determination of Apiture or its Third Party Provider, the Threatening Condition poses an imminent or actual threat (including without limitation regulatory investigation, inquiry or penalty), Apiture may suspend any and all of Institution’s use of the applicable Zelle Services until such Threatening Condition is cured. Apiture will promptly notify Institution of such suspension, including the identity of the affected Subscriber(s) as needed, and both parties will use reasonable efforts to cure or cause the correction of the Threatening Condition following such notice. Apiture may terminate Institution’s and/or Subscriber’s use of the Zelle Services without further requirement of notice if the Threatening Condition remains uncured more than thirty (30) calendar days after Fiserv notifies Apiture and Institution the Threatening Condition.
33. If Apiture’s agreement with its Third Party Providers, Fiserv, Inc. or Early Warning Services, LLC or their successors (Early Warning), terminates and Apiture thereafter no longer receives services from Early Warning in support of the Zelle Services, then the Zelle Services and supporting agreements with Apiture will automatically terminate. Apiture will use commercially reasonable efforts to provide Institution with six (6) months prior written notice of cessation of service. If Apiture is not able to provide six (6) months’ prior written notice of termination, then Apiture will (i) provide as much notice as is commercially reasonable; and (ii) use commercially reasonable efforts to provide a comparable replacement service; and (iii) unless and until a replacement service is made available, suspend the Zelle Services. In the event that Institution, in its reasonable discretion, is not satisfied with the replacement service provided by Apiture, then Institution may terminate the applicable agreements with Apiture upon prior written notice. In no event shall Institution have any obligation to Apiture for any termination fees in the event that its Zelle Services or its replacement is terminated pursuant to the previous sentence.
34. In the event of termination or non-renewal of the Zelle Services with Institution, Institution shall (a) comply with all applicable laws, including laws governing notification of Subscribers prior to discontinuation of the use of the Zelle Services; and (b) remain financially responsible for any transactions returned on any of its Subscribers’ Deposit Accounts after the termination date, whether or not the returns are proper and timely. Following receipt of Institution’s written certification of compliance with the foregoing, Apiture and its Third Party Providers will, for a period not to exceed sixty (60) days, continue to process transactions on behalf of Institution that were initiated prior to the effective date of termination (e.g., returns).
35. Institution’s use of the Zelle Services is subject to approval of Institution by Early Warning. Institution will ensure that the Subscriber terms required by Early Warning Services, LLC, are incorporated into its Subscriber terms of service for the Zelle Services.
36. Institution will include the following provision in its Subscriber terms of service for the Zelle Services, without substantial modification unless agreed otherwise by Fiserv in writing:
  “Subscriber authorizes Subscriber’s wireless carrier to disclose information about Subscriber’s account, such as name, billing address, email, phone number, location information, subscriber status, payment method and device details, if available, to Institution and Institution’s third party providers to support identity verification, fraud avoidance and other uses in support of transactions for the duration of Subscriber’s business relationship with Institution. This information may also be shared with other companies to support Subscriber’s transactions with Institution and for identity verification and fraud avoidance purposes.”
  If mobile telephone carriers require that the preceding provision in this Section be revised, then Institution will update such provision and require Institution’s Subscribers to agree to such updated provision within a commercially reasonable period of time.
37. Institution will include the following provision in its Subscriber terms of service for the Zelle Services, without substantial modification unless agreed otherwise by Fiserv in writing:
  “Institution may share certain personal information and device-identifying technical data about Subscriber and Subscriber’s devices with third party service providers, who will compare and add device data and fraud data from and about Subscriber to a database of similar device and fraud information in order to provide fraud management and prevention services, and identify and block access to the applicable service or Web site by devices associated with fraudulent or abusive activity. Such information may be used by Institution and its third party service providers to provide similar fraud management and prevention services for services or Web sites not provided by Institution. Institution will not share with service providers any information that personally identifies the user of the applicable device.”
38. Notwithstanding any fee increase restrictions in the Agreement, Apiture shall have the right to pass through all Debit Card Network-associated fees (including without limitation from the Debit Card Network and the sponsoring Institution) to Institution for payment, without any mark-up.
39. Receipts for applicable Zelle Services provided to Subscribers by Institution will be provided by Institution and contain contact information for each Institution and no details regarding Fiserv.
40. If Institution provides any content or materials in a format other than the format(s) approved by Apiture’s Third Party Provider, Apiture reserves the right to charge for any conversion necessary for such content or materials at the Third Party Provider’s then-current rates as shall be set forth in a fully executed professional services agreement; provided, however, Fiserv is not obligated to make any such conversion.
41. Notwithstanding any fee increase restrictions in the Agreement, Apiture shall have the right to pass through all Debit Card Network-associated fees (including without limitation from the Debit Card Network and the sponsoring institution) to Institution for payment, without notice or mark-up.
42. If Early Warning increases its fees or otherwise requires the payment of additional fees for the use of its Zelle Service, then Apiture will have the right to pass through such fee increases or additional fees to Institution for payment, without notice or mark-up.
43. If NACHA increases its fees or otherwise requires the payment of additional fees for the use of the Automated Clearing House, then Apiture will have the right to pass through such fee increases or additional fees to Institution for payment, without notice or mark-up.
44. All other fees set forth in the Agreement that apply to Zelle shall otherwise apply to Zelle Real-Time Payments.
45. Any tiered pricing is based on thresholds, and such tiered fees only apply to the transactions or other fee measurements within that tier (i.e., stair-step pricing).
46. Apiture shall invoice Institution monthly for fees and expenses incurred during the previous month for the Zelle Services. Institution shall be responsible for all invoicing and collection of fees from its subscribers, as applicable.
47. Institution’s deconversion, conversion or termination (in whole or in part) of the Zelle Services shall be subject to Apiture’s Third Party Provider’s then-current termination, deconversion and file fees, as applicable.
Digital Customer Support
1. Definitions
  1. “Digital Customer Support Services” means the digital customer services provided by Apiture’s Third Party Provider, Glia, together with and through Apiture solutions.
  2. “User” means a named individual who is authorized by Institution and who has been supplied a user identification and password by Institution with access to any production environment of the Digital Customer Support Services.
2. If Institution is a Credit Union, the total number of members for the purpose of the billing tiers shall be based on «https://mapping.ncua.gov/ResearchCreditUnion.aspx»
3. In the event that Institution exceeds its allotted SMS usage, Apiture reserves the right to begin to charge the Institution for the additional SMS bundle upon written notice.
4. Unlimited usage enables each licensed user to receive an unlimited number of inbound phone calls. Part -time usage enables each licensed user to receive 1,000 inbound minutes of inbound phone calls per month, on average.
5. Major new features may require an additional license. Support for Messaging Short Codes is an additional fee on top of the Standard SMS & WhatsApp Module fee.
6. Prices may be subject to revision once per calendar year. Apiture may increase the fees in connection with upgrades to Digital Customer Support Services at any time upon thirty (30) days’ advance written notice to Institution.
7. Premature termination of the Digital Customer Support Services by Institution resulting in less than a thirty-six (36) month subscription will require full payment by Institution for a thirty-six (36) month minimum term. The foregoing does not apply if the Institution is contracted with Apiture for digital banking prior to subscribing to the Digital Customer Support Services.
8. Apiture or its Third Party Provider may upgrade, update or sunset the system or certain features over time upon written notice without penalty or liquidated damages. Apiture or its Third Party Provider shall make all required modifications stipulated by applicable laws, rules and regulations at no direct additional charge to Institution, provided however, certain indirect fees may apply, which would be subject to prior written notice to Institution. Neither Apiture nor its Third Party Provider will knowingly make any adverse modification without Institution’s advance written consent.
9. Apiture’s Third Party Provider will publicly post any Digital Customer Support Services downtime that will occur outside the scheduled maintenance downtime as soon as reasonably possible. The public posting will be available at «status.Glia.com». Institution may subscribe to status updates to receive email notifications.
10. Grant of License and Access to the Digital Customer Support Services: Subject to the terms and conditions of the Agreement between Institution and Apiture and any accompanying order forms or statement of work, as the case may be, Apiture hereby grants Institution a limited, nonexclusive, nontransferable, non-sublicensable right and license to access and use the Digital Customer Support Services during the term of the Agreement between Institution and Apiture. Digital Customer Support Services may only be accessed by authorized Users in accordance with these Service Terms. Sharing of User identifications and passwords is not permitted. If a User is added by Institution, the User is billable to the annual renewal date starting on the day the User is added.
11. Compliance: Institution will and will ensure its Users do not, directly or indirectly: (a) reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, or algorithms of the Digital Customer Support Services; (b) modify, translate or create derivative works based on any of the Digital Customer Support Services; (c) copy (except for archival purposes), rent, lease, distribute, pledge, assign or otherwise transfer or allow any lien, security interest or other encumbrance on any of the Digital Customer Support Services; (d) hack, manipulate, interfere with or disrupt the integrity or performance of or otherwise attempt to gain unauthorized access to any of the Digital Customer Support Services or their related systems, hardware or networks or any content or technology incorporated in any of the foregoing; or (e) remove or obscure any proprietary notices or labels of Apiture, its Third Party Provider or its suppliers on the Digital Customer Support Services. As among Institution, Apiture and its Third Party Provider, Apiture’s Third Party Provider owns and, except for the limited rights expressly granted, retains all right, title and interest in and to the Digital Customer Support Services and all improvements, enhancements or modifications thereto. Further, Institution will use the Digital Customer Support Services in compliance with all applicable laws, rules and regulations and is responsible for its Users’ compliance with the same. Apiture or its Third Party Provider may suspend or prohibit any use of the Digital Customer Support Services if it reasonably believes Institution, or its Users may be (or alleged to be) in violation of these Services Terms.
12. Each Institution and User owns the data or information it submits while using the Digital Customer Support Services. Notwithstanding the foregoing, Institution hereby grants to Apiture (and its Third Party Provider as a third party beneficiary) the right and license to use such data for the limited purpose of enabling Apiture and its Third Party Provider to perform their respective obligations under the Agreement between Institution and Apiture. Additionally, Institution consents to Apiture’s Third Party Provider using such data generated by Institution’s use of the Digital Customer Support Services for internal purposes, provided that such data shall at all times shall be anonymized with no personally identifiable information or identification of the specific source of such data or that could reasonably be linked with a particular Institution, person or household. Institution data shall not be sold to any third parties.
Orbipay
1. Definitions
  1. “Applicable Law” means, with respect to a party, all federal, state, local, administrative laws, rules, regulations and interpretations, in either case as applicable to that party’s provision or receipt of Orbipay Services and includes the operating rules of the Networks and Payment Brands, and the Payment Card Industry Data Security Standard, as any or all of the foregoing may be amended, revised, or replaced from time-to-time.
  2. “Institution Materials” means information Institution furnishes to Apiture and its Orbipay Third Party Provider in connection with its Agreement as it relates to Orbipay.
  3. “Merchant Processing Services Terms and Conditions” means the terms and conditions posted at http://www.alacriti.com/legal/merchant-terms (and any successor or related locations designated by the Orbipay Third Party Provider), as may be updated by the Orbipay Third Party Provider from time to time and are incorporated herein by reference.
  4. “Networks” means Pulse, Star, NYCE, and/or any other electronic payment network authorization, routing, processing or funds transfer system for transmitting Transactions and settlement thereof.
  5. “Payment Brand” means any payment method provider whose payment method is used by the Orbipay Services, including Visa U.S.A., Inc., Visa International, MasterCard International Incorporated, Discover Financial Services, Inc., American Express Travel Related Services Company Inc., and other credit and debit card providers, debit network providers, gift card, and other stored value and loyalty program providers. Payment Brand also includes the Payment Card Industry Security Standards Council.
  6. “Privacy Laws” means applicable privacy laws, rules, and regulations, including industry self-regulations and the General Data Protection Regulation (if applicable).
  7. “Prohibited Categories List” means the list posted at http://www.alacriti.com/legal/prohibited (and any successor or related locations designated by the Orbipay Third Party Provider), as may be updated by the Orbipay Third Party Provider from time to time and are incorporated herein by reference.
  8. “Refund Policy” means the terms and conditions posted at http://www.alacriti.com/legal/refund-policy (and any successor or related locations designated by the Orbipay Third Party Provider), as may be updated by the Orbipay Third Party Provider from time to time and are incorporated herein by reference.
  9. “Settlement Terms” means the terms and conditions posted at http://www.alacriti.com/legal/settlement (and any successor or related locations designated by the Orbipay Third Party Provider), as may be updated by the Orbipay Third Party Provider from time to time and is incorporated herein by reference.
  10. “Transaction” means a credit, debit, ACH, or other electronic transaction processed by Apiture’s Orbipay Third Party Provider on behalf of Institution or an End User, including purchases, disbursements, cash withdrawals, disputes, chargebacks, and refunds.
  11. “Transaction Data” means the written or electronic record of a Transaction, including, without limitation, an authorization code or settlement record, which is submitted to Apiture’s Orbipay Third Party Provider.
2. Institution retains ownership of all Institution Materials. Institution warrants that it has obtained all right, consent, and authority necessary for Apiture’s Orbipay Third Party Provider to use the Institution Materials as set forth in this section of the Service Terms. Institution grants Apiture’s Orbipay Third Party Provider and its service providers a worldwide, royalty-free, non-exclusive, non-transferable (except as part of a permitted transfer of these Service Terms) license during the term of its Agreement to use, copy, and creative derivative works of the Institution Materials to provide the Orbipay Services.
3. Institution represents and warrants that all information it provides in connection with the Orbipay Services is accurate and complete, and Institution will provide Apiture and its Orbipay Third Party Provider with timely written notice of any changes to such information.
4. Institution will ensure that it delivers its products and services to End Users, in accordance with applicable Privacy Laws. To the extent that Institution provides Apiture’s Orbipay Third Party Provider with any information about End Users, Institution shall obtain all consents necessary from such End Users to provide such information to Apiture’s Orbipay Third Party Provider and for Apiture’s Orbipay Third Party Provider to process such information to provide Orbipay Services.
5. Institution acknowledges that Apiture’s Orbipay Third Party Provider will continuously monitor Institution’s use of the Orbipay Services for the purpose of identifying suspicious activity, to prevent, detect and deter fraud and abuse of the Orbipay Services, and to protect the integrity of its systems and business. Institution further acknowledges that as a result of such monitoring Apiture’s Orbipay Third Party Provider may require additional due diligence (including information on the Institution’s products and services, Institution financial statements, and additional information on End Users) with respect to Institution to ensure Institution continues to be eligible for the Orbipay Services. Apiture’s Orbipay Third Party Provider may suspend or terminate the Orbipay Services immediately and may withhold amounts owed to Institution in the event that: (a) Institution becomes ineligible for the Orbipay Services, (b) Apiture’s Orbipay Third Party Provider reasonably suspects Institution has violated Applicable Law, or (c) Institution does not furnish the requested information in a timely manner.
6. Institution authorizes Apiture’s Orbipay Third Party Provider (or its affiliate or agent) to from time to time request a credit report on Institution from a credit reporting agency. In accordance with the U.S. Fair Credit Reporting Act, such consumer report(s) will be used to review Institution’s account to determine whether Institution continues to meet the terms and conditions related to the Orbipay Services. Apiture’s Orbipay Third Party Provider reserves the right to terminate, suspend, or limit access to the Orbipay Services based upon Apiture’s Orbipay Third Party Provider’s review of such consumer report(s), and/or in the event Apiture’s Orbipay Third Party Provider is unable to obtain or verify any of Institution’s information. In the event that Institution’s access to the Orbipay Services are so terminated, suspended, or limited based upon information contained in a consumer report, Apiture’s Orbipay Third Party Provider will notify Institution in accordance with Applicable Law.
7. Apiture or its Orbipay Third Party Provider may terminate the Orbipay Services immediately upon written notice if: (a) it reasonably appears to Apiture or its Orbipay Third Party Provider that the Orbipay Services are being used by Institution or End Users for inappropriate, illegal, or improper purposes or that to continue to provide the Orbipay Services to Institution or End Users would present an unacceptable business risk to Apiture or its Orbipay Third Party Provider; or (b) if information supplied by Institution is false, inaccurate or incomplete.
8. UNDER NO CIRCUMSTANCES WILL ONE OR MORE OF APITURE OR ITS ORBIPAY THIRD PARTY PROVIDERS BE LIABLE TO INSTITUTION, AN END USER, OR ANY THIRD PARTY FOR ANY SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, INCLUDING PERSONAL INJURY, PROPERTY DAMAGE, DAMAGE TO OR LOSS OF EQUIPMENT, LOST PROFITS OR REVENUE, ARISING FROM OR RELATED TO THE ORBIPAY SERVICES OR THE SUBJECT MATTER OF THESE SERVICE TERMS, EVEN IF ONE OR MORE OF THE PARTIES HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. ANY FINES, FEES, PENALTIES OR ASSESSMENTS IMPOSED BY A THIRD PARTY RELATED TO INSTITUTION’S ACCEPTANCE OF PAYMENT INSTRUMENTS ARE CONSEQUENTIAL DAMAGES.
9. SUBJECT TO THE EXCEPTIONS SET FORTH IN THE REMAINDER OF THIS SECTION, THE CUMULATIVE LIABILITY OF APITURE AND ITS ORBIPAY THIRD PARTY PROVIDERS, IN THE AGGREGATE, ARISING FROM OR RELATED TO THE ORBIPAY SERVICES AND THE SUBJECT MATTER OF THESE SERVICE TERMS FOR ANY CAUSE WHATSOEVER, REGARDLESS OF THE FORM OF ANY CLAIM OR ACTION, WHETHER BASED IN CONTRACT, TORT OR ANY OTHER LEGAL THEORY, SHALL NOT EXCEED THE AGGREGATE FEES PAID BY INSTITUTION TO APITURE UNDER THE AGREEMENT IN THE SIX MONTHS IMMEDIATELY PRECEDING THE OCCURRENCE OF THE EVENT GIVING RISE TO THE CLAIM. Neither Apiture nor its Orbipay Third Party Provider will be liable for the acts or omissions of the Institution or End User or any other person or entity, including any clearing house association or processor, any funds transfer system, the Federal Reserve Bank, any other financial institution or any supplier, and no such person or entity will be deemed an agent of any of Apiture or its Orbipay Third Party Provider. Neither Apiture nor its Orbipay Third Party Providers are responsible for detecting any errors in the information provided by Institution or any End User. Institution understands and agrees that any form of End User documentation or disclosures provided to Institution by Apiture or its Orbipay Third Party Provider in connection with the Orbipay Services are provided solely as a courtesy and neither Apiture nor its Orbipay Third Party Providers make any representation or warranty regarding the sufficiency or accuracy of such documentation or disclosures, including whether or not such documentation or disclosures comply with Applicable Law. The limitations on liability, waivers, indemnities, and other terms and conditions in these Service Terms are business understandings between the parties and apply to all legal theories of recovery, including breach of contract or warranty, breach of fiduciary duty, tort (including negligence), strict or statutory liability, or any other cause of action, provided that these limitations on liability, waivers and indemnities, and other terms and conditions will not apply to any losses or damages that are found by a trier of fact to have been caused by Apiture’s Orbipay Third Party Provider’s gross negligence or willful misconduct. For purposes of this Section 17 of these Service Terms “Orbipay Third Party Providers” means Alacriti Payments LLC, together with its affiliates, and its and their successors and assigns, and its and their vendors, service providers, and suppliers, and each of the foregoing’s officers, directors, employees, and agents.
10. Institution shall indemnify and defend the Oribpay Third Party Providers from and against any and all third-party claims, demands, or actions against any of the foregoing arising from: (a) Institution’s breach of this Agreement or Applicable Law; (b) claims by End Users relating to the Subscription Services unless and except to the extent caused by Alacriti’s gross negligence or willful misconduct; (c) information, instructions or data provided by Institution or any End User or potential End User to Alacriti; (d) claims by Institution’s third-party service providers, including gateways, systems, banks, issuers, and card processors, other than claims related to Alacriti’s gross negligence or willful misconduct; (e) Institution failure to comply with all Alacriti guidelines, directives, policies, practices, rules and procedures made available to Institution or End User; or (f) chargebacks and other processing losses, including any returns, such as those caused by Institution’s or End User’s error or incorrect information supplied by Institution or End User, insufficient funds in Institution’s or End User’s account, a closed End User account, and/or failure timely to notify Alacriti of changes in Institution’s or End User’s account (collectively, (a) through (f) “Claims”). In addition, Institution shall indemnify and hold harmless the Alacriti Parties from and against all liabilities, losses, fines, costs, expenses (including reasonable attorneys’ fees), damages, awards, settlements, and penalties relating to those Claims. Sections 7, 8, and 9 survive termination or expiration of this Agreement.
11. Institution acknowledges that settlement of Transactions will occur as set forth in the Settlement Terms. Institution shall not use the Orbipay Services to send or receive payments relating to any of the prohibited categories set forth on the Prohibited Categories List. Apiture or its Orbipay Third Party Provider may terminate the Orbipay Services upon five (5) days prior written notice if Institution has failed to maintain the Minimum Balance required by the Settlement Terms.
12. Apiture’s Orbipay Third Party Provider may send documents to Institution and tax authorities for Transactions processed using the Orbipay Services. Specifically, pursuant to Applicable Law (including the Internal Revenue Code), Apiture’s Orbipay Third Party Provider may be required to file periodic informational returns with taxing authorities in relation to Institution’s use of the Orbipay Services.
13. Termination of the Orbipay Services does not affect either party’s respective rights and obligations under these Service Terms as to Transaction Data submitted before termination or expiration. If Institution submits Transaction Data to Apiture’s Orbipay Third Party Provider after the date of termination or expiration, Apiture’s Orbipay Third Party Provider may, at its sole discretion and without waiving any of its rights or remedies under these Service Terms, process such Transaction Data in accordance with and subject to all of the terms of these Service Terms.
14. Apiture or its Orbipay Third Party Provider may provide Institution with third-party hardware, software, or systems, such as “point of sale” systems, that facilitate the transmission of Transactions (collectively, “POS Systems”). Institution acknowledges and agrees that the provision of such POS Systems is only as a convenience, and neither Apiture nor its Orbipay Third Party Providers will be liable for any POS System or the acts or omissions of the third-party provider of any POS System.
15. Upon notice of termination of the Orbipay Services, Apiture’s Orbipay Third Party Provider may estimate the aggregate dollar amount of Chargebacks, ACH Returns and other obligations, liabilities and expenses that Apiture’s Orbipay Third Party Provider reasonably anticipates subsequent to termination, and Institution agrees to immediately deposit such amount in Institution’s Settlement Account. Where possible, Apiture’s Orbipay Third Party Provider will first attempt to collect or set-off amounts owed to it and to its affiliates from the Settlement Account or from funds that Institution holds in reserve. Institution shall maintain an active business bank account (“Account”) and ensure such Account has, throughout the term of Orbipay Services, sufficient cleared funds to meet its obligations under these Service Terms. Institution irrevocably authorizes Apiture’s Orbipay Third Party Provider to debit and/or credit the Account via ACH to settle any and all fees and other amounts due to Apiture’s Orbipay Third Party Provider under these Service Terms. In addition, Apiture’s Orbipay Third Party Provider may collect any amounts Institution owes under the Agreement with Apiture by deducting or setting-off amounts that are owed to the Institution. Institution grants Apiture and Apiture’s Orbipay Third Party Provider a lien and security interest in all funds for Transactions that Apiture’s Orbipay Third Party Provider process for Institution, including funds that Apiture’s Orbipay Third Party Provider deposits into the Settlement Account and Institution-Funding Account, as well as funds held in any other bank accounts to which such Transaction funds are deposited or transferred. This means that if Institution has not paid funds that Institution owes to Apiture, Apiture’s Orbipay Third Party Provider, End Users, or to any Orbipay Third Party Provider affiliates, then Apiture and Apiture’s Orbipay Third Party Provider have a right superior to the rights of any of Institution’s other creditors to seize or withhold funds owed for Transactions processed through the Orbipay Services, and to debit or withdraw funds from any bank account associated with Institution’s Orbipay Services account (including the Settlement Account and Institution-Funding Account). Upon Apiture’s or its Orbipay Third Party Provider’s request, Institution will execute and deliver any documents and pay any associated fees Apiture’s Orbipay Third Party Provider considers necessary to create, perfect, and maintain a security interest in such funds (such as the filing of a form UCC-1).
16. Institution acknowledges that Apiture or its Orbipay Third Party Provider may also charge End Users fees in order to use the Oribpay Services. Apiture or its Orbipay Third Party Provider is responsible for disclosing any such fees to the End User.
17. Institution will maintain books and records relating to its compliance with these Service Terms and Applicable Law (“Records”), during the term of its Orbipay subscription with Apiture and for a period of six (6) years after. Institution shall ensure that its Records contain all Transaction Data processed through the Orbipay Services. Institution agrees to allow Apiture’s Orbipay Third Party Provider (or its designee) reasonable access to Institution’s facilities and Records, and will use commercially reasonable efforts to obtain for Apiture’s Orbipay Third Party Provider the right of access for such Records which are not in Institution’s possession, as the case may be, as is reasonably necessary for Apiture’s Orbipay Third Party Provider to audit Institution’s compliance with Applicable Law and these Service Terms. Except where Apiture’s Orbipay Third Party Provider or its designee discovered a deficiency or violation during an immediately preceding audit or have a reasonable and good faith belief of a material change to Institution’s business or operations, Apiture’s Orbipay Third Party Provider may not perform an audit of Institution more than once in any calendar year. If any audit results in a conclusion that Institution is not in compliance with Applicable Law or these Service Terms, or results in the identification of any control deficiency or other error or deficiency that could reasonably be expected to have an adverse impact on the Orbipay Services then Institution shall take immediate steps consistent with reasonable commercial practices to correct the noncompliance, error or deficiency.
18. In order for Apiture’s Orbipay Third Party Provider to comply with anti-terrorism, financial services, and other applicable laws and regulations, Know Your End User (“KYC”), and requirements imposed by the Payment Brands, Institution must provide Apiture’s Orbipay Third Party Provider with information about itself, its shareholders, its activities, and its products and services. Institution warrants that all information it provides Apiture’s Orbipay Third Party Provider is true, correct and up to date, and Institution acknowledges that Apiture’s Orbipay Third Party Provider is relying upon such information in establishing these Service Terms and in providing the Orbipay Services. Institution authorizes Apiture’s Orbipay Third Party Provider to verify the information provided by Institution. Apiture’s Orbipay Third Party Provider may use this information to perform End User due diligence, identity verification, and various underwriting, fraud and risk reviews.
19. Prior to using the Orbipay Services to process Transactions via Payment Cards, Institution must execute an acknowledgement of the processing instructions and guidelines required by Apiture’s Orbipay Third Party Provider payment processor, in the form set forth at https://www.alacriti.com/legal/Fiserv-Sub-Merchant-Processing-Agreement (“Processor Agreement”), and also comply with the Merchant Processing Services Terms and Conditions. Institution agrees that: (i) Apiture’s Orbipay Third Party Provider is an intended third-party beneficiary of the Processor Agreement and entitled to all of its benefits; and (ii) Apiture’s Orbipay Third Party Provider payment processor is an intended third-party beneficiary to this Section 17 of the Service Terms and entitled to all of its benefits.
20. Apiture’s Orbipay Third Party Provider reserves the right to refuse to process any Transaction made subject to a refund policy of which Apiture’s Orbipay Third Party Provider has not been notified in advance. Institution’s refund policy must comply with the Refund Policy.
21. Apiture’s Orbipay Third Party Provider may terminate the Orbipay Services immediately upon written notice if: (i) Institution or any person owning or controlling Institution’s business is or becomes listed in the MATCH file (Member Alert to Control High-Risk Merchants) maintained by Visa and MasterCard; (ii) any Payment Brand notifies Apiture’s Orbipay Third Party Provider that it is no longer willing to accept Institution’s Transaction Data; or (iii) there exists any circumstances that create or could tend to create harm or loss to the goodwill to any Payment Brand or Apiture’s Orbipay Third Party Provider.
22. Institution’s use of the Orbipay Services must comply with the Payment Card Industry Data Security Standards (“PCI-DSS”) and, if applicable to Institution’s business, the Payment Application Data Security Standards (“PA-DSS”) (collectively, the “PCI Standards”). The PCI Standards include requirements to maintain materials or records that contains payment card or Transaction data in a safe and secure manner with access limited to authorized personnel. The specific steps Institution will need to take to comply with the PCI Standards will depend on Institution’s implementation of the Orbipay Services. Institution will promptly provide Apiture, or any applicable third party, with documentation demonstrating Institution’s compliance with the PCI Standards, upon request. If Institution does not provide documentation sufficient to satisfy Apiture or Apiture’s Orbipay Third Party Provider or the relevant third party, that Institution is compliant with the PCI Standards, then Apiture, Apiture’s Orbipay Third Party Provider, and any applicable third party, may access Institution’s business premises on reasonable notice to verify Institution’s compliance with the PCI Standards. If Institution does not comply with the PCI Standards, or if Apiture, Apiture’s Orbipay Third Party Provider or any applicable third party is unable to verify Institution’s compliance with the PCI Standards, Apiture or Apiture’s Orbipay Third Party Provider may suspend access to the Orbipay Services or terminate the Orbipay Services. If Institution intends to use a third-party service provider to store or transmit Transaction Data, then Institution must not share any data with the service provider until Institution verifies that the third party holds sufficient certifications under the PCI Standards, and notify Apiture and Apiture’s Orbipay Third Party Provider of Institution’s intention to share Transaction Data with the service provider. Further, Institution agrees to never store or hold any “Sensitive Authentication Data”, as defined by the PCI Standards (including CVC or CVV2), at any time. Institution will reimburse Apiture and Apiture’s Orbipay Third Party Provider, as the case may be, for all fines, penalties, fees, and other costs associated with Institution’s failure to comply with this clause, promptly after request. Such request will include reasonable detail regarding the amounts owed.
23. Apiture may increase the fees related to processing Card Transactions, to take into account increases in the underlying costs associated with processing such Transactions (for example, an increase in the fees charged to Apiture or Apiture’s Orbipay Third Party Provider by the Networks). Apiture will use commercially reasonable efforts to give Institution notice of such increase promptly after becoming aware of the corresponding increase in underlying costs.
24. The Orbipay Services are provided in recurring 12-month subscriptions commencing on the date of the Institution’s go-live commencement of Orbipay Services (or Deemed Accepted date, as applicable). In the event that the Orbipay Services conclude for any reason prior to any 12-month term, Institution will be obligated to pay the monthly equivalent of the Orbipay Services for the remainder of the then-current 12-month term. This Orbipay Services reconciliation fee from Apiture shall be in addition to and shall not limit any other termination obligations, deconversion fees or other payments due under the Agreement.
Digital Account Opening
1. Definitions
  1. “Analytical Data” means data and usage information from which all direct and known indirect identifiers have been removed, and on which technical, organizational and legal controls prevent employees, researchers or other third parties from re-identifying individuals. To constitute Analytical Data must meet the standard of “protected de-identified data.” Permanently de-identified Analytical Data no longer constitutes Institution Data.
  2. “Applicant” means an individual User applying to open a banking account with Institution or otherwise applying for the purchase of a product or service from Institution where Apiture will provide Services.
  3. “DAO Services” means the Services associated with digital account opening and onboarding activity.
  4. “Mobile Applicant Data” means any information about persons or entities that Apiture and/or its Third Party Providers and their data providers receive or derive in any manner from a Mobile Network Operator. Subscriber Data includes, without limitation, names, addresses, telephone numbers, electronic addresses, social security numbers, customer proprietary network information, location information, handset identifiers, account information, and any other information that either alone, or in combination with other data could provide information specific to a particular person.
  5. “Mobile Network Operator” means a provider of wireless communications services that owns or controls all the elements necessary to sell and deliver wireless communication services to a Subscriber.
  6. “Mobile Services” means Verification Services that utilize Subscriber Data.
  7. “Verification Services” means services through which Institution may verify the age or identity of an Applicant and includes Mobile Services.
2. Apiture grants to Institution a restricted license to use the DAO Services solely for Institution’s internal business purposes. Institution represents and warrants that its use of the DAO Services shall be for only legitimate business purposes. Institution shall not use the DAO Services, the associated APIs, or data received from Apiture or its Third Party Providers for any marketing purposes, personal purposes, or to provide data processing services for third parties. Further, Institution shall not resell the DAO Services, the associated APIs, or data received from Apiture or its Third Party Providers to any third parties. The DAO Services may not be used from IP addresses outside of the United States. If Apiture reasonably determines that Institution’s or an Applicant’s use of or access to the DAO Services presents a security risk or is in violation of the Agreement, then Apiture may suspend or restrict provision of the DAO Services.
3. Implementation of DAO Services are subject to the following:
  1. Apiture’s implementation scope includes the standard consumer deployment of the Apiture Digital Banking Platform Deposit Account Opening Module:
    1. Apiture-provided white-label user interface themed for Institution;
    2. User Identity Verification (IDV) and User Identity Authentication (IDA) leveraging Apiture’s standard third-party integration;
    3. External Account Verification: account funding and ACH generation functionality leveraging Apiture’s third-party integrations;
    4. Terms and Conditions consent capture;
    5. Electronic Consent capture; and
    6. Optional Document capture
  2. Institution will accept a fully configured test environment of the application using Institution approved test scripts once the test environment functions in accordance with the business requirements document and technical requirements document.
  3. The provisions and processes set forth in this Section 18.3.3 shall supersede and operate to the exclusion of any other implementation and testing provisions of the Agreement.
    1. Apiture will implement and deploy the DAO Services in a Production environment in accordance with the mutually agreed Project Plan. Institution shall devote adequate resources to support the implementation and Testing (defined below) of the DAO Services, including without limit, (i) network resources; (ii) hardware; (iii) communications facilities and connectivity; (iv) security resources; and (v) personnel resources. Institution shall be responsible for providing Apiture with all information and/or approvals required to enable Apiture to implement and configure the DAO Services in accordance with the Project Plan. Further, Institution shall be responsible for the accuracy, quality, integrity, structuring, and completeness of all information and data provided. All such information and data shall be sufficiently complete and accurate so as to fulfill Institution business requirements and successfully interact with correspondingly and properly structured Apiture scripts and Software. Failure to timely provide resources, approvals, and accurate and complete information, data, or resources shall constitute a Dependency.
    2. Institution will provide Apiture and its subcontractors such access to the Institution Systems as may be reasonably required to implement and configure the DAO Services or perform related activities. Institution will obtain any necessary third-party authorizations or consents necessary for Apiture to access, use, and interact with any Institution Systems to the extent reasonably required to perform the Professional Services or implement or configure the DAO Services.
    3. Prior to Production deployment of the DAO Services, Institution shall test the DAO Services in a non-Production environment to ensure material compliance with documentation and any agreed and documented Institution-specific specifications and requirements (Testing). Institution shall provide Apiture with a written Test Plan setting forth its user acceptance and performance testing strategy including proposed timing for all Testing as well as all test use cases to be employed during Testing. The Institution Test Plan will be provided to Apiture at least 20 business days (or such other time period as may be set forth in the Project Plan) prior to commencement of the Testing Period (defined below). Upon delivery of the DAO Services in a Testing-specific environment, Institution will have 20 business days to test the DAO Services (or such other time period as may be set forth in the Project Plan) to ensure that the DAO Services are in material compliance with the agreed documentation, specifications, and requirements and are otherwise Production-ready (Testing Period). If any of the DAO Services do not achieve material compliance with the specifications, requirements, or documentation during the initial Testing Period, the Institution will immediately notify Apiture in writing. Institution’s written notice shall identify and describe all deficiencies in reasonable detail. If Apiture receives written notice during the initial Testing Period that any of the DAO Services failed to achieve material compliance, Apiture will correct any deficiencies necessary to achieve material compliance, and a new Testing Period will begin. If the Institution has not submitted a written notice of a material deficiency within three (3) business days of the end of a Testing Period, the DAO Services and Professional Services will be deemed to be accepted and ready for Production launch. Notwithstanding the above, for any additional Services added after completion of the initial implementation and conversion activities, the Testing Period will be in accordance with the Project Plan for the additional Service.
    4. Following acceptance of the Services or otherwise following Production launch, further Professional Services in support of implementation, configuration, or testing of the Services will require a separate PSA setting forth corresponding additional Fees for all such activities. Apiture shall have no obligation to maintain or provide Institution access to a development or other non-Production environment with the exception of UAT, following production launch of the DAO Services.
    5. In the event Institution chooses to delay implementation for more than 6 months or not to implement Service features during the initial implementation process then additional Professional Services Fees will apply if and when such features are subsequently implemented based upon the level of effort associated with resourcing, commencing, and executing such activities.
  4. Changes in the Project Assumptions, implementation deliverables or estimated timelines to implement the DAO Services together with any corresponding changes in Fees will be memorialized in a PSA. In addition, Institution will reimburse Apiture for all expenses reasonably incurred in connection with the Professional Services on an as incurred basis. Apiture will invoice for Expenses monthly in arrears. Upon request but not as a condition of reimbursement, Apiture will provide Institution with reasonable documentation of such Expenses, including, without limit, a summary of the relevant Apiture personnel expense reports.
  5. Any estimated timelines or estimated DAO Services implementation Fees set out in the Agreement are based upon the following assumptions (“Project Assumptions”):
    1. (Institution will devote sufficient personnel and technology resources to the DAO Services implementation project, including, without limit, adequate resources to support configuration and Testing activities.
    2. Institution Testing activities will be conducted and coordinated by personnel (i) having reasonable experience testing banking software, (ii) for whom Testing the DAO Services represents their primary job function during the Testing Period, and (iii) who are devoting their full energies to such Testing activities during the Testing Period.
    3. Institution personnel and any Institution third-party service providers will timely provide all reasonably requested support and cooperation.
    4. The Institution Project leader and / or his or her designee will provide proactive project management and oversight of all Project participants and resolve all Dependencies within a reasonable time of notification by Apiture.
    5. Project scope remains confined to the Apiture standard consumer DAO Services offering, including standard workflows, standard compliance and disclosure methodologies, standard DAO Service configurations, and established third party integrations. Non-standard variations, including new integrations to third parties, will require execution of a separate professional services agreement addressing Institution’s custom requirements and attendant Fees.
    6. All Institution Data for conversion to the DAO Services will be provided by Institution in a manner and structure consistent with Institution’s business requirements and according to the data conversion plan agreed to by Institution and Apiture.
    7. The DAO Services implementation project will not exceed 6 months in duration.
    8. Apiture Professional Services obligations for DAO Services under the Agreement terminate upon Production launch of the DAO Services and support of the DAO Services will transition to the Apiture support organization thereafter.
    9. Within the Production environment, Apiture will create an unfunded validation user that will be leveraged for front-end testing.
    10. Apiture will have reasonable access to Core Banking System testing environments to facilitate troubleshooting of issues reported by Institution and assistance to the Institution during the Testing Period.
    11. Institution and Apiture will review and agree upon an Institution-prepared Go-Live plan to ensure expectations are aligned for activities, responsibilities, and schedule preceding and immediately following launch in Production.
    12. Apiture to provide Institution access to case management system for tracking questions, defects, configuration changes, change requests, etc.
    13. Institution will configure products in the Core Banking System with reduced terms, maturity dates, etc. during Testing to facilitate completion of time-based test scenarios within the schedule agreed upon in the Project Plan.
  6. IMPLEMENTATION *DELIVERABLES ARE PROVIDED “AS IS,” AND ALL WARRANTIES, WHETHER STATUTORY, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR PARTICULAR PURPOSE, DESIGN, DURABILITY, PERFORMANCE OR ERROR-FREE OPERATION (EVEN IF CREATED BY THE INTERNATIONAL SALE OF GOODS CONVENTION) ARE DISCLAIMED IN THEIR ENTIRETY.
4. Use of Verification Services.
  1. Institution agrees that the Verification Services may only be used for the following use cases: (a) verifying the identity or age of an Applicant, via identity verification requests that are authorized by the Applicant and occur in the normal course of business; and (b) if verification information submitted to Apiture using the Services is incorrect, the Services may only be used to obtain correct information provided by the Services and such information may only be used for the purpose of preventing fraud by, or pursuing legal remedies against, or recovering on a debt or security interest against, the Applicant. 18 U.S.C. § 2721 (b)(3).
  2. Institution agrees that it will not use Verification Services (a) for any “permissible purpose” under the Fair Credit Reporting Act (FCRA) (15 U.S.C. Sec. 1681 et seq) or use any of the information it receives via the Verification Services to take any “adverse action”, as that term is defined in the FCRA; (b) in violation of the provisions of and regulations pursuant to the Driver’s Privacy Protection Act (18 U.S.C. Section 2721 et seq.); (c) other than pursuant to an exception of the privacy provisions of and regulations issued pursuant to the Gramm-Leach-Bliley Act (15 U.S.C. Sec. 6801 et seq); or (d) in violation of such other future legislation that Apiture reasonably determines limits the use of the Verification Services.
  3. Institution’s collection of information from Applicants in connection with use of the Verification Services shall be subject to authorization by the Applicant for the use in the normal course of business submitted by the individual to the business and, if the submitted information is incorrect, to obtain correct information, but only for the purpose of preventing fraud by, or pursuing legal remedies against, or recovering on a debt or security interest against, the individual. 18 U.S.C. § 2721 (b)(3).
  4. Apiture’s Third Party Provider for certain Verification Services, IDology, Inc., retains all right, title, and interest in and to (a) the ExpectID® Services and products set forth in the Reseller Agreement between Apiture and IDology, Inc. (b) all updates, and upgrades to the IDology Services which IDology makes generally available to its other customers and resellers, (c) the ExpectID® documentation, (d) includes services performed by IDology’s subcontractors (“IDology Services”), (e) IDology Inc.’s databases, including all physical copies of them, and all intellectual property rights related to the IDology Services. Institution acquires no intellectual property associated with the IDology Services pursuant to these Service Terms. Institution will not, directly or indirectly, reproduce, retransmit, republish, reverse engineer, decompile, disassemble, or otherwise attempt to derive source code or other trade secrets from any of the the intellectual property associated with the IDology Services.
  5. Institution may not obtain any warranties regarding use of the IDology Services.
  6. Institution acknowledges that it may disclose its Confidential Information to Apiture or its Third Party Provider in connection with the IDology Services and such use and disclosure restrictions and obligations shall be in accordance with the Agreement.
  7. To the extent that Apiture has provided Institution access to any hardware, software, methods or materials used by Apiture’s Third Party Provider in the course of the provision of IDology Services including Third Party Provider incorporated requirements, the documentation, including the IDology platform is a (“IDology System”) for purposes of managing its verification settings or other uses, Institution will take reasonable steps to ensure that such access will be restricted to those of Institution’s employees or agents who are engaged in the verification process and to ensure that its employees and agents will not utilize such access for personal reasons. Those steps will include limiting access to passwords, access codes, or other confidential information necessary for Institution to obtain such access to those with a need-to-know in connection with the verification process, and changing of passwords at least every ninety (90) days or sooner if an employee or agent who has utilized a password is no longer responsible for obtaining such access, or if Institution suspects an unauthorized person or entity has learned of the password. Institution immediately will notify Apiture if Institution knows of or suspects unauthorized access to IDology System.
  8. Institution agrees that Mobile Services may only be used for the following use cases: (a) login and access management authentication; (b) performing identity and age verifications; and/or (c) performing step-up decisioning.
  9. Institution agrees that it will not use the Mobile Services to access a mobile phone number provided by the Mobile Services for the purpose of marketing for telecom services (per the 2007 FCC CPNI Order), or for any other marketing purpose unrelated to the banking relationship established through the DAO Services.
  10. With respect to IDology Services that include use of KBAs, Apiture and Institution are authorized to transmit (a) KBAs and “result codes” to Institution; and (b) KBAs to Institution’s Applicant in connection with verification of the Applicant. Institution may not use the information gathered through the IDology Services for marketing purposes. Institution shall not transmit or disclose any Consumer Data received via the IDology Services other than KBAs. For purposes of this Section, “KBAs” means a component of the IDology Services comprising of IDology’s (or its data supplier’s) proprietary question and answer sets for use in Applicant verification, including multiple choice out-of-wallet knowledge-based authentication questions. The IDology System permits configuration of question and answer sets based on available IDology settings and availability of information from (a) IDology’s third party data providers (e.g. information based on driver records, credit report headers, relationship, or geography/location), or (b) information provided by Apiture (e.g. an individual’s maiden name or account information). For purposes of this Section, “Consumer Data” means identifying information pertaining to an individual, such as name, address, date of birth, or social security number, and KBAs, provided directly or indirectly by Apiture, its Third Party Provider or its data providers and utilized in the IDology Services.
  11. During the term of Institution’s Agreement with Apiture for DAO Services and for a reasonable period after expiration thereof, Apiture’s Verification Third Party Provider has the right at its expense to reasonably audit, directly and through its independent auditors, Institution’s compliance with these Service Terms. Upon Apiture’s Verification Third Party Provider’s written request, Apiture’s Verification Third Party Provider may audit Institution once per year as described below, provided that additional audits may be required if Apiture’s Verification Third Party Provider reasonably suspects or has evidence of Institution’s violation of these Service Terms. Such audits may be conducted during normal business hours upon at least ten (10) business days prior written notice of intent to audit by Apiture’s Verification Third Party Provider and in a manner that is not materially disruptive to Institution’s business operations. In lieu of an onsite audit, Apiture’s Verification Third Party Provider may require the Institution to provide a written attestation that its use of the IDology Services comply with these Service Terms. The parties will reasonably cooperate to remedy the root cause of the non-compliance, which remedy may include suspension of the IDology Services. In the event non-compliance with these Service Terms is discovered, Apiture’s Verification Third Party Provider may require subsequent audits to confirm remediation and Institution’s ongoing compliance. Information provided by Apiture according to this Section 18.4.11 is Apiture’s Confidential Information.
5. Use of the Mobile Services will be subject to the special conditions set out in Part II of these Service Terms (User Agreement Terms).
6. Institution shall comply with any Apiture or other third-party data provider requests to verify compliance with these Service Terms. Institution will promptly notify Apiture if Institution learns of confirmed unauthorized access to or use of the DAO Services in violation of these Service Terms.
7. Apiture and its Third Party Providers may use Institution Data solely to provide the Services and improve the Services (e.g. fixing repetitive performance issues observed with certain data types or from certain data sources). Apiture and its Third Party Providers may, to the extent permitted by law, use, sell, license, distribute and disclose Analytical Data for the sole purpose of enabling market research in conjunction with merchant activity and in no way related to individual consumer activities.
8. Institution acknowledges that, in connection with the DAO Services, Apiture obtains consumer and other data from third party sources, whose data is not necessarily accurate or complete. Institution accepts all data “AS IS” “WITH ALL FAULTS” and neither Apiture nor its Third Party Providers will be responsible for data accuracy, integrity or completeness or errors contained in data obtained from third party sources.
9. All Apiture intellectual property or confidential information accessed by Institution in using or receiving the DAO Services will be subject to the same protections and restrictions applicable to Apiture IP and Apiture Confidential Information under the Agreement.
10. To the extent that Institution is provided access to any Apiture systems as part of receiving the DAO Services for purposes of managing its verification settings or other uses, Institution will take reasonable steps to ensure that such access will be restricted to those of Institution’s employees or agents who are engaged in the verification process and to ensure that its employees and agents will not utilize such access for personal reasons. Those steps will include limiting access to passwords, access codes, or other confidential information necessary for Institution to obtain such access to those with a need-to-know in connection with the verification process, and changing of passwords at least every ninety (90) days or sooner if an employee or agent who has utilized a password is no longer responsible for obtaining such access, or if Institution suspects an unauthorized person or entity has learned of the password. Institution will immediately notify Apiture if Institution knows of or suspects unauthorized access to a Apiture system.
11. Apiture has the right at its expense and upon reasonable advance written notice to reasonably audit Institution’s compliance with Sections 18.2 through 18.4 of these Service Terms. Such right to audit does not include access by Apiture personnel to Institution Systems. Apiture may audit Institution once per year without cause, provided that additional audits may be required if Apiture reasonably suspects or has evidence of Institution’s violation of Sections 18.2 or 18.4 of these Service Terms. Upon Apiture’s written request, Institution shall respond to reasonable audit requests within 15 business days.
12. Know Your Business (KYB) Verification Services.
  1. Apiture utilizes Middesk, Inc. as a Third Party Provider to support Commercial DAO Services. The entirety of this Section 18.12 (“Middesk Terms and Conditions”) governs Institution’s use of the Middesk screening solutions that Apiture is reselling to Institution in its provision of the Commercial DAO Services (“Middesk Services”).
  2. Institution will not, directly or indirectly: reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Middesk Services or any software, documentation or data related to the Middesk Services (“MDSoftware”); modify, translate, or create derivative works based on the Middesk Services or any MDSoftware (except to the extent expressly permitted by Apiture or authorized within the Middesk Services); use the Middesk Services or any MDSoftware for timesharing or service bureau purposes or otherwise for the benefit of a third party; or remove any proprietary notices or labels.
  3. Institution may not remove or export from the United States or allow the export or re-export of the Middesk Services, MDSoftware or anything related thereto, or any direct product thereof in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority. As defined in FAR section 2.101, the MDSoftware and documentation are “commercial items” and according to DFAR section 252.2277014(a)(1) and (5) are deemed to be “commercial computer software” and “commercial computer software documentation.” Consistent with DFAR section 227.7202 and FAR section 12.212, any use modification, reproduction, release, performance, display, or disclosure of such commercial software or commercial software documentation by the U.S. Government will be governed solely by the terms of these Middesk Terms and Conditions and will be prohibited except to the extent expressly permitted by the terms of these Middesk Terms and Conditions.
  4. Institution represents, covenants and warrants that Institution will use the Middesk Services only in compliance with these Middesk Terms and Conditions and, as applicable, Middesk’s Terms of Service and Privacy Policy which can be found at www.middesk.com (collectively, the “Policies”) and all applicable laws and regulations. Institution hereby agrees to indemnify and hold harmless Middesk against any damages, losses, liabilities, settlements, and expenses (including without limitation costs and attorneys’ fees) in connection with any claim or action that arises from an alleged violation of the foregoing or otherwise from Institution’s use of Middesk Services or MDSoftware. Although Middesk has no obligation to monitor Institution’s use of the Middesk Services, Middesk may do so and may prohibit any use of the Middesk Services it believes may be (or alleged to be) in violation of the foregoing.
  5. Institution shall be responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access or otherwise use the Middesk Services (including through Apiture) including, without limitation, modems, hardware, servers, software, operating systems, networking, web servers and the like (collectively, “Equipment”). Institution shall also be responsible for maintaining the security of the Equipment, Institution account, passwords (including but not limited to administrative and user passwords) and files, and for all uses of Institution account or the Equipment with or without Institution’s knowledge or consent.
  6. Proprietary Information of Middesk includes non-public information regarding features, functionality and performance of the Middesk Service. Institution agrees: (i) to take reasonable strict precautions to protect such Proprietary Information, and (ii) not to use (except for its own internal business purposes) or divulge to any third person any such Proprietary Information. Institution may disclose Proprietary Information in response to a valid order of a court or other governmental body or as otherwise required by law to be disclosed; provided that, Institution gives Middesk sufficient notice to enable the Middesk to take protective measures, and/or in any event only discloses the exact Proprietary Information, or portion thereof, specifically requested.
    
    Middesk shall own and retain all right, title and interest in and to (a) the Middesk Services and MDSoftware, all improvements, enhancements or modifications thereto, and (b) all intellectual property rights related to any of the foregoing.
    
    Notwithstanding anything to the contrary, Middesk shall have the right to collect and analyze data and other information relating to the provision, use and performance of various aspects of the Middesk Services and related systems and technologies (including, without limitation, search input data, information concerning Institution’s use of the Middesk Services, and data derived therefrom), and Middesk will be free (during and after the term hereof) to (i) use such information and data to improve and enhance the Middesk Services and for other development, diagnostic and corrective purposes in connection with the Middesk Services and other Middesk offerings, and (ii) disclose such data solely in aggregate or other de-identified form in connection with its business. No rights or licenses are granted except as expressly set forth herein.
  7. Middesk Services may be temporarily unavailable for scheduled maintenance or for unscheduled emergency maintenance, either by Middesk or by its third-party providers, or because of other causes beyond Middesk’s reasonable control. NEITHER APITURE NOR MIDDESK WARRANT THAT THE MIDDESK SERVICES OR MDSOFTWARE WILL BE UNINTERRUPTED OR ERROR FREE; NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE MIDDESK SERVICES OR MDSOFTWARE. EXCEPT AS EXPRESSLY SET FORTH IN THIS SECTION, THE MIDDESK SERVICES AND MDSOFTWARE ARE PROVIDED “AS IS” AND MIDDESK DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
  8. IN NO EVENT WILL MIDDESK’S AGGREGATE LIABILITY AND DAMAGES ARISING OUT OF THIS SECTION 18.12 EXCEED THE AMOUNTS INSTITUTION ACTUALLY PAID TO MIDDESK (THROUGH APITURE) DURING THE TWELVE (12) MONTH PERIOD PRECEDING THE DATE OF THE CLAIM. THE LIMITATIONS AND DISCLAIMERS OF LIABILITY SET FORTH IN THIS SECTION WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS SECTION 18.12 IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE AND REGARDLESS OF THE THEORY OF LIABILITY. NOTWITHSTANDING ANYTHING TO THE CONTRARY, EXCEPT FOR BODILY INJURY OF A PERSON, MIDDESK AND ITS SUPPLIERS (INCLUDING BUT NOT LIMITED TO ALL EQUIPMENT AND TECHNOLOGY SUPPLIERS), OFFICERS, AFFILIATES, REPRESENTATIVES, CONTRACTORS AND EMPLOYEES SHALL NOT BE RESPONSIBLE OR LIABLE TO INSTITUTION WITH RESPECT TO ANY SUBJECT MATTER OF THIS SECTION 18.12 OR TERMS AND CONDITIONS RELATED THERETO UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER THEORY: (A) FOR ERROR OR INTERRUPTION OF USE OR FOR LOSS OR INACCURACY OR CORRUPTION OF DATA OR INFORMATION OR COST OF PROCUREMENT OF SUBSTITUTE GOODS, SERVICES OR TECHNOLOGY OR LOSS OF BUSINESS; (B) FOR ANY INDIRECT, EXEMPLARY, INCIDENTAL, PUNITIVE, RELIANCE, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES; (C) FOR ANY MATTER BEYOND MIDDESK’S REASONABLE CONTROL; OR (D) FOR ANY AMOUNTS THAT, TOGETHER WITH AMOUNTS ASSOCIATED WITH ALL OTHER CLAIMS, EXCEED THE FEES PAID BY INSTITUTION TO API|TURE FOR THE MIDDESK SERVICES IN THE 12 MONTHS PRIOR TO THE ACT THAT GAVE RISE TO THE LIABILITY, IN EACH CASE, WHETHER OR NOT MIDDESK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
  9. Middesk, Inc. is a third party beneficiary of these Apiture Service Terms as it relates to this Section 18.12.
  10. If any provision of this Section 18.12 is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Section 18.12 will otherwise remain in full force and effect and enforceable. These Middesk Terms and Conditions are not assignable, transferable or sublicensable by Institution except with Middesk’s prior written consent. Middesk may transfer and assign any of its rights and obligations under these Middesk Terms and Conditions without Institution’s consent. This Section 18.12 is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of MDSoftware or Middesk Services. No agency, partnership, joint venture, or employment is created as a result of this Section 18.12 and Institution does not have any authority of any kind to bind Middesk in any respect whatsoever. In any action or proceeding to enforce rights under these Apiture Service Terms, the prevailing party will be entitled to recover costs and attorneys’ fees. All notices under these Apiture Service Terms will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; the day after it is sent, if sent for next day delivery by recognized overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested. This Section 18.12 shall be governed by the laws of the State of New York without regard to its conflict of laws provisions.
13. Footprint Verification Services
  One Footprint, Inc. (“Footprint”) is an optional Apiture Third Party Provider for certain Verification Services (“Footprint Services”) associated with the Apiture DAO Services. Institution agrees that its access to and use of the Footprint Services are subject to the Footprint Terms of Service available at https://www.onefootprint.com/terms-of-service and the Footprint Privacy Policy available at https://www.onefootprint.com/privacy-policy as well as the applicable downstream vendor’s Service Terms for Experian, LexisNexis and Incode, as utilized in the Footprint Services, which Footprint is authorized to resell, license or otherwise make available to Apiture and Institution as follows:
  - 18.13.1 Experian Downstream Vendor Terms
    
    DEFINITIONS
    For purposes of this sub-Section, “Institution Information” means highly sensitive information whether property of Institution or a consumer reporting agency (e.g., Experian) and provided to a customer of Institution, which includes, by way of example and not limitation, data, databases, application software, software documentation, supporting process documents, operation process and procedures documentation, test plans, test cases, test scenarios, cyber incident reports, consumer information, financial records, employee records, and information about potential acquisitions, and such other information that is similar in nature or as mutually agreed in writing, the disclosure, alteration or destruction of which would cause serious damage to Experian’s reputation, valuation, and / or provide a competitive disadvantage to Experian or upstream consumer reporting agencies.
    
    “Resource” means all Institution devices, including but not limited to laptops, PCs, routers, servers, and other computer systems that store, process, transfer, transmit, deliver, or otherwise access the Institution Information.
    - (i) The security requirements included in this sub-Section represent the minimum security requirements acceptable to Experian and are intended to ensure that Institution has appropriate controls in place to protect information and systems, including any information that it receives, processes, transfers, transmits, stores, delivers, and/or otherwise accesses on behalf of Footprint.
    - (ii) Institution hereby: (i) certifies that it implements and maintains a comprehensive information security program written in one or more readily accessible parts that contains administrative, technical, and physical safeguards that are appropriate to the Institution’s size and complexity, the nature and scope of its activities, and the sensitivity of the information provided to the Institution by Footprint; and that such safeguards shall include the elements set forth in 16 C.F.R. § 314.4 and shall be reasonably designed to:
      - (a) ensure the security and confidentiality of the information provided by Institution;
      - (b) protect against any anticipated threats or hazards to the security or integrity of such information, and
      - (c) protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any consumer.
    - (iii) Institution shall have Information Security policies and procedures in place that are consistent with the practices described in an industry standard, such as ISO 27002 and / or this Security Requirements document.
    - (iv) Firewalls, routers, servers, PCs, and all other resources managed by Institution (including physical, on-premise or cloud hosted infrastructure) will be kept current with appropriate security specific system patches. Institution will perform regular penetration tests to further assess the security of systems and resources. Institution will use end-point computer malware detection / scanning services and procedures.
    - (v) Logging mechanisms will be in place sufficient to identify security incidents, establish individual accountability, and reconstruct events. Audit logs will be retained in a protected state (i.e., encrypted, or locked) with a process for periodic review.
    - (vi) Institution will use security measures, including anti-virus software, to protect communications systems and networks device to reduce the risk of infiltration, hacking, access penetration by, or exposure to, an unauthorized third-party.
    - (vii) Institution will use security measures, including encryption, to protect Footprint provided data in storage and in transit to reduce the risk of exposure to unauthorized parties.
    - (viii) All remote access connections to Institution internal networks and / or computer systems will require authorization with access control at the point of entry using multi-factor authentication. Such access will use secure channels, such as a Virtual Private Network (VPN).
    - (ix) Processes and procedures will be established for responding to security violations and unusual or suspicious events and incidents. Institution will report actual or suspected security violations or incidents that may affect Institution to Apiture and Experian within twenty-four (24) hours of Institution’s confirmation of such violation or incident.
    - (x) Each user of any Resource will have a uniquely assigned user ID to enable individual authentication and accountability. Access to privileged accounts will be restricted to those people who administer the Resource and individual accountability will be maintained. All default passwords (such as those from hardware or software vendors) will be changed immediately upon receipt.
    - (xi) All passwords will remain confidential and use ‘strong’ passwords that expire after a maximum of 90 calendar days. Accounts will automatically lockout after five (5) consecutive failed login attempts.
    - (xii) Institution shall require all Institution personnel to participate in information security training and awareness sessions at least annually and establish proof of learning for all personnel.
    - (xiii) Institution shall be subject to remote and / or onsite assessments of its information security controls and compliance with these Security Requirements.
    - (xiiii) Institution certifies that they have read and understand the “GLB Exception Requirements” notice and “Experian Security Requirements” and will take all reasonable measures to enforce them within their facility. They also certify that they will not resell the report to any third party. Institution shall explain their information-sharing practices to their customers and to safeguard sensitive data.
    - (xv) Institution shall acknowledge that many services containing Experian information also contain information from the Death Master File as issued by the Social Security Administration (“DMF”); certify pursuant to Section 203 of the Bipartisan Budget Act of 2013 and 15 C.F.R. § 1110.102 that, consistent with its applicable FCRA or GLB use of Experian information, the client’s use of deceased flags or other indicia within the Experian information is restricted to legitimate fraud prevention or business purposes in Indirect Sales Channel Page 4 of 10 Copyright © 2022 Experian. All rights reserved. July 1, 2022 ENA2000E-A05 Policy Attachment 5 Rev. 1.8 compliance with applicable laws, rules regulations, or fiduciary duty, as such business purposes are interpreted under 15 C.F.R. § 1110.102(a)(1); and certify that the client will not take any adverse action against any consumer without further investigation to verify the information from the deceased flags or other indicia within the Experian information.
  - 18.13.2 LexisNexis Downstream Vendor Terms.
    
    DEFINITIONS
    “Authorized User” shall mean an employee or contractor whom Institution has authorized to use the Footprint Services.
    “Use” means use and/or access the Footprint Services in accordance with this Agreement and the Documentation by any means permitted by Footprint.
    “Documentation” means the operator and user manuals, marketing, technical documentation, training materials, guides, functional and technical specifications, minimum system configuration requirements, compatible device and hardware list and other similar materials in hard copy or electronic form if and as provided by Footprint to Apiture or Institution (including any revised versions thereof) relating to the Footprint Services, Footprint API or the Footprint SDK, as may be updated from time to time.
    
    RESTRICTED LICENSE. LexisNexis hereby grants to Institution a restricted license to use the Footprint Services and any data contained therein, subject to the restrictions and limitations set forth below:
    - (i) Footprint hereby grants to Institution a restricted license to use the Footprint Services solely for Institution’s own internal business purposes. Institution represents and warrants that all of Institution’s use of the Footprint Services shall be for only legitimate business purposes, including those specified by Institution in connection with a specific information request, relating to its business and as otherwise governed by the Agreement. Institution shall not use the Footprint Services for marketing purposes or resell or broker the Footprint Services to any third party and shall not use the Footprint Services for personal (non-business) purposes. Institution shall not use the Footprint Services to provide data processing services to third-parties or evaluate the data of or for third-parties. Institution agrees that if Footprint determines or reasonably suspects that continued provision of Footprint Services to Institution entails a potential security risk, or that Institution is engaging in marketing activities, reselling, brokering or processing or evaluating the data of or for third-parties, or using the Footprint Services for personal (non-business) purposes or using the Footprint Services’ information, programs, computer applications, or data, or is otherwise violating any provision of this Agreement, or any of the laws, regulations, or rules described herein, Footprint may take immediate action, including, without limitation, terminating the delivery of, and the license to use, the Footprint Services. Institution shall not access the Footprint Services from Internet Protocol addresses located outside of the United States and its territories without Footprint’s prior written approval. Institution may not use the Footprint Services to create a competing product. Institution shall comply with all laws, regulations and rules which govern the use of the Footprint Services and information provided therein. Footprint may at any time mask or cease to provide Institution access to any Footprint Services or portions thereof which Footprint may deem, in Footprint’s sole discretion, to be sensitive or restricted information.
      - (a) Some of the information contained in the Footprint Services is “nonpublic personal information,” as defined in the Gramm-Leach-Bliley Act (15 U.S.C. § 6801, et seq.) and related state laws, (collectively, the “GLBA”), and is regulated by the GLBA (“GLBA Data”). Institution shall not obtain and/or use GLBA Data through the Footprint Services, in any manner that would violate the GLBA, or any similar state or local laws, regulations and rules. Institution acknowledges and agrees that it may be required to certify its permissible use of GLBA Data falling within an exception set forth in the GLBA at the time it requests information in connection with certain One Footprint Inc. Services and will recertify upon request by One Footprint Inc.. Institution certifies with respect to GLBA Data received through the One Footprint Inc. Services that it complies with the Interagency Standards for Safeguarding Institution Information issued pursuant to the GLBA.
      - (b) Some of the information contained in the Footprint Services is “personal information,” as defined in the Drivers Privacy Protection Act (18 U.S.C. § 2721, et seq.) and related state laws, (collectively, the “DPPA”), and is regulated by the DPPA (“DPPA Data”). Institution shall not obtain and/or use DPPA Data through the Footprint Services in any manner that would violate the DPPA. Institution acknowledges and agrees that it may be required to certify its permissible use of DPPA Data at the time it requests information in connection with certain Footprint Services and will recertify upon request by Footprint.
      - (c) Footprint may in its sole discretion permit Institution to access QA data. If Institution is authorized by Footprint to receive QA data, and Institution obtains QA data through the Footprint Services, Institution certifies it will not use the QA data for any purpose other than as expressly authorized by Footprint policies, the terms and conditions herein, and applicable laws and regulations. In addition to the restrictions on distribution otherwise set forth in Paragraph 2 below, Institution agrees that it will not permit QA data obtained through the Footprint Services to be used by an employee or contractor that is not an Authorized User with an authorized Use. Institution agrees it will certify, in writing, its uses for QA data and recertify upon request by Footprint. Institution may not, to the extent permitted by the terms of this Agreement, transfer QA data via email or ftp without Footprint prior written consent. However, Institution shall be permitted to transfer such information so long as: 1) a secured method (for example, sftp) is used, 2) transfer is not to any third-party, and 3) such transfer is limited to such use as permitted under this Agreement. Footprint may at any time and for any or no reason cease to provide or limit the provision of QA data to Institution.
      - (d) Institution shall not remove or obscure any trademarks, copyright notices or other notices contained on materials accessed through the Footprint Services.
      - (e) Footprint is a licensee of the United States Postal Service’s NCOALINK database (“NCOA Database”). The information contained in the NCOA Database is regulated by the Privacy Act of 1974 and may be used only to provide a mailing list correction service for lists that will be used for preparation of mailings. If Institution receives all or a portion of the NCOA Database through the Footprint Services, Institution hereby certifies to Footprint that it will not use such information for any other purpose. Prior to obtaining or using information from the NCOA Database, Institution agrees to complete, execute and submit to Footprint the NCOA Processing Acknowledgement Form.
      - (f) Certain materials contained within the Footprint Services are subject to additional obligations and restrictions. Without limitation, these services include news, business information (e.g., Dun & Bradstreet reports), and federal legislative and regulatory materials. To the extent that Institution receives such materials through the Footprint Services, Institution agrees to comply with the General Terms and Conditions for Use of Footprint Services contained at the following website: www.lexisnexis.com/terms/general (the “General Terms”). The General Terms are hereby incorporated into this Agreement by reference.
      - (g) The Footprint Services provided via LexisNexis pursuant to this Agreement are not provided by “consumer reporting agencies,” as that term is defined in the Fair Credit Reporting Act, (15 U.S.C. §1681, et seq.), (the “FCRA”), and do not constitute “consumer reports” as that term is defined in the FCRA. Accordingly, the Footprint Services provided by LexisNexis may not be used in whole or in part as a factor in determining eligibility for credit, insurance, employment or another purpose in connection with which a consumer report may be used under the FCRA. Further, (A) Institution certifies that it will not use any of the information it receives through the Footprint Services via LexisNexis to determine, in whole or in part an individual’s eligibility for any of the following products, services or transactions: (1) credit or insurance to be used primarily for personal, family or household purposes; (2) employment purposes; (3) a license or other benefit granted by a government agency; or (4) any other product, service or transaction in connection with which a consumer report may be used under the FCRA or any similar state statute, including without limitation apartment rental, check-cashing, or the opening of a deposit or transaction account; (B) by way of clarification, without limiting the foregoing, Institution may use, except as otherwise prohibited or limited by this Agreement, information received through the Footprint Services for the following purposes: (1) to verify or authenticate an individual’s identity; (2) to prevent or detect fraud or other unlawful activity; (3) to locate an individual; (4) to review the status of a legal proceeding; (5) to collect a debt, provided that such debt collection does not constitute in whole or in part, a determination of an individual consumer’s eligibility for credit or insurance to be used primarily for personal, family or household purposes; or (6) to determine whether to buy or sell consumer debt or a portfolio of consumer debt in a commercial secondary market transaction, provided that such determination does not constitute in whole or in part, a determination of an individual consumer’s eligibility for credit or insurance to be used primarily for personal, family or household purposes; (C) specifically, if Institution is using the Footprint Services in connection with collection of a consumer debt on its own behalf, or on behalf of a third-party, Institution shall not use the Footprint Services: (1) to revoke consumer credit; (2) to accelerate, set or change repayment terms; or (3) for the purpose of determining a consumer’s eligibility for any repayment plan; provided, however, that Institution may, consistent with the certification and limitations set forth in this section (viii), use the Footprint Services for identifying, locating, or contacting a consumer in connection with the collection of a consumer’s debt or for prioritizing collection activities; and (D) Institution shall not use any of the information it receives through the Footprint Services to take any “adverse action,” as that term is defined in the FCRA.
      - (h) If Institution is permitted to access Motor Vehicle Records (“MVR Data”) from Footprint, without in any way limiting Institution’s obligations to comply with all state and federal laws governing use of MVR Data, the following specific restrictions apply and are subject to change: 1) Institution shall not use any MVR Data provided by Footprint, or portions of information contained therein, to create or update a file that Institution uses to develop its own source of driving history information; 2) as requested by Footprint, Institution shall complete any state forms that Footprint is legally or contractually bound to obtain from Instiitution before providing Institution with MVR Data; and 3) Footprint (and certain Third-Party vendors) may conduct reasonable and periodic audits of Institution’s use of MVR Data. Further, in response to any audit, Institution must be able to substantiate the reason for each MVR Data order.
      - (i) American Board of Medical Specialties (“ABMS”) Data. If Institution is permitted to access ABMS Data from Footprint, Institution shall not use , nor permit others to use, ABMS Data for purposes of determining, monitoring, tracking, profiling or evaluating in any manner the patterns or frequency of physicians’ prescriptions or medications, pharmaceuticals, controlled substances, or medical devices for use by their patients.
      - (j) Institution represents and warrants that Institution will not provide Footprint with any Protected Health Information (as that term is defined in 45 C.F.R. Sec. 160.103) or with Electronic Health Records or Patient Health Records (as those terms are defined in 42 U.S.C. Sec. 17921(5), and 42 U.S.C. Sec. 17921(11), respectively) or with information from such records without the execution of a separate agreement between the parties.
      - (k) Retention of Records. For uses of GLB Data, DPPA Data and MVR Data, as described in Sections 1(ii), 1(iii) and 1(ix), Institution shall maintain for a period of five (5) years a complete and accurate record (including consumer identity, purpose and, if applicable, consumer authorization) pertaining to every access to such data.
    - (ii) Accordingly, Institution shall (a) restrict access to Footprint Services to those employees who have a need to know as part of their official duties; (b) ensure that none of its employees shall (i) obtain and/or use any information from the Footprint Services for personal reasons, or (ii) transfer any information received through the Footprint Services to any party except as permitted hereunder; (c) keep all user identification numbers, and related passwords, or other security measures (collectively, “User IDs”) confidential and prohibit the sharing of User IDs; (d) immediately deactivate the User ID of any employee who no longer has a need to know, or for terminated employees on or prior to the date of termination;
    - (iii) Institution acknowledges and agrees that Footprint obtains its data from third-party sources, which may or may not be completely thorough and accurate, and that Institution shall not rely on Footprint for the accuracy or completeness of information supplied through the Footprint Services.
    - (iv) Not withstanding anything in this Agreement to the contrary, Footprint or Footprint’s data provider shall own Institution’s search inquiry data used to access the Footprint Services (in the past or future) and may use such data for any purpose consistent with applicable federal, state and local laws, rules and regulations.
    - (v) Institution understands and agrees that, in order to ensure compliance with the FCRA, GLBA, DPPA, other similar state or federal laws, regulations or rules, regulatory agency requirements, this Agreement, and Footprint’s obligations under its contracts with its data providers and Footprint’s internal policies, Footprint may conduct periodic reviews of Institution’s use of the Footprint Services and may, upon reasonable notice, audit Institution’s records, processes and procedures related to Institution’s use, storage and disposal of Footprint Services and information received therefrom. Institution agrees to cooperate fully with any and all audits and to respond to any such audit inquiry within ten (10) business days, unless an expedited response is required. Violations discovered in any review and/or audit by Footprint will be subject to immediate action including, but not limited to, suspension or termination of the license to use the Footprint Services, reactivation fees, legal action, and/or referral to federal or state regulatory agencies.
    - (vi) Provisions hereof related to release of claims; indemnification; use and protection of information, data and Footprint Services; payment for the Footprint Services; audit; Footprint’s use and ownership of Institution’s search inquiry data; disclaimer of warranties; security; customer data and governing law shall survive any termination of the license to use the Footprint Services.
    - (vii) Institution shall train new employees prior to allowing access to Footprint Services on Institution’s obligations under this Agreement, including, but not limited to, the licensing requirements and restrictions under Paragraph 1 and the security requirements of Paragraph 2. Institution shall conduct a similar review of its obligations under this Agreement with existing employees who have access to Footprint Services no less than annually. Institution shall keep records of such training.
    - (viii) Institution acknowledges and understands that Footprint will only allow Institution access to the Footprint Services if Institution’s credentials can be verified in accordance with Institution’s internal credentialing procedures. Institution shall notify Footprint immediately of any changes to the information on Institution’s Application for the Footprint Services, and, if at any time Institution no longer meets the criteria for providing such service, Footprint may terminate this Agreement. Institution is required to promptly notify Footprint of a change in ownership of Institution’s company, any change in the name of Institution’s company, and/or any change in the physical address of Institution’s company.
    - (ix) By receipt of the Footprint Services, Institution agrees to, and shall comply with, changes to the Restricted License granted Institution in Paragraph 1 herein, changes in pricing, and changes to other provisions of this Agreement as Footprint shall make from time to time by notice to Institution via e-mail, online “click wrap” amendments, facsimile, mail, invoice announcements, or other written notification. All e-mail notifications shall be sent to the individual named in the Institution administrator contact information section, unless stated otherwise in this Agreement. Footprint may, at any time, impose restrictions and/or prohibitions on the Institution’s use of the Footprint Services or certain data. Institution understands that such restrictions or changes in access may be the result of a modification in Footprint policy, a modification of third-party agreements, a modification in industry standards, a Security Event or a change in law or regulation, or the interpretation thereof. Upon written notification by Footprint of such restrictions, Institution agrees to comply with such restrictions.
    - (x) With respect to personally identifiable information regarding consumers, the parties further agree as follows: Footprint has adopted the “One Footprint Inc. Data Privacy Principles” (“Principles”), which may be modified from time to time, recognizing the importance of appropriate privacy protections for consumer data, and Institution agrees that Institution (including its directors, officers, employees or agents) will comply with both LexisNexis and Footprint privacy policies. The Principles are available at: https://www.onefootprint.com/privacy-policy and http://www.lexisnexis.com/privacy/data-privacy-principles.aspx.
  - 18.13.3 Incode Downstream Vendor Terms
    - (i) During the Term, Incode hereby grants Institution a nonexclusive, limited, personal, non-sublicensable, nontransferable right and license to use and access the Footprint Services, only for the internal business purposes of Institution and only in accordance with Incode Documentation (as defined herein below). No other rights or licenses are granted except as expressly and unambiguously set forth herein. “Incode Documentation” means Incode’s usage guidelines and standard technical documentation for the Software, the current version of which is available at API: https://docs.incode.com/docs/omni-api/integration-guide/ and Web SDK: https://docs.incode.com/docs/web/overview.
    - (ii) Institution shall not (and shall not permit any third party to), directly or indirectly: (a) reverse engineer, decompile, disassemble, or otherwise attempt to discover the underlying structure of the Footprint Service (except to the extent applicable laws specifically prohibit such restriction); (b) modify, translate, or create derivative works based on the Footprint Service; (c) transfer or encumber rights to the Footprint Service; (c) use the Footprint Service for the benefit of a third party; (d) remove or otherwise alter any proprietary notices from the Footprint Service or any portion thereof; (e) use the Footprint Service to build an application or product that is competitive with any Incode product or service; (f) interfere or attempt to interfere with the proper working of the Footprint Service or any activities conducted on the Footprint Service; (g) bypass any measures Incode may use to prevent or restrict access to the Footprint Service (or other accounts, computer systems or networks connected to the Footprint Service); (h) use the Footprint Service for the design or development of nuclear, chemical or biological weapons or missile technology, or for terrorist activity, without the prior permission of the United States government; or (i) allow any third party to remove or export from the United States or allow the export or re-export of any part of the Software or any direct product thereof (i) into (or to a national or resident of) any embargoed or terrorist-supporting country, (ii) to anyone on the U.S. Commerce Department’s Table of Denial Orders or U.S. Treasury Department’s list of Specially Designated Nationals, (iii) to any country to which such export or re-export is restricted or prohibited, or as to which the United States government or any agency thereof requires an export license or other governmental approval at the time of export or re-export without first obtaining such license or approval or (iv) otherwise in violation of any export or import restrictions, laws or regulations of any United States or foreign agency or authority. The Software may incorporate third-party open source software (“OSS”). To the extent required by the OSS license, that license will apply to the OSS on a stand-alone basis. Institution is responsible for all of Institution’s activity in connection with the Footprint Service, including but not limited to uploading Institution Data onto the Footprint Service. Institution shall warrant that it is not located in, under the control of or a national or resident of any such prohibited country or on any such prohibited party list. Institution: (A) shall use the Footprint Service in compliance with all applicable laws, treaties and regulations in connection with Institution’s use of the Footprint Service, and (B) shall not use the Footprint Service in a manner that violates any third party rights. This provision shall survive any expiration or termination of the Agreement.
    - (iii) The parties agree that Incode will process Institution data in connection with the Footprint Services solely to perform its obligations under this Agreement. Notwithstanding the foregoing, Institution acknowledges and agrees that Incode may use the Institution data to (i) provide the Footprint Services and (ii) generate Aggregated Anonymous Data for Incode’s business purposes (including without limitation, for purposes of improving, testing and operating Incode’s products and services). “Aggregated Anonymous Data” means data submitted directly to, collected directly by, or generated by Incode in connection with Institution’s use of the Footprint Service that is aggregated and anonymized such that it cannot be reasonably linked to, or reasonably capable of being associated with, directly or indirectly, any individual person. Institution shall acknowledge and agree that Institution shall be solely responsible for requesting individuals the end-users’ consent for the afore purposes.
    - (iv) Institution acknowledges and agrees that the Footprint Service may use services provided by third parties. Any exchange of data or other interaction between Institution and a third party provider is solely between Institution and such third party provider and is governed by such third party’s terms and conditions.
    - (v) Incode may suspend or limit Institution’s access to or use of the Footprint Service if Institution’s use of the Footprint Service results in (or is reasonably likely to result in) damage to or material degradation of the Footprint Service which interferes with Incode’s ability to provide access to the Footprint Service to other Incode customers. Upon expiration or earlier termination of the Agreement, all license granted to Institution will cease, and Institution must immediately cease using the software and delete (or, upon request, return) all copies of the software. At Incode’s request, Institution will ensure that Institution deletes all of Incode’s Confidential Information. Confidential Information may be retained in the Incode’s standard backups after deletion but will remain subject to the Agreement’s confidentiality and non-use restrictions. This provision shall survive any expiration or termination of the Agreement.
    - (vi) THE FOOTPRINT SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” AND ARE WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES IMPLIED BY ANY COURSE OF PERFORMANCE, USAGE OF TRADE, OR COURSE OF DEALING, ALL OF WHICH ARE EXPRESSLY DISCLAIMED. INCODE DOES NOT WARRANT ANY THIRD PARTY SERVICES OR THAT INSTITUTION’S (AS THE CASE MAY BE), USE OF THE FOOTPRINT SERVICE WILL BE UNINTERRUPTED OR ERROR-FREE OR THAT ANY SECURITY MECHANISMS IMPLEMENTED BY THE FOOTPRINT SERVICE WILL NOT HAVE INHERENT LIMITATIONS. This provision shall survive any expiration or termination of the Agreement.
    - (vii) EXCEPT FOR INSTITUTION’S BREACH OF THE LICENSE RESTRICTIONS OF THE AGREEMENT, IN NO EVENT SHALL INCODE, NOR ITS DIRECTORS, EMPLOYEES, AGENTS, PARTNERS, SUPPLIERS OR CONTENT PROVIDERS, BE LIABLE UNDER CONTRACT, TORT, STRICT LIABILITY, NEGLIGENCE OR ANY OTHER LEGAL OR EQUITABLE THEORY WITH RESPECT TO THE SUBJECT MATTER OF THE AGREEMENT (A) FOR ANY LOST PROFITS, DATA LOSS, COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER, SUBSTITUTE GOODS OR SERVICES (HOWEVER ARISING), (B) FOR ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE (REGARDLESS OF THE SOURCE OF ORIGINATION), OR (C) FOR ANY DIRECT DAMAGES IN EXCESS OF (IN THE AGGREGATE) THE FEES PAID (OR PAYABLE) TO INCODE WITH RESPECT TO THE LICENSE GRANTED HEREUNDER IN THE TWELVE (12) MONTHS PRIOR TO THE EVENT GIVING RISE TO A CLAIM HEREUNDER. This provision shall survive any expiration or termination of the Agreement.
    - (viii) Incode will not be liable for any delay or failure to perform the Service due to events beyond its reasonable control, such as a strike, blockade, war, act of terrorism, riot, infrastructure services provided by third party providers, Internet or utility failures, refusal of government license or natural disaster.
    - (ix) The Footprint Services are “commercial products” (as defined at Federal Acquisition Regulation (FAR) 2.101) and are “commercial computer software” (as defined at FAR 2.101). If the Institution or end user of the Footprint Services is an agency, department, or other entity of the United States Government, the use, duplication, reproduction, release, modification, disclosure, or transfer of the Services, Software or any related Documentation of any kind, including technical data and manuals, is restricted by the terms of Federal End User Agreement in accordance with FAR 12.212 for civilian agency use and Defense Federal Acquisition Regulation Supplement (DFARS) 227.7202 for agencies within the Department of Defense. All other use is prohibited.
  - 18.13.4 From time to time, the Footprint downstream vendors may require changes to their respective downstream Service Terms. After receiving notification of a change to the applicable downstream vendor Service Terms, Institution will be notified of such changes in writing, including by notification on or through the Footprint Service. Institution is solely responsible for complying with all applicable Footprint downstream vendor Service Terms.
reCAPTCHA
1. By accessing or using the reCAPTCHA services, Institution agrees to the Google APIs Terms of Use, Google Terms of Use, and to the Additional Terms below.
2. Institution acknowledges and understands that the reCAPTCHA API works by collecting hardware and software information, such as device and application data, and sending these data to Google for analysis. The information collected in connection with Institution’s use of the service will be used for improving reCAPTCHA and for general security purposes. It will not be used for personalized advertising by Google. Institution agrees that if it uses the APIs that it is Institution’s responsibility to provide any necessary notices or consents for the collection and sharing of this data with Google. For users in the European Union, Institution must comply with the EU User Consent Policy. Institution’s use of reCAPTCHA is subject to call limits. Google may in its sole discretion enforce these limits through any of the means described at call limits or in these terms of service.
Google Maps
1. Institution acknowledges and will (A) notify Users that the SaaS Services include Google Maps features and content; and (B) state that use of Google Maps features, and content is subject to the then-current versions of the: (1) Google Maps/Google Earth Additional Terms of Service at https://maps.google.com/help/terms_maps.html; and (2) Google Privacy Policy at https://www.google.com/policies/privacy/.
2. If Users of the SaaS Services (and downstream products, if any) fail to comply with the applicable terms of the Google Maps/Google Earth Additional Terms of Service, then Apiture will take appropriate enforcement action, including suspending or terminating those Users’ use of Google Maps features and content in the SaaS Services or downstream products.
3. Data Use and Retention. To provide the Google Map services through the SaaS Services Google collects and receives data from Institution and Users, including search terms, IP addresses, and latitude/longitude coordinates. Institution acknowledges and agrees that Google and its affiliates may use and retain this data to provide and improve Google products and services, subject to the Google Privacy Policy at https://www.google.com/policies/privacy/.
4. End User Requirements.
  1. End User Privacy. Institution’s use of the Google Map services in the SaaS Services will comply with applicable privacy laws, including laws regarding services that store and access cookies on Users’ devices. Institution will comply with the then-current Consent Policy at https://www.google.com/about/company/user-consent-policy.html, if applicable.
  2. End User Personal Data. Through the normal functioning of the Google Maps Core Services, Users provide personally identifiable information and personal data directly to Google, subject to the then-current Google Privacy Policy at https://www.google.com/policies/privacy/.
    
    However, Institution will not provide to Google (i) any User’s personally identifiable information; or (ii) any European User’s personal data (where “European” means “European Economic Area, Switzerland, or the UK”).
  3. End User Location Privacy Requirements. To safeguard Users’ location privacy, Institution will ensure to (i) notify Users in advance of (1) the type(s) of data that Institution intends to collect from the Users or the Users’ devices, and (2) the combination and use of User’s location with any other data provider’s data; and (ii) will not obtain or cache any User’s location except with the User’s express, prior, revocable consent.
Business Insights
1. Definitions:
  1. “Business Insights” means the digital intelligence platform for business owners powered by Signal Financial Technologies, Inc. d/b/a Monit (or its successor).
  2. “Derivative Works” means a work that is based upon or derives in any way from one or more preexisting works, such as a revision, modification, translation (including compilation or recapitulation by computer), abridgement, condensation, expansion, improvement or any other form in which such a preexisting work may be recast, transformed, or adapted.
  3. “Provider Intellectual Property” or “Provider IP“, includes any and all ideas, processes, trademarks, service marks, inventions, designs, technologies, computer hardware or software, original works of authorship, formulas, discoveries, patents, copyrights, copyrightable work products, marketing and business ideas, and all improvements, know-how, data, rights, and claims related to the foregoing that, whether or not patentable, are conceived, developed or created and which; (i) relate to the current or contemplated business or activities of Apiture’s Third Party Provider for Business Insights, (ii) relate to actual or demonstrably anticipated research or development by Apiture’s Third Party Provider for Business Insights, (iii) involve the use of equipment, supplies, facilities or trade secrets of Apiture’s Third Party Provider for Business Insights, (iv) result from or are suggested by any work done by Apiture’s Third Party Provider for Business Insights or at its request (including without limitation by any authorized reseller or agent of Apiture’s Third Party Provider for Business Insights), or any projects specifically assigned to Institution, (v) result from Institution’s access to any of Apiture’s Third Party Provider for Business Insights’ platform, memoranda, notes, records, drawings, sketches, models, maps, customer lists, research results, data, formulae, specifications, inventions, processes, equipment or other materials, or (vi) otherwise relate to the Provider Technology or Platform (as defined below).
  4. “Provider Technology” or “Platform” means any and all Apiture’s Third Party Provider for Business Insights’ proprietary technology, Business Insights, API, software tools, hardware designs, algorithms, software (in source and object forms), user interface designs, architecture, class libraries, objects and documentation (both printed and electronic), network designs, trade secrets and any related intellectual property rights throughout the world (whether owned by Apiture’s Third Party Provider for Business Insights or licensed to Apiture’s Third Party Provider for Business Insights from a third party) and also including any derivatives, improvements, enhancements or extensions of Provider Technology conceived, reduced to practice, or developed during the term of Institution’s Agreement with Apiture by any party.
2. All right, title and interest in and to all subject ideas and inventions with respect to Provider IP, whether or not registered or registrable, patented or patentable shall be held and owned solely by Apiture’s Third Party Provider for Business Insights. In the event that Institution should otherwise, by operation of law, be deemed to retain any rights (whether moral rights or otherwise) to any Provider IP, Institution hereby assigns and otherwise transfers and agrees to assign and otherwise transfer to Apiture’s Third Party Provider for Business Insights, without further consideration, the right, title and interest in and to Provider IP. Institution hereby waives any so-called “droit moral” rights, “moral rights of authors” and all other similar rights Institution may have in any subject ideas and inventions, however denominated, throughout the world. These Service Terms do not transfer to Institution any Provider IP, and all rights, title and interest in and to Provider IP, including derivatives thereof regardless of the creator, will remain the sole property of the Apiture’s Third Party Provider for Business Insights. Institution agrees that it will not, directly or indirectly, reverse engineer, decompile, disassemble, or otherwise attempt to derive source code from, any Provider IP. No products or services delivered by Apiture’s Third Party Provider for Business Insights or at its request (including without limitation by any authorized reseller or agent of Apiture’s Third Party Provider for Business Insights) for use by Institution are works made for hire.
3. Institution shall use Business Insights only for lawful purposes and in accordance with its Agreement and these Service Terms. Institution will comply at all times with all applicable laws or regulations. In the event of a failure to comply, Institution will be subject to immediate suspension or termination of the use of Business Insights.
4. Institution will not, and will not allow other third parties, either directly or indirectly, to:
  1. take any action that may interfere with any of Apiture’s Third Party Provider for Business Insights’ rights in or to any of Provider Intellectual Property rights, including Apiture’s Third Party Provider for Business Insights’ ownership or exercise thereof;
  2. challenge any right, title or interest of Apiture’s Third Party Provider for Business Insights in or to any of Provider Intellectual Property rights;
  3. make any claim or take any action adverse to Apiture’s Third Party Provider for Business Insights’ ownership of any Provider Intellectual Property rights;
  4. register or apply for registrations, anywhere in the world, for Apiture’s Third Party Provider for Business Insights’ trademarks or any other trademark that is similar to Apiture’s Third Party Provider for Business Insights’ trademarks or that incorporates Apiture’s Third Party Provider for Business Insights’ trademarks in whole or in confusingly similar part;
  5. use any mark, anywhere, that is confusingly similar to Apiture’s Third Party Provider for Business Insights’ trademarks;
  6. engage in any action that tends to disparage, dilute the value of, or reflect negatively on Business Insights or any trademark of Apiture’s Third Party Provider for Business Insights;
  7. misappropriate any trademarks of Apiture’s Third Party Provider for Business Insights for use as a domain name without prior written consent from Apiture’s Third Party Provider for Business Insights;
  8. alter, obscure or remove any trademarks of Apiture’s Third Party Provider for Business Insights or trademark or copyright notices or any other proprietary rights notices placed on marketing materials or other materials that Apiture or Apiture’s Third Party Provider for Business Insights may provide;
  9. reverse assemble, reverse compile, or otherwise reverse engineer or attempt to derive the source code of Business Insights or any other Provider Intellectual Property;
  10. create Derivative Works of Business Insights or any other Provider Intellectual Property without the prior written consent of an authorized representative of Apiture’s Third Party Provider for Business Insights; or
  11. access or use, or allow any person to access or use, Business Insights for any purpose other than the purposes identified in its Agreement with Apiture with the prior written consent of an authorized representative of Apiture’s Third Party Provider for Business Insights.
5. Institution shall be solely responsible for (i) ensuring that its and its Users’ use of the Business Insights complies with those laws, statutes, regulations, executive orders, administrative orders, judicial orders, or interpretive guidance which has been, in each case, enacted, promulgated, issued, or published by governmental authorities to which Apiture and Institution are subject, and (ii) any and all actions taken by Institution, its Users, or third parties as a result of, in connection with, or based on information provided by the Business Insights. Under no circumstances shall Institution or its Users use or access the Business Insights for any “permissible purpose” under the Fair Credit Reporting Act (FCRA) (15 U.S.C. Sec. 1681 et seq) or use any of the information it receives via the Business Insights to take any “adverse action”, as that term is defined in the FCRA. Apiture shall have no liability or responsibility whatsoever for actions taken by Institution or third parties as a result of, in connection with, or based on information provided by the Business Insights, and Institution hereby waives and releases Apiture from any such liability or related claims.
6. Institution shall indemnify, defend and hold Apiture and its Third Party Providers harmless from and against any third-party (including Users) claims and related losses arising from the (i) breach of these Service Terms or the Agreement, negligence, or willful misconduct of the Institution or Users in connection with the Business Insights, (ii) any decisions or actions taken by Institution or Users on the basis of the Business Insights, or (iii) Customer Data provided by Institution or Users.
7. Institution acknowledges that the use of Business Insights by Institution pursuant to these Service Terms is subject to the terms of that certain Reseller Agreement dated as of 11-AUG-2022 by and between the Apiture and Signal Financial Technologies, Inc. (the “Reseller Agreement”). Upon expiration or earlier termination of the Reseller Agreement, all of Institution’s right to use Business Insights under these Service Terms shall automatically terminate and Institution’s continued use of Business Insights shall be conditioned upon Institution and Apiture’s Third Party Provider for Business Insights entering into Apiture’s Third Party Provider for Business Insights’ then standard agreement with respect to the use of Business Insights.
8. Apiture’s Third Party Provider for Business Insights shall be a third party beneficiary to the Agreement with Institution solely as it relates to the foregoing provisions of these Service Terms.
Data Intelligence Universal Terms

A. Apiture “Data Intelligence Services” shall refer to and include the Data Engage Services, Data Direct Services, and Data Portal Services described in this Section 22. The Data Intelligence Universal Terms set out below shall apply to all Data Intelligence Services in addition to the service-specific terms set forth in successive subsections of this Section 22. For the avoidance of doubt, Institution is entitled to use and access only those Data Intelligence Services specifically and expressly recited within an executed Agreement with Apiture.

B. “Customer Data” means any data, information or material that either Institution or Users provides or make available in the course of using the Apiture Digital Banking Platform, including the Data Intelligence Services.

C. Institution shall be solely responsible for ensuring (i) that its use of the Data Intelligence Services complies with Legal Requirements, and (ii) any and all actions taken by Institution or third parties as a result of, in connection with, or based on information provided by the Data Intelligence Services complies with Legal Requirements. Under no circumstances shall Institution or its Users use or access the Data Intelligence Services for any “permissible purpose” under the Fair Credit Reporting Act (FCRA) (15 U.S.C. Sec. 1681 et seq) or use any of the information it receives via the Data Intelligence Services to take any “adverse action”, as that term is defined in the FCRA. Apiture shall have no liability or responsibility whatsoever for actions taken by Institution or third parties as a result of, in connection with, or based on information provided by the Data Intelligence Services, and Institution hereby waives releases Apiture from any such liability or related claims.

D. Institution shall indemnify, defend and hold Apiture’s and its Third Party Providers harmless from and against any third-party claims (including claims made by Users) and related losses arising from the (i) breach of these Service Terms or the Agreement, negligence, or willful misconduct of the Institution in connection with the Data Intelligence Services, (ii) any decisions or actions taken by Institution on the basis of the Data Institution Services, or (iii) Customer Data provided by Institution or Users.

E. Institution represents and warrants that it has all necessary power and authorization to grant to Apiture and its Third Party Providers all rights and licenses granted under the Agreement with respect to Customer Data or other Institution Data. Institution grants Apiture and Third Party Providers the right to use such Customer Data and other Institution Data during the term of the Agreement for the purpose providing the Data Intelligence Services pursuant to the Agreement.

F. As between Apiture and Institution, Institution is responsible for the accuracy and integrity of Customer Data provided by Institution or Users in connection with Data Intelligence Services. Institution grants Apiture a non-exclusive, royalty-free license to process and use Customer Data and other Institution Data as necessary in order to perform the Data Intelligence Services. Further, Institution is solely responsible for drafting, disseminating, obtaining, or retaining all consents or notices necessary to ensure that Customer Data is collected and used in accordance with Legal Requirements, including, without limit, applicable state and federal privacy laws and regulations.
1. Data Engage Services
  1. Definitions:
    1. “Data Engage Platform” means the software as a service provided by Apiture’s Data Engage Third Party Provider, Pendo.io Inc. (or its successor), that enables users to build customized, in-application user guidance and gather analytics about end User behavior.
    2. “Feedback” means comments, questions, enhancement requests, suggestions, ideas, process descriptions or other information related to the Data Engage Platform.
    3. “Statistics” means Customer Data in an aggregated and anonymized form to derive statistical and performance information strictly for the Data Engage Platform.
  2. Apiture’s Data Engage Third Party Provider (and/or its licensors) is the sole and exclusive owner of all rights, title and interest in and to the Data Engage Platform, related documentation, and Apiture’s Data Engage Third Party Provider’s proprietary property (including intellectual property rights) and reserves all rights, title and interest in the foregoing unless otherwise expressly granted under these Service Terms. No ownership right is conveyed to Institution in the Data Engage Platform, related documentation or Apiture’s Data Engage Third Party Provider’s proprietary property, irrespective of the use of terms such as “purchase” or “sale” herein.
  3. Apiture’s Data Engage Third Party Provider may, in its sole discretion, from time-to-time, without materially degrading the existing features or functionality of the Data Engage Services, enhance, modify, and/or expand the features of the Data Engage Services from time to time.
  4. Institution shall ensure any upgrades or updates are promptly applied, otherwise, certain features or functionality associated with the Data Engage Platform may not be accessible or otherwise perform.
  5. Institution may submit Feedback to Apiture or Apiture’s Data Engage Third Party Provider and Institution grants Apiture’s Data Engage Third Party Provider the right to use and incorporate its Feedback into the Data Engage Services.
  6. Institution hereby acknowledges that Pendo.io Inc. (or its successor) as Apiture’s Data Engage Third Party Provider is a subprocessor providing the Data Engage Platform. Institution acknowledges and agrees that it shall not advance any direct claim or proceeding against the Data Engage Third Party Provider in connection with the Data Engage Services and does hereby expressly waive any and all rights to do so. The foregoing agreement and waiver is a fundamental condition of Apiture’s provision of the Data Engage Services.
  7. Statistics may be used by Apiture’s Data Engage Third Party Provider for purposes of improving its products and services, and developing, displaying, and distributing benchmarks and similar reports, provided that in any case such data is not externally identified or identifiable as originating with or associated with Institution or any individual person.
  8. Apiture and its Third Party Providers shall use commercially reasonable efforts to maintain APIs enabling the Data Engage Services, including the applicable API endpoint, (“Data Engage APIs”) in a manner which enables Institution to export data in accordance with industry standard processes. Data Engage APIs maintain a timeout limit of five (5) minutes and a file size limit of 4GB per API query response. At such limit thresholds, the Data Engage API response will automatically cease. Neither Apiture nor its Third Party Providers shall have any liability associated with Institution’s use of any data derived from Data Engage APIs.
2. Data Direct Services
  1. Definitions:
    1. “Data Direct Services” means the Apiture subscription services offering that involves the preparation and delivery of curated Dataset Files for independent analysis by Institution of its Users’ information, behavior, characteristics, transactions, and related trends.
    2. “Dataset Files” means delimited text data files containing Customer Data which are prepared and delivered by Apiture incident to the provision of Data Direct Services.
  2. Apiture will deliver Dataset Files by SFTP at the frequency specified in the Agreement or the Documentation. Institution shall be responsible for the procurement, maintenance, security, and adequacy of all Institution Systems, including any SFTP client or other automated systems employed by Institution or otherwise required for the receipt of the Data Direct Services. Institution shall be responsible for ensuring the security of any and all Access Credentials furnished by Apiture in connection with the Data Direct Services or otherwise utilized to access Dataset Files. Apiture shall bear no responsibility nor liability in connection with the security or disposition of Dataset Files or constituent data after such Dataset Files are retrieved from Apiture Systems by Institution or its designee.
  3. Data Direct Services do not include any processing, analysis, visualization, or other rendering of Dataset Files or any related tools or systems. Institution shall be responsible for the procurement, maintenance, security, and adequacy of any and all applications, tools, or services it deems necessary for the use or analysis of Dataset Files. Data Direct Services are expressly limited to the provision of Dataset Files only.
  4. Dataset Files may exclude or segregate Personal Information, in Apiture’s discretion. Apiture will only be obligated to retain Dataset Files for 7 calendar days following attempted delivery to Institution. After the elapse of such period, Apiture may delete the Dataset Files and will have no obligation to recreate such Dataset Files.
3. Data Portal Services
  1. Subject to the terms and conditions of the Agreement, and these Service Terms, Apiture grants to Institution a limited, worldwide, non-exclusive, non-transferable right during the Subscription Term to: (a) use the Data Portal Services solely for Institution’s internal business operations. Institution’s rights to use the Data Portal Services are subject to any scope and usage limitations set forth in the Agreement, which may include, without limitation, limits on the number of users. If Institution exceeds any scope limitations set forth in the Agreement, Apiture may suspend or limit access to the Data Portal service and/or invoice Institution for the excess usage at Apiture’s then-current rates.
  2. Institution shall not: (a) sell, rent, lease, or, except as expressly permitted in the Agreement, license, sublicense, distribute, or otherwise permit third parties to access or use the Data Portal Services; (b) except as expressly permitted in the Agreement, use the Data Portal Services to provide services to third parties as a service bureau or for time sharing or service provider purposes; (c) circumvent or disable any security or other technological features or measures of the Data Portal Services, or attempt to probe, scan or test the vulnerability of a network or system, breach security or authentication measures, or gain unauthorized access to any service, system or network; (d) upload or provide for processing, or use the Data Portal Services to store, display or transmit, any information or material that is illegal, defamatory, offensive, abusive, obscene, or tortious, or that violates applicable statutory privacy or intellectual property rights; (e) use the Data Portal Services to harm, threaten, or harass another person or organization or in any way that violates applicable laws or regulations; (f) use the Data Portal Services to create, send, store, run, or distribute any viruses, worms, Trojan horses, or other disabling code, malware component, or code or program harmful to a network or system; (g) copy, reproduce, modify, translate, enhance, decompile, disassemble, reverse engineer, or create derivative works of the Data Portal Services or any feature or function thereof; (h) access the Data Portal Services for the purpose of any benchmarking or other competitive purpose; (i) alter nor remove any trademark, copyright notice, or other proprietary rights notice that may appear in any part of the Data Portal Services; or (j) use the Data Portal Services in excess of stated scope limitations. Institution is solely responsible for the conduct of its personnel and other users in connection with the use of the Data Portal Services.
  3. Except as otherwise provided in the Agreement, only the number of Institution users specified in the Agreement may access the Data Portal Services and user licenses or accounts must not be shared among users. Except as otherwise provided in the Agreement, access to the Data Portal Services shall be ‘view-only’ and Institution personnel shall not have direct access to upload data to the Data Portal Services or access Apiture Systems or Third Party Providers Systems supporting the Data Portal Services. As part of the registration process, Institution may be asked to identify users who should be associated with its account. Institution will not misrepresent the identity or nature of the company or users who should be associated with its account. Institution shall be responsible for maintaining the confidentiality of logins and account and for all activities that occur under Institution logins and accounts, including the activities of Institution users.
  4. Institution shall use reasonable efforts to prevent any unauthorized use of the Data Portal Services and will promptly notify Apiture in writing of any unauthorized use. Institution will take all steps reasonably necessary to terminate unauthorized use of the Data Portal Services. Apiture may remotely monitor Institution’s use of the Data Portal Services to verify that Institution’s use complies with scope limitations and other terms of the Agreement.
  5. Notwithstanding any other service level or availability commitments set out in the Agreement, the Data Portal Services will be materially operational and functional 99.9% of the time during the hours of 9:00 am to 8:00 pm, EST, Monday through Friday during any 30-day period.
Embedded Banking Services
1. Definitions:
  1. “Analytical Data” means information, data and other content that is obtained, aggregated or derived by or through the EB Services from processing specific Institution Data such that any constituent Personal Information cannot be identified from the inspection, analysis or further processing of such information, data or content. Analytical Data does not constitute Institution Data and may be used by Apiture or its EB Partner in furtherance of their respective business operations, including, without limit, the provision, improvement, monitoring, benchmarking, or development of the EB Services. Notwithstanding anything to the contrary in the Agreement, Apiture will not be required to return or destroy Analytical Data upon expiration or termination of the EB Services, and Apiture or its EB Partner may continue to use it for the purposes contained in this Section 23 of the Service Terms. Institution, for itself and its affiliates, represents to Apiture that Institution has obtained consents and authorizations from Institution’s Users sufficient to legally authorize Apiture and its service providers to use Analytical Data for the purposes described in this Section 23.
  2. “API” means application programming interface
  3. “Apiture IP” means all intellectual property or proprietary rights, including but not limited to copyrights, moral rights, trademarks (trade names and service marks), patents (including patent applications) and trade secrets associated with (i) Apiture’s marketing and business activities, (ii) Apiture Confidential Information, (iii) Analytical Data, (iv) the EB Services, Software, Apiture Systems, or Documentation, (v) any modifications to or extensions of the EB Services, Software, Apiture Systems, or Documentation, (vi) all processes, methods, or technologies used to perform the EB Services, and (vii) all ideas, concepts, know-how, works of authorship, inventions, or other intellectual property created or conceived by Apiture in connection with the EB Services, Software, Apiture Systems, or Documentation.
  4. “Apiture Systems” means the technology infrastructure, tools, processes, software, interfaces, and systems used by Apiture to deliver the EB Services.
  5. “Dependency” means the action or inaction by Institution (or its core banking system, EB Partner, or other third-party service providers) including, without limit, providing suitable access to systems, providing adequate information or instructions, or providing reasonable advance notice of changes in systems or service providers, including, without limit, (i) a failure by Institution’s back-end system of record for processing banking transactions or other Institution third-party service providers to reasonably cooperate with Apiture, (ii) a failure by Institution to adhere to the requirements of the Agreement regarding implementation and testing, (iii) a failure by Institution to provide suitable resources or cooperation in connection with the implementation or maintenance of the EB Services, (iv) issues or disruptions caused by changes in Institution processes and operations, or (v) issues or defects attributable to the configuration, performance, or adequacy of Institution’s information technology infrastructure and any other Institution Systems.
  6. “Documentation” means user manuals, bulletins, release notes, and other documentation concerning the Apiture Systems and EB Services.
  7. “EB Services” means those Embedded Banking Services that enable Institution and its EB Partners to avail or extend digital banking features, functions, and services within a Host Application.
  8. “EB Partner” means those third-party partners designated by Institution to participate in the Embedded Banking Services.
  9. “EB Partner Agreement” means a written agreement governing the relationship between Institution and the EB Partner with respect to the EB Services.
  10. “Host Application” means the digital experiences or channels which are owned, managed, or controlled by Institution or an EB Partner that enable Institution and EB Partners to avail or extend digital banking features, functions, and services.
  11. “Institution Data” means all information, data, text, images, and other content submitted, posted, transmitted, uploaded or otherwise provided by Institution or Users through, or transferred, received or processed by the EB Services, including Personal Information, account information, and transactional information. Institution Data does not include Analytical Data. Institution has and shall retain sole responsibility for the accuracy, quality, and availability of Institution Data provided to Apiture or its EB Partner in connection with the EB Services.
  12. “Institution Systems” means information technology infrastructure owned, licensed, or engaged by Institution for the conduct of its business, including its core banking system, hardware, software, databases, systems, networks and services, whether operated directly by Institution or through the use of third-party service providers, but excluding the EB Services, Apiture Systems, and Apiture IP.
  13. “Legal Requirements” means certain laws, statutes, regulations, executive orders, administrative orders, judicial orders, or interpretive guidance which has been, in each case, enacted, promulgated, issued, or published by governmental authorities to which Apiture and Institution are subject.
  14. “Personal Information” means any information which constitutes “non-public personal information” under the Graham-Leach-Bliley Act (15 U.S.C § 6801) and its implementing regulations.
  15. “SDK” means software development kit.
  16. “Security Incident” means an incident that compromises Apiture Systems by (i) a ‘data breach’ impacting Institution Data (or equivalent term) under applicable Legal Requirements, or (ii) unauthorized access to or unauthorized disclosure of User Personal Information under circumstances suggesting a reasonable likelihood of misuse.
  17. “Software” means the Apiture Systems as well as software programs, SDKs, applications, and interfaces owned, licensed, or resold by Apiture.
  18. “User” means Institution and Institution’s authorized consumer and business customers, employees, and contractors
  19. “User Agreement” means a required agreement entered into between Institution and Institution Users prior to permitting access to the EB Services governing the relationship between Institution and User as it relates to the EB Services.
2. Use of and access to EB Services requires and is subject to the execution of a SaaS Order or Schedule which explicitly provides for and describes the particular EB Services and associated features, functions, capabilities, and integrations engaged by Institution. In the absence of a current subscription to EB Services memorialized in an executed SaaS Order or Schedule and except as expressly provided in the Agreement neither Institution nor its EB Partners shall have any right or license to use or access the EB Services or any Apiture APIs, SDKs, or Apiture Systems.
3. EB Services and the associated license to Apiture Systems granted within the Agreement are limited to the particular features, functions, capabilities, integrations, components, services, and associated APIs specifically and expressly identified in an executed SaaS Order or Schedule. EB Services shall at all times remain subject to (i) the provisions of the Agreement (ii) these Embedded Banking Service Terms, and (iii) any and all Service Terms applicable to the Software-as-a-Service Services and functionality associated with subscribed EB Services. By way of illustration, EB Services which enable Account Origination within a Host Application are subject to the Agreement, these Embedded Banking Service Terms, as well as the Consumer Digital Account Opening and Business Digital Account Opening Service Terms.
4. Any and all EB Partners must be approved by Apiture, in its sole discretion, and expressly identified within the SaaS Order or Schedule. New or additional EB Partners, features, functions, capabilities, integrations, components, or other EB Services will necessitate and be subject to an amendment to the SaaS Order or Schedule detailing any and all changes and the associated Fees. Further, the introduction and maintenance of new or additional EB Partners, Host Applications, or other third-party rights, licenses, or relationships which implicate use of, access to, or which may otherwise affect the EB Services shall be subject to an amendment to the SaaS Order or Schedule detailing any and all changes and the associated Fees.
5. All Host Applications, other applications, databases, software, APIs, scripts, IdP components or platforms, infrastructure, systems, processes, hardware, information security tools and measures, and any other technologies (i) which are owned or managed by either Institution, Institution third-party service providers, EB Partners, or EB Partner service providers, and (ii) which use, access, incorporate, impact, or enable the EB Services shall, in all such cases and permutations, constitute Institution Systems. As set out in the Agreement, Institution shall be solely responsible for the operation and performance of Institution Systems. Any outage, deficiency, or degradation of Embedded Banking Services attributable to Institution Systems shall constitute a Dependency. Errors or issues resulting from or associated with the improper functioning of Institution Systems shall not give rise to Service Level Credits, adversely affect Apiture Service Level calculations, or otherwise constitute a breach or failure of performance on the part of Apiture.
6. Institution shall be responsible for providing all documentation, specifications, or other information necessary to establish and maintain Apiture’s integration with a Host Application or other Institution Systems to enable functioning of the EB Services, including ensuring an SFTP file set-up. Further, Institution shall be responsible for costs and expenses associated with Apiture’s efforts to establish or maintain integrations to Institution Systems which support or enable EB Services. Additionally, Institution and EB Partners shall be responsible for ensuring that Institution Systems maintain ongoing compatibility with and are updated as necessary in the event of updates to the EB Services and associated APIs and integrations. Institution and EB Partners are responsible for costs associated with any maintenance of or updates to Institution Systems.
7. In addition to the types and categories of Users identified within the Agreement, EB Partners, EB Partner personnel, and EB Partner customers and users shall also constitute Users in the context of the EB Services subject to the rights and obligations concerning Users set out in the Agreement and the applicable Service Terms.
8. Subject to Apiture’s prior approval of an EB Partner and prior to permitting an EB Partner to imbed the EB Services within its Host Application or otherwise access, or use the EB Services, Institution will enter into an EB Partner Agreement. EB Partner Agreements will include restrictions and requirements concerning access to and use of the EB Services and Apiture Systems which are consistent with the restrictions and requirements set out in the Agreement and these Service Terms. Upon Apiture’s written request, Institution will furnish evidence of the EB Partner Agreement to Apiture in the form of an executed electronic copy thereof (which may be redacted to obscure sensitive commercial information). Further, Apiture may, from time to time, prescribe certain provisions or clauses for inclusion in EB Partner Agreements as a condition of the access to and use of certain EB Services. To the extent that Apiture requires specific or revised language or terms in EB Partner Agreements, Institution will promptly update such agreements upon Apiture’s written request. Institution will ensure that any access to or use of EB Services by Institution, EB Partners, and Users is in accordance with the provisions of the Agreement and the applicable Service Terms and shall bear responsibility and liability for any misuse of the EB Services or Apiture Systems. EB Partner Agreements shall address and allocate responsibility for securing the User Agreements required by the Agreement and delivery of all consents or notices necessary under Legal Requirements; provided, however, that as between Apiture and Institution, Institution shall be solely responsible for such User Agreements, notices, consents, as well as the delivery of accurate and complete information by or about a User. Except as expressly agreed in a SaaS Order or Schedule as an explicit component of EB Services, Institution shall also be solely responsible for direct support of its customer (and prospective customer) Users. For the avoidance of doubt, Institution bears all responsibility for support of, relationships with, and communications with Users as particularly set out in the Agreement. Additionally, EB Partner Agreements shall include an express restriction prohibiting EB Partners from asserting claims or pursuing legal action directly against Apiture in connection with the EB Services. Institution shall indemnify, defend, and hold Apiture harmless from and against any third-party claims (including EB Partner claims) arising by virtue of Institution’s breach of an EB Partner Agreement or failure to implement or enforce EB Partner Agreements as contemplated herein. For the avoidance of doubt, Institution shall be solely responsible for its EB Partner Agreements, including the drafting, dissemination, updating, and content thereof.
9. Institution will promptly report any claims or complaints concerning the EB Services received by Institution or the EB Partner. Additionally, Institution will promptly provide Apiture with information related to any Users or activity which Institution or its EB Partners have identified as suspicious or inconsistent with the requirements of a User Agreement or an Institution or EB Partner’s acceptable use policy.
10. As between Apiture and Institution, Institution shall be solely responsible for the security and integrity of all Host Applications and other Institution Systems (including EB Partner systems). Institution shall maintain a written information security program and controls environment which is consistent with industry best practices and which is designed to ensure the security of all its Host Applications and related environments. Institution shall ensure that its EB Partners likewise maintain a written information security program and controls environment which is consistent with industry best practices and which is designed to ensure the security of all the EB Partner Host Applications and related environments. Upon Apiture’s written request, Institution shall provide suitable evidence of the information security program applicable to a Host Application. Institution shall require its EB Partners to procure third-party SSAE-18 testing of the controls environment applicable to the Host Application and furnish a SOC 2, Type 2 report evidencing such testing on at least an annual basis. Institution will provide Apiture with a copy of the current SOC 2, Type 2 report covering an EB Partner (or prospective EB Partner) upon Apiture’s written request together with such other third-party oversight materials as Apiture may reasonably request (e.g. financial reporting, information security or business continuity management questionnaires). Institution shall be responsible for security of all names, passwords, identification numbers or codes, security tokens, multi-factor authentication mechanisms, API keys, or other credentials provided to EB Partners or Users in order to enable implementation of, use of, or access to the EB Services.
11. As between Apiture and Institution, Institution shall be solely responsible for any Security Incidents arising in connection with a Host Application or other use of EB Services, except to the extent such Security Incident is caused by the gross negligence or willful misconduct of Apiture. Institution shall indemnify, defend, and hold Apiture harmless from and against any and all third-party claims and associated losses resulting from a Security Incident arising in connection with a Host Application or other use of EB Services, except to the extent such Security Incident is caused by the negligence or breach of the Agreement by Apiture.
12. As between Apiture and Institution, Institution shall be solely responsible for monitoring and logging activity associated with the Host Application and other Institution Systems. To the extent that Apiture requires forensic or other data or information contained within logs or records derived from the Hosted Application or other Institution Systems, then Institution shall promptly procure and provide such information to Apiture upon its reasonable request and without cost.
13. Institution shall be responsible for procuring and ensuring the prompt and complete cooperation of EB Partners or Institution stakeholders with Apiture. Such cooperation shall include, without limit, the provision of resources or materials necessary to implement or maintain the EB Services and the provision of requested specifications, requirements, configuration information, or data. Institution shall ensure that either Institution or EB Partners provide Apiture with accurate and prompt information related to usage and performance of the Host Application, including overall user counts and volumes.
14. Upon Apiture’s request, Institution shall facilitate the establishment of an acceptable form of mutual confidentiality agreement between Apiture and an EB Partner. Apiture shall have no obligation to share data or other information with an EB Partner in the absence of a fully executed agreement between Apiture and the EB Partner which satisfactorily ensures the confidential treatment and protection of Apiture IP.
15. Institution and any EB Partners’ implementation, configuration, display, or use of the EB Services must comply with all Legal Requirements. Institution shall indemnify, defend, and hold Apiture harmless from and against any third-party claims and associated losses alleged to result from violation of Legal Requirements associated with Institution or an EB Partners’ implementation, configuration, display, or use of the EB Services
16. Institution is responsible for ensuring that the EB Services are suitable to its and its EB Partners business and operational requirements and processes. Institution is solely responsible for the establishment and maintenance of any and all internal or outsourced systems and processes necessitated by its use of the EB Services together with all associated costs.
17. As between Apiture and Institution, Institution shall be solely responsible for (i) Institution Systems and processes (including EB Partner systems and process) employed in connection with authentication of Users and enabling access to SaaS Services or other financial services and systems or (ii) other non-standard methods or processes associated with authentication and access (including, by way of illustration, persisted digital banking sessions which reduce the frequency of authentication challenges within a Host Application). Institution shall, in either of the foregoing cases, select configurations, tools, and processes which are consistent with Legal Requirements and published regulatory guidance. Institution shall indemnify, defend, and hold Apiture harmless from and against any third-party claims associated with Institution or EB Partner authentication processes or with non-standard authentication processes requested by Institution. For the avoidance of doubt, standard authentication processes within the Apiture System contemplate the provision of names, passwords, identification numbers or codes, security tokens, multi-factor authentication mechanisms, API keys, or other credentials whenever a User attempts to access digital banking or initiates a new digital banking session.
18. The Host Application and other Institution Systems must be architected, developed, and configured so not to compromise or unreasonably burden the EB Services or other Apiture Systems. In the event that Apiture reasonably determines that the Host Application or Institution Systems are (i) compromising the security, integrity, or availability of the EB Services or Apiture Systems, (ii) unreasonably burdening the EB Services or Apiture Systems, or (iii) are obscuring or degrading EB Services or components, then, in any such case and in addition Apiture’s other rights under the Agreement and these Service Terms, Apiture reserves the right to suspend provision of or access to the EB Services without liability pending resolution of the issue giving rise to the suspension.
19. Institution agrees that Institution’s and its EB Partners’ applications or interfaces which incorporate Apiture embedded components shall at all times maintain and enforce suitable content security policies which appropriately (i) restrict inline scripts from untrusted or unknown sources, (ii) restrict remote scripts from unknown or untrusted resources, (iii) restrict other JavaScript functions known to create vulnerabilities or security concerns (e.g. the eval function or other function that can evaluate string as JavaScript on the fly), (iv) restrict form submissions to ensure inputs cannot be submitted to unknown or untrusted servers, and (v) restricts objects which might facilitate injection type attacks. Institution shall indemnify, defend, and hold Apiture harmless from and against any and all Claims and Losses arising in conjunction with Institution’s or its EB Partners’ failure to maintain and enforce a suitable and adequate content security policy.
20. Apiture reserves the right to withdraw approval of an EB Partner in the event that Apiture determines in its sole discretion that the provision of Services in conjunction with such EB Partner gives rise to unacceptable reputational or security risks to Apiture. In such case, Apiture may immediately terminate provision of EB Services in conjunction with such EB Partner upon written notice to Institution without liability; provided, however, Apiture will cooperate in good faith with Institution to enable a suitable successor EB Partner.
Hosted Website
1. Domain Name Management
  1. If Apiture does not currently manage any portion of Institution’s domain name portfolio, Apiture agrees to waive its then current fee for any transfer of registrar to Apiture, provided that Institution maintains its domain name portfolio with Apiture for at least three (3) years following the effective date of such transfer. If within three (3) years of a domain name portfolio transfer to Apiture, Institution (i) transfers more than half of its domain name portfolio to another registrar or registrant, or (ii) terminates or is in default under its Agreement, a transfer fee will be due.
  2. Institution warrants that, to the best of its knowledge, neither the registration of a domain name nor the manner in which it is used infringes on the legal rights of any third party. Neither Apiture nor its domain Third Party Provider guarantees the successful registration or renewal of a domain name, nor how long any such registration or renewal will take, because Apiture cannot (i) know whether a requested domain name is simultaneously sought by a third party; (ii) ascertain whether applicable Whois databases contain inaccuracies or errors; or (iii) control the processing of such registrations or renewals at any applicable registry.
  3. EXCEPT FOR APITURE’S OR ITS DOMAIN THIRD PARTY PROVIDER’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT WITH THE INSTITUTION’S DOMAIN, NEITHER APITURE NOR ITS DOMAIN THIRD PARTY PROVIDER SHALL BE LIABLE UNDER ANY CIRCUMSTANCES FOR THE FOLLOWING: (i) SUSPENSION, LOSS, OR MODIFICATION OF INSTITUTION’S DOMAIN NAME REGISTRATION(S); (ii) INTERRUPTION OF INSTITUTION BUSINESS; (iii) DELAYS OR ACCESS INTERRUPTIONS TO ANY DOMAIN MANAGEMENT PORTAL; (iv) THE TRANSFER OF INSTITUTION’S DOMAIN NAME(S) TO APITURE OR ANOTHER SERVICE PROVIDER; OR (v) ANY ACTS OR OMISSIONS OF THIRD PARTIES IN CONNECTION WITH THE SERVICES, INCLUDING BUT NOT LIMITED TO APPLICATION OF ANY RELEVANT DISPUTE POLICY OR ANY OTHER ICANN ADOPTED POLICIES.
  4. If upon registration of a domain name Institution elects to use the Basic DNS or Slaved DNS in connection with such domain name, or if Apiture is required to use Basic DNS in order to register such domain name on behalf of Institution due to registry requirements, Institution agrees that the standard terms and conditions for Basic DNS or Slaved DNS (as applicable) shall apply, with such terms available upon written request.
  5. Apiture’s domain Third Party Provider’s policy is to auto-renew Institution’s domain name at the registrar level unless a change in service is communicated by the Institution in writing in advance or during the termination and deconversion process. Such notice to Apiture must be provided at least thirty (30) days prior to the domain name’s expiration date for gTLDs, and at least sixty (60) days prior to the expiration date for ccTLDs.
  6. Apiture will include the “ClientTransferProhibited” lock on all Institution gTLD domain names and those ccTLD domain names where the registry allows for such locks.
  7. Privacy protection, also referred to as “masking,” conceals ownership for those domain name(s) to which it has been applied, preventing Institution’s contact information from appearing in the WHOIS record for these domain name(s). Where required by a registry, or upon Institution request, Apiture, its domain Third Party Provider, or one of its affiliates may appear as the registrant in the WHOIS record for applicable Institution domain name(s) (“Masked Domains”). For any such Masked Domains, the interest and ownership in the domain name(s) is not affected. Institution agrees and acknowledges that Apiture or its domain Third Party Provider may unilaterally unmask Institution’s Masked Domains without any liability for having done so (i) in order to comply with third-party obligations (including, without limitation, any ICANN or registry obligation or requirement, or court order or legal action); (ii) to facilitate a renewal or transfer of such domain name(s); or (iii) if such action is required in Apiture’s or its domain Third Party Provider’s reasonable, good faith estimation. Nothing in the Agreement or these Service Terms shall be construed as granting Institution permission or the right to provide masking services to third parties.
  8. Institution acknowledges that the domain name system and practice of registering and administering domain names are evolving, and Institution therefore agrees that Apiture or its domain Third Party Provider may modify or amend these Service Terms, as well as apply any additional rules or policies that are or may be published by Apiture’s domain Third Party Provider, as may be necessary to comply with its ICANN agreement, or any other relevant agreement(s) under which Apiture or its domain Third Party Provider is bound or will be bound.
  9. Apiture, its domain Third Party Provider and Institution shall be bound by the applicable regulations, policies, and standards required by (i) ICANN, including those set forth in Clauses 3.7.7.1 through 3.7.7.12 of the 2013 ICANN Registrar Accreditation Agreement (“2013 ICANN RAA”); and (ii) the Registry administrators for each individual gTLD, sTLD, and/or ccTLD (“Registry Specific Terms and Conditions”); as applicable, as amended from time to time. Full content of ICANN’s 2013 ICANN RAA and any related policies can be found at https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#privacy-proxy.
  10. Institution agrees and acknowledges that for each domain name that it registers, Apiture and/or its domain Third Party Provider is required by ICANN to collect and maintain certain information, including the following: (i) the registered domain name; (ii) Apiture’s or its domain Third Party Provider’s name as the registrar of the domain name, plus related details; (iii) the status of the domain name; (iv) the full name, postal address, voice telephone number, fax number, and email address of Institution and the administrative, technical, and billing contacts assigned to the domain name by Institution; (v) the names of the primary and, if applicable, secondary name servers for the domain name; and (vi) the date of the domain name’s last update in the Whois database, its registration/creation date, and its expiration date. Institution further agrees and acknowledges that, for the purpose of providing the Hosted Website domain Services to Institution, and in accordance with the terms set forth herein, the above information may be made available to ICANN, an ICANN-authorized escrow service, registry operators, and/or other required third parties for their use, copying, distribution, publication, modification, and/or other processing, as ICANN, Registry Operators and applicable laws may require, during or after the term of Institution’s domain name management services for its domain names. Institution agrees and acknowledges that the Whois service provider will make the above information publicly available. Institution hereby consents to and gives permission for all such disclosures.
  11. Institution acknowledges that, pursuant to any ICANN specification or policy, or any of Apiture’s domain Third Party Provider’s or registry procedure not inconsistent with any such ICANN specification or policy, its domain name registration(s) is subject to suspension, cancellation, or transfer (i) to correct mistakes by Apiture’s domain Third Party Provider or a registry, or (ii) for the resolution of disputes concerning Institution’s domain name registration(s).
  12. In accordance with the requirements of the 2013 ICANN RAA, and as required by applicable registries, Institution acknowledges that Apiture may terminate, suspend, or place on ‘client Hold’ any Institution domain name registration(s) for which Institution has (i) willfully provided inaccurate or unreliable Whois information as set forth herein, either in the initial registration or subsequent communications or updates; (ii) willfully failed to update any information provided to Apiture within seven (7) days of any such change, with Institution responsible for providing such updates on an ongoing basis; (iii) failed to respond for over fifteen (15) calendar days to inquiries by Apiture concerning the accuracy of details associated with the domain name registration; or (iv) engaged in a use of a domain name that violates any applicable laws, regulations, or policies.
  13. Institution agrees not to grant any domain name registered under the Hosted Website Service to any third party.
  14. Institution represents and warrants that if providing information about a third party under this Hosted Website Service, Institution has (i) provided notice to that third party of such disclosure and use of their information. Institution acknowledges that notwithstanding the registration of a domain name, Apiture or its domain Third Party Provider may comply with and perform all of its obligations under the regulations, policies, and standards referenced in this Section24 of the Service Terms.
  15. Institution acknowledges and agrees that it is bound by ICANN’s Uniform Domain Name Dispute Resolution Policy and Rules (the “UDRP”), as amended from time to time, which is hereby incorporated and made a part these Service Terms by reference for all Institution gTLD domain name registrations and/or renewals.
  16. Institution agrees and acknowledges that for all Institution ccTLD domain name registrations and/or renewals, Institution will be bound by the terms and conditions of applicable ccTLD registries. INSTITUTION FURTHER AGREES THAT ANY APPLICABLE REGISTRY OPERATOR WILL NOT BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND (INCLUDING LOST PROFITS), REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, EVEN IF SUCH REGISTRY OPERATOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
  17. Institution shall indemnify and hold harmless all registry operators for applicable TLDs, and their directors, officers, employees and agents, from and against any and all claims, damages, liabilities, and expenses (including reasonable legal fees and expenses) arising out of or related to Institution’s domain name registrations or renewals.
2. DNS Configuration
  1. Upon written request, Apiture will make changes or direct its service providers to make changes including, but not limited to, planned maintenance changes, emergency maintenance changes, and DNS name server delegation changes and related set up changes to enable its domain Third Party Provider to provide the Hosted Website Services. Institution will be responsible for obtaining all necessary authorizations and permissions to effect such changes, and Institution will also be responsible for all fees or charges (if any) for making such changes.
  2. Institution shall not use, nor shall it permit others to use the Hosted Website Services for (i) any unlawful, invasive, infringing, defamatory, or fraudulent purpose; (ii) to transmit obscene, harassing or otherwise objectionable material, whether or not such material is constitutionally protected (iii) to send any virus, worm, trojan horse or harmful code or attachment; (iv) to alter, steal, corrupt, disable, destroy, trespass or violate any security or encryption of any computer file, database or network; (v) so as to materially interfere with or disrupt Apiture’s network or third party networks connected to Apiture’s network; and (vi) in a manner that is inconsistent with the Agreement, these Service Terms, any applicable laws, or any reasonable testing procedures and/or usage guidelines which may be provided or posted by Apiture or its domain Third Party Provider in writing from time to time. For purposes of this section, Institution acknowledges that neither Apiture nor its domain Third Party Provider monitors nor controls Institution’s content. Notwithstanding the forgoing, nothing contained herein shall limit Apiture’s or its domain Third Party Provider to suspend or terminate the Hosted Website Service as outlined herein.
  3. If Apiture or its domain Third Party Provider determines, in its sole but reasonable discretion, that Institution has failed to comply with any provision of Section 24 of these Service Terms, or undertakes or attempts to undertake any of the prohibited activities described herein, it shall either a) use reasonable efforts to notify Institution prior to suspension of the affected service at the Institution domain name level or b) provide three (3) days advanced written notice of an opportunity to cure a breach of these Service Terms prior to termination of the affected Hosted Website Service. Institution agrees that Apiture or its domain Third Party Provider may immediately take reasonable corrective action which includes, but is not limited to, (i) restricting transmission of material; (ii) suspending the Hosted Website Services; and/or (iii) terminating the Agreement or any part thereof. Such corrective action is in addition to any other rights Apiture may have under the Agreement or under law, and neither Apiture nor its domain Third Party Provider shall have any liability with respect to any action taken, or inaction, in connection with Institution’s terms of use as set forth herein. Apiture may provide Institution with notice that Apiture intends to take action under these Service Terms but is not required to do so. Where practical, upon receipt of Apiture’s notice to suspend or terminate pursuant to a breach this Section, the parties will work in good faith to resolve such breaches.
  4. Institution acknowledges that Apiture shall not be responsible for any failure to deliver the Hosted Website Services resulting from either a) failure on the part of Institution to comply with this Section 24 of the Service Terms; or b) any non-performance or improper performance by Institution, its end users; or c) failure of the Institution website.
3. Hosted Website Additional Terms
  1. In case of any event (i) not within Apiture’s reasonable control, (ii) at a query rate in excess of 350,000 queries per minute or (iii) which causes material interruption of the Hosted Website Services, degrades the performance of the Hosted Website Services, or in any other way materially interferes with the use of the Hosted Website Services by Apiture’s other customers or the provision of such service by Apiture to its customers (“Disrupting Event”), Apiture may immediately and without prior notice suspend the Hosted Website Services to Institution where Apiture has a reasonable belief that the Disrupting Event involves or is directed at Institution. Within forty-eight (48) hours of any such suspension (or sooner if reasonably practicable), Apiture will notify Institution of the suspension and of the Disrupting Event. Institution agrees that, if notified of such a suspension, it will cooperate with Apiture and its domain Third Party Provider in good faith to determine the cause of, and resolve, the Disrupting Event if possible.
  2. Institution will promptly ensure that it has all hardware and software necessary to display the Hosted Website Service to its end users and to transmit content and e-mail to Apiture for the Hosted Website Service.
  3. Institution is responsible for ensuring that the Hosted Website Service meets current and future regulatory and data privacy requirements, including applicable disclosures and consents associated with the collection, use, tracking, analytics and privacy rights applicable to the Institution and its end users.
  4. Institution will provide Apiture with suitable logos and other content for inclusion on the Hosted Website Service and will complete all design aids required by Apiture in a timely manner. Institution’s failure to provide necessary material when required may delay the launch date of or requested changes to the Hosted Website Service. Institution shall provide its disclosures and account fee schedule for inclusion in such disclosures.
  5. Institution hereby appoints Apiture and its designated employees as its authorized agent with express authority to act in any lawful manner for Institution as a Certificate Requester in the completion of Institution’s Application for Extended Validation Certificates for Secure Socket Layer authentication for its websites, to the extent Institution has subscribed to such service. Capitalized terms appearing in this section not contained in these Service Terms shall have the same meaning as those defined in the “Guidelines for Issuance and Management of Extended Validation Certificates” Version 1.0 dated June 7, 2007 prepared by the CA/Browser Forum.
  6. The Hosted Website Services will be terminated for the Institution on the date on which the term expires or the date on which the Hosted Website Services are terminated in accordance with the Agreement or these Service Terms, as applicable. Institution is solely responsible for (i) removing the data provided by Institution to Apiture which contains information that defines how Apiture or its domain Third Party Provider should respond to DNS Queries (“Customer Zone”), (ii) contacting its registrar-of-record for Institution’s domain name(s) (“Registrar(s)”) to redirect DNS name server delegation; (iii) any Registrar modification fees incurred for changing DNS name server delegation; and (iv) procuring any new or replacement services upon termination or expiration. By not taking any action with respect to the above before the date on which the Hosted Website Services conclude, Institution hereby acknowledges and agrees that Apiture may, in its reasonable discretion and at Institution’s cost and expense, take any number of actions which include, but are not limited to, not resolving DNS Queries to such Customer Zone(s) which will likely result in interruption of its DNS resolution on and after the date on which the Hosted Website Services terminate, as applicable, redirect DNS Queries, respond to such DNS Queries in a manner deemed suitable to Apiture.
  7. In addition to any indemnity obligations contained in the Agreement, Institution shall indemnify, defend and hold harmless Apiture and its domain Third Party Provider and their respective officers, directors, agents, employees, contractors, successors and assigns (“Service Provider Parties”) from and against any and all third party claims, damages, losses, liabilities, suits, actions, demands, proceedings (whether legal or administrative), judgments, and costs and expenses (including reasonable attorneys’ fees and expenses) incurred by any Service Provider Parties arising out of, or directly or indirectly relating to (a) Institution’s breach or alleged breach of Section 24.2.2 of these Service Terms or action taken, or in action, by Apiture or its domain Third Party Provider in connection with Section 24.2.2 of these Service Terms; (b) Institution’s breach or alleged breach of its representation and warranty that it is not engaged in any illegal activity and that it will comply with all applicable rules, regulations and laws; and (c) failure of the Hosted Website Services resulting from either Institution’s and/or its end users misuse and/or failure of Institution’s website(s).
Centrix
1. Definitions
  1. “Centrix Product(s)” means Centrix Exact/TMS^TM Positive Pay, Centrix DTS^TM, and Centrix PIQs^TM and related modules thereto.
  2. “Client Data” with respect to the Centrix Products specifically, shall include CTXEnd User log-in credentials and any data that is transferred, stored, collected, transmitted, received or processed by or through the Centrix Products.”
  3. “CTX Documentation” means the Centrix Products’ then-current user manuals, reference manuals, guides, implementation project plans, and other written materials made generally available by Apiture, or its suppliers, to Institution describing proper use and functionality of the Centrix Products.
  4. “CTXEnd Users” means each Institution employee or customer to whom Institution has provided a unique login ID and password for access to the Centrix Products, pursuant to Institution’s Agreement with Apiture.
2. Subject to Institution’s full compliance with all of the terms and conditions of this Section 25 of the Service Terms and its Agreement with Apiture, Apiture grants Institution a limited, non-exclusive, revocable, non-sublicensable, non-transferable right and license, during the applicable term, to access and use the Centrix Product(s).
3. Apiture will provide the Centrix Products on the basis of Client Data or input provided by CTXEnd Users. Apiture and its Centrix Third Party Provider are not responsible for correcting any errors in the input or the output of the Centrix Products that result from incorrect or fraudulent Client Data supplied by a CTXEnd User, including an unauthorized or fraudulent CTXEnd User. Institution shall promptly notify Apiture in the event it becomes aware of, or reasonably suspects the occurrence of, any incorrect or fraudulent Client Data submission, unauthorized transactions, unauthorized accounts, or fraud. In the event that a CTXEnd User submits incorrect Client Data to Apiture, Institution acknowledges that neither Apiture nor its Centrix Third Party Provider shall be obligated to correct any Client Data nor to re-process any Client Data until the CTXEnd User has re-submitted the Client Data with necessary corrections. Institution agrees to hold Apiture and its Centrix Third Party Provider harmless from any cost, claim, damage, or liability (including attorneys’ fees) whatsoever arising out of such inaccurate of fraudulent Client Data, information or instructions, or any inadequacy therein supplied by a CTXEnd User.
4. Institution agrees to use the Centrix Product solely for its internal business purposes and shall not: (i) copy, modify, or create derivative works of the Centrix Products; (ii) license, sublicense, sell, resell, market, reproduce, transfer, assign, or distribute the Centrix Products (or any part thereof) in any way; (iii) reverse engineer, decompile, disassemble, or translate the Centrix Products; (iv) attempt to, interfere with, modify or disable any features, functionality, or security controls; (v) defeat, avoid, bypass, remove, deactivate, or otherwise circumvent any protection mechanisms; (vi) use the Centrix Product in any manner that does or could potentially undermine the security of any data or information stored or transmitted using the Centrix Products; or (vi) access the Centrix Products in order to build a competitive product or service.
5. Institution shall not modify, translate, or distribute any CTX Documentation except as is deemed necessary by Institution and Apiture for purposes of supporting or promoting the Centrix Products. Any modifications made to CTX Documentation by Institution are at Institution’s sole risk.
6. Institution shall not make any representation, warranty, or other legally binding commitments on behalf of Apiture or its Centrix Third Party Provider, or any of their respective affiliates or third-party suppliers.
7. Institution shall comply with all laws, rules, regulations, and industry requirements applicable to receiving, accessing, and using the Centrix Product.
8. Institution shall obtain any necessary consents or provide any necessary notices and disclosures to CTXEnd User in accordance with such laws, rules, regulations, and requirements, including consents with respect to the use of any Client Data and warrants that it has full authority to possess and share the Client Data as contemplated herein without violation of any third party’s intellectual property rights.
9. Institution shall determine and be responsible for the completeness, authenticity and accuracy of all such information submitted to the Centrix Products and shall update such information promptly, as applicable.
10. CTXEnd Users will have no contractual relationship with Apiture, its Centrix Third Party Provider or its suppliers and Institution shall be responsible for all direct communications with CTXEnd User, including with respect to notifying CTXEnd User of any privacy policy or user terms and conditions with respect to their use of the Centrix Product.
11. If Apiture or its Centrix Third Party Provider reasonably believes that the Centrix Product, or Institution’s or any CTXEnd User’s conduct in using the Centrix Products (including without limitation a CTXEnd User intentionally initiating fraudulent or unauthorized account access or violating any agreement under which it has been provided access to the Centrix Products) violates any applicable laws, rules, regulations or industry standards, or otherwise poses a threat to Apiture’s, its Centrix Third Party Provider’s or its supplier’s systems, security, equipment, processes, intellectual property or reputation, or any other systems or security (“Threatening Condition”) and if, in the reasonable and good faith determination of Apiture, its Centrix Third Party Provider or its suppliers, the Threatening Condition poses an imminent or actual threat (including without limitation regulatory investigation, inquiry or penalty), Apiture, its Centrix Third Party Provider or its suppliers may suspend any and all of Institution’s use of the Centrix Products until such Threatening Condition is cured. Apiture will notify Institution of such suspension, including the identity of the affected CTXEnd User(s) as needed, and both parties will use reasonable efforts to cure or cause the correction of a Threatening Condition caused by Institution’s or any CTXEnd User’s conduct in using the Centrix Products, following such notice. Apiture, its Centrix Third Party Provider or its suppliers may terminate Institution’s and/or CTXEnd User’s use of the Centrix Products without further requirement of notice, if the Threatening Condition remains uncured more than thirty (30) calendar days after Institution is notified of such Threatening Condition.
12. Institution may provide written or electronic materials describing, promoting, marketing or otherwise relating to the Centrix Products, only if such materials are approved in advance in writing by Apiture’s Centrix Third Party Provider. Institution shall not modify or alter in any way any marketing materials provided by Apiture’s Centrix Third Party Provider, unless approved in advance in writing by Apiture’s Centrix Third Party Provider.
13. Apiture’s Centrix Third Party Provider will provide maintenance and technical support directly to Institution, including receiving maintenance and support requests, conducting general troubleshooting, delivering updates as they are released generally to other licensees of the Centrix Products.
  1. Apiture’s Centrix Third Party Provider shall provide support to Institution Monday through Friday 7:00 a.m. to 7:00 p.m. CST and twenty-four (24) hours per day, seven (7) days per week, three hundred sixty-five (365) days per year for Severity 1 and Severity 2 Incidents. For Centrix Products, a “Severity 1” incident is when a Centrix Product production system is down; the Centrix Products are unavailable to a substantial amount of CTXEnd Users resulting in total disruption. A “Severity 2” incident is when a major feature or function has failed; operation of the Centrix Products is severely restricted.
  2. Apiture’s Centrix Third Party Provider Support Team can be reached in any of the following ways:
    
    Online: https://customerportal.q2.com or by Phone: 833-444-3469.
  3. Exclusions: Incidents caused or contributed to by any of the following are outside the scope of the Technical Support Service Level and Apiture’s Centrix Third Party Provider may elect in its sole discretion whether to provide such additional services at Apiture’s Centrix Third Party Provider’s hourly rate: (i) software or other systems not originally provided by Apiture’s Centrix Third Party Provider, (ii) failure by Institution to maintain backups; or (iii) failure by Institution to fulfill Institution responsibilities as set forth in the Agreement between Institution and Apiture. The standard Technical Support Service does not include customizations or development of new interfaces or purging of inactive CTXEnd Users. However, at Institution’s request and agreement to pay the applicable fees, Apiture’s Centrix Third Party Provider may provide the additional services on a time and materials basis.
14. Centrix Hosting. Apiture’s Centrix Third Party Provider stores, processes, and maintains Institution confidential information and Client Data in a co-location facility in the United States and with various cloud providers with whom Apiture’s Centrix Third Party Provider has selected United States based regions. Except as set forth herein, Apiture’s Centrix Third Party Provider shall not move Client Data outside the United States designated locations without prior written notice to Apiture. Apiture’s Centrix Third Party Provider has service control policies in place designed to prevent Institution and its subcontractors with access to Client Data (excluding Third Party Suppliers), from storing or downloading Client Data outside the United States. Institution acknowledges that Apiture’s Centrix Third Party Provider employees and subcontractors, that have permission to access Client Data may access Client Data from locations outside the United States, provided that such Apiture Centrix Third Party Provider employees and subcontractors are only permitted access to Client Data subject to security controls that are no less protective of Institution than the security controls set forth in the Agreement. Notwithstanding the foregoing commitment to store, process, and maintain Institution confidential information and Client Data as stated above, the following exceptions shall apply:
  1. Apiture’s Centrix Third Party Provider and its downstream Third Party Suppliers may store, process and/or maintain Institution confidential information and Client Data on servers located outside the United States. For purposes of this Section 25.14, “Third Party Suppliers” are third parties who may provide components of the Centrix Products. As of 20-Aug-2023, there are no Third Party Suppliers associated with the Centrix Products, for purposes of this Section 25.14, or otherwise, and Apiture or Apiture’s Centrix Third Party Provider shall identify any such Third Party Suppliers upon written request from Institution, as Third Party Supplier products may be subsequently added to the Centrix Products;
  2. Amazon Web Services, a cloud provider of Apiture’s Centrix Third Party Provider, reserves the right, without notice to Apiture’s Centrix Third Party Provider, to move Client Data outside of the Apiture’s Centrix Third Party Provider’s selected United States based region in order to comply with applicable law or a binding order of a governmental body; and
  3. Apiture’s Centrix Third Party Provider and its subcontractors that have access to Client Data may, through the Centrix Products, provide an CTXEnd User who has been properly authenticated by the Centrix Products access to the CTXEnd User’s Client Data from outside the United States, and transmit the CTXEnd User’s Client Data outside the United States, pursuant to the CTXEnd User’s requests through the Centrix Products.
15. TO THE MAXIMUM EXTENT PERMITTED BY LAW, APITURE AND ITS CENTRIX THIRD PARTY PROVIDER EXPRESSLY DISCLAIM ALL WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NONINFRINGEMENT, AND ANY WARRANTIES THAT MAY ARISE OUT OF COURSE OF PERFORMANCE, COURSE OF DEALING OR USAGE OF TRADE. NEITHER APITURE NOR ITS CENTRIX THIRD PARTY PROVIDER REPRESENTS THAT THE CENTRIX PRODUCTS MEET INSTITUTION’S OR A CTXEND USER’S REQUIREMENTS AND DOES NOT REPRESENT THAT THE OPERATION OF THE CENTRIX PRODUCTS WILL BE UNINTERRUPTED OR ERROR-FREE.
16. IN NO EVENT SHALL APITURE OR ITS CENTRIX THIRD PARTY PROVIDER HAVE ANY LIABILITY TO INSTITUTION OR ANY CTXEND USER FOR ANY DAMAGES WHATSOEVER, INCLUDING BUT NOT LIMITED TO DIRECT, INDIRECT, SPECIAL, INCIDENTIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND, INCLUDING DAMAGES FOR LOST PROFITS, REVENUE, BUSINESS, SAVINGS, DATA OR USE, OR THE COST OF SUBSTITUTE PROCUREMENT, HOWEVER CAUSED AND, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, WHETHER OR NOT INSTITUTION OR A CTXEND USER HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
17. Notwithstanding anything to the contrary in the Agreement, Apiture or its Centrix Third Party Provider may discontinue the provision of the Centrix Products through Apiture upon thirty (30) days prior written notice. Institution may elect to contract with Apiture’s Centrix Third Party Provider directly for the continued provision of the Centrix Products or cease use of the Centrix Products.
18. Notwithstanding anything to the contrary in the Agreement, recurring fee billing for Centrix Products shall commence when: (i) Apiture’s Centrix Third Party Provider has installed the Centrix Products; and (ii) Institution has been provided with functioning log-in credentials to access said Centrix Products in a production environment (for general availability) to Users.
19. In the event that undisputed fees are not paid within fifteen (15) days after the due date thereof (or alternative timeframe, if mutually agreed by the parties in writing), Apiture shall have the right to suspend performance of the Centrix Products until all such undisputed amounts due are paid.
20. Apiture’s Centrix Third Party Provider shall be a third-party beneficiary to these Service Terms solely as it relates to this Section 25.
21. Nothing in Institution’s Agreement with Apiture shall modify, conflict with, abridge or abrogate any of this Section 25 of these Service Terms as it relates to the Centrix Products, and Institution shall not enter into any other agreement, understanding or commitment that modifies, conflicts with, abridges or abrogates any of the terms of this Section 25.
DefenseStorm Fraud Detection
1. DefenseStorm Fraud Detection Services (DSFD Services) enable Institution to define and view alert triggers, investigate alerts and events, manage watch lists and safe exception lists, collect and export evidence of fraud, and generate reports by leveraging an integration between the Apiture Digital Banking Platform and the DefenseStorm, Inc. (DefenseStorm) GRID Active platform.
2. Institution acknowledges and agrees that the DSFD Services require and are subject to an active companion subscription to Apiture Data Direct Services.
3. Institution acknowledges and agrees that the DSFD Services do not include the full suite of services offered by DefenseStorm but, rather, are limited to a fraud detection module included within the GRID Active platform as specifically integrated to the Apiture Digital Banking Platform. For the avoidance of doubt, Apiture does not resell DefenseStorm services on a standalone basis shall have no contractual or other liability and no operational responsibility for the performance of any DefenseStorm services performed pursuant to a direct customer relationship between Institution and DefenseStorm.
4. Notwithstanding anything to the contrary in the Agreement, the initial term of the DSFD Services shall not exceed five (5) years nor shall any renewal term exceed (1) year unless the Apiture Agreement expressly recites the intention to supersede this specific provision.
5. Institution will pay Fees for the DSFD Services on a monthly basis in advance. Fees for the DSFD Services are subject to modification based upon changes in Institution’s asset size during the Subscription Term, including changes occasioned by mergers, acquisitions, or other business combinations.
6. The DSFD Services receive certain elements of Institution Data from Institution Systems (including its Core Banking System) related to detection and investigation of cyberfraud-related incidents. Institution Data provided by Institution to the DSFD Services will not include any information which constitutes “non-public personal information” under the Graham-Leach-Bliley Act (15 U.S.C § 6801) and its implementing regulations. except as is strictly necessary to enable the provision of the DSFD Services (and in appropriate cases Institution is responsible for ensuring all in scope Institution is deidentified or anonymized).
7. Institution Data processed by the DSFD Services is generally retained in DefenseStorm systems for a rolling 13-month period. Apiture will contractually require DefenseStorm to permanently destroy all records constituting Institution Data after such information is longer necessary for performance or compliance under the relevant Agreement between Institution and Apiture unless otherwise required to be maintained to satisfy applicable laws, statutes, regulations, executive orders, administrative orders, judicial orders, or interpretive guidance which has been, in each case, enacted, promulgated, issued, or published by governmental authorities.
8. Institution shall indemnify, defend, and hold Apiture harmless from and against any and all Losses arising in connection with actions or decisions taken or not taken on the basis of the DSFD Services, including, without limit, claims by customers related to the DSFD Services.
9. NOTWITHSTANDING ANYTHING TO THE CONTRARY WITHIN INSTITUTION’S AGREEMENT WITH APITURE, APITURE’S MAXIMUM AGGREGATE LIABILITY IN CONNECTION WITH THE DSFD SERVICES SHALL BE LIMITED TO THE AMOUNTS PAID BY INSTITUTION FOR THE DSFD SERVICES IN THE SIX (6) MONTHS PRECEDING THE CLAIM UNDER WHICH THE LIABILITY ARISES.
10. Institution acknowledges and agrees that nothing in its Agreement with Apiture conveys and right or interest in or any permission to use DefenseStorm trademarks, tradenames, trade dress, or other DefenseStorm intellectual property.
11. The parties agree that DefenseStorm is the intended direct third party beneficiary of this DefenseStorm Fraud Detection Section of these Service Terms.
Tyfone, Inc. Skip-A-Payment
- 27.1 Tyfone, Inc. (“Tyfone”) is an optional Apiture Third Party Provider for software application that enables Institution members and staff to defer loan payment and pay associated fees through a digital interface (“Skip-A-Pay Services”).
- 27.2 Institution acknowledges and agrees that the Skip-A-Pay Services may require and are subject to Institution providing its members with access to certain digital payment options to pay fees associated with Skip-A-Pay Services, as applicable:
  - 27.2.1 Fee by Card: Institution shall provide members with the ability to pay the skip fee with a debit or credit card. Institution must establish an account directly with Authorize.net to offer this payment option. Heartland Payment Systems is Tyfone’s preferred reseller for Authorize.net setup and to provide merchant services. If Institution does not utilize Heartland Payment Systems, additional implementation fees will apply.
  - 27.2.2 Fee by PayPal: Skip-A-Pay Service uses the PayPal Express SSO interface for processing PayPal payments. Institution must maintain a PayPal Business Account, create an API Signature and create an Application ID.
  - 27.2.3 Import Skip History: Import Skip history with data provided to Tyfone. Institution must provide data in the required Tyfone layout.
- 27.3 Core Integrations: The Skip-A-Payment Service solution is currently certified within the following core processing platforms: Corelation KeyStone, Fiserv DNA, JHA Symitar Episys, and Finastra UltraData. The onboarding fees per Institution are based upon the existing certified core processors. If the Apiture or Institution requests a new core integration, Tyfone would evaluate the core API specifications and outline the one-time and potential recurring expenditures associated with the new core integration within a Statement of Work (SOW). Any one-time fees assessed by the Core platform provider for the new integration will be due from Institution prior to Tyfone committing development resources.
  - 27.3.1 If JHA, Symitar Episys Core Interface is utilized, Institution must procure a SymXchange license for Skip-A-Pay Services. The Skip-A-Pay Services application requires PowerOns to be licensed from CUTEK, Inc., who will then install on the Episys/EASE system. CUTEK reserves the right to modify the integration fees at any point and will quote the integration expense directly to Institution.

PART II: User Agreement Terms

Prior to accessing and using the Services, Institution’s Users must register to use the Services and accept end user terms and conditions stipulated by Legal Requirements, the Agreement and as mentioned in Part I of these Service Terms.

Certain Services require specific User Agreement terms, which must meet the below minimum requirements or otherwise obtain advance written approval from Apiture or its respective Third Party Provider.

Institution shall enforce the terms of Institution’s User Agreements against Users and shall notify Apiture of any known breach of such terms. Institution will defend, indemnify and hold Apiture and the relevant Third Party Provider harmless against all claims and damages to Apiture or the Third Party Provider caused by Institution’s failure to include any required contractual terms in Institution’s User Agreement.

These sample forms are for Institution’s reference only and should be revised or amended by Institution to fit Institution’s specific business needs and legal and regulatory requirements. Institution understands and agrees that Apiture makes no representation, warranty, or guarantee of any kind, express or implied, including fitness for a particular purpose, with respect to any term or condition this Part II of the Service Terms and Apiture will have no liability for Institution’s use of any such term or condition, with or without modification.

Mandatory Provisions – Regardless of whether Institution chooses to utilize a sample form set forth in this Part II of the Service Terms, for legal compliance, Institution will incorporate in its User agreements terms and conditions that include the substance of the relevant provisions of Part I and Part II of these Service Terms, as applicable.

My Spending, Apiture IQ, PULSE, IAV & ID (Instant Account Verification) and MX Wealth Management

“you” “your” means the End User
“us” “we” “our” or “Financial Institution” refers to Institution.
1. We reserve the right to immediately suspend or terminate your use of the [Services] without notice if we believe that (i) you are using the [Services] for any unlawful purpose, or (ii) you have breached these [Terms of Use].
2. Aggregated Data. Anonymous, aggregate information, comprised of financial account balances, other financial account data, or other available data that is collected through your use of the Services, may be used by us and our service providers to conduct certain analytical research, performance tracking and benchmarking. Our service providers may publish summary or aggregate results relating to metrics comprised of research data, from time to time, and distribute or license such anonymous, aggregated research data for any purpose, including but not limited to, helping to improve products and services and assisting in troubleshooting and technical support. Your personally identifiable information will not be shared with or sold to third parties.
3. Indemnification. You agree to defend, indemnify and hold harmless Financial Institution, its third party service providers and their officers, directors, employees and agents from and against any and all third party claims, liabilities, damages, losses or expenses, including settlement amounts and reasonable attorneys’ fees and costs, arising out of or in any way connected with your access to or use of the Services, your violation of these terms or your infringement, or infringement by any other user of your account, of any intellectual property or other right of anyone.
4. DISCLAIMER OF WARRANTIES. YOU AGREE YOUR USE OF THE SERVICES AND ALL INFORMATION AND CONTENT (INCLUDING THAT OF THIRD PARTIES) IS AT YOUR RISK AND IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WE, AND OUR SERVICE PROVIDERS, DISCLAIM ALL WARRANTIES OF ANY KIND AS TO THE USE OF THE SERVICES, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. WE, AND OUR SERVICE PROVIDERS, MAKE NO WARRANTY THAT THE SERVICES (i) WILL MEET YOUR REQUIREMENTS, (ii) WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE, (iii) THE RESULTS THAT MAY BE OBTAINED FROM THE SERVICES WILL BE ACCURATE OR RELIABLE, (iv) THE QUALITY OF ANY PRODUCTS, SERVICES, INFORMATION, OR OTHER MATERIAL OBTAINED BY YOU THROUGH THE SERVICES WILL MEET YOUR EXPECTATIONS, OR (v) ANY ERRORS IN THE SERVICES OR TECHNOLOGY WILL BE CORRECTED. ANY MATERIAL DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF THE SERVICES IS DONE AT YOUR OWN DISCRETION AND RISK AND YOU ARE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OF SUCH MATERIAL. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM FINANCIAL INSTITUTION OR ITS SERVICE PROVIDERS THROUGH OR FROM THE SERVICES WILL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THESE TERMS.
5. LIMITATION OF LIABILITY. YOU AGREE THAT FINANCIAL INSTITUTION AND ITS THIRD PARTY SERVICE PROVIDERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING, BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER LOSSES, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, RESULTING FROM (i) THE USE OR THE INABILITY TO USE THE SERVICES AT OUR WEBSITE/MOBILE APPLICATION OR OF ANY THIRD PARTY ACCOUNT PROVIDER’S WEBSITE/MOBILE APPLICATION; (ii) THE COST OF GETTING SUBSTITUTE GOODS AND SERVICES, (iii) ANY PRODUCTS, DATA, INFORMATION OR SERVICES PURCHASED OR OBTAINED OR MESSAGES RECEIVED OR TRANSACTIONS ENTERED INTO, THROUGH OR FROM THE SERVICES, (iv) UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSION OR DATA, (v) STATEMENTS OR CONDUCT OF ANYONE ON THE SERVICES, (vi) THE USE, INABILITY TO USE, UNAUTHORIZED USE, PERFORMANCE OR NON-PERFORMANCE OF ANY THIRD PARTY ACCOUNT PROVIDER SITE, EVEN IF THE PROVIDER HAS BEEN ADVISED PREVIOUSLY OF THE POSSIBLITY OF SUCH DAMAGES, OR (vii) ANY OTHER MATTER RELATING TO THE SERVICES.
Mobile Banking

THESE ILLUSTRATIVE MOBILE BANKING USER TERMS SET FORTH MANDATORY CONCEPTS FOR INCLUSION IN INSTITUTION-GENERATED AGREEMENTS BETWEEN INSTITUTION AND ITS AUTHORIZED USERS. INSTITUTION ACKNOWLEDGES THAT APITURE DOES NOT PROVIDE LEGAL OR COMPLIANCE ADVICE AND HAS NOT RELIED AND WILL NOT RELY UPON APITURE TO PROVIDE LEGAL OR COMPLIANCE ADVICE. INSTITUTION IS SOLELY AND AT ALL TIMES REPONSIBLE FOR ITS RELATIONSHIP WITH AUTHORIZED USERS AS WELL AS THE CONTENT AND LEGAL AND REGULATORY COMPLIANCE OF ITS AGREEMENTS WITH ITS CUSTOMERS. INSTITUTION ACKNOWLEDGES THAT IT MUST AND WILL DEVELOP AND FURNISH SUITABLE MOBILE BANKING USER TERMS USING ITS OWN INDEPENDENT JUDGMENT. FURTHER, INSTITUTION SHALL BE SOLELY RESPONSIBLE FOR ITS AUTHORIZED USERS’ COMPLIANCE WITH SUCH TERMS AND CONDITIONS. IN THE EVENT THAT INSTITUTION USES ANY OF THE LANGUAGE SET OUT HEREIN (VERBATIM OR OTHERWISE), INSTITUTION WARRANTS AND AGREES THAT IT HAS ADOPTED SUCH LANGUAGE BASED ON ITS INDEPENDENT LEGAL JUDGMENT AND ASSUMES SOLE LIABILITY AND RESPONSIBILITY IN CONNECTION THEREWITH. INSTITUTION MAY OMIT FROM ITS USER TERMS AND CONDITIONS ANY OF THE CONCEPTS PRESCRIBED IN THESE ILLUSTRATIVE MOBILE BANKING USER TERMS, PROVIDED THAT, SUCH CONCEPTS ARE INCONSISTENT WITH INSTITUTION’S LEGAL AND REGULATORY OBLIGATIONS. INSTITUTION SHALL PROMPTLY NOTIFY APITURE IN WRITING CONCERNING THE BASIS FOR SUCH OMISSION. IN ANY EVENT, INSTITUTION SHALL NOTIFY APITURE PRIOR TO PUBLISHING OR USING ANY MOBILE BANKING USER TERMS AND CONDITIONS IN PRODUCTION. INSTITUTION IS RESPONSIBLE FOR MAKING UPDATES TO THE CONTENT OF ITS USER TERMS AND CONDITIONS IN CONTINUED COMPLIANCE WITH APPLICABLE LAWS, RULES AND REGULATIONS. ANY POST-PRODUCTION CHANGES TO SUCH TERMS AND CONDITIONS SHALL BE SUBJECT TO ADDITIONAL FEES AT APITURE’S THEN-CURRENT PROFESSIONAL FEES RATES.
1. Eligible Enrollees. The mobile banking services (the “Services”) are only available to you as an enrolled and approved digital banking customer of [Institution Name]. By accepting and using the Services, you agree to comply with these Mobile Banking User Terms as well as all other user and account agreements between you and [Institution Name] applicable to your use of the Services.
2. General. Access to [Institution Name’s] digital banking services via your mobile device is powered by the mobile technology solution owned by Apiture, Inc. and its third-party providers (collectively the “Provider”). The Provider is not the provider of any of the financial services available to you through the Software (defined below), and Provider is not responsible for any of the materials, information, products or services made available to you through the Software.
3. Ownership. You acknowledge and agree that the Provider is the owner of all right, title and interest in and to the mobile technology solution made available to you hereunder, including but not limited to any mobile applications or other downloaded software and the computer code, scripts, interfaces and other programs contained therein, as well as any accompanying user documentation, and all subsequent copies, updates or versions thereof, regardless of the media or form in which they may exist (all of which is collectively referred to herein as the “Software”). You may not use the Software unless you have first accepted the Mobile Banking User Terms.
4. License. During the term of your account agreement with [Institution Name] and subject to the terms and conditions of these Mobile Banking User Terms, you are hereby granted a personal, nonexclusive, nontransferable license to use the Software (in machine readable object code form only) in accordance with these Mobile Banking User Terms and for the sole purpose of enabling you to use and enjoy the benefits of your financial institution’s services made available via the Software. This is not a sale of the Software. All rights not expressly granted to you by these Mobile Banking User Terms are hereby reserved by the Provider. Nothing in this license will entitle you to receive hard-copy documentation, technical support, telephone or web assistance, or updates to the Software. This license may be terminated at any time, for any reason or no reason, by you, the Provider or [Institution Name]. Upon termination, you agree to cease using the Software and immediately destroy all copies of any Software which had been downloaded to your mobile device or otherwise in your possession or control.
5. Restrictions. You shall not: (i) modify, revise or create any derivative works of the Software; (ii) decompile, reverse engineer or otherwise attempt to derive the source code for the Software or architecture of the Services; (iii) redistribute, sell, rent, lease, sublicense, or otherwise transfer rights to the Software; (iv) remove or alter any proprietary notices, legends, symbols or labels in the Software, including, but not limited to, any trademark, logo or copyright of Provider or [Institution Name]; or (v) use the Services or Software for any improper or illegal purpose.
  
  [Institution Name] reserves the right, in its reasonable discretion, to terminate or suspend your access to the Services or Software, with or without advance notice, if it has reason to believe, in its sole and reasonable discretion, that you are in breach of applicable law or these Mobile Banking User Terms or your use of the Services and/or Software jeopardizes the integrity or security of the Services, the Software or any supporting security network infrastructure.
6. Updates and Upgrades. These Mobile Banking User Terms govern any updates that replace and/or supplement the original Software, unless such update is accompanied by a separate license in which case the terms of that license will govern. Provider may, in its sole discretion, make updates, upgrades or other changes to the Software. Upon request, you agree to upgrade or update your mobile device to the supported release of the Software to maintain compatibility. Provider will have no liability arising out of or relating to your use of an unsupported release. Certain Software updates or upgrades may be automatically downloaded.
7. Mobile Check Deposit. To the extent the Services include functionality enabling you to present an image of a legal representation, as defined by federal law, of a check to be deposited into your [Institution Name] checking or savings account electronically (“MCD Services”), the following supplemental terms and conditions shall also apply:
  1. You must only use current Software made available by [Institution Name] through designated channels.
  2. You are responsible for all the data submitted through the MCD Services which must accurately represent the information on the original check(s).
  3. You agree that the electronic image of the item submitted to the [Institution Name], as defined by federal law, is a legal representation of the check for all purposes, including return check processing.
  4. You may experience technical or other difficulties when using the MCD Services and neither [Institution Name] nor Provider assume any liability for any technical or other difficulties you experience.
  5. [Institution Name] or Provider reserves the right to change, suspend or revoke services, immediately and at any time without prior notice to you. In the event this Service is not available to you, you acknowledge that you can attempt to deposit my check at a branch office location, through a participating ATM, or by mail.
  6. Only [Institution Name] checking and savings accounts are eligible for the MCD Services.
  7. [Institution Name] may charge a usage fee for MCD Services and reserve the right to start charging for MCD Services at any time.
  8. If an item you transmit for deposit is dishonored, rejected or otherwise returned unpaid, you agree that [Institution Name] may charge back the amount of the return to the account the check was originally deposited to and assess a fee in the amount shown on [Institution Name’s] current Schedule of Fees and Charges for a returned check. If there are not sufficient funds in my account to cover the amount of the returned check, the account will be overdrawn, and you will be responsible for payment. [Institution Name] may debit any account maintained by you in order to obtain payment of my obligations under these Mobile Banking User Terms.
  9. You acknowledge that wireless providers may assess or impose fees, limitations, or restrictions. You agree that you are solely responsible for all such fees, limitations, and restrictions, and that [Institution Name] may contact you via your wireless device for any purpose concerning my business relationship with the [Institution Name], including but not limited to account servicing and collection purposes.
  10. You agree to scan and deposit only “checks” as that term is defined in Federal Reserve Regulation CC, Availability of Funds and Collection of Checks.
  11. You agree that you will not use the MCD Service to scan and deposit any ineligible items.
  12. You agree to endorse all items with your signature and account number and print “For Mobile Deposit Only” on all items. [Institution Name] reserves the right to reject all items that are not endorsed as specified.
  13. When using the MCD Service to deposit funds, such deposits are limited to the [Institution Name] defined deposit segments and associated limits.
  14. [Institution Name] reserves the right to reject any item transmitted through the MCD Service, at its discretion. [Institution Name] is not liable for items you do not receive or for images that are not transmitted completely. An image is considered received when you receive a confirmation screen after submitting a check for deposit. You acknowledge and agree that such notification does not mean that the transmission was without error. Once an item is reviewed and approved, your account will be credited at the end of the business day (excluding Federal Reserve holidays).
  15. You agree to retain each item submitted for deposit through the MCD Services for 60 days after your funds have been posted to your account. After 60 days, you agree to dispose of the item(s) in a way that prevents representing for payment (i.e. shredding). Upon receipt of these funds you agree to mark the item prominently as “Void”, and you agree to store each retained item in a secured locked container until such proper disposal is performed. You will promptly provide any retained item to [Institution Name] as requested to aid in the clearing and collection process or to resolve claims by third parties with respect to any item.
8. Text Messages and Notifications. You and your financial institution are solely responsible for the content transmitted through text messages sent between you and your financial institution. You must provide source indication in any text messages you send (e.g. mobile telephone number, “From” field in text message, etc.) You hereby consent to receipt of text messages and other notifications (including ‘in-app’ or ‘push’ notifications from [Institution Name] or Provider in connection with the Services or your business relationship with [Institution Name], provided that you may opt out of text messages by replying STOP or as otherwise advised. Text messaging fees may apply and be assessed by your wireless carrier. You are responsible for any such text message fees.
9. Consent to Use of Data. During and after the term of your account agreement with [Institution Name] you agree that the Provider may collect, store and use technical data and related information, including but not limited to technical information about your device, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other services (if any) related to the Software. The Provider may use this information to improve its products, for diagnostic purposes or to provide other services or technologies; provided that Provider may not share information or data in a form that personally identifies you except as necessary to provide the Services and related services to you or [Institution Name]. Provider may combine aggregated data with the data of other customers or other publicly available information.
10. Legal Restrictions. You may not use the Software except as authorized by United States law and the laws of the jurisdiction in which the Software was obtained. In particular, but without limitation, the Software may not be used or transferred (a) in or into any U.S. embargoed countries or (b) by or to anyone on the U.S. Treasury Department’s list of Specially Designated Nationals or the U.S. Department of Commerce Denied Person’s List or Entity List. By using the Software, you represent and warrant that you are not located in any such country or on any such list. You also agree that you will not use the Software for any purposes prohibited by United States law, including, without limitation, the development, design, manufacture or production of nuclear, missiles, or chemical or biological weapons.
11. U.S. Government Restricted Rights. The Software is commercial computer software subject to RESTRICTED RIGHTS. In accordance with 48 CFR 12.212 (Computer software) or DFARS 227.7202 (Commercial computer software and commercial computer software documentation), as applicable, the use, duplication, and disclosure of the Software by the United States of America, its agencies or instrumentalities is subject to the restrictions set forth in these Mobile Banking User Terms.
12. Disclaimer of Warranty. THE SOFTWARE IS PROVIDED ON AN ‘AS IS’ AND ‘AS AVAILABLE’ BASIS WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. NO WARRANTY IS PROVIDED THAT THE SOFTWARE WILL BE FREE FROM DEFECTS OR VIRUSES OR THAT OPERATION OF THE SOFTWARE WILL BE UNINTERRUPTED. YOUR USE OF THE SOFTWARE AND ANY MATERIAL OR SERVICES OBTAINED OR ACCESSED VIA THE SOFTWARE IS AT YOUR OWN DISCRETION AND RISK, AND YOU ARE SOLELY RESPONSIBLE FOR ANY DAMAGE RESULTING FROM THEIR USE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES, SO SOME OF THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU.
13. Limitation of Liability.TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL PROVIDER OR ITS AFFILIATES BE LIABLE FOR ANY DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY THEREOF, AND REGARDLESS OF THE LEGAL OR EQUITABLE THEORY (CONTRACT, TORT OR OTHERWISE) UPON WHICH ANY CLAIM IS BASED. IN ANY CASE, THE PROVIDER’S LIABILITY ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE SHALL NOT EXCEED IN THE AGGREGATE THE SUM OF THE FEES PAID BY YOU FOR THIS LICENSE. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR CERTAIN TYPES OF DAMAGES, SO SOME OF THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU. IN NO EVENT SHALL PROVIDER HAVE ANY LIABILITY TO YOU OR [INSTITUTION NAME] FOR SERVICE UNAVAILABILITY OR FOR THE LOSS OF DATA OR FEES IN CONNECTION WITH THE FRAUDLENT USE OF THE SERVICES OR SOFTWARE.
14. Miscellaneous. These Mobile Banking User Terms constitute the entire agreement between you and the [Institution Name] concerning the subject matter hereof. These Mobile Banking User Terms will be governed by and construed in accordance with the laws of the state of [Institution Jurisdiction], excluding that body of laws pertaining to conflict of laws. If any provision of these Mobile Banking User Terms is determined by a court of law to be illegal or unenforceable, such provision will be enforced to the maximum extent possible and the other provisions will remain effective and enforceable. All disputes relating to these Mobile Banking User Terms are subject to the exclusive jurisdiction of the courts of [Institution Jurisdiction] and you expressly consent to jurisdiction and venue thereof and therein. These Mobile Banking User Terms and all related documentation is and will be in the English language. The application of the United Nations Convention on Contracts for the International Sale of Goods is hereby expressly waived and excluded.
Digital Account Opening
1. Privacy Policy. Institution must have and abide by a written privacy policy and disclose to Applicant the data that will be collected from such Applicant and how Institution will use, protect, and disclose the Mobile Applicant Data. Institution shall provide a link to the Institution’s privacy policy, a URL containing the address of the privacy policy or a copy of the privacy policy at the point where the Subscriber’s consent is collected. Institution’s privacy policy must always be readily available for an Applicant’s access.
2. Certification. Institution will cooperate with reasonable requests by Apiture and/or its Third Party Providers related to the provision of Institution’s privacy policy, data flows, a sample of the notice, and consent language as applicable and as required to preserve Apiture certification to resell and provide the DAO Services. Apiture or its Third Party Provider may terminate access to the Mobile DAO Services at any time if Institution is no longer certified to use the Mobile Services.
3. Consents. Institution and Apiture will cooperate in good faith to ensure that all necessary consents for the use of or access to Mobile Applicant Data are included in the DAO Services workflow. Institution acknowledges that such workflows must include Applicant consent notices or agreements which are substantially consistent with the following: “you allow us and our service providers to access information on file with your mobile operator, specifically, name, address and email, to auto populate this form. See our Privacy Policy (hyperlink required) for how we treat your data.” Institution acknowledges that the Apiture mobile app must prominently display such consent language on-screen to the Applicant who must accept consent language by clicking on an “Accept” (or confirmation) button separate from Institution’s general consumer terms and conditions and that this consent will be for one-time use valid solely for the life of the interaction.
4. The User Agreement for mobile use must also include consent language which is substantially consistent with the following: “You authorize your wireless operator to disclose your mobile number, name, address, email, network status, customer type, customer role, billing type, mobile device identifiers (IMSI and IMEI) and other subscriber details, if available, to [Institution name] and its service providers for the duration of the business relationship, solely for identity verification and fraud avoidance. See our Privacy Policy (hyperlink required) for how we treat your data.”
5. Institution may only store the following response data received from or made available by Apiture or its Third Party Providers: (a) the transaction ID; and (b) name, address, email address, mobile number (as a hashed value).
6. Apiture reserves the right to change the consent language and consent methods at any time after notification from Mobile Network Operators or its Third Party Providers that changes are required. Apiture will provide no less than ninety (90) days’ notice to Institution of any such change, but Institution must immediately begin to use the new prescribed consent language or consent method in order to receive the impacted Mobile Service.
Out-of-Band Security Authentication
1. The Institution’s End User Agreement for Out-of-Band Tokens will address the following minimum requirements:
  1. Define who are eligible enrollees for using the Out-of-Band Authentication Service (the “Service”). (Eligibility should be limited to customers who have executed Institution’s Internet Banking and Bill Payment Agreement and agreed to an End User Agreement consistent with these Requirements for End User Terms and Conditions.)
  2. Obligate the Registered User to use the Service and any related service subject to, and in compliance with, Institution’s End User Agreement and the Third-Party Provider’s Policy (available at www.verisign.com/repository) and all applicable laws and regulations.
  3. Obligate the Registered User to acknowledge and agree that; (i) Service is intended to assist with authentication of the End User and increase the level of security of End User’s web transactions, and may be used solely for this purpose; (ii) the Service is not fail proof nor can it be used as a substitute official proof of End User’s identity; (iii) there are inherent security risks with use of the Internet; and, (iv) end User is solely responsible for the degree to which rely on the Service.
  4. Require the End User to provide accurate and complete information as reasonably requested by Institution or the Third-Party Provider.
  5. Require the End User to maintain secure possession of information related to the Service or any tokens and promptly notify the Institution if End User loses possession of any token or compromises any information related to the Service (for example, loss of a mobile phone containing a credential or loss of a token or hardware device that stores a credential).
  6. Prohibit the End User from transferring the Service to any other party or permitting use a credential or token by any other party.
  7. Permit Apiture and its Third-Party Provider to revoke any End User’s credential or token upon breach of Institution’s End User Agreement, the Third-Party Provider’s Policy or if End User compromises the security or integrity of the Service.
  8. Institution will disclaim, to the extent permitted by applicable law: (a) all warranties, indemnification and representations relating to the Service and any related services; and, (b) Institution’s, Apiture’s and the Third-Party Provider’s liability for any damages, whether direct, indirect, incidental or consequential, arising from use of the Service or any related services. End User’s sole and exclusive remedy for any malfunction, deficiency or other dissatisfaction related to the service or any related services is a claim for a replacement credential or token.
2. The Institution’s End User for Out-of-Band Tokens must accept the following minimum terms:
  1. By checking here, I am choosing to receive voice messages for Security Code delivery to my [%PHONE_TYPE% %PHONE_NUMBER%] and I understand that incoming call minutes and rates may apply.
  2. By enrolling for voice messages, I certify that I am the account holder or have the account holder’s permission to do so. Clicking “Submit” will send a voice message with a Security Code to the phone number indicated above.
  3. By enrolling, I acknowledge and agree that:
    1. This Service is intended to assist with authentication of myself as an Online Banking User and increase the level of security of my Online Banking transactions and may be used solely for this purpose.
    2. This Service is not fail proof nor can it be used as a substitute official proof of my Online Banking User identity.
    3. There are inherent security risks with use of the Internet.
    4. I, the Online Banking User, am solely responsible for the degree to which rely on the Service.
    5. I, the Online Banking User, will provide accurate and complete information as reasonably requested by my financial institution or the Third-Party Provider.
    6. I, the Online Banking User, am required to maintain secure possession of information related to the Service or any devices and promptly notify the Institution – by contacting them or disabling the device from the Online Banking system – if I lose possession of any registered device or compromise any information related to the Service (for example, loss of a mobile phone used as a credential).
    7. I, the Online Banking User, am prohibited from transferring the Service to any other party or permitting use of my credential by any other party.
    8. I, the Online Banking User, permit my financial institution’s vendor(s) to revoke any credential upon breach of this End User Agreement, the Third-Party Provider’s Policy or if I, the Online Banking User, compromise the security or integrity of the Service.
  4. I understand and acknowledge that my financial institution disclaims, to the extent permitted by applicable law: (a) all warranties, indemnification and representations relating to the Service and any related services; and, (b) liability for any damages, whether direct, indirect, incidental or consequential, arising from use of the Service or any related services for the institution and any of its providers.
  5. I understand and acknowledge that my sole and exclusive remedy for any malfunction, deficiency or other dissatisfaction related to the service or any related services is to request the service be disabled if allowed or obtain a new functioning device (mobile phone or landline phone) at my own expense.
Payrailz Bill Payment and P2P Services
1. Institution shall require that all PR Users enter into an End User License Agreement that includes, at a minimum, contractual provisions that:
  1. Limit the PR User’s right to use the Payrailz Services only for PR Users’ own use and not for further resale, relicense or other use by third parties.
  2. Prohibit PR Users from copying, reproducing, modifying, altering, bridging, enhancing, customizing or making derivative works of or improvements or enhancements to the Payrailz Services.
  3. Prohibit PR Users from impairing or altering the functionality of the Payrailz Services.
  4. Prohibit causing or permitting the reverse engineering, disassembly, translation, adaptation, or de-compilation of the Payrailz Services, or any attempts to derive source code or algorithms of the Payrailz Services and prohibits using the results of such processes.
  5. Require PR Users to be bound by confidentiality obligations with respect to any information furnished or disclosed by Institution to PR Users that are at least as protective as those undertaken by Institution in its Apiture Agreement.
  6. Prohibit assignment and sublicensing of the license to use the Payrailz Services.
  7. Prohibit any right, title and interest (including all intellectual property rights) in or to the Payrailz Services from passing to any PR Users.
  8. Require that individual PR Users will use the Payrailz Services solely for personal, family or household purposes and not for any business or commercial purpose and require that businesses PR Users may only use the Payrailz Services solely for business or commercial purposes and not for any personal, family or household purpose.
2. PR Users must agree that Institution and its third party providers may obtain information regarding their Payee Accounts to facilitate proper handling and crediting of their payments.
3. In connection with the electronic bill services (the “eBill Service”), require PR User(s) to:
  1. agree to provide true, accurate, current and complete information about PR User and PR User accounts maintained at other web sites including without limitation access number(s), password(s), security question(s) and answer(s), account number(s), login information, and any other security or access information, used by PR User, or anyone PR User authorizes on his or her behalf, to access the eBill Service and PR User’s provider accounts (collectively, “Licensee Access Information“), and agree to not misrepresent PR User’s identity or PR User’s account information in connection with PR User’s use of the eBill Service;
  2. agree to keep the Licensee Access Information up to date and accurate. PR User hereby grants to Institution and its third party vendors permission to use Licensee Access Information to enable the provision of the eBill Service to PR User, including updating and maintaining information, files or data that PR User stores or uses in, with, or in conjunction with the eBill Service (collectively, “Account Data“), addressing errors or service interruptions, and to enhance the types of data and services that may be provided in the future.
  3. acknowledge and agree that (i) the content of PR User’s electronic bill (the “Electronic Bill”) may not contain all of PR User’s bill details, (ii) that the eBill Service communicates information as provided by PR User’s third party biller, which may not be up to date, and (iii) the eBill Service is not able to retrieve all Electronic Bills.
  4. the eBill Service is offered for PR User’s convenience only and is provided “as is” and “as available.” PR User will be solely responsible for contacting PR User’s third-party biller directly if PR User do not receive an Electronic Bill through the eBill Service.
  5. Institution through its third party Payrailz provider uses Plaid Inc. (“Plaid”) to gather your data from financial institutions. By using this service, you grant Institution and Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from the relevant financial institution. You agree to your personal and financial information being transferred, stored, and processed by Plaid in accordance with the Plaid Privacy Policy. [Plaid Privacy Policy must link to https://plaid.com/legal ].