Terms & Policies

Country or region
USUnited States
General
Legal Agreements Overview
Airwallex Service Agreement
Third Party App Terms
Acceptable Use Policy
Electronic Communication Consent (Airwallex US, LLC)
Electronic Communication Consent (Evolve)
Funds Availability Policy (Evolve)
Direct Debit Authorization Agreement
Treasury Management
U.S. Domestic Service: Customer Terms of Service (Evolve)
Non-US Service: Treasury Management Terms (Airwallex HK)
Treasury Management Terms
Cards & Spend Management
Cardholder Terms (CFSB)
Spend Management Terms
Payments
Payments Terms
Local Payment Methods Processing Terms
Commercial Entity Agreement with JP Morgan Chase
Fee Schedule
Fee Schedule
Data and Privacy
Privacy Policy
Privacy Policy (CFSB)
Privacy Policy (Evolve)
Global Privacy Centre
US Financial Privacy Notice
Plaid End Client Terms of Use

Plaid End Client Terms of Use

DEFINITIONS

“End Client” means an entity that has entered into an Agreement with Partner, but only for so long as such Partner-Client Agreement is in effect with such End Client.

“End User” means an end user (such as a business and consumer) of the Partner Services or of an End Client application using the Partner Services. For clarity, End Clients are not End Users.

Partner” means Airwallex US, LLC. 

Plaid” means Plaid Inc.

TERMS AND CONDITIONS

1. RESTRICTIONS

Unless Plaid specifically agrees in writing, End Client will not, and will not enable or assist any third-party to: 

  1. attempt to reverse engineer (except as permitted by law), decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure, ideas, or algorithms of the Plaid services described at https://www.plaid.com (the, “Services”);

  2. modify, translate, or create derivative works based on the Services; 

  3. make the Services or information and data of End Client’s End Users provided to End Client via the Services (such information and data, the “Output”) (or any derivative work thereof) available to, or use the Services or Output (or any derivative work thereof) for the benefit of, anyone other than End Client or End Users; 

  4. sell, resell, license, sublicense, distribute, rent or lease any Services or Output to any third-party, or include any Services or Output (or any derivative work thereof) in a service bureau, time-sharing, or equivalent offering;

  5. publicly disseminate information from any source regarding the performance of the Services or Output; or 

  6. attempt to create a substitute or similar service through use of, or access to, the Services or Output. End Client will use the Services and Output only in compliance with:

  7. the End Client application, use case, and other restrictions agreed to between Plaid and Partner;

  8. the Plaid developer policies (available at https://www.plaid.com/legal),

  9. Plaid’s applicable technical user documentation (available at https://www.plaid.com/docs); and 

  10. any agreements between End Client and End Users (for clarity, including any privacy policy or statement). 

  11. Notwithstanding anything to the contrary, the End Client accepts and assumes all responsibility for complying with all applicable laws and regulations in connection with all of End Client’s activities involving any Services, Output, or End User data. End Client acknowledges and agrees that Plaid is neither a “consumer reporting agency” nor a “furnisher” of information to consumer reporting agencies under the Fair Credit Reporting Act (“FCRA”) and the Output is not a “consumer report” under the FCRA and cannot be used as or in such. End Client represents and warrants that it will not, and will not permit or enable any third-party to, use the Services (including Output) as a or as part of a “consumer report” as that term is defined in the FCRA or otherwise use the Services (including Output) such that the Services (including Output) would be deemed “consumer reports” under the FCRA. Notwithstanding anything to the contrary, End Client will be bound by and will only use the Services or Output in compliance with the terms and conditions set forth herein.

2. SECONDARY INVESTORS

Subject to this Clause 3, End Client may request that Plaid or Partner disclose Output or a Partner product or service incorporating Output (collectively, the “Shared Data”) to End Client’s Secondary Investors. “Secondary Investor” means a third-party investor or purchaser of a financial product originated by an End Client and provided to an End User (e.g., a loan), with which investor or purchaser Plaid maintains a separate technical integration.

  1. End Client represents and warrants to Plaid that, before disclosure of Shared Data to any Secondary Investor, End Client will provide all required notices to and obtain all required consents (including notices and consents required under applicable law) from the applicable End User with respect to disclosure of Shared Data to such Secondary Investor by Plaid or Partner.

  2. Notwithstanding anything to the contrary: (a) End Client is solely responsible for its own relationships with Secondary Investors and with Partner, including any related billing matters, technical support, or disputes; (b) End Client will enter into legally binding written agreements with each Secondary Investor that are consistent with this Clause 3 and all applicable terms and conditions of these Plaid Terms, including, without limitation, Section 1 (Restrictions); and (c) End Client will remain responsible for compliance by Secondary Investors with all of the terms and conditions of these Plaid Terms (including, without limitation, terms relating to use of Output or Shared Data). 

  3. End Client will be fully liable for: (a) any breach by End Client of this Clause 3, (b) any acts or omissions of Secondary Investors, and (c) any dispute arising among End Client, Partner, Secondary Investors, and/or End Users relating to the disclosure or use of Shared Data as contemplated in this Clause 3.

3. PRIVACY AUTHORIZATIONS

Before any End User engages with the Partner products or services which include, are derived from, or incorporate the Services, the End Client warrants and will ensure that it provides all notices and obtains all consents required under applicable law to enable Plaid to process End User data in accordance with Plaid’s privacy policy (currently available at https://www.plaid.com/privacy). End Client will not (i) make representations or other statements with respect to End User data that are contrary to or otherwise inconsistent with Plaid’s privacy policy or (ii) interfere with any independent efforts by Plaid to provide End User notice or obtain End User consent. 

4. WARRANTY; DISCLAIMER; ENFORCEMENT 

THE SERVICES ARE PROVIDED “AS IS.” TO THE FULLEST EXTENT PERMITTED BY LAW, NEITHER PLAID NOR ITS AFFILIATES, SUPPLIERS, LICENSORS, AND DISTRIBUTORS MAKE ANY WARRANTY OF ANY KIND, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR ANY WARRANTY THAT THE SERVICES ARE FREE FROM DEFECTS. PLAID DOES NOT MAKE ANY WARRANTY AS TO THE OUTPUT THAT MAY BE OBTAINED FROM USE OF THE SERVICES. PLAID WILL BE AN INTENDED THIRD-PARTY BENEFICIARY OF THE AGREEMENT BETWEEN PARTNER AND END CLIENT AND MAY DIRECTLY ENFORCE SUCH AGREEMENT AGAINST END CLIENT, WITHOUT PARTNER’S CONSENT OR PARTICIPATION, BUT SOLELY RELATING TO THE OUTPUT OR SERVICES PROVIDED BY PLAID TO PARTNER OR END CLIENT.

5. FINANCIAL INSTITUTION (“FI”) DATA

Through the Partner Services or Plaid Services, End Client may have access to information about or of End Users provided to Plaid by a bank, financial institution, or other data source (each, as designated by Plaid, “FI”, and such information, the “FI Data”).

5.1 End Client Obligations.

  1. End User Consents. End Client will provide all notices and obtain all express consents from each End User as required under applicable laws in connection with End Client’s use, storage and other processing of any FI Data (such notices and consents, the “Express Consents”). Express Consents will: (A) be clear and conspicuous; (B) will generally specify the categories of FI Data that End Client will receive and how End Client will use, store and otherwise process it; (C) be valid, enforceable, and expressly accepted by each End User; (D) identify any and all third parties or categories of third parties to whom End Client may provide FI Data for processing; (E) specify how End Users may exercise their right to revoke their Express Consent; and (F) include any other required disclosures under applicable laws. End Client will maintain records (which may include technical logs, screenshots, versions of Express Consents obtained) to demonstrate its compliance with this Clause 5.1(1) and will promptly provide such records to Plaid upon request. 

  2. Scope of Access. End Client will only access FI Data for which it has obtained Express Consents from the End User for the use case reviewed and permitted by Plaid in writing that is consented to by the applicable End User (such use case, the “Permitted Use Case”). Key factors Plaid will consider during its review include whether the use case is appropriate and useful to provide the End User with the End Client application that the End User has enrolled in, whether the End Client application provides a direct benefit to the End User, and whether the use case directly supports the development of new or improved product features for the benefit of End Users, and the jurisdiction(s) in which the End Client operates and/or stores FI Data. If End Client possesses FI Data that exceeds the scope of the End User’s Express Consents, End Client will use industry-standard means to permanently and securely delete (“Delete”) such FI Data. If End Client becomes aware that any data it receives from Plaid does not relate to the End User that End Client originally requested FI Data for, End Client will promptly notify Plaid and will Delete such data.

  3. Data Use. End Client will use, store and otherwise process FI Data solely in accordance with the End User’s Express Consents and applicable laws. 

  4. Data Disclosure. End Client will not disclose, transfer, syndicate or distribute FI Data to any third party (including its Permitted Service Providers) (“Data Sharing”) except in each case with the End User’s Express Consents and in accordance with applicable laws. Notwithstanding anything to the contrary, End Client will not sell FI Data.

  5. Data Deletion. End Client will promptly Delete any FI Data upon request by the applicable End User; provided that End Client may retain copies of FI Data solely to the extent required by applicable laws. 

  6. No Attribution. End Client will not charge End Users any fees attributable to an FI for (a) access to its FI Data or (b) use of End User’s account with an FI in connection with the End Client application. In addition, End Client will not suggest or imply a partnership, sponsorship, or other relationship with an FI based on End Client’s receipt of FI Data under the Partner-Client Agreement or this Clause 5 (FI Data).

  7. No Other Access. End Client will only access FI Data through the Services or another manner that uses the FI’s authorized APIs. End Client will not “screen scrape” data from FIs or collect an End User’s log-on credentials for FI accounts, and will not otherwise knowingly obtain from a third party FI Data that was originally sourced through screen scraping. End Client will immediately Delete any such End User log-on credentials in its possession. End Client will maintain records to demonstrate compliance with this Clause 5.1(g) and will provide them to Plaid upon request.

  8. Compliance with Laws. End Client will comply with all applicable privacy, security and other laws, including, as applicable, the Gramm-Leach-Bliley Act, the California Consumer Privacy Act, and all other laws relating to FI Data. End Client will not use, store, disclose, or otherwise process any FI Data for any purpose not permitted under applicable laws. For the avoidance of doubt, End Client acknowledges that Section 1033 of the Dodd-Frank Act may include obligations on End Client relating to processing, handling, and protecting FI Data. End Client will maintain a program designed to ensure compliance with applicable laws, including appropriately training End Client personnel.

  9. Information Security Program. End Client will maintain a comprehensive written information security program approved by its senior management (“Infosec Program”). The Infosec Program will include administrative, technical and physical measures designed to: (a) ensure the security of FI Data, (b) protect against unauthorized access to or use of FI Data and anticipated threats and hazards to FI Data and (c) ensure the proper disposal of FI Data. The Infosec Program will be appropriate to End Client’s risk profile and activities, the nature of the End Client application, and the nature of the FI Data received by End Client. In any event, the Infosec Program will meet or exceed applicable control objectives captured in industry standards and best practices such as AICPA Trust Service Criteria for Security, NIST 800-53, or ISO 27002 and will comply with applicable laws. End Client will use up-to-date antivirus software and anti-malware tools designed to prevent viruses, malware and other malicious code in the End Client application or on End Client’s systems.

  10. Security Breach Obligations. End Client will promptly notify Plaid (and in no event after more than 12 hours) upon becoming aware of any Security Breach, providing a description of all known facts, the types of End Users affected, and any other information that Plaid may reasonably request. End Client will reasonably cooperate with Plaid in investigating and remediating Security Breaches. End Client will be responsible for the costs of investigating, mitigating, and remediating the Security Breach, including costs of credit monitoring, call centers, support, and other customary or legally required remediation. “Security Breach” means any event that compromises the End Client application or End Client’s systems or that does or reasonably could compromise the security, integrity or confidentiality of FI Data or result in its unauthorized use, disclosure or loss.

  11. FI Confidential Information. If Plaid discloses to End Client any confidential or proprietary materials of an FI (such materials, “FI Confidential Information”), such materials will be subject to the same obligations that apply to Partner’s Confidential Information under the Partner-Client Agreement, which will in no event be less protective of such information than a reasonable standard of care. FI Confidential Information will also be subject to the same obligations as FI Data under this Clause 5.1(a) (End Client Obligations) of this Clause 5 (FI Data). End Client will promptly Delete FI Confidential Information in its possession upon Plaid’s request and will provide a written certification regarding such Deletion.

  12. Oversight and Cooperation. End Client will promptly provide all reasonably necessary information and cooperation requested by Plaid, an FI, or any entity with examination, supervision, or other legal or regulatory authority over Plaid or an FI. In the event that Plaid has a good faith reason to believe that End Client is not in material compliance with this Clause 5 (FI Data), Plaid will notify End Client and, at Plaid’s option, End Client will promptly provide sufficient documentation to demonstrate such material compliance or submit to a third-party audit by a firm selected from a Plaid-approved list of audit firms to verify such compliance. Plaid and FIs may also conduct technical or operational assessments of End Client, which will be subject to advance notice and will not occur more than once per year unless legally required and materially different in scope from a preceding audit.

  13. Information Sharing. Where required by an FI and to the extent relevant to an End Client’s access or use of FI Data from that FI, Plaid may share with such FI certain information related to End Client’s compliance with this Clause 5 (FI Data), including with respect to End Client’s Infosec Program. Plaid will request that such FI treat any such information in a confidential manner.

  14. Insurance. End Client will maintain insurance coverage appropriate to End Client’s risk profile and activities, the nature of the End Client application, and the nature of the FI Data received by End Client; provided that such coverage will be no less than industry standard and will include cybersecurity liability insurance.

  15. Access Frequency. End Client will comply with any guidelines provided by Plaid regarding End Client’s frequency of “batch” pulls of FI Data. Plaid may enforce such guidelines in accordance with its standard practices, which may include throttling, suspension or termination of End Client’s access.

  16. End Client Marks Licence. End Client hereby grants to Plaid and each FI (and each of their third-party service providers) the non-exclusive and non-transferable right and license to use End Client’s trademarks and service marks solely in connection with consent management activities, including use associated with End User facing consent management portals operated by Plaid or an FI.

5.2 Suspension. Plaid may suspend or terminate End Client’s access to the Services or FI Data, in whole or in part, if it believes End Client has breached this Clause 5 (FI Data) or where End Client’s use of the Services or FI Data could violate or give rise to liability under any Plaid agreement (including Plaid’s agreement with any FI) or pose a risk of harm, including reputational harm, to any End User, FI, the Services, or Plaid and its affiliates. In addition, an FI may suspend End Client’s access to FI Data with respect to such FI.

5.3 Indemnity. End Client will indemnify, defend and hold harmless each FI, Plaid, and the affiliates of each of the foregoing from any claims, actions, suits, demands, losses, liabilities, damages (including taxes), costs and expenses arising from or in connection with: (a) any Security Breach resulting in unauthorized disclosure of FI Data or (b) End Client’s unauthorized or improper use of FI Data (including any unauthorized Data Sharing, transmission, access, display, storage or loss). This Clause 5.3 is not subject to any limitation of liabilities set forth in the Partner-Client Agreement. Each FI is a third-party beneficiary of this Clause 5.3.

5.4 Modifications. End Client acknowledges that continued access to FI Data provided by certain FIs may require modifications to this Clause 5 (FI Data), and End Client will accept such modifications to continue accessing or using the Services with respect to such FIs. Plaid will use commercially reasonable efforts to notify End Client of the modifications and the effective date of such modifications through communications via End Client’s account, email, or other means. If End Client objects to the modifications, its exclusive remedy is to cease any and all access and use of the Services as it relates to such FI(s). Continued access or use of such Services after the effective date of such modifications to this Clause 5 (FI Data) will constitute End Client’s acceptance of such modifications.

5.5 Miscellaneous. In the event of a conflict with any other agreement (including the Partner-Client Agreement), the terms and conditions of this Clause 5 (FI Data) will govern and prevail. Capitalized terms used in this Clause 5 (FI Data) and not otherwise defined will have the meanings ascribed to them in the Agreement. All provisions of this Clause 5 (FI Data) will remain in force in the event of this Clause 5’s (FI Data) or the Partner-Client Agreement’s termination or expiration.