Master Subscription Agreement

Rev V1.2, 28th October 2021




This Agreement was last updated on December 1, 2019. It is effective between Customer and CardExchange as of the date of customer’s accepting this Agreement.



In this MSA the following terms shall have the following meanings:

“Account Access Information” means an application administrator user ID, password and other account information necessary for Customer to access the Services and Products.

“Affiliate” means any entity which directly or indirectly controls, is controlled by, or is under common control with the subject entity.

“Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

“Agreement” means this MSA, the Order Form, DPA, SLA, Privacy Policy and applicable Printer Terms together.

“Changes” means where the Provider significantly modifies, revises, adds to or otherwise changes the functionality of the Services in any material respect.

“Confidential Information” means any and all information in any form whatsoever relating to the Provider or Customer, or the business, prospective business, finances, technical process, computer software (both source code and object code, hardware and IPRs of the Provider or Customer (as the case may be) or compilations of two or more items of such information, whether or not each individual item is in itself confidential, which is disclosed by a Party (“Disclosing Party”) to the other Party (“Receiving Party”) as a result of this Agreement or the provision of Services and Products, whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Confidential Information of Customer will include Customer Data; Confidential Information of Provider will include the Services, Products, Licensed Technology; and Confidential Information of each Party will include the terms and conditions of this Agreement and all Order Forms, as well as business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such Party. However, Confidential Information (other than Customer Data) will not include any information that: (a) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party; (b) is or was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party; (c) is or was received from a third party without breach of any obligation owed to the Disclosing Party; or (d) is or was independently developed by the Receiving Party as evidenced by written records of the Receiving Party.

“Customer” means the Party named in the Order Form who has sole responsibility for compliance with all of its and its Affiliates’ obligations under this Agreement, including payment of all amounts due to Provider.

“Customer Data” means all data or information, including personal data imported by or on behalf of Customer or its Users into the Services or Products pursuant to this Agreement, for the purposes of using the Services or Products or facilitating Customer’s use of the Services or Products.

“Customer Installation Site” means the location and facility owned or operated by Customer at which the Licensed Technology is authorized to be installed and to operate.

“Documentation” means user guides, operation manuals, specifications and other related information and documentation, whether in print or machine-readable media, supplied to Customer in connection with use of the Services and Products.

“DPA” means the data processing agreement of the company published at https://cardexchangeid.com/data-processing-agreement as amended from time to time.

“Effective Date” means the date set out in the Order Form. “Feedback” means feedback, innovations or suggestions created by Users regarding the attributes, performance or features of the Services and Products.

“Fees” means the fees set out in the Order Form payable by Customer during the Term.

“Force Majeure” means anything outside the reasonable control of a Party, including but not limited to acts of God, fire, storm, flood, earthquake, explosion, accident, acts of the public enemy, war, rebellion, insurrection, sabotage, epidemic, quarantine restriction, labour dispute, labour shortage, power shortage (including where the Internet becomes unavailable) transportation embargo, failure or delay in transportation, any act or omission (including laws, regulations, disapprovals or failure to approve) of any government or government agency.

“Initial Term” means the initial term of the Agreement set out in the Order Form, starting on the Effective Date.

“IPRs” means all copyrights, patents, utility models, trademarks, service marks, registered designs, moral rights, design rights (whether registered or unregistered), technical information, know-how, database rights, semiconductor topography rights, business names and logos, computer data, generic rights, proprietary information rights and all other similar proprietary rights (and all applications and rights to apply for registration or protection of any of the foregoing) as may exist anywhere in the world.

“Licensed Technology” means the software and devices provided to Customer by Provider for installation and use at the Customer Installation Site in connection with the Services.

“MSA” means this master subscription agreement.

“Order Form(s)” means any order for the purchase of Services or Products signed by the Provider and Customer from time to time. Order Forms will be deemed incorporated herein by reference.

“Party” means Customer or Provider, and “Parties” means Customer and Provider.

“Permitted Purpose” means using the Services and Products to manage the details and credentials of Users in the Card Management system and connected systems made available to Customer pursuant to the terms of this Agreement.

“Printer Terms” means special terms that apply in addition to these MSA terms in relation to the supply and use of any Products included in an Order Form.

“Printer Fee” means the fee set out in the Order Form payable by Customer to Provider for the Products during the Term.

“Privacy Policy” means the privacy policy of Provider published at https://cardexchangeid.com/privacy-policy as amended from time to time.

“Products” means printers or other hardware included in any Order Form.

“Professional Services” means any consulting, advisory, technical, development, programming, or other professional services provided by Provider to Customer from time to time, including services related to the installation, integration, implementation, use, optimization, or customization of the Services, Products or Licensed Technology. If Professional Services are provided, they shall be governed by a separate Order Form or, if no Order Form is provided, subject to Provider’s applicable terms and conditions.

“Provider” means the Party supplying the Services and Products named in the Order Form.

“Renewal Term” means the renewal period set out in each Order Form.

“Services” means the provision of credential ID management software and modules via web-based cloud applications provided by Provider via the cloud and/or other designated websites as described in the User Guide, that are ordered by Customer under an Order Form, including associated offline components and all updates that Provider makes available to customers of the same product version at no additional charge, but excluding Third Party Applications. References to the Services exclude Professional Services.

“Professional Services” means any other service offered by the Provider to the Customer including Installation, Configuration, Project Management, Training, Software Development, Card Template Design and Report Design. Hours can be purchased on retention at a rate agreed and defined in the Order Form or ordered against a Quotation on an adhoc basis. All work will be outlined in a Scope of Work and Fees agreed by both parties before any work commences.

“SLA” means the service level agreement of Provider published at https://cardexchangeid.com/service-level-agreement as amended from time to time.

“Statistical Data” means aggregated, anonymised data derived from the Customer or Users use of the Services or Products which does not include any personal data or Customer Confidential Information.

“Subscription Fee” means the fee set out in the Order Form payable by Customer to Provider for the Services during the Term.

“Sub-Processors” means the sub-processors of the Provider published at https://cardexchangeid.com/sub-processor-list as amended from time to time.

“Term” means the term set out in the Order Form.

“Third Party Applications” means online, Web-based applications and offline software products that are provided by third parties, that interoperate with the Services or Products, and are identified as third party applications.

“Use” (whether or not capitalized) means: (a) in reference to the Services or Products, to open, view, and utilize some or the full functionality of a system, software or other materials, including the ability to input, manipulate, and download data, files, and other information, without directly possessing, hosting, or storing the relevant software; and (b) in reference to the Licensed Technology, means to install and operate the Licensed Technology and to invoke, interact with, and execute part or the full functionality of the Licensed Technology. Unless otherwise expressly provided, “Use” refers only to such activities in relation to the executable version of the corresponding system, software or program materials in operation for the Permitted Purpose, and excludes copying, modifying, enhancing or creating derivative works except as necessarily occurs electronically in downloading, storage, transmission, hosting, compiling, processing, and execution of such system, software or program materials.

“User Guide” means the online user guide for the Services, published online at https://support.cardexchangesolutions.com, as updated from time to time.

“Users” means individuals who are authorized by Customer to use the Services or Products, for whom subscriptions to a Service have been purchased, and who have been supplied user identifications and passwords by Customer (or by Provider at Customer’s request). Users may include but are not limited to employees, consultants, contractors and agents of Customer, or third parties with whom Customer transacts business.

“CardExchange Solutions” means the CardExchange Solutions company described in the “CardExchange Solutions Contracting Entity, Notices, Governing Law, and Venue” section below.


2.1. Order Forms

It is the intention of the Parties that all subscriptions for the Services and Products purchased by Customer, including its Affiliates, shall be issued pursuant to and shall be governed by the terms of the Agreement. If after the Effective Date of the first Order Form, the Customer wishes to purchase additional Services or Products, such Services and Products shall be set out in one or more additional Order Forms, which will be signed by both Parties and shall incorporate the terms of this Agreement. Each Order Form shall form a separate contract between the Parties with its own Effective Date and Term.

2.2. Provision of Services

Provider will make the Services and Products available to Customer pursuant to the terms of this Agreement and the applicable Order Forms for the Term of each Order Form. Customer agrees that its purchases hereunder are neither contingent on the delivery of any future functionality or features nor dependent on any oral or written public comments made by Provider regarding future functionality or features, other than the provision of the Services and Products in accordance with the terms of this Agreement.

2.3. User Subscriptions

Upon commencement of the Term of each Order Form, Provider shall provide Customer with Account Access Information. Thereafter, Customer will be responsible for creating and managing Account Access Information for Users. Customer will not share, reassign, divulge or disclose any Account Access information except as permitted hereunder in connection with Customer’s own use of the Services. Unless otherwise specified in the applicable Order Form: (a) Services are purchased as User subscriptions and may be accessed by no more than the maximum authorized number of Users specified in the applicable Order Form; (b) additional User subscriptions may be added during the Term of the applicable Order Form at the same monthly recurring pricing as that for the pre-existing subscriptions, prorated for the remainder of the Term in effect at the time the additional User subscriptions are added; and (c) the added User subscriptions will terminate on the same date as the pre-existing User subscriptions. User subscriptions are for designated Users and cannot be shared or used by more than one User, but may be reassigned to new Users replacing former Users who no longer require ongoing use of the Services.

2.4. Provider Responsibilities

Provider shall: (a) provide to Customer basic support for the Services at no additional charge, and/or upgraded support if purchased in accordance with its technical support policies in effect from time to time as shown in the then-current User Guide; (b) use commercially reasonable efforts to make the Services available in accordance with then-current SLAs; except for: (i) planned downtime; or (ii) any unavailability caused by Force Majeure.

2.5. Customer Responsibilities

Customer shall: (a) be responsible for Users’ compliance with the terms of this Agreement; (b) be solely responsible for the accuracy, quality, integrity and legality of Customer Data provided or created by Customer and of the means by which it acquired Customer Data; (c) use commercially reasonable efforts to prevent unauthorized access to or use of the Services, and notify Provider promptly of any such unauthorized access or use; and (d) use the Services and Products only in accordance with applicable laws and government regulations. Customer is responsible for, and Provider’s obligation to provide the Services and Products is subject to, Customer’s fulfillment of any responsibilities and full compliance with any assumptions included in any Order Form. Customer will not: (i) make the Services available to anyone other than Users or as otherwise contemplated by this Agreement; (ii) sell, resell, rent or lease the Services; (iii) use the Services to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third party privacy rights; or (iv) interfere with or disrupt the integrity or performance of the Services or third party data contained therein; or (v) attempt to gain unauthorized access to the Services or their related systems or networks. Customer accepts responsibility for all activity occurring under the Account Access Information. Customer will notify Provider immediately upon discovery of any suspected unauthorized use or possession of any Account Access Information.

2.6. Customer Affiliates

Customer Affiliates may purchase and use the Services and Products subject to the terms of this Agreement by executing Order Forms hereunder. Customer shall be liable for any breaches of this Agreement caused by the acts, omissions or negligence of any Affiliate who purchase or access the Services and Products as if such acts, omissions or negligence had been committed by Customer itself.

2.7. Capacity and Infrastructure

During the Term, Provider shall provide and maintain adequate capacity (including, without limitation, servers, storage, bandwidth, CPU time and support personnel) and infrastructure (including heating/cooling, electrical power, server hardware, network infrastructure and bandwidth), as necessary to support the Services in accordance with the SLA.

2.8. Backup Management

During the term of the Services, Provider will perform daily data backups of any Company Data (other than non-production Company Data) stored with Provider as part of the Services. Such back-ups will be TDE encrypted and stored in a secure location on Microsoft Azure, recoverable for up to 35 days.

2.9. Security

  1. The Services will be hosted and carried out in an environment which employs shared infrastructure while segregating Company Data. Hardware infrastructure components, including but not limited to firewalls, load balancers, web servers, database servers, and storage equipment are shared across multiple clients. Service levels and operational procedures are standardized for all clients due to the shared nature of Provider’s hosting environment.
  2. Provider will employ security procedures and administrative, technical, and physical safeguards to reasonably protect its hosting environment, including any Company Data stored thereon, consistent with the level of protection provided by generally accepted industry standards in the software as a service (SaaS) and cloud security industry.
  3. Provider will implement specific security controls and procedures for the Services, including: (a) testing through a documented quality assurance process; (b) regular automated vulnerability scanning of infrastructure components with commercial scanning tools, with tracked mitigation efforts; (c) administrative, technical, and physical network access control restrictions for Platform components; and (d) monitoring of security device controls (e.g., firewalls, intrusion prevention system, etc.).
  4. Provider will monitor and log all system access to the Services to produce an audit trail that includes, but is not limited to, web server logs, application logs, system logs, and network event logs. Such logs are Provider Confidential Information but will be disclosed as necessary to comply with applicable law and Provider’s compliance with its Service Levels.
  5. Provider will implement industry standard personnel and administrative controls to mitigate security risks, including but not limited to: (a) background checks on Provider employees with administrator access to Provider’s hosting platform; and (b) limiting access to Provider’s hosting platform to authorized individuals.

2.10. Business Continuity

Provider will use commercially reasonable efforts to implement and carry out a business continuity plan. Customer understands that the Services rely on public Internet infrastructure. Issues which catastrophically affect the Internet infrastructure will affect availability of the Services and are out of Provider’s control. In case of any such outage, Provider will use commercially reasonable efforts to restore the Services as soon as practicable to the extent within Provider’s control to do so.

2.11. Removal of Unlawful Material

Provider neither actively monitors any Customer’s general use of the hosting environment under normal circumstances nor exercises editorial control over the content of any material created or accessible over or through the environment. However, Provider reserves the right to monitor such use at any time as it reasonably deems appropriate and to remove any materials that, in Provider’s sole discretion, may be illegal, may subject Provider to liability, may breach the terms of this Agreement, or are, in the sole discretion of Provider, inconsistent with Provider’s provision of the Services to its customer’s generally.


3.1. Customer Use of Third-Party Applications

Provider may offer Third Party Applications for sale or license in Order Forms. Any other acquisition by Customer of third-party products or services, including but not limited to Third Party Applications and implementation, customization and other consulting services, and any exchange of data between Customer and any third-party Provider, are solely between Customer and the applicable third-party provider. Provider does not warrant or support third party products or services, whether or not they are designated by Provider as “certified” or otherwise, except as specified in an Order Form. If Customer installs or enables Third-Party Applications included in an Order Form for use with Services or Products, Customer acknowledges that Provider may allow providers of those Third-Party Applications to access Customer Data as required for the interoperation of such Third-Party Applications with the Services or Products. Customer will be responsible for supplying any consents or authorizations required for Customer’s use of such Third-Party Applications. Provider will not be responsible for any disclosure, modification or deletion of Customer Data resulting from any such access by Third Party Application Providers.

3.2. Telecommunications

Customer or its Users are solely responsible for all of its telecommunication or Internet connections required to access the Services or Products, any related access or authentication software or devices, as well as all hardware and software on Customer’s premises. In addition to other third-party costs that may apply, Customer agrees to pay for any and all of its telecommunications costs, license fees and service fees required for and dedicated to Customer’s access to and use of the Services and Products.

3.3. Use by Provider

Provider reserves the right to use third party applications or services or subcontract any part of the Services or Products hereunder provided that such third party meets all applicable obligations and standards required of Provider included in the Agreement.


4.1. Scheduled Changes

During the Term, Provider reserves the right to make modifications, including upgrades, patches, revisions or additions to its hosting environment, the Services and the Products and the Licensed Technology. Where such actions will result in any Changes, Provider will notify Customer at least sixty (60) days prior to such Changes being made. Provider reserves the right to amend the Agreement in order to reflect Changes. However, Provider may make Changes without such notice and testing periods to the extent Provider deems immediate action is required to: (a) correct or avoid identified security vulnerabilities and/or issues that have or are reasonably likely to become Severity 1 or Severity 2 errors (as defined in the SLA) affecting the Services; or (b comply with applicable law.

4.2. Configuration Changes

During the Term, Provider reserves the right to modify settings, configuration files, reports, and similar aspects of the Services or Products as Provider deems necessary and to maintain the operation of the Services or Products. Such configuration changes which do not materially affect existing functionality will not be subject to the notice and testing periods identified in clause 4.1 above.


5.1. Fees

Customer shall pay all Fees specified in all Order Forms. Except as otherwise specified herein or in an Order Form (a) Fees are quoted and payable in United States Dollars (USD); (b) Fees are based on services purchased and not actual usage; (c) payment obligations are non-cancelable and Fees paid are non-refundable; and (d) the number of User subscriptions purchased cannot be decreased during the Initial Term; but can be reduced at the start of any Renewal Term. Subscription Fees are based on monthly periods starting from the Effective Date set out in each Order Form and Subscription Fees shall be invoiced as set out in each Order Form. Where additional Users subscriptions are added to an existing Order Form in the middle of a monthly period additional Subscription Fees will be charged for that full monthly period and the following months for the remainder of the Term.

At the end of each 12 month period of the Term, Subscription Fees may, at Provider’s option, be increased by up to five percent (5%) per year.

5.2. Invoicing and Payment

Fees will be invoiced in advance as set out in each Order Form. Unless otherwise stated in the Order Form, Fees are due on receipt of invoice. Customer is responsible for maintaining complete and accurate billing and contact information within the Services.

5.3. Overdue Fees

If any undisputed amounts are not received by Provider by the due date, then at Provider’s discretion: (a) such charges may accrue late interest at the rate of 1% of the outstanding balance per month, or the maximum rate permitted by law, whichever is higher, from the date such payment was due until the date paid; and/or (b) Provider may make it a condition that future subscription renewals and Order Forms include payment terms shorter than those specified in the “Invoicing and Payment” clause above. If a bona fide good faith dispute exists regarding an invoice, Customer will pay the undisputed items and promptly report the disputed items to Provider and work diligently to promptly resolve such dispute. Customer will pay the amount, if any, mutually agreed to be due with respect to any disputed items promptly after resolution of the dispute.

5.4. Suspension

If payment due to the Provider under this Agreement is 10 days or more overdue, or if Customer is in breach of any other provision of this Agreement, Provider may, without limiting its other rights and remedies, suspend any or all of the Services or provision of Products until Customer is in compliance with its obligations.

5.5. Taxes

Unless otherwise stated, Fees exclude any taxes, levies, duties or similar governmental assessments of any nature, including but not limited to value-added, sales and use, or withholding taxes, assessable by any local, state, provincial, federal or foreign jurisdiction (collectively, “Taxes”). Customer is responsible for paying all Taxes in addition to the Fees. If Provider has the legal obligation to pay or collect Taxes for which Customer is responsible under this clause, the appropriate amount will be invoiced to and paid by Customer, unless Customer provides Provider with a valid tax exemption certificate authorized by the appropriate taxing authority. For clarity, Provider is solely responsible for taxes assessable against it based on its income, property and employees.

6. IPRs

6.1. License to use the Services

Subject to the terms of this Agreement and payment of the Fees, Provider grants Customer, for the Term of each Order Form a world-wide, non-exclusive, non-transferable, revocable license to access and use the Services and Documentation and data associated with the Services (including any IPRs and Confidential Information of the Provider and its Affiliates). Such access and use is permitted only by Users (who may or may not be Customer employees) for Customer’s internal use of the Services during the Term of each Order Form applicable to such Users. Provider acknowledges that Customer may print and distribute reports produced by Customer using the Services without restriction.

6.2. License to use Licensed

Technology Subject to the terms of this Agreement and Payment of the Fees, Provider grants Customer, for the Term of each Order Form, a non-exclusive, non-transferable, revocable license to install and operate at the Customer Installation Site(s) specified in each Order Form, and permit its Users to use the Licensed Technology on up to, and no more than, the types and number of devices set forth in each Order Form. Customer may, at no additional charge, copy the Licensed Technology in connection with the Permitted Purpose as necessary for archival, legal, regulatory and backup purposes, as long as: (a) all proprietary and copyright notices, markings or legends that appear on or are delivered with the Licensed Technology accompany each copy; and (b) Customer accounts for each copy and its location at Provider’s request and permanently deletes the copies when no longer required or upon termination or expiry of the applicable Order Form.

6.3. Reservation of Rights

The Provider, its Affiliates and licensors reserve all rights, title and interest in and to the Services and Licensed Technology, including all IPRs and Confidential Information. No additional implied rights are granted beyond those expressly set out in the Agreement.

Customer hereby acknowledges and agrees that the Services, Licensed Technology, Products and all related IPRs vendor names, distributor names, customer names, pricing plans, and other intellectual property, proprietary rights and confidential information (collectively “Provider IP”) embody and constitute valuable intellectual property rights of Provider. Customer shall not use any of the Provider IP except as expressly authorized by this Agreement. Any and all usage by Customer of the Provider IP shall inure to the benefit of Provider.

Where open source software is used as part of the Licensed Technology or Services, such software use by the Customer will be subject to the terms of the open source licences.

Customer agrees never to contest the rights of Provider in and to the Provider IP. Customer shall not at any time apply for the registration of any patent, trademark copyright or other designation that would affect the ownership of or rights of Provider in and to the Provider IP, nor shall it file any document with any governmental authority to take any action that would adversely affect the ownership of or rights of Provider in and to the Provider IP, or assist anyone else in doing so.

In connection with its use of the Services, Licensed Technology and Products, Customer shall include all such notices of Provider's, Affiliate’s or licensor’s proprietary right, title, and interest in and to the Provider IP as Provider shall reasonably require and shall not remove any proprietary marks or copyright notices.

6.4. Restrictions

Subject to any statutory rights to the contrary, Customer shall not: (a) modify, disassemble, decompile, create derivative works based on or carry out any other source code derivation of the software comprised within the Services or Licensed Technology, except for the use of reports, analysis and other output produced by the Services when used for the Permitted Purposes; (b) copy, frame or mirror any part or content of the Services, other than copying or framing on Customer’s own intranets or otherwise for its own internal business purposes for Permitted Purposes; (c) reverse engineer the Services or Licensed Technology; (d) lease, loan, resell, assign, licence, distribute or otherwise permit access to the Services or Licensed Technology, (e) permit access to or use of the Services or Licensed Technology by or on behalf of any third party except as permitted by this Agreement; or (f) access the Services or use the Licensed Technology in order to: (i) build or modify a similar or competitive product or service; (ii) copy any features, functions or graphics of the Services; (iii) provide ancillary services related to the Services or Licensed Technology.

6.5. Ownership

The Provider, its Affiliates and licensors exclusively owns all right, title and interest in and to the Services, the Documentation, Licensed Technology, including any Changes to the Services or Licensed Technology. Provider retains exclusive ownership of (including all IPRs contained therein) any ideas, concepts, know-how, techniques, expertise, tools, methods, or other materials used in connection with performing any Professional Services: (a) that have been previously developed or are separately developed by Provider; (b) that represent an improvement, change, modification, or enhancement thereof; (c) that are authored, created, invented, developed or implemented by Provider in the course of performing the Services or Professional Services; or (d) that are of general application and not unique or specific to Customer. Customer agrees to assign, and upon creation thereof automatically assigns, to Provider, its successors and assigns, ownership of all such rights in their entirety, without further consideration. From time to time upon Provider’s request and at Provider’s expense, Customer and/or its personnel agree to confirm such assignments by execution and delivery of written documentation in the form provided by Provider.

6.6. Suggestions

Provider is granted a royalty-free, worldwide, transferable, sub-licensable, irrevocable, perpetual license to use or incorporate into the Services, Products and Licensed Technology all Feedback, relating to the operation of the Products, Services and Licensed Technology, excluding the Customer Data or any other Confidential Information of Customer pertaining to its business.

6.7. License to use Customer Data

Customer and its Affiliates exclusively own all rights, title and interest in and to all Customer Data. Customer grants Provider and its Affiliates a non-exclusive, licence to use Customer Data, Customer IPRs and any third party owned items provided by Customer and its Affiliates and Users for the Term to the extent required for the provision of the Services, Products and Licensed Technology.

6.8 Statistical Data

Customer grants Provider the perpetual right to use Statistical Data and nothing in this Agreement shall be construed as prohibiting Provider from using the Statistical Data for business and/or operating purposes, provided that Provider does not share with any third party Statistical Data which reveals the identity of the Customer or User, or Customer’s Confidential Information.


7.1. Protection of Confidential Information

Except as otherwise permitted in writing by the Disclosing Party; (a) the Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own confidential information (but in no event less than reasonable care) not to disclose or use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement; and (b) the Receiving Party will limit access to Confidential Information of the Disclosing Party to those of its employees, contractors, agents and professional advisors who need such access for purposes consistent with the obligations of the Receiving Party under this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections no less stringent than those herein.

7.2. Customer Data

Customer Data is deemed Confidential Information of Customer under this Agreement. Provider will not access and will cause its Affiliates, agents, contractors and representatives not to access, Customer’s user accounts, including Customer Data, except to provide the Services, Products or Licensed Technology to Customer. Without limiting the above, Provider shall maintain the security and integrity of Customer Data as set out in the DPA.

7.3. Compelled Disclosure

The Receiving Party may disclose Confidential Information of the Disclosing Party if it is compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure, or obtain an appropriate protective order or other reliable assurance that confidential treatment will be accorded the Confidential Information. If the Receiving Party is compelled by law to disclose the Disclosing Party’s Confidential Information as part of a civil proceeding to which the Disclosing Party is a party, and the Disclosing Party is not contesting the disclosure, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing secure access to such Confidential Information. If the Receiving Party discloses or uses (or threatens to disclose or use) any Confidential Information of the Disclosing Party in breach of confidentiality protections hereunder, the Disclosing Party will have the right, in addition to any other remedies available to it, to seek injunctive relief to enjoin such acts, it being specifically acknowledged by the Parties that any other available remedies are inadequate.


8.1. Mutual Warranties

Each Party represents and warrants that: (a) it has the full corporate power and authority to enter into this Agreement and perform the obligations required hereunder; (b) it will not knowingly transmit to the other Party any Malicious Code (except for Malicious Code previously transmitted to the warranting Party by the other Party); (c) the execution and performance of its obligations under this Agreement does not violate or conflict with the terms of any other agreement to which it is a party and is in accordance with any applicable laws; and (d) shall respect all applicable laws and regulations, governmental orders and court orders, which relate to this Agreement.

Provider represents and warrants that: (a) it has the right to licence the Services and Licensed Technology; (b) the Services and Licensed Technology shall be provided with reasonable skill and care, in a professional manner in accordance with good industry practice; and (c) the Services shall be provided in accordance with the SLA.

Customer represent and warrants that it rightfully owns the necessary user rights, copyrights and ancillary copyrights and permits required for it to fulfil its obligations under this Agreement.

8.2. Disclaimer

Except as expressly stated in this Agreement, all warranties and conditions, whether express or implied by statute, common law or otherwise (including but not limited to satisfactory quality and fitness for purpose) are excluded to the fullest extent permitted by law.

All third-party content or information provided by Provider via the Services or Licensed Technology, is provided “as is”. Provider provides no warranties in relation to such content or information and shall have no liability whatsoever to Customer for its use or reliance upon such content or information.

No warranty is made regarding the results Customer can achieve from using the Services or Licensed Technology or that the Services or Licensed Technology will operate uninterrupted or error free.


9.1. Provider Indemnity

Indemnification by Provider. Subject to the provisions of this Agreement, Provider shall defend, indemnify and hold Customer harmless against any loss, damage or costs (including reasonable attorneys’ fees) incurred in connection with claims, demands, suits, or proceedings (“Claims”) made or brought against Customer by a third party: (a) alleging that the use of the Services in accordance with the terms of the Agreement infringes the IPRs of a third party; or (b) based on a breach by Provider of its confidentiality obligations under this Agreement; provided that Customer: (i) promptly gives written notice of any Claims to Provider; (ii) gives Provider, at Provider’s expense, sole control of the defence and settlement of any Claims (provided that Provider may not enter into any settlement or compromise for any Claims that would adversely affect Customer without Customer’s prior written consent); and (iii) provides to Provider, at Provider’s cost, all reasonable assistance. If there is a material, bona fide claim (or threat of a claim) of infringement, misappropriation, or violation of any IPRs or other right of any third party in connection with the Services, Provider will promptly: (1) procure for Customer the right to continue using the Services, as applicable; or (2) replace or modify the Services to make it non-infringing without material adverse impact on the functionality of the Services. If neither of the above remedies is commercially practicable, Provider may terminate the Agreement and refund to Customer a prorated portion of the prepaid fees paid by Customer for the Services as measured from the effective date of termination or suspension of service, provided, however, that Provider will provide Customer with no less than 14 days notice prior to such termination (or such shorter period equal to the remainder of the Term of this Agreement, if less than 14 days remain in the Term of this Agreement), and that during such period, Provider will continue to provide the Services with no material loss of functionality. Provider’s obligation to provide the Services after notice of termination as set forth in the prior sentence will not apply if the provision of such Services, in Provider’s sole opinion, would cause Provider to continue to incur damages for infringement. Further, Provider will have no liability to indemnify, defend or hold Customer harmless if the alleged infringement is based on: (x) Customer’s use of the Services other than in accordance with this Agreement; or (y) claims resulting solely from Customer’s alteration of the Services (excluding Provider-initiated modifications).

9.2. Customer Indemnity

Customer shall defend indemnify and hold Provider and its Affiliates harmless against any Claims relating to or resulting directly or indirectly from: (a) use by Provider of Customer Data that breaches any third party’s rights; (b) an Affiliate’s or a User’s use of the Services, Licensed Technology or Products breaches of any terms of this Agreement; (c) use of the Services, Licensed Technology or Products outside of the scope of the Agreement that infringes or misappropriates the IPRs of a third party or breaches any applicable law; or (d) the Customer, its Affiliates or Users breaching applicable data protection laws, the terms of the DPA of any obligations of confidentiality; provided that Provider: (i) promptly gives Customer written notice of any Claims, (ii) gives Customer, at Customer’s expense, sole control of the defence and settlement of any Claims (provided that Customer may not settle or defend any Claims unless it unconditionally releases Provider of all liability), and (iii) provides to Customer, at Customer’s cost, all reasonable assistance.

9.3. Exclusive Remedy

This “Mutual Indemnification” clause states the indemnifying Party’s sole liability to, and the indemnified Party’s exclusive remedy against, the other Party for any type of Claims described in this clause.


10.1. Limitation of Liability

Nothing in this Agreement shall be deemed to be an exclusion or limitation (or attempt to create an exclusion or limitation) of either Party’s liability for: (a) death or personal injury claims arising from a Party’s negligence; and/or (b) fraud or fraudulent misrepresentation; and/or (c) any other matter for which it would be unlawful for such Party to attempt to exclude or limit its liability.

Subject to the above, except for any indemnity obligations under clauses 9.1 or 9.2 or liability due to a Party’s negligence, deliberate default or willful misconduct, in no event shall either Party’s liability arising out of or related to this Agreement, whether in contract, tort or under any other theory of liability: (a) excluding any indemnity claim, exceed in aggregate the total amount paid or due from Customer under any applicable Order Form(s) in the 12 months preceding the incident; and (b) for any indemnity claim shall not exceed 200% of the total amount paid or due from Customer under any applicable Order Form(s) in the 12 months preceding the claim. The foregoing shall not limit Customer’s payment obligations under the Agreement.

10.2. Exclusion of Consequential and Related Damages

Except for any indemnity obligations under clauses 9.1 or 9.2, liability due to either Party’s negligence, deliberate default or willful misconduct, or damages related to any indemnity, in no event shall either Party be liable to the other for any loss of profits, loss of revenue, indirect, special, incidental, or consequential losses however caused, whether in contract, tort or under any other theory of liability, and whether or not the claiming Party has been advised of the possibility of such damages. The foregoing shall not apply to the extent the exclusion is prohibited by law.

10.3 Liability for Affiliates and Users

Customer shall be liable for any breaches of this Agreement caused by the acts, omissions or negligence of any of its Affiliates or Users who access the Services, Licensed Technology or Products as if such acts, omissions or negligence had been committed by the Customer itself.


11.1. Term of Agreement

This Agreement commences on the Effective Date set out in the first Order Form signed by the Parties and continues until all Order Forms signed pursuant to this Agreement have expired or been terminated.

11.2. Term of User Subscriptions

The Term of each Order Forms and User subscriptions commences on the Effective Date specified in each applicable Order Form and continues for the Initial Term specified in each Order Form. Except as otherwise specified in the applicable Order Form, the Term of all User subscriptions and Order Forms will automatically renew for successive Renewal Terms, until Customer gives Provider written notice of termination as follows: (a) termination of a monthly User subscription can be given at any time and will be effective at the end of the calendar month in which Provider receives the notice of termination; (b) .termination of any other User subscription must be given at least thirty (30) days prior to the start date of any Renewal Term and termination shall be effective on the last date of the Initial Term or Renewal Term, as applicable.

11.3. Termination for Cause

Either Party may terminate this Agreement for cause: (a) upon giving 30 days written notice to the other Party for a material breach if such breach remains uncured at the expiration of the 30 day period; or (b) ceases or threatens to cease or carry on business; or is unable to pay its debts or enters into compulsory insolvency or voluntary liquidation; or convenes a meeting of its creditors or has a receiver, manager or similar official appointed in respect of its assets; or has an administrator, receiver, manager or similar official appointed; or is affected by a similar event under the law of any other jurisdiction; or (c) or the Provider suspends provision of the Services, Licensed Technology or Products generally.

Provider may terminate this Agreement or the provision of any Services with immediate effect if a Customer has used or permitted use of the Services, Licensed Technology or Products other than in accordance with this Agreement.

11.4. Refund or Payment upon Termination

Upon any termination for cause by Customer, Provider will refund Customer any prepaid Fees covering the remainder of the Term for any Subscription Fees relating to periods after the effective date of termination. In no event will any termination relieve Customer of the obligation to pay any Fees payable to Provider for the period prior to the effective date of termination.

11.5. Transition Assistance; Return of Customer Data

Provider will, if so requested by Customer, enter into a Statement of Work under a professional services agreement to provide Customer with such assistance as Customer may reasonably require in transitioning to a new service Provider. If so requested by Customer, Provider will continue to provide any or all of the Services, Licensed Technology or Products, subject to Customer’s payment for those items at the rates provided in this Agreement, for a period up to six (6) months after either Party gives notice of termination of this Agreement.

Upon request by Customer made at any time before or within 45 days after the effective date of termination, Provider will delete all Customer Data or make available to Customer for download, at no additional cost to Customer, a file of Customer Data After such 45-day period, Provider will have no obligation to maintain or provide any Customer Data and will thereafter, unless legally prohibited, delete all Customer Data in its systems or otherwise in its possession or under its control. Whether or not so provided in a Statement of Work, Provider shall be entitled to recover its standard fees for retention of Customer Data after termination of this Agreement if so required by Customer or legal authority.

All licenses granted under this Agreement or an Order Form shall termination upon expiry or termination of the Agreement, or the applicable Order Form.

11.6. Surviving Provisions

The clauses headed “Fees, Invoicing and Payment,” “IPRs,” “Confidentiality,” “Warranties and Disclaimers,” “Mutual Indemnification,” “Limitation of Liability,” “Refund or Payment upon Termination,” “Return of Customer Data,” “Surviving Provisions” and “General Provisions” and any other clause which by their nature should survive termination or expiry of this Agreement will survive any termination or expiration of this Agreement.


Each Party undertakes to comply with its obligations under relevant applicable data protection laws, principles and agreements. To the extent that personal data is processed when Customer, its Affiliates or Users use the Services, Licensed Technology or Products, the Parties acknowledge that Provider is a data processor and Customer is a data controller and the Parties shall comply with their respective obligations under applicable data protection law and the terms of the DPA.

If a third party alleges infringement of its data protection rights, Provider shall be entitled to take measures necessary to prevent the infringement of a third party’s rights from continuing.

Where Provider collects and processes personal data of Customer or Affiliates, as a data controller, when providing the Services, Licensed Technology or Products to Customer, Affiliates or Users, such collection and processing shall be in accordance with the Privacy Policy.


13.1 Export Compliance

Each Party will comply with the export laws and regulations of any applicable jurisdictions in providing and using the Services, Licensed Technology and Products. Without limiting the foregoing: (a) each of Provider and Customer represents that it is not named on any U.S. government list of persons or entities prohibited from receiving exports; and (b) Customer will not permit Users to access or use Services, Licensed Technology or Products in violation of any U.S. export embargo, prohibition or restriction.

13.2. Relationship of the Parties

The Parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the Parties.

13.3. No Third Party Beneficiaries

Nothing contained in this Agreement is intended to be enforceable pursuant to the Contracts (Rights of Third Parties) Act 1999, or any similar legislation in any applicable jurisdiction.

13.4. Publicity

Except with Customer’s written consent, Provider will not, without the prior written consent of Customer use publicly in advertising, publicity, marketing or other promotional materials or activities, the name, trade name, trademark, service mark or symbol, or any abbreviation, contraction or simulation thereof, of Customer, its Affiliates or their respective partners or employees.

13.5. Notices

Except as otherwise specified in this Agreement, all notices, permissions and approvals hereunder shall be in writing and shall be deemed to have been given upon: (a) personal delivery; (b) the second business day after mailing; (c) the second business day after sending by confirmed facsimile; or (d) except for notices of termination or an indemnifiable claim, the first business day after sending by email.

If to Provider to the address given for the Provider in the Order Form.

If to Customer to the address given for the Customer in the Order Form.

13.6. Waiver and Cumulative Remedies

No failure or delay by either Party in exercising any right under this Agreement will constitute a waiver of that right. Other than as expressly stated herein, the remedies provided herein are in addition to, and not exclusive of, any other remedies of a Party at law or in equity.

13.7. Severability

If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision will be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement will remain in effect.

13.8. Assignment

Subject to the terms of the DPA, neither Party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other Party (not to be unreasonably withheld). Notwithstanding the foregoing, either Party may assign this Agreement in its entirety (including all Order Forms), without consent of the other Party, to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets not involving a direct competitor of the other Party. A Party’s sole remedy for any purported assignment by the other Party in breach of this clause will be, at the non-assigning Party’s election, termination of this Agreement upon written notice to the assigning Party. In the event of termination by the Customer or Provider’s breach, Provider will refund Customer any prepaid fees covering the remainder of the Term for all subscriptions that would have continued after the effective date of termination. Subject to the foregoing, this Agreement will bind and inure to the benefit of the Parties, their respective successors and permitted assigns.

13.9. Governing Law

CardExchange Solutions Contracting Entity, Governing Law, and Venue. The CardExchange Solutions entity entering into this Agreement, the law that will apply in any dispute or lawsuit arising out of or in connection with this Agreement, and the courts that have jurisdiction over any such dispute or lawsuit, depend on where Customer is domiciled.

If Customer is domiciled in:

The CardExchange Solutions entity entering into this Agreement is:

Governing law is:

Courts with exclusive jurisdiction are:

The United States of America, Mexico or a Country in Central   or South America or the Caribbeans, Canada

CardExchange, Inc

California and controlling United States federal law

California, USA

A Country in Europe, United Kingdom, the Middle East or Africa

ExchangeIt B.V. (DBA CardExchange Solutions)


The Netherlands

A Country in Asia or the Pacific region, other than Australia or New Zealand

CardExchange, Inc

California and controlling United States federal law

California, USA

Australia or New Zealand

CardExchange, Inc

California and controlling United States federal law

California, USA

13.10. Agreement to Governing Law and Jurisdiction

Each party agrees to the applicable governing law above without regard to choice or conflicts of law rules, and to the exclusive jurisdiction of the applicable courts above.

13.11. Force Majeure

Excluding Customer’s obligation to pay the Fees, neither Party will be liable for any delays or other non-performance resulting from Force Majeure. Performance time will be considered extended for a period of time equivalent to the time lost because of any such excused delay. If any Force Majeure endures for more than twenty-eight (28) days, the Parties will meet and review in good faith the desirability and conditions of this Agreement, and either Party may terminate the Agreement thereafter.

13.12. Entire Agreement

This Agreement, including all schedules and any other exhibits and addenda hereto and all Order Forms, constitutes the entire agreement between the Parties and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. Without limiting the foregoing, this Agreement supersedes the terms of any online MSA electronically accepted by Customer. Subject to the terms of the DPA, no modification, amendment, or waiver of any provision of this Agreement will be effective unless in writing and signed by the Party against whom the modification, amendment or waiver is to be asserted. However, to the extent of any conflict or inconsistency between the provisions in the MSA and the other documents that make up the Agreement including any exhibit or addendum or any Order Form, the terms of the Order Form shall prevail followed by the MSA then the Printer Terms where applicable, the DPA, the SLA, and then the Privacy Policy. Notwithstanding any language to the contrary therein, no terms or conditions stated in a Customer purchase order or in any other Customer order documentation (excluding Order Forms) will be incorporated into or form any part of this Agreement, and all such terms or conditions will be null and void.

13.13. Digital and Electronic

Execution, Copies and Delivery; Counterparts The Parties agree that this Agreement including any Order Form or Changes may be executed and/or delivered electronically, and electronic copy or confirmation of this Agreement may be executed by facsimile and in counterparts, which taken together will form one legal instrument.

13.14. Dispute Resolution

In the event of any dispute or disagreement between the Parties arising out of or relating to this Agreement (the “dispute”), the Parties will endeavor to resolve the dispute in accordance with this clause. Either Party may invoke this clause by providing the other Party written notice of its decision to do so, including a description of the issues subject to the dispute. Each Party will appoint a director to discuss the dispute and no formal proceedings for the judicial resolution of such dispute, except for the seeking of equitable relief, may begin until either director concludes, after a good faith effort to resolve the dispute, that resolution through continued discussion is unlikely within 30 days of the directors first contacting each other. The Parties will refrain from exercising any termination or suspension right and will continue to perform their respective obligations under this Agreement while the Parties endeavor to resolve the dispute under this clause during this 30-day period.

Sign In

Welcome back!

Login to your account and get access to your Partner Benefits

US business only within scope

ISO/IEC 27001:2013 

United States

2010 Elkins Way, Suite 1122
Brentwood, CA 94513

Monday – Friday
9am – 5pm (EST)
+1 (925) 529 4999


Smallepad 32
3811 MG Amersfoort

Monday – Friday
9am – 5pm (CET)
+31 (0)20 2251 447


Rua dos Pocinhos 2, Suite 570
2655-241 Ericeira

Monday – Friday
9am – 6pm (GMT)
+351 308 802 374

© 2023 CardExchange Solutions, Inc.