Legal

Parties and Purpose

The agreement is made between TGIPAY Limited, a CBN-licensed Payment Solution Service Provider, and the merchant entity identified in the agreement.

Its purpose is to allow the merchant to use TGIPAY's payment gateway services, including customized payment links and related value-added services, to receive payments for goods and services from customers.

Definitions

The agreement defines key commercial and operational terms used throughout the relationship, including payment processing, data protection, compliance, and dispute management concepts.

• 3D-Secure means the additional authentication step required to complete an online transaction.
• API means TGIPAY's application programming interface used to provide services over a secure internet connection between TGIPAY's systems and the merchant's systems.
• Applicable Laws include Nigerian laws, CBN rules, anti-money laundering, anti-terrorism financing, privacy, tax, and consumer protection obligations.
• Chargebacks are reversals initiated by a customer or issuing bank under payment scheme rules, including cases involving non-delivery, cancelled transactions, suspected fraud, or unauthorized card use.
• Fees are the amounts payable by the merchant to TGIPAY for the services under the agreement.
• Fraudulent Transactions are transactions that amount to fraud under Nigerian law, payment scheme rules, or applicable statutory requirements.
• Payment Gateway means the online channel and infrastructure deployed by TGIPAY to authorize payments for merchants.
• PCI-DSS means the Payment Card Industry Data Security Standard for handling card information securely.
• Personal Data, Transaction, Transaction Data, Refund, Business Day, Acquiring Bank, Issuing Bank, Payment Scheme, and UAT all carry the meanings assigned in the agreement.

Interpretation

The agreement includes standard interpretation rules covering singular and plural meanings, gender references, statutory references, written communications, and the continued effect of provisions intended to survive termination or expiration.

Illustrative phrases such as 'including' do not limit broader wording, and day-counting rules exclude the day of the event while adjusting deadlines that fall on non-business days.

Terms Incorporated by Reference

TGIPAY's Terms of Service, Privacy Policy, and Acceptable Use Policy are incorporated into the agreement and apply with full force as though set out in full in the agreement itself.

Where there is a conflict between the user documents and the Merchant Service Agreement, the Merchant Service Agreement prevails only to the extent of that conflict. TGIPAY may notify merchants of modifications by email or notice on its website.

Services

TGIPAY agrees to provide payment gateway services through customized payment links so the merchant can receive payments from customers.

Any services beyond the core payment gateway scope must be separately agreed in writing through an amendment or addendum covering scope and commercials.

Commencement and Duration

The agreement commences on execution and remains in force for an initial five-year term, renewing automatically unless either party states otherwise.

Effectiveness is subject to successful onboarding of the merchant and a compliant KYC and due diligence review carried out by TGIPAY.

Obligations of TGIPAY

TGIPAY undertakes to provide and support the payment infrastructure required for the merchant to use TGIPAY services.

• Provide access to payment links for the merchant's business.
• Work with the acquiring bank to settle monies collected on behalf of merchants in line with applicable law and payment scheme rules.
• Maintain full and accurate accounting records of transaction data.
• Put in place measures necessary to protect the security and integrity of relevant infrastructure and prevent fraud and data breaches.
• Provide access to a secure reporting portal or transaction dashboard for transaction monitoring and chargeback resolution.
• Maintain industry-standard practices for collecting, storing, transmitting, and protecting transaction data.
• Collaborate with the merchant on integration specifications and API access.
• Set up the merchant on the TGIPAY payment gateway subject to successful onboarding, due diligence, and fee payment where applicable.
• Develop and deploy card and token processing APIs for supported payment schemes.
• Support controlled end-to-end testing in the live environment with selected internal users.
• Process Personal Data only on the merchant's lawful written instructions unless otherwise required by law or agreed in writing.
• Grant a limited, non-exclusive, non-transferable license to the TGIPAY API and technical specifications.
• Reserve the right to share termination data with industry databases such as VMSS or MATCH.
• Avoid conduct prejudicial to the merchant's reputation, best interests, or goodwill.

Obligations of the Merchant

The merchant is responsible for lawful, secure, and compliant use of TGIPAY services and for maintaining the operational environment required for payment acceptance.

• Use the payment link only for registered businesses and not for illegal or fraudulent purposes.
• Avoid compromising, transferring, altering, copying, or tampering with TGIPAY infrastructure or credentials.
• Provide TGIPAY with requested KYC and due diligence information within the required timeline.
• Maintain all licenses, permissions, consents, and bank accounts needed to lawfully operate and receive settlements.
• Prepare compatible operational software, interfaces, hardware, and connection requirements for integration.
• Comply with all security, encryption, payment scheme, regulatory, and legal requirements.
• Immediately report service issues, suspected data breaches, misuse, suspicious activity, or suspected fraud.
• Implement 3D-Secure where required and respond to fraud enquiries within one business day, subject to timing rules in the agreement.
• Remain liable for undisputed chargebacks and cooperate on disputed chargebacks, including payment or reimbursement timelines.
• Authorize debits to the nominated settlement account for lawful refunds, chargebacks, and related charges where applicable.
• Use TGIPAY APIs and integration specifications only in the prescribed manner and complete UAT with internal users before public rollout.
• Display minimum customer-facing information including business details, privacy policy, return or refund information, customer service contacts, and customer response commitments.
• Close completed transactions appropriately and avoid retaining sensitive cardholder information.
• Retain transaction records and supporting documents for at least 120 days or longer if TGIPAY stipulates another period.
• Maintain KYC records for customers, monitor customer transactions, keep dashboard login credentials confidential, and provide proof of customer authorization or proof of value when requested.
• Respond to chargeback disputes within the prescribed timelines and provide director, shareholder, PEP, and beneficial ownership information when required.

Joint Obligations of the Parties

Both parties undertake to perform their obligations, cooperate on customer service processes, and ensure that approvals required from the other party are not unreasonably withheld or delayed.

Each party bears its own integration costs and must ensure adequate fraud protection, PCI-DSS compliance, and security controls for data and infrastructure used in the relationship.

Service Fees

The merchant agrees to pay TGIPAY the service fees specified in the agreement, and TGIPAY may deduct those fees and any other payable amounts from funds collected on the merchant's behalf.

• Set-up charge: free.
• Convenience fee: free.
• Local online card transactions: 1.5% capped at N1,500.00 exclusive of VAT, borne by the merchant.
• International online card transactions: 5.0% with no cap exclusive of VAT, borne by the customer.
• Pay with transfer: 1.5% capped at N1,500.00 exclusive of VAT, borne by the merchant.
• Other payment method fees are to be separately discussed and agreed in writing before implementation.
• VAT applies to transaction fees and is deducted from the merchant settlement account.
• TGIPAY may waive, update, or review fees at its discretion provided it promptly notifies the merchant.

Settlement Process

Funds received from customers, less applicable fees, are to be paid into the merchant's nominated bank account in the merchant's name.

• Local transactions are settled not later than T+1 business day.
• International card transactions are settled not later than T+7 business days.
• Settlement is sent through an automated process to the merchant's nominated account.
• TGIPAY will work with the acquiring bank to support settlement but is not liable for settlement delays for any reason whatsoever.
• If reconciliation shows unpaid amounts due to TGIPAY, the merchant must pay the discrepancy within two business days.
• TGIPAY maintains transaction records and the merchant can monitor transactions in real time.
• TGIPAY may combine balances and set off money standing to the credit of the merchant against amounts owed after giving three business days' prior written notice.

Chargebacks, Transaction Disputes, and Refunds

The merchant agrees that TGIPAY and issuing banks may refuse or reverse transactions where required by law, payment scheme rules, or operational risk considerations.

• TGIPAY may reverse a transaction where a chargeback is likely or where regulatory reasons require reversal.
• Chargebacks and associated costs remain recoverable even after the agreement ends, if they relate to transactions processed during the term.
• The merchant must reimburse TGIPAY for chargebacks and chargeback costs where settlement has already been accepted.
• The merchant gives standing consent for its bank account to be debited for chargebacks, chargeback costs, and related obligations, subject to notification.
• TGIPAY may submit unsettled or disputed transactions to issuing banks or authorities for investigation and may withhold payment while investigations continue.
• Chargebacks are an immediate liability of the merchant, and TGIPAY may recover them by debit, deduction, invoicing, or any legitimate recovery means.
• TGIPAY is not obliged to investigate the validity of a chargeback decision by an issuing bank, payment scheme, or other financial institution.
• TGIPAY may suspend the agreement where refunds, chargebacks, fines, penalties, or related charges become unreasonable, subject to the cure process described in the agreement.

Fraud Related Transactions

Fraud-related transactions include card misuse, non-compliance with payment scheme rules, and transactions not duly authenticated in line with industry standards or CBN regulations.

If proven fraudulent transactions exceed 0.1% of the merchant's monthly sales turnover in a calendar month, TGIPAY may terminate the agreement or require the merchant to delist the affected customer.

Where TGIPAY reasonably suspects fraud or criminal activity, it may suspend processing and withhold settlement pending investigation, while notifying the merchant.

Limitation of Liability

Liability under the agreement is limited for both parties in contract, negligence, tort, indemnity, or otherwise, subject to the express carve-outs in the agreement.

• Neither party is liable for indirect, incidental, special, exemplary, consequential, or punitive damages, including loss of profits, revenue, sales, business, goodwill, time, or data.
• Neither party is liable for delay or failure caused by events beyond reasonable control or actions not directly traceable to that party.
• Liability does not exceed the service fee charged for the relevant service.
• Claims brought more than six months after they arise are barred under the agreement.
• The services are provided on an 'as is' and 'as available' basis to the maximum extent permitted by law.
• TGIPAY does not guarantee uninterrupted or error-free operation of the payment gateway, although it undertakes to use best endeavours to keep it functioning optimally within accepted industry standards.
• The liability cap does not apply to fraud, misrepresentation, wilful negligence, personal injury, or any matter for which liability cannot lawfully be limited.

Indemnity

Each party agrees to defend, indemnify, and hold the other harmless for losses arising directly from material breach, fraud, gross negligence, or wilful misconduct.

• The merchant must promptly reimburse TGIPAY for amounts erroneously received or for fees later found to be unpaid.
• The merchant specifically indemnifies TGIPAY for security breaches, chargebacks, assessments, third-party claims, regulatory inquiries, fines, and losses arising from its negligence, misconduct, or legal non-compliance.
• TGIPAY indemnifies the merchant for damages arising from TGIPAY's own negligence, wilful misconduct, relevant security breaches, and certain third-party claims related to the services.

Representations and Warranties

Each party represents that it has the power, authority, licenses, facilities, personnel, and legal capacity required to enter into and perform the agreement.

• Each party warrants that information supplied for the agreement is true, accurate, complete, and not misleading.
• Each party confirms there are no conflicting obligations that would materially affect performance of the agreement.
• The merchant warrants that it will not submit illegal, fraudulent, restricted, or unauthorized transactions.
• The merchant warrants that it is a validly existing company in good standing and will maintain all required permits, registrations, and licenses.
• The merchant warrants that, to the best of its knowledge, no legal action materially impairs its business or ability to perform the agreement.
• The merchant states that it has not experienced excessive chargebacks, committed fraud, or been terminated by an acquirer or regulator in the manner described in the agreement, and that its key owners and controllers are not criminally implicated as stated in the agreement.

Termination

Either party may terminate the agreement on one month's prior written notice.

A party may also terminate for unremedied breach after the contractual cure period, while TGIPAY may immediately suspend or terminate in the specific circumstances listed in the agreement.

• Immediate TGIPAY termination or suspension rights include termination of TGIPAY's aggregator agreement with the acquiring bank, detrimental change of control, excessive chargebacks or fraudulent transactions, actual or suspected security breaches, merchant breach, fraudulent activity, or a non-compliant due diligence status.
• Termination does not affect accrued rights and obligations, nor provisions intended to survive termination.
• On termination, the merchant's right to use the payment gateway is revoked and TGIPAY may delist the merchant.
• TGIPAY will return merchant records in accordance with data protection and other applicable laws.

Confidentiality, Exclusivity and Non-Circumvention

Each party must keep confidential information secret, avoid using it to gain undue advantage over the other, and prevent customers, employees, agents, assignees, or affiliates from breaching the confidentiality obligations.

The parties also agree not to circumvent each other or the obligations of the agreement, and proven circumvention gives the affected party indemnity and access to judicial remedies including damages and injunctive relief.

Force Majeure

A party is not liable for inability or delay in performance caused by force majeure events including acts of God, prolonged internet failures, cyber-attacks, outages, epidemics, industrial action, government acts, or similar events relevant to the industry.

The affected party must notify the other within seven days and provide proof. If the incapacity exceeds two months, the agreement terminates automatically unless the parties agree otherwise in writing.

Intellectual Property Rights

Each party retains ownership of its own intellectual property, and nothing in the agreement transfers title unless expressly stated.

• All rights in the TGIPAY payment gateway and related improvements remain TGIPAY's exclusive property.
• The merchant must not jeopardize TGIPAY's proprietary rights or modify another party's intellectual property without written approval.
• Merchant feedback, suggestions, and improvements relating to the TGIPAY payment gateway or API may be incorporated by TGIPAY and remain TGIPAY's property without compensation.
• The merchant may not use TGIPAY's name or brand logo except for promotion of the relationship and only with written consent where required.
• Both parties must avoid confusingly similar marks, notify each other of infringement risks, and on termination cease using and return or destroy materials bearing the other party's intellectual property.

Cybersecurity and Environmental Protection

Both parties undertake to follow best practices and international standards on information and cyber security, including standards such as ISO/IEC 27032 and ISO 22301 where applicable.

The agreement also encourages the use of technologies, systems, and products that are less detrimental to the environment where applicable.

Data Retention and Right to Audit

TGIPAY may undertake systems audits to ensure adequate controls, safeguards, and internal security over relevant systems used for the services.

• Audits are to be conducted in accordance with ISA 402 or other similar internationally recognized systems auditing standards.
• The merchant must keep accurate and complete records for the period required by law and make them available for inspection and audit during or after the term of the agreement.
• Audit rights extend to relevant subcontractors, and inspection is limited to information pertaining to the services and related transaction performance.

Information and Cybersecurity

The agreement sets specific expectations for secure data transfer, network security, security reviews, and technical assurance between the parties.

• Preferred information transfer methods include secure email and any other agreed transfer methods aligned with current information security standards.
• Where access to the other party's systems is needed, the accessing party is responsible for use by its employees and permitted subcontractors, and TGIPAY may monitor user activity and revoke access for security non-compliance.
• Each party may request recent third-party audit or certification materials such as NDPR, ISO, or PCI-DSS evidence at reasonable intervals.
• Each party warrants that its systems are free from surreptitious code such as spyware, ransomware, rootkits, trojans, worms, or similar mechanisms enabling unauthorized access.
• Each party's software may be reviewed for security flaws by the other party's review team, or supported with an independent source code review certificate from a recognized application security organization.

Security Incident or Data Breach Management and Notification

If the merchant becomes aware of or reasonably suspects a cybersecurity incident or data breach, it must notify TGIPAY in writing within 24 hours with sufficient detail to support TGIPAY's reporting and incident response obligations.

• The notice must describe the nature of the incident, affected categories and numbers of data subjects and records, likely consequences, relevant contact persons, and measures taken or proposed.
• A party experiencing an actual or threatened data breach must keep the other party updated on developments and remediation measures.

Fraud Management and Notification

If the merchant knows or suspects that customers have received fraudulent transfers or initiated fraudulent transactions through the services, the merchant must restrict the affected wallets or accounts within 24 hours and confirm the restriction to TGIPAY.

The merchant indemnifies TGIPAY in line with the agreement, and breach of this clause is treated as a material breach allowing TGIPAY to terminate on written notice.

Privacy and Data Protection

Both parties must comply with the NDPA and other applicable data protection laws and implement technical, physical, and organizational safeguards to ensure confidentiality, integrity, and availability of Personal Data.

• Each party is liable for breaches of its own obligations relating to the security and privacy of Personal Data.
• The merchant consents to TGIPAY sharing the merchant's data with affiliates, parent company, and related entities on a need-to-know basis for business integration and synergy purposes, subject to confidentiality requirements.
• Each party must ensure that it has the necessary consent and lawful basis to process Personal Data and must support data subject rights such as update, deletion, and transfer where required by law.
• On becoming aware of a data breach, a party must promptly notify the other and take reasonable remedial steps, including notifying regulators where required.

Anti-Corruption and AML/CFT

Each party undertakes that it and its directors, officers, employees, and affiliates have not offered, solicited, accepted, or authorized improper advantages in connection with the agreement and have not engaged in money laundering or terrorist financing.

Both parties must comply with all applicable anti-bribery, anti-corruption, anti-money laundering, and counter-terrorist financing laws in Nigeria.

Business Continuity Plan

The merchant must maintain and test a business continuity strategy capable of supporting recovery of operations linked to TGIPAY in the event of disruption or crisis.

• The merchant must resume business operations within four days after a crisis or disruption.
• The merchant must provide prompt support services to TGIPAY during crisis events affecting TGIPAY's operations.
• TGIPAY may conduct audit review or due diligence on the merchant's operations relating to the agreement on regular basis or when needed, on reasonable notice of at least 14 days.

General Provisions

The relationship between TGIPAY and the merchant is an independent business relationship, and neither party may bind the other in dealings with third parties except as expressly agreed.

• Both parties may contract with other service providers for similar services during the term.
• Assignment requires written consent except where TGIPAY assigns to an affiliate or in connection with a sale of all or substantially all of its business, undertakings, or assets.
• Modifications must be in writing and signed by authorized representatives.
• If any provision is invalid or unenforceable, the remaining provisions continue in effect.
• The agreement is the entire agreement and supersedes prior oral or written agreements on the subject matter.
• The agreement may be executed in counterparts and through electronic or digital signatures, each of which is treated as valid and binding.
• Notices may be given by personal delivery, registered or certified mail, or electronic mail to the contacts stated in the agreement.

Governing Law and Dispute Resolution

The agreement is governed by the laws of the Federal Republic of Nigeria.

The parties must first use reasonable endeavours to resolve disputes amicably. If unresolved within the negotiation window, disputes are to be referred to mediation at the Lagos Multi-Door Courthouse under its applicable rules, as stated in the agreement.

The dispute resolution clause survives termination of the agreement.