SafePay Developer Services Agreement
Effective Date: May 9, 2025
This Developer Policy ("Policy") provides rules and guidelines that govern access to or use by our developers (“you” or “your”) of the Forseti API, websites (“Site”), dashboards, related tools, and other products or services (collectively, the "Services") provided by SafePay, LLC. (“SafePay”, “Forseti”, “we”, “our”, and “us”). Any violation of this Policy may result in suspension or termination of your access to the Services and/or access to end users’ personal and financial information provided by SafePay ("End User Data").
By accessing and using the Services, you agree to comply with all the terms of this Policy. This Policy will apply each time you access or use the Services. If you are agreeing to the terms of this Policy on behalf of an organization or entity, you represent and warrant that you are so authorized to agree on behalf of that organization or entity. This Policy is important; please read it carefully.
We may update or change this Policy at any time in our discretion. If we make any changes to this Policy that we deem to be material, we will make a reasonable effort to inform you of such change. If you object to a change, your exclusive remedy is to cease any and all access and use of the Services.
Registration
To sign up for the Services, you must create an account ("Account") by registering on our Site and providing true, accurate, and complete information about yourself and your use of the Services. You agree not to misrepresent your identity or any information that you provide for your Account, and to keep your Account information up to date at all times. It is your responsibility to maintain access to your Account; you may never share your Account information, including your Forseti password, as well as your API authentication credentials, including any Client Identification Number (“Client ID”) and secrets, with a third party or allow any other application or service to act as you.
Compliance with Applicable Law
When using the Services, you agree to abide by all applicable local, state, national, and international laws. You also confirm that you, your business, your employees, your service providers, and any others acting on your behalf adhere to all applicable laws, especially those pertaining to financial data, data protection, privacy and data security.
In addition, you certify that you, your officers, directors, shareholders, direct and indirect parent entities, subsidiaries, and affiliates:
-	are and will remain in compliance with all applicable import, re-import, sanctions, anti-boycott, export, and re-export control laws and regulations (including all such laws and regulations that apply to a U.S. company, such as the Export Administration Regulations, the International Traffic in Arms Regulations, and economic sanctions programs implemented by the Office of Foreign Assets Control (OFAC));
-	are not subject to, or owned by parties that are subject to, sanctions or otherwise identified on any sanctions-related list, including but not limited to lists maintained by the United States government (such as the List of Specially Designated Nationals and Blocked Persons, maintained by OFAC, the Entity List maintained by the U.S. Commerce Department’s Bureau of Industry and Security, and the CAATSA section 231(d) list maintained by the U.S. State Department), or other applicable government authority; and
-	are not engaging, and will not engage, in activities which may require or permit any applicable government authority to pursue an enforcement action against, or impose economic sanctions on you or us.
The certifications immediately above are not sought, and are not provided, if and to the extent such request or certification would constitute a violation of any anti-boycott, non-discrimination, or blocking provisions foreseen in applicable local laws.
You are solely responsible for ensuring that your use of the Services is in compliance with all laws applicable to you, including without limitation, the rules and guidelines of any system or network that facilitates payments and any security requirements, including under the Payment Card Industry Data Security Standards (PCI-DSS), as may be applicable to you.
Security
You are responsible for securely maintaining your SafePay Dashboard username and password, as well as your API authentication credentials, including your Client ID and secret. You agree to notify us promptly at security@forsetiverify.com in the event of any breach of security or unauthorized use of your Account or any End User Data. You must never publish, distribute, or share your Client ID or secret, and must encrypt this information in storage and during transit.
Your systems and application(s) must handle End User Data securely. With respect to End User Data, you should follow industry best practices and at a minimum must perform the following:
-	Maintain administrative, technical, and physical safeguards that are designed to ensure the security, privacy, and confidentiality of End User Data.
-	Use modern and industry standard cryptography when storing or transmitting any End User Data.
-	Maintain reasonable access controls to ensure that only authorized individuals that have a business need have access to any End User Data.
-	Monitor your systems for any unauthorized access.
-	Patch vulnerabilities in a timely fashion.
-	Log and review any events suggesting unauthorized access.
-	Plan for and respond to security incidents.
-	Comply with relevant rules and regulations with regard to the type of data you are handling, such as the Safeguards Rule under the Graham-Leach-Bliley Act.
Data Storage and Usage
Any End User Data in your possession must be stored securely and in accordance with applicable laws. To the extent applicable, if you use End User Data in an anonymized form then your use of such anonymized data must be clearly and conspicuously disclosed to the End User including a description of how you use such anonymized End User Data.
Account Deactivation
Once you stop using the Services in accordance with any applicable agreement you may have with us, you may deactivate your Account by following the instructions on the Site. We may also deactivate your Account if you have ceased using the Services for three months; your failure to remit payment to us as specified by the terms of our contract and invoices to you; your applicable agreement with us terminates or expires; or as reasonably necessary under applicable law. After your Account deactivation, we will deprovision your access to all End User Data associated with your integration.
Even after your Account deactivation, and to the extent permitted under applicable law, we may still retain any information we collected about you for as long as necessary to fulfill the purposes outlined in our privacy policy/statement, or for a longer retention period if required or permitted under applicable law.
Prohibited Conduct
You agree not to, and agree not to assist or otherwise enable any third party to:
-	sell or rent End User Data to marketers or any other third party;
-	access or use the Services or End User Data for any unlawful, infringing, threatening, abusive, obscene, harassing, exploitative, defamatory, deceptive, or fraudulent purpose;
-	collect and store end users’ bank credentials and/or End User Data other than as required to access or use the Services, as authorized by the end user to fulfill your obligations to them, as permitted by SafePay, and as permitted under applicable law;
-	use, disclose, or retain any “nonpublic personal information” (as defined under the Gramm-Leach-Bliley Act) or “personal information” (as defined under the California Consumer Privacy Act) other than in strict compliance with applicable law;
-	use, disclose, or otherwise process any personal identifiable information and personal financial information other than in strict compliance with applicable law;
-	access or use the Services or access, transmit, process, or store End User Data in violation of any applicable privacy laws or in any manner that would be a breach of contract or agreement with the applicable end user;
-	access or use the Services to infringe any patent, trademark, trade secret, copyright, right of publicity, or other right of any person or entity;
-	access or use the Services for any purpose other than for which it is provided by us, including for competitive evaluation, spying, creating a substitute or similar services to any of the Services, or other nefarious purpose;
-	scan or test (manually or in an automated fashion) the vulnerability of any Forseti infrastructure without express prior written permission from SafePay;
-	breach, disable, interfere with, or otherwise circumvent any security or authentication measures or any other aspect of the Service;
-	overload, flood, or spam any part of the Services;
-	create developer accounts for the Services by any means other than our publicly-supported interfaces (e.g., creating developer accounts in an automated fashion or otherwise in bulk);
-	transfer, syndicate, or otherwise distribute the Services or End User Data without express prior written permission from SafePay;
-	decipher, decompile, disassemble, copy, reverse engineer, or attempt to derive any source code or underlying ideas or algorithms of any part of the Services, except as permitted by applicable law;
-	modify, translate, or otherwise create derivative works of any part of the Services;
-	access or use the Services or End User Data for end users in which you have no explicit legal basis or authorization by the end user to access their data
-	access or use the Services or End User Data in a manner that violates any agreement between you or the end user and SafePay; or
-	access or use the Services or End User Data in a manner that violates any applicable law, statute, ordinance, or regulation.
Suspension and Termination
We reserve the right to withhold, refuse, or terminate access to the Services and/or End User Data in whole or in part where we believe the Services are being accessed or used in violation of this Policy or any other SafePay agreement, including SafePay’s agreements with any third party partners or data sources of SafePay (each, a “Partner”), or where use would pose a risk of harm, including reputational harm, to SafePay, its infrastructure, its data, the Services, an end user, or a Partner.
We will use reasonable efforts to notify you via email or other method when deciding to withhold, refuse, or terminate access to the Services and/or End User Data. We may immediately suspend or terminate access without notice if appropriate under the circumstances, such as when we become aware of activity that is a violation of any applicable law or when we determine, in our sole discretion, that harm is imminent.
SafePay will not be liable for any damages of any nature suffered by you or any third party resulting from SafePay’s exercise of its rights under this Policy or under applicable law.
Reporting Violations
If any person becomes aware of a violation of this Policy, we request that you immediately notify us via email to legal@forsetiverify.com. We may take any appropriate action -- including reporting any activity or conduct that we suspect violates the law to appropriate law enforcement officials, regulators, or other appropriate third parties -- in our sole discretion in respect to such violations. We may also disclose relevant information about your use of our Services as part of our Dispute Resolution process, if it has been determined by us, law enforcement officials, regulators, or competent legal representative that you may have violated this Policy; or to defend us from damages or suit caused by lack of agreement between you and an end user and your subsequent access to their End User Data from our Services, to the extent permitted by law.
Force Majure
SafePay will not be liable for the non-performance or failure to provide any part of the Forseti Platform occurring as a result of any events that are beyond the reasonable control of SafePay, for example, but not limited to, fire, telecommunications or internet failure, utility failure, power failure, equipment failure, employment strife, riot, war, terrorist attack, non-performance of third party suppliers, acts of God such as storm or lightning damage, or other causes over which SafePay has no reasonable control.
Dispute Resolution
We hope you will have a positive experience using our Platform, but should a dispute between us arise out of or relating to these Terms, in lieu of a Master Services Agreement defining a different process we agree to resolve the dispute by following these steps:
1.	Send us a notice, according to the Notices section below, describing the dispute and including all relevant facts so we know how to help you.
2.	Within 8 business days after our receipt of your notice, we will reach out to discuss your dispute with you.
3.	If we’re not able to resolve your dispute during our discussion, you will send us a written proposal for resolving your dispute.
4.	Within 15 business days after our receipt of your written proposal, we will let you know whether we agree to your proposal, or we will provide you with a counter-proposal.
After Step 4, it’s up to you to decide whether you’d like to continue to negotiate with us to resolve your dispute, or whether you’d like to pursue a resolution through some other means.
Throughout this process, both you and SafePay agree to negotiate in good faith and according to the terms of this section to resolve the dispute before resorting to litigation or some other form of dispute resolution procedure. All negotiations (including your notice, our discussions, and your and our proposals) pursuant to this section are confidential and treated as compromise and settlement negotiations for the purposes of federal and state rules of evidence and procedure.
Universal Data Access
Forseti promotes an Open Finance ecosystem in which end users own their data (e.g., financial data) and may grant access to such data to third parties. To the extent that you host any such end user data not already accessible by SafePay, upon SafePay’s reasonable request, the parties agree to cooperate in good faith to negotiate and initiate an arrangement for SafePay to access such end user data on behalf of end users.
Jurisdiction
Notwithstanding the place where this Agreement may be executed by any party, or as explicitly defined by a Master Service Agreement, this Agreement, the rights and obligations of the parties, and any claims and disputes relating hereto shall be subject to and governed by the laws of the State of Georgia and the laws of the United States of America as applied to agreements among Georgia residents to be entered into and performed entirely within the State of Georgia, and such laws shall govern all aspects of this Agreement, and the parties hereby waive all questions of personal jurisdiction and venue of such courts, including, without limitation, the claim or defense therein that such courts constitute an inconvenient forum. You agree that in the event of conflict between the laws of the State of Georgia and the laws of the United States of America and any other jurisdictional laws (including international law), the laws of the State of Georgia and the laws of the United States of America shall prevail. 
Enforcement of this Agreement
The failure by you or SafePay to exercise in any respect any right provided for herein or in any other agreement you may have with us shall not be deemed a waiver of any further rights hereunder.
If any provision of this Policy is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that this Policy shall otherwise remain in full force and effect and enforceable.