Processing Agreement

All capitalized terms used but not defined in this Payments Agreement shall have the meanings given to them in Appendix A attached to this Payments Agreement, and if not defined in Appendix A then the meaning given in the Terms of Use.

Customer engages in the type of business described in the Application. Customer agrees that, during the term of the Agreement, it will not materially change its business or the method in which it markets or sells its goods and/or services from what is described in the Application without the prior written consent of Payload. If any information provided to Payload in the Application changes or becomes inaccurate, Customer must immediately notify Payload.

Customer will establish (if not already established) and maintain a Bank Account to: (a) as applicable, debit or credit Payments; and (b) debit fees and any other amounts due to Payload pursuant to the Agreement. Customer agrees to keep its Bank Account information up-to-date with Payload at all times. Failure to do so may result in Payments being misdirected, withheld, or returned. Payload shall in no event be liable for any Losses directly or indirectly resulting from incorrect Bank Account information. Any fees, interest expenses or other expenses with respect to the Bank Account will be the sole responsibility of Customer and will be paid directly by Customer. During the term of this Payments Agreement, and for no less than one (1) year thereafter, Customer will maintain a positive balance in the Bank Account at all times sufficient to accommodate all funding required by this Payments Agreement. Payload reserves the right to require that Customer maintain a minimum balance in the Bank Account in an amount to be reasonably determined by Payload. If there is, at any time, a deficit in the Bank Account, Customer shall immediately deposit funds into the Bank Account to cover the deficit or immediately pay such amounts directly to Payload. Customer agrees to reimburse Payload, on demand, for any Losses incurred by Payload, Processor or Bank as a result of insufficient funds in the Bank Account. Alternatively, if Payload has required the establishment of a Reserve Account, Payload may offset such amount against the Reserve Account in accordance with Section 8 (Security Interest; Reserve Account; Right of Setoff) of this Payments Agreement. Customer and Payload will mutually agree upon the provision of reporting and exchange of data as may be required by Payload to monitor and manage the activity relative to the Bank Account including, any transfers to and from the Bank Account.

Payload has requested Bank to establish and maintain a Settlement Account in Bank’s name and tax identification number, which Bank may use to temporarily hold funds as a non-fiduciary custodian for the benefit of Customer (and Payload’s other customers). Customer hereby appoints Payload as its agent for the purpose of acting on Customer’s behalf with respect to the Settlement Account. Customer acknowledges that funds in the Settlement Account may be pooled and comingled with funds of other Payload customers or other Bank customers. Customer represents, warrants, acknowledges and agrees that: (a) Bank is the sole legal owner of the Settlement Account and all Settlement Account Funds (defined below), and the Customer has a beneficial ownership interest in the Settlement Account and its share of Settlement Account Funds within the Settlement Account; (b) Customer is not a signatory on the Settlement Account and shall not and cannot access the Settlement Account or any Settlement Account Funds (notwithstanding the fact that Bank may distribute funds from the Settlement Account to Customer, Payload or other designated third party recipients based on payment information provided to Bank by Customer (through Payload, as its agent); (c) Payload is the duly appointed agent of Customer to fulfill the purposes of this Payments Agreement; (d) Payload is a service provider to Customer and not a partner or co-venturer; (e) Customer is not a third party beneficiary of Payload’s agreement with Bank; (f) Bank does not owe Customer any duties of oversight of Payload or duty to inquire of Customer with respect to payment information given to Bank regarding the Settlement Account or payments from the Settlement Account. Customer understands that it is liable to Payload for payment, by final irrevocable funds, for any payment order given to and accepted by the Bank at Customer’s request, for payment from the Settlement Account. “Settlement Account Funds” means the total of: the Settlement Account balance (whether derived from provisional credits of final funds), and all “deposits in transit,” which means any amount which is in the process of being collected by the Bank or any of its affiliates, or transmitted to the Bank, or any of its affiliates, and intended to be directly or indirectly credited to the Settlement Account for use to fund any prior, current or subsequent payment from the Settlement Account, without regard to whether the payment is provisional or final. Customer agrees to be liable and responsible for any reversals, returns or chargebacks (“Disputed Amounts”) associated with its requested Payments, and authorizes Payload to instruct Bank to setoff the amount of such Disputed Amount against funds held in the Settlement Account, and if the balance of funds held for the benefit Customer in the Settlement Account is insufficient to cover the Disputed Amount, Customer will immediately, upon request from Payload, transfer funds to the Settlement Account to be credited to Payload in the Disputed Amount.

Customer acknowledges that, in connection with the Settlement Account, Payload implements and maintains appropriate procedures to: (a) verify the identity of its customers; (b) prevent and detect money laundering and terrorist financing; (c) prevent violations of sanctions and controls laws administered by the Office of Foreign Assets Control (“OFAC”) of the U.S. Department of Treasury or by the Bureau of Export Administration, and (d) prevent unfair or deceptive acts or practices (“UDAAP”) by customers. Customer agrees to cooperate with Payload in connection with each of the foregoing and to provide any information reasonably requested by Payload or Bank in support of its compliance with and review of the foregoing.

If Customer elects to allow Clients to pay in more than four (4) installments for the goods or services purchased, Customer must first seek approval from Payload. If approved, Customer is solely responsible for its compliance with all present and future Applicable Laws and Operating Regulations relating to installment programs and any required consumer disclosures related thereto, including without limitation the Truth in Lending Act (Regulation Z), the Electronic Fund Transfer Act (Regulation E), the Fair Credit Reporting Act (FCRA), the Electronic Signatures in Global and National Commerce Act (E-Sign Act), and other consumer protection laws, including without limitation as such laws and their associated regulations apply to consumer disclosures, consumer liability, transaction limits, error resolution and disputes. While Payload may, in its discretion, assist Customer with disclosures and practices relating to such installment programs, Customer’s provision or approval of any materials or practices shall not be deemed a confirmation that such materials or practices comply with Applicable Laws or Operating Regulations and shall not in any way relieve Customer from its responsibility to ensure that all program materials and practices comply with the Applicable Laws and Operating Regulations.  Customer will indemnify Payload Entities for Losses resulting from such conduct.

If Customer elects to impose a fee on its customers with respect to payment transactions (including a surcharge for credit cards, a convenience fee, service fee, processing fee, or similar type of fee) or implement a discount based on the type of payment method used for a transaction (including cash, check, or ACH) (collectively, “Cardholder Fee Program”), Customer must first seek approval from Payload (and in the event such Cardholder Fee Program is a surcharge, approval must also be obtained from Processor by Payload). Customer must comply with, and is solely responsible for its compliance with, all Applicable Laws and Operating Regulations relating to any such Cardholder Fee Program, including with respect to fee shifting compliance and pricing disclosures related thereto. Although Payload may, in its discretion, assist Customer with disclosures and practices relating to such Cardholder Fee Programs, Payload’s provision or approval of any materials or practices shall not be deemed legal advice or a confirmation that such materials or practices comply with applicable law or rules, and shall not in any way relieve Customer from its responsibility to ensure that all its program materials and practices are in compliance with the Operating Regulations or Applicable Laws. Furthermore, Payload may modify the requirements, policies, and procedures of any Cardholder Fee Program at any time with notice to Customer. Customer must provide Payload with at least at thirty (30) days’ prior written notice before implementing (or announcing publicly that it intends to implement) any Cardholder Fee Program that would be considered a surcharge program under the Operating Regulations. Customer is liable for and will indemnify and hold harmless Payload and/or Processor for any Losses resulting from its implementation of a Cardholder Fee Program.

(a) Security Interest and Lien. Customer hereby grants a security interest and lien upon funds payable to or in the Bank Account or any substitute account now and in the future and all proceeds thereof to Payload to secure all fees, costs, and charges due in accordance with the Agreement (the “Amounts Due”) and all Losses incurred by Payload Entities. In the exercise of its rights with regard to the security interest and lien, Payload may only debit the Bank Account to the extent of the then existing Amounts Due or Losses and shall only do so if Payload becomes reasonably concerned about whether the Customer will otherwise fulfill its financial obligations. The security interest and lien granted herein shall survive the termination of the Agreement until all Amounts Due and Losses are determined and paid in full. Customer hereby authorizes Payload to prepare all documents or to take other actions reasonably necessary to perfect its security interest or lien in the Bank Account or any substitute account therefor.

(b) Establishment of Reserve Account. Payload, Bank or Processor may require Customer to fund a separate reserve account (“Reserve Account”) for any reason related to Customer’s use of the Payment Services.  The Reserve Account will be in an amount as reasonably determined by Payload, Bank or Processor to cover anticipated Amounts Due and potential Losses.  If Customer does not have sufficient funds in its Reserve Account, Payload may fund the Reserve Account from any funding source associated with the Payment Services, including any funds: (i) deposited by Customer; (ii) due to Customer, or (iii) available in Customer’s Bank Account, or by other payment instruction registered with Payload.

(c) Set-Off Rights.  To the extent permitted by Applicable Law, Payload may set off against Customer proceeds for any obligation Customer owes Payload under any agreement with Payload (e.g., disputes or refunds).  If Customer owes Payload an amount that exceeds Customer’s cumulative incoming proceeds, Payload may debit the Bank Account.  Customer's failure to fully pay amounts that it owes to Payload on demand will be a breach of the Agreement.

Payload may, from time to time, audit Customer’s compliance with the terms of the Agreement. Customer shall provide all information requested by Payload necessary to complete the audit. Upon Payload’ request, Customer shall provide all of its books and records, including financial statements for Customer and personal financial statements for all guarantors. Customer authorizes Payload to make on-site visits to any and all of the Customer’s locations with regard to all information necessary or pertinent to the Payment Services. In addition, at any reasonable time (during normal business hours) upon reasonable notice to Customer, Customer shall allow auditors, including the auditors of Payload, any Association or any third party designated by Payload, Processor, Bank or the applicable Association, to review the files held and the procedures followed by Customer at any or all of Customer’s offices or places of business. Any such audit shall be at Customer’s expense. Customer will assist such auditors as may be necessary for them to complete their audit and will cooperate fully. In the event that a third-party audit is requested by an Association, Bank or regulatory agency, and/or required by the Operating Regulations or Applicable Law, Payload may, at its option, and at Customer’s sole expense, either retain a third party to perform the audit, or require that Customer directly retain a specific third-party auditor. If Payload requires that Customer directly retain the auditor, Customer shall arrange immediately for such audit to be performed and will provide Payload and the Associations with a copy of any final audit report.

Customer authorizes Payload or its respective agents to: (a) investigate the background and personal and business credit history of any of the principals and employees associated with Customer’s business from time to time; and (b) obtain: (i) a business report on Customer’s business from any company providing credit reporting service; and (ii) a consumer credit report on any such principal or employee from consumer credit reporting agencies upon registration and thereafter from time to time as deemed necessary by Payload, for evaluating Customer’s creditworthiness for underwriting purposes in connection with Customer’s use of the Payments Services. Payload may terminate this Payments Agreement if the information received in any investigation is unsatisfactory in Payload’s sole discretion.

Customer hereby represents and warrants that: (a) the execution, delivery and performance of this Payments Agreement has been duly authorized by all necessary appropriate authorizing actions of Customer; (b) the execution, delivery and performance of this Payments Agreement will not contravene any applicable by-law, corporate charter, partnership or joint venture agreement, Applicable Law, Operating Regulation, or judgment involving Customer; (c) the execution, delivery and performance of this Payments Agreement will not contravene any provision or constitute a default under any other agreement, license or contract which Customer is bound; (d) the Agreement is valid and enforceable in accordance with its terms against Customer; (e) Customer will be bound by any amendments and modifications to the Agreement provided by Payload in accordance with the Agreement; and (f) Customer has all necessary consents, rights and permissions to authorize Payload to perform the investigations permitted by Section 10 (Credit Investigations).

(a) Fees Due.

(b) Client Payment Obligations.

(c) Fee Changes.

(d) Third Party Assessments. 

(e) Late Fees.

(f) Collection Charges.

(g) Taxes, Information Filings and Backup Withholding.

(h) Disputes.

(a) Confidentiality of Information.

(b) Permitted Disclosures.

(a) Term.

(b) Termination.

(a) Arbitration Agreement Acknowledgment.

(b) Notice of Alleged Breach.

(c) Client Disputes.

(d) Exclusive Remedy.

(e) Force Majeure.

(f) Indemnification.

(g) Limitation of Liability.

(h) Reciprocity.

Notices to Payload shall be provided in accordance with Section 19.l (Notices) of the Terms of Use. Except for notices which may be provided by Payload to Customer on the Customer statement, all notices, requests, demands or other instruments, which may be or are required to be given to Customer in connection with this Payments Agreement, shall be provided to the physical or email address provided in the Application. Customer may change the address to which subsequent notices are to be sent by Notice to Payload in accordance with Section 19.l (Notices) of the Terms of Use.

Payload may from time to time without prior notice amend or modify this Payments Agreement in accordance with Section 15 (Additional Terms; Changes to the Agreement and Services) of the Terms of Use. If an amendment or modification to this Payments Agreement will, in Payload’s sole discretion, significantly adversely affect Customer’s use of Payments Services, Payload will provide at least ten (10) days’ prior notice to Customer of any such modification. Notwithstanding the foregoing, Payload may amend the Payments Agreement immediately upon notice (despite any potential adverse impact to Customer) if such amendment is required: (a) to comply with Applicable Laws or Operating Regulations, (b) by Bank or Processor, (c) by any of Payload’s TPSPs; or (d) to pass through charges from third parties, including without limitation Processor, Bank, Associations, or any TPSP.

(a) E-Delivery Generally.

(b) System Requirements.

(c) Additional Paper Copies.

(d) Withdrawal of E-Delivery Consent.

The individual accepting this Payments Agreement on behalf of Customer represents and affirms that: (a) they are binding themselves personally; (b) Customer has the power and authority to enter into this Payments Agreement; and (c) the execution and delivery of this Payments Agreement and the performance of Customer's obligations hereunder have been duly authorized by all necessary corporate or company action.

Definitions

As used in the Payments Agreement, the terms below mean as follows:

• "ACH" means the Automated Clearing House electronic payments network.
• "Acquiring Services" means Card payment acquiring, authorization, processing, and settlement services for payment organizations and networks.
• "Agreement" has the meaning given in the Terms of Use.
• "Application" means the paper or electronic enrollment application for the Payment Services required by Payload and completed and delivered by Customer as a prerequisite for participating in the Payment Services.
• "Applicable Laws" means all applicable state, federal, and local laws, rules and regulations, including without limitation, the Bank Secrecy Act, the implementing regulations issued by the U.S. Treasury's Office of Foreign Assets Control (OFAC) and the Federal Trade Commission (FTC), as well as any and all other federal and state anti-money laundering laws and regulations.
• "Association" or "Associations" means Mastercard, Visa, Discover and Other Networks.
• "Authorization" means an affirmative response by or on behalf of an Issuer, to Customer's request to affect a Card Transaction, that a Card Transaction is within the Cardholder's available credit limit and that the Cardholder has not reported the Card lost or stolen. All Card Transactions require Authorization.
• "Bank" means Payload's partner bank that provides services and maintains accounts related to Payload's provision of Services. As of the Effective Date of the Payments Agreement, Bank shall be JP Morgan Chase Bank, N.A., a national banking association. The Bank may be changed, and its rights and obligations assigned to another party at any time without prior notice.
• "Bank Account" means the Customer's depository account at a U.S. financial institution capable of receiving ACH entries and identified in Customer's Application or other documentation provided to Payload to set up the Payment Services.
• "Card Transaction" means the acceptance of a Card or information embossed on the Card for payment for goods sold and/or leased or services provided to Cardholders by Customer and receipt of payment from Payload whether the transaction is approved, declined, or processed as a Forced Sale.
• "Cardholder" means any person authorized to use a Card or the accounts established in connection with a Card.
• "Card(s)" means a card, code, device or other means allowing access to a Mastercard, Visa, Discover or Other Network credit card, debit card or account number assigned to a Cardholder.
• "Client" means a customer of Customer.
• "Data Incident" means any alleged or actual compromise, unauthorized access, disclosure, theft, or unauthorized use of payment information (including a Card) or Cardholder information (including personally identifiable information), regardless of cause, including without limitation, a breach of or intrusion into any system, or failure, malfunction, inadequacy, or error affecting any server, wherever located, or hardware or software of any system, through which such information resides, passes through, and/or could have been compromised.
• "Discover" means Discover Financial Services, LLC.
• "Fee Schedule" means a paper or electronic disclosure of fees due to Payload in connection with the Payment Services, as may be amended from time to time, which may be provided separately or within the Application.
• "Force Majeure Event" means errors in data provided by Customer or others, labor disputes, fire, weather or other casualty, power outages, and funding delays, however caused, governmental orders or regulations, or any other cause, whether similar or dissimilar to the foregoing, beyond Processor's, Bank's, or Payload's reasonable control.
• "Forced Sale" means a Card Transaction processed without an approved electronic authorization number being obtained for the full amount of the Card Transaction at the time the Card Transaction is processed.
• "Issuer" means a member of an Association that issued a Card to a Cardholder.
• "Losses" has the meaning given in the Terms of Use.
• "Mastercard" means MasterCard International Inc.
• "Nacha" means the National Automated Clearing House Association.
• "Nacha Rules" means the rules promulgated by Nacha, as they may be amended and in effect from time to time.
• "Operating Regulations" shall mean the by-laws, operating regulations and/or all other rules, guidelines, policies and procedures of VISA, MasterCard, Discover, and/or Other Networks, and all other applicable rules, regulations and requirements of Processor, Member Bank, Payload, banks, institutions, organizations, associations, or networks which govern or affect any services provided under this Agreement, and all rules and regulations which govern or otherwise affect the activities of Payload, including, but not limited to, those of the National Automated Clearing House Association ("Nacha") as any or all of the foregoing may be amended and in effect from time to time.
• "Other Network" means any funds transfer network, including without limitation the network operated by NACHA, or card association other than Visa, Mastercard, or Discover that is identified in the Application or any subsequent amendment to this Agreement and in which Payload participates pursuant to the Processing Agreement.
• "Payload Entities" has the meaning given in the Terms of Use.
• "Parties" means collectively Customer and Payload.
• "Party" means either Customer or Payload.
• "Payments" means payments initiated or received by Customer using payment channels Payload makes available to Customer under this Payments Agreement.
• "Payment Facilitator" has the meaning given in the applicable Operating Regulations.
• "Payment Processing" means the process for funding Client's sales transactions, as more fully described in the Payments Processing Schedule.
• "Payor" has the meaning given in the Terms of Use.
• "Processor" means an entity contracted by Payload, which may change during the term of this Payments Agreement, to submit payment transaction information to the Associations on behalf of Payload and to receive and pay to Payload settlement funding for such payment transactions. As of the Effective Date of this Payments Agreement, the Processor is Paymentech, LLC, a Delaware limited liability company also known as Chase Merchant Services.
• "PSP" shall mean Payment Service Provider, as defined in the Operating Regulations.
• "Settlement Account" has the meaning given in the Payload Payor Terms portion of the Terms of Use.
• "TPSP" shall mean a third party other than Processor used by Customer or Payload in connection with the Services received hereunder, including but not limited to, Customer's software providers, equipment providers, subcontractors and/or third-party processors.
• "Visa" means VISA U.S.A. Inc.

Data Processing Addendum

This Data Processing Addendum ("DPA") supplements the terms of the Payment Processing Agreement ("Payments Agreement") entered into by and between Payload and Customer. Any terms not defined in this DPA shall have the meaning set forth in the Payments Agreement.

1. Definitions

In this DPA:

(a) "Affiliate"

(b) "Applicable Laws"

(c) “Authorized Employee”

(d) “Business” or “Data Controller”

(e) “Consumer” or “Data Subject”

(f) “Consumer Rights” or “Data Subject Rights”

(g) "Personal Data"

(h) “Personal Data Breach”

(i) "Process" or "Processing"

(j) "Service Provider" or "Data Processor" or "Processor"

(k) "Services"

(l) “Sensitive Personal Data”

(m) “Subprocessor”

2. Processing of Data and Compliance with Applicable Laws

(a) The Parties shall comply with this DPA at all times during the term of the Payments Agreement. Any failure by either Party to comply with the obligations set forth in this DPA will be considered a material breach of the Payments Agreement, and the other Party will have the right, without limiting any of the rights or remedies under this DPA or the Payments Agreement, or at law or in equity, to immediately terminate the Payments Agreement for cause.

(b) The rights and obligations of Payload with respect to Processing are described herein and in the Payments Agreement. The subject matter, nature, purpose, and duration of this Processing, as well as the types of Personal Data collected and categories of Data Subjects involved, are described in Exhibit 1 to this DPA.

(c) Payload shall only Process Personal Data for the limited and specified purposes described in Exhibit 1, the terms and conditions set forth in this DPA and in any written instructions provided by Customer.

Payload hereby certifies that it understands its restrictions and obligations set forth in this DPA and will comply with them.

(d) Payload shall promptly inform Customer if, at any time while the obligations of this DPA remain in effect, Payload is unable to comply with any of the obligations of this DPA, including Payload’s obligations to comply with Applicable Laws.

(e) Payload certifies that it understands the restrictions and obligations set forth in this DPA and will comply with them.

(f) Customer represents and warrants that it will: (i) comply with all Applicable Laws; (ii) ensure that any written instructions it provides to Payload will comply with all Applicable Laws, and (iii) make the required disclosures and obtain the necessary consents for Payload to Process Personal Data. Customer shall notify Payload if, in the opinion of Customer, an instruction it gave Payload violates Applicable Laws.

(g) If Customer cannot comply with Applicable Laws in the performance of its obligations to Payload, Customer agrees to promptly inform Payload of its inability to comply, in which case Payload is entitled to suspend the Processing of Personal Data, terminate the Payments Agreement, or otherwise stop Processing Personal Data and remediate any issues that arise as a result of Customer’s failure to comply with Applicable Laws.

(h) Payload acknowledges and confirms that it does not receive any Personal Data from Customer as consideration for any Services or other items provided to Customer. Except as expressly set forth in the Payments Agreement, Payload shall not have, derive or exercise any rights or benefits regarding data provided by Customer (“Consumer Data”) and Payload shall not sell any Consumer Data, as defined by Applicable Laws. Payload shall not retain, use or disclose any Consumer Data except as necessary for the specific purpose of performing the Services for Customer pursuant to the Payments Agreement. Payload certifies, represents, and warrants that it understands the rules, restrictions, requirements and definitions of the CPRA and agrees to refrain from taking any action that would cause any transfers of Consumer Data to or from Payload to qualify as a sale of personal information under the CPRA. The terms “personal information,” “sale,” and “sell” for the purposes of this Section 2 are as defined in Section 1798.140 of the California Consumer Protection Act (“CCPA”).

(i) Customer hereby instructs Payload to Process Personal Data to any country or territory as reasonably necessary for the provision of the Services and consistent with this DPA.

(j) Payload will not attempt to link, identify, or otherwise create a relationship between Personal Data and non-Personal Data or any other data without the express authorization of Customer.

3. Security of Personal Data

(a) Payload shall in relation to the Personal Data implement any measures required pursuant the Payments Agreement and Applicable Laws.

(b) Upon Customer’s written request, or, upon the termination or expiration of the Payments Agreement for any reason, Payload shall, and shall ensure that all Authorized Persons, promptly and securely dispose of or return to Customer in an encrypted format, at Customer’s choice, all copies of Personal Data.

(c) Where and to the extent disposal of Personal Data in accordance with Section 3(b) is explicitly prevented by Applicable Law(s) or technically infeasible, Payload and/or Authorized Persons, as applicable, shall (i) take measures to block such Personal Data from any further Processing (except to the extent necessary for continued Processing explicitly required by Applicable Law(s)), and (ii) continue to exercise appropriate Technical and Organizational Security Measures to protect such Personal Data until it may be disposed of in accordance with Section 3(b).

4. Subprocessing and Authorized Personnel

(a) Payload shall take reasonable steps to ensure that access to Personal Data is limited to those individuals who need to know/access the Personal Data to provide the Services, and ensure that all individuals it authorizes to Process Personal Data are bound by confidentiality obligations (whether by contract or under Applicable Law) in respect of the Processing of Personal Data.

(b) Customer acknowledges that Payload may engage Subprocessors in connection with providing the Services. Customer consents to Payload’s use of Subprocessors subject to compliance with the terms in this Section 4. Customer may request from Payload a copy of the list of Subprocessors who are involved in Processing of Personal Data. Payload has entered, and for new Subprocessors will enter, into a written agreement with each Subprocessor that offers at least the same protection of Personal Data as Payload is bound to provide and impose the same obligations as those imposed on Payload on the basis of the Payments Agreement and this DPA. Payload will carry out adequate due diligence to ensure Subprocessors are capable of providing the appropriate level of protection for Personal Data.

(c) Payload will notify Customer if it appoints a new Subprocessor before authorizing any new Subprocessor to Process Personal Data in connection with the Services.

(d) Customer may reasonably object to Payload’s use of a new Subprocessor by notifying Payload promptly in writing within fourteen (14) days after receipt of Payload’s notice. If Customer reasonably objects to a new Subprocessor and Payload does not resolve Customer’s reasonable objection within a reasonable period of time not to exceed fourteen (14) days, either Party may terminate the portion of the Payments Agreement relating to the Services involving the objected to new Subprocessor (which may involve termination of the entire Payments Agreement) by providing written notice to the other Party. Termination under this Section 4(d) will be without fault to either Party.

(e) Each Party shall remain responsible and liable for its compliance with Applicable Laws and any obligations ensuing from the Payments Agreement and this DPA.

5. Personal Data Breach

(a) Payload shall notify Customer of a Personal Data Breach as soon as reasonably practicable, but in any event, not more than forty-eight (48) hours after confirming such Personal Data Breach.

(b) In the event of a Personal Data Breach, Payload will provide Customer with such details as Customer reasonably requires regarding: (i) the nature of the Personal Data breach, including the categories and approximate numbers of data subjects and Personal Data records concerned; (ii) any investigations into such Personal Data Breach; (iii) the likely consequences of the Personal Data Breach; and (iv) any measures taken, or that Payload recommends, to address the Personal Data Breach, including to mitigate its possible adverse effects and prevent the re-occurrence of the Personal Data Breach.

(c) Payload may give Customer phased updates as additional information regarding the Personal Data Breach becomes available to Payload; and provide reasonable cooperation and assistance to Customer in relation to any remedial action to be taken in response to a Personal Data Breach, but will not notify any data subjects of the Personal Data Breach, absent Customer’s explicit instruction or as required by any law, rule, regulation, or binding court order to which Payload is subject.

(d) Customer may share any notification and details provided by Payload under this Section 5 with the appropriate governmental/supervisory authority if required to do so under Applicable Laws.

6. Rights of Data Subjects

Payload will provide such assistance as is reasonably required to enable Customer to comply with Data Subject Rights requests within the time limits imposed by Applicable Laws.

7. Recordkeeping

(a) Payload shall maintain records and information in accordance with Applicable Laws to demonstrate its compliance with this DPA (“Records”).

(b) On request, Payload shall make available to Customer all Records necessary to demonstrate compliance with this DPA and the Applicable Laws, and shall cooperate with verification, including inspections, by Customer or its third-party auditors in relation to the Processing of Personal Data.

8. Miscellaneous

(a) This DPA may be amended or modified only by a writing signed by both Parties. Both Parties may disclose this DPA to third parties (including other controllers, Data Subjects and regulators) for purposes of demonstrating compliance with Applicable Laws.

(b) In the event of any conflict or inconsistency among the following documents, the order of precedence will be: (1)  the terms of this DPA; and (2) the Payments Agreement.

Details of Processing

Nature and Purpose of Processing: Each Party will Process Customer's Personal Data as necessary to provide the Services under the Payments Agreement, for the purposes specified in the Payments Agreement, the Data Processing DPA, and in accordance with Customer's instructions as set forth in this Exhibit 1. The nature of Processing shall include:

• The Parties will Process Personal Data as necessary to fulfil the Party's obligations under the Payments Agreement and as otherwise set forth in this DPA

Duration of Processing:

• The Term of the Payments Agreement.

Categories of Data Subjects: Categories of data subjects whose personal data is transferred include:

• Restricted Business and business representatives,
• end customers of merchants, payment card holders,
• website and mobile app users,
• fraud prevention and risk management subjects,
• regulatory and compliance data subjects.

Categories of Personal Data: Categories of Personal Data include:

• identity information (e.g., name, age/date of birth, gender, photograph)

• contact information (e.g., phone number, address, email address)

• employment information (e.g., employer, job title)

• data that reasonably can be tied to a specific individual or computer, mobile telephone or tablet, such as IP address, MAC address or advertising ID. 

• location data (e.g., GPS, Bluetooth, GSM)

Special Categories of Data / Sensitive Personal Data

The Personal Data transferred concern the following special categories of data (please specify):

• financial data & payment information (e.g., bank account details, payment card details, transaction history)

• biometric data (e.g., facial recognition scans, voice recognition, video meeting recordings)

• government-issued identification (e.g., ssn, drivers license, ein)

• geolocation data (e.g., gps coordinates, bluetooth and wifi location tracking)

• criminal background data (e.g., publicly available or legally required criminal record checks, fraudulent transaction history)

Payment Card Acceptance Services

Customer may elect to receive from Payload the ability to accept Cards as payment for goods and services from Clients as described below ("Payment Card Acceptance Services"). If Payload agrees to provide Payment Card Acceptance Services to Customer, the terms of this Schedule 1 - Payment Card Acceptance Services (“Schedule 1”) will apply to Customer’s access to and use of the Payment Card Acceptance Services. This Schedule 1 (and any attachments hereto) is a schedule to the Payment Processing Agreement (“Payments Agreement”) with Payload and, together with the Payments Agreement, Terms of Use, and any schedules, exhibits, or other documents attached thereto or incorporated therein forms a part of the Agreement between Payload and Customer for Payment Card Acceptance Services. Unless separately terminated in accordance with the terms of the Agreement, this Schedule 1 will automatically terminate upon termination or expiration of the Payments Agreement. Capitalized terms used but not defined in this Schedule 1 will have the meaning given to them in the Payments Agreement (including Appendix A), the Terms of Use or the Operating Regulations, as applicable. Any inconsistency, conflict, or ambiguity between this Schedule 1 and any other portion of the Agreement will be resolved by giving precedence and effect to this Schedule 1, but only to the extent of the inconsistency, conflict, or ambiguity. Other than as expressly amended by this Schedule 1, all other provisions of the Agreement will remain in full force and effect.

1. Definitions

In this Schedule 1: (a) Customer is referred to as "Business"; (b) the term Payor (which is defined in the Terms of Use) includes a Cardholder (as defined in Appendix A); and (c) Bank is a member of Visa, Mastercard and/or Discover, as applicable, that provides sponsorship services in connection with the Payments Agreement.

2. Disclosure

This Schedule 1 includes the Disclosure, which is incorporated into and made a part of this Schedule 1 by this reference. The Payment Card Acceptance Services are provided by Processor and Bank pursuant to a Third-Party Payment Processor Agreement that Payload has entered into with Processor (“Processor Agreement”). Under the Processor Agreement, Processor provides Acquiring Services to Payload and allows Payload to act as a Payment Facilitator in connection with such Acquiring Services, including helping Business with chargebacks, reporting, status changes and questions about Acquiring Services. Payload is a registered PSP and Payment Facilitator. Business understands and agrees that Payload does not process, receive, or hold funds from Clients at any time in connection with the Card Transactions and that Payload is not a bank, money transmitter, or other money services business (as such terms are defined by the Bank Secrecy Act or any state law).

3. Services

Pursuant to the Processor Agreement, Payload has arranged for Processor to acquire, process and settle payment for transactions initiated by Payors, by means of instruction based funding. Such acquiring, processing and settlement shall be made in accordance with the Operating Regulations. Subject to processing delays and risk holds, Payload has made arrangements as a Payment Facilitator to cause Card payments to be made to Business. Processor will periodically transfer Payments to Business's Bank Account based upon instructions provided by Payload on behalf of Business.

4. Authorizations and Representations Related to Card Transactions

Business hereby authorizes Payload, as its agent, to instruct Processor and Bank debit and credit the Bank Account, to effect the Card Transactions contemplated by this Schedule 1 and to debit from Business’s Bank Account any associated chargebacks, refunds, and reversals, and any fees or charges owed to Payload. With respect to each Card Transaction, Business represents and warrants to Payload that the person whose name is submitted as Cardholder either made or authorized another to make the purchase. Upon breach of this warranty, Payload may charge back the Card Transaction to Business. If Payload charges back the Card Transaction to Business, Business shall pay Payload the amount of the Card Transaction, a chargeback fee, plus any applicable Association fine or assessment. Payload may charge the Card Transaction to the Bank Account or Reserve Account without prior notice to Business. If Business accepts a Pre-Authorized Recurring Order Transaction, the Cardholder shall execute and deliver to Business a written request for this pre-authorization. This written request shall be maintained by Business and made available upon request to Payload. All annual billings must be reaffirmed at least once a year. Business shall not deliver goods or perform services covered by a Pre-Authorized Recurring Order Transaction after receiving notification from the Cardholder that the pre-authorization is cancelled or from Payload that the Card covering the Pre-Authorized Recurring Order Transaction is not to be honored. A “Pre-Authorized Recurring Order Transaction” means any recurring Card Transaction which has been pre-authorized by the Cardholder for which the products or services are to be periodically delivered or performed by Business without having to obtain approval from the Cardholder in each instance.

5. Payload Obligations

Payload shall deliver payment to Business by a credit to the Bank Account equal to the reconciled summary of Business's total summary Card Transactions since the previous credit. This credit will be net of the following charges: (a) the sum of all Cardholder charges denied, refused or charged back; (b) all refunds processed on account of Cardholders during said time period; (c) all taxes, penalties, charges and other items incurred by Payload that are reimbursable pursuant to the Agreement; and (d) all fees, including to an amount equal to a specified percentage of the total cash price of each draft ("Merchant Discount Rate"), a specified amount per Card Transaction ("Transaction Fee") any processing fees collected from Cardholder (convenience fee and or payment plan setup fees) and additional fees such as a monthly statement fee, installation fees, and other fees identified on the Fee Schedule. In any case, including those defined in (a) to (d) above, Payload shall not be obligated to accept a Card Transaction for credit to the Bank Account. If Payload has credited the Bank Account or Reserve Account for such Card Transaction, Payload may return the Card Transaction to the Business, and Payload shall recover the amount of the Card Transaction from the applicable account. Business agrees that Payload, without prior notice to Business, may: (i) charge the amount of the Card Transaction to the Bank Account or Reserve Account; (b) recoup a fee of $25.00 for every chargeback incurred; (c) recoup the amount of the Card Transaction by adjustment of the credits due to Business; or (d) set-off the amount of the Card Transaction against any account or property Payload holds for or on behalf of Business.

6. Provisional Credit

Any credits to the Bank Account are provisional only and subject to revocation by Payload until such time that the Card Transaction is final and no longer subject to chargeback by the Issuer, Cardholder, or Associations.

7. Chargebacks

If a Cardholder disputes charges for goods or services before receiving them, a chargeback may result. Business is solely responsible to pay the amount of any chargeback resulting from Card Transactions that Business submits under this Schedule 1. Business must not exceed the Association threshold for chargebacks. If Payload determines that Business is incurring an excessive number of chargebacks, returns or reversals (as determined by Payload in its discretion), Processor, Payload or Bank may establish controls or conditions governing Business's Bank Account, including without limitation by: (a) assessing additional fees, (b) creating a Reserve in an amount reasonably determined by Payload; (c) delaying payment, and (d) terminating this Schedule 1, the Agreement, or suspending the Payment Card Acceptance Services. Business will assist in the investigation of any and all chargebacks and other actual or potential Card Transaction disputes and will timely provide such information to Payload as Payload may request.

8. Customer Disputes

Business is solely responsible for resolving any issues, problems or disputes with Cardholders. Business shall respond promptly to inquiries from Cardholders and shall resolve any disputes amicably. Payload reserves the right to charge Business reasonable fees and reimbursements, in addition to any applicable Association fees or charges, on account of excessive Cardholder inquiries, refunds, or chargebacks. Business agrees to maintain the following information in writing with respect to each claim or defense asserted by a Cardholder for which Business has received notice: (a) the Cardholder's name; (b) a unique confirmation number, transaction sequence number, or other identifier that the Business can use to reference the transaction in subsequent communications with Payload; (c) the date and time the Cardholder asserted the claim or defense; (d) the nature of the claim or defense; and (e) the action that Business took in an attempt to resolve the dispute. Upon request, Business shall furnish Payload with this information in writing within ten (10) days.

9. Business Responsibilities

10. Business Representations and Warranties

Business represents and warrants that: (a) neither it, nor any of its affiliates have been previously terminated for cause by Payload or any of its affiliates or by any other payment processor, (b) neither it nor any of its principals, managers, directors nor any of its principals, managers, directors or affiliates appear on the U.S. Department of the Treasury, Office of Foreign Assets Control (OFAC), Specially Designated Nationals (SDN) List or the Mastercard Member Alert to Control High Risk Merchants list ("MATCH"), (iii) neither it nor any of its affiliates have been cited as non-compliant (or potentially non-compliant) with any Operating Regulations or assessed a non-compliance assessment or fee by any Association, sponsor bank, or payment processor, (iv) neither it nor its affiliates have engaged in chargebacks in excess of the Association thresholds or been enrolled in any Association chargeback or risk monitoring program; (v) all of the information provided by Business on its Application is true and correct at all times and is not misleading or omitting material information.

11. Limited Acceptance

Business will elect whether to accept all Cards or not accept all Cards ("Limited Acceptance") from Clients for payment. For all Cards issued by U.S. issuers, Business must honor all Cards without discrimination within the Card types accepted in accordance with the Payments Agreement. Business must maintain a policy that does not discriminate among customers seeking to make a purchase with a Card. If Business elects Limited Acceptance, Business acknowledges and agrees that it elects to accept only certain Card types as indicated to Payload in writing. Business further acknowledges and agrees that Payload has no obligation other than those expressly provided under the Operating Regulations and Applicable Laws as they may relate to Limited Acceptance and that Company's obligations do not include policing Card types at the point of purchase. As a Limited Acceptance Business, Business will be solely responsible for the implementation of its decision for Limited Acceptance. Business will be solely responsible for policing, at the point of purchase, the Card type(s) of transactions it submits for processing. Should Business submit a transaction for processing for a Card type it has indicated it does not wish to accept, Payload and Processor may process that transaction and Business will pay the applicable fees, charges, and assessments associated with that Card Transaction. The Application or Fee Schedule, as applicable, distinguishes any Card acceptance-related fees and pricing methodology associated with each Limited Acceptance category. If Business has not elected to use Limited Acceptance, Business will accept all valid Cards unless Business provides thirty (30) days written notice to Payload requesting Limited Acceptance and stating Business's election of Card types. Limited Acceptance is not applicable to non-U.S. issued Cards and is in all instances subject to the Operating Regulations. Businesss accepting all Cards or a Limited Acceptance category of Cards must accept any valid Card issued by a non-U.S. issuer, as specified in the Operating Regulations. Business will prominently display Card signage provided by Payload in its places of business and the type of signage displayed will be in accordance with the Cards accepted by Business.

12. Business Prohibitions

Business acknowledges and agrees that the prohibited actions described below ("Prohibited Actions") are actions which may mislead, disadvantage, defraud or damage any, or all of, the following entities: Payor; issuing bank(s); settlement bank(s); Associations; Payload; Processor; or Bank. Business agrees that it must take all available steps and precautions to prevent fraud, theft, or misappropriation of Payor data. Business agrees that it will not take any of the following Prohibited Actions and it will not permit a third party under its control to take the Prohibited Actions in any situation where it has knowledge of such actions. Business is deemed to be responsible for and to control the conduct of its employees, contractors, customers, and representatives.

13. Data Security and Privacy

Business represents to Payload that it does not have access to Card information (such as the Cardholder's account number, expiration date, and CVV2) and will not request access to such Card information from Payload. In the event that Business receives such Card or other personal information of its Clients in connection with the Payment Card Acceptance Services provided under this Schedule 1, Business agrees that it will not use it for any fraudulent purpose or in violation of any Operating Regulations, including but not limited to PCI-DSS or Applicable Laws. If, at any time, Business believes that Client or Customer personal information has been compromised, Business must notify Payload promptly and assist in providing notification to the proper parties. Business must ensure compliance by itself and any TPSP utilized by Business, with all security standards and guidelines that are applicable to Business and published from time to time, including without limitation those published by Visa, MasterCard or any other Association, and including, without limitation, the Visa U.S.A. Cardholder Information Security Program ("CISP"), the MasterCard Site Data Protection ("SDP"), and (where applicable), the PCI Security Standards Council, Visa, and MasterCard Payment Application Data Security Standards ("PA-DSS")(collectively, the "Security Guidelines"). Payload will not be responsible for unauthorized use or access to Client personal information or financial data by Business, Business's employees, or any other party associated with Business. If any Association requires an audit of Business due to a data security compromise event or suspected event, Business agrees to cooperate with such audit. Business may not use any Card information other than for the sole purpose of completing the Card Transaction authorized by the Client for which the information was provided to Business, or as specifically allowed by the Operating Regulations or as required by Applicable Laws. Payload may use any and all information gathered in the performance of the Payment Card Acceptance Services or the operation of the Website in accordance with its Privacy Policy located at https://payload.co/privacy. In addition, Business agrees that Payload may use such information for any lawful purpose including marketing and deriving statistics regarding its Website and the Services.

14. Payment Card Industry Security Requirements

Associations have implemented a program to ensure the protection of Cardholder data, whether processed or stored, through a program of validation and compliance. As of the Effective Date of the Payments Agreement, information about the program, known as PCI, and specific requirements can be obtained at www.visa.com/cisp and www.pcisecuritystandards.org. The program is comprised of 12 major requirements: (a) install and maintain a firewall configuration to protect data; (b) do not use vendor-supplied defaults for system passwords and other security parameters; (c) protect stored data; (d) encrypt transmission of Cardholder data and sensitive information across public networks; (e) use and regularly update anti-virus software; (f) develop and maintain secure systems and applications; (g) restrict access to data by business need-to-know; (h) assign a unique ID to each person with computer access;(9) restrict physical access to Cardholder data; (i) track and monitor all access to network resources and Cardholder data; (j) regularly test security systems and processes; and (k) maintain a policy that addresses information security. Business agrees to be compliant with the standards set forth by the PCI Security Standards Council, as amended from time to time. Business is responsible for the security of Cardholder data. Payload, Business and the Associations have ownership of Cardholder data and may use such data ONLY for assisting these parties in the completion of Card Transactions, supporting a loyalty program, providing fraud control services, or for other uses specifically required by Applicable Law. In the event this Schedule 1 is terminated by either of the Parties, each Party agrees to continue to treat Cardholder data as confidential. Business must immediately notify Visa USA Risk Management, through Processor, of the use of a Business TPSP, and ensure the Business TPSP implements and maintains all of the security requirements, as specified in the PCI program.

15. Disclosure and Storage of Card Transaction Information

A Business must not disclose a Card account number, personal information, or other Card Transaction information to third parties other than to Payload, Business TPSPs or Bank for the sole purpose of: (a) assisting the Business in completing the Card Transaction; or (b) as specifically required by Applicable Laws or Operating Regulations. Business shall notify Payload of any third party that may or will have access to Card Transaction information. Business may only disclose Card Transaction information to approved third parties for the sole purpose of: (i) supporting a loyalty program; or (ii) providing fraud control services.

16. Parties to the Agreement; Entire Agreement

The Payments Agreement, including this Schedule 1, constitutes the agreement Payload is required to enter into under the Processing Agreement with its businesss. In addition, certain Associations may require Business to enter into a direct processing agreement with Processor and Bank ("Commercial Entity Agreement") if Business processes transactions in excess of a certain dollar amount as required by the Operating Regulations or such other amount or criteria provided in the Operating Regulations. By agreeing to this Schedule 1, Business agrees to be automatically bound to the terms and conditions of the Commercial Entity Agreement in Exhibit A with Processor and Bank effective as of the date Business's transaction volume exceeds the applicable threshold amount or meets the triggering criteria provided in the Operating Regulations. Processor and Bank may independently enforce the Commercial Entity Agreement. The Agreement, including this Schedule 1, shall not be superseded or replaced by the Commercial Entity Agreement. When the Commercial Entity Agreement applies, in the event of a conflict between the terms of the Agreement and the Commercial Entity Agreement, the terms of the Commercial Entity Agreement shall control.

17. OptBlue

In the event Business elects to participate in the American Express OptBlue Program ("OptBlue") to accept American Express Cards, the following terms and conditions will apply. Capitalized terms in this Section 17 (OptBlue) that are not otherwise defined in this Payments Agreement will have the meaning ascribed to them in the American Express Operating Guide or the American Express OptBlue Program Operating Regulations. Business must comply with, and accept American Express Cards in accordance with, the terms of this Schedule 1 and the American Express Merchant Operating Guide, as such terms may be amended from time to time. The American Express Merchant Operating Guide is incorporated by reference into this Schedule 1 (available at: https://icm.aexp-static.com/content/dam/gms/en_us/optblue/us-mog.pdf).

18. Investigations

Business will promptly notify Payload in the event Business becomes aware of any unusual or suspicious activity regarding its customers and will cooperate with Processor, Payload, Bank and the Associations, as applicable, in connection with any investigation of its customers' background or activity.

19. Acknowledgments

Business acknowledges and agrees that: (i) Business's receipt of Payments are transactions between Business and the relevant Payor who is a customer of Business and not with Payload nor any of Payload's affiliates; (ii) Payload is a Payment Facilitator for Business and is not a party to any transaction; (iii) funds processed by Processor or its service providers (including any bank service providers) in connection with the processing of Payments are not deposit obligations and are not insured for Business's benefit by any governmental agency. BUSINESS HEREBY ACKNOWLEDGES THAT THERE ARE RISKS ASSOCIATED WITH THE ACCEPTANCE OF CARDS AND BUSINESS HEREBY ASSUMES ALL SUCH RISKS EXCEPT AS MAY BE EXPRESSLY SET FORTH HEREIN. Payload or Processor may refuse to process any or all of Business's transactions in Payload's discretion.

20. Web Site Requirements for E-Commerce Businesss

A website operated by the Business that accepts Card Transactions must contain all of the following information: (a) complete description of the services offered; (b) return merchandise and refund policy, which includes the communication of the return policy during the order process and the requirement that the Cardholder must be allowed to select a "click to accept" option or other affirmative button to acknowledge the policy; (c) terms and conditions; (d) customer service contact including e-mail address or telephone number; (e) transaction currency; (f) export or legal restrictions; (g) delivery policy; (h) consumer data privacy policy; (i) the security method offered for transmission of payment data such as Secure Sockets Layer or 3-D Secure; and (j) address of the Business outlet's permanent establishment, including the Business outlet country. The foregoing information must be provided either (i) on the same screen view as the Payload screen used to present the total purchase amount; or (ii) within the sequence of web pages the Cardholder accesses during the Payload process.

21. Match Reporting

Under some circumstances, Processor and Bank may be required to report the Business to the MATCH listing or similar listings maintained by the Associations. Business acknowledges that Processor's and Bank's obligation to Businesss regarding such reporting is limited to submitting a corrective notice if any such reporting is in error.

22. Termination

In order to protect Payload and the Associations, Payload may, in addition to any other rights granted in the Agreement, terminate the Payment Card Acceptance Services provided under this Schedule 1, the Agreement, or any or all of the Services provided under the Agreement, immediately in any of the following circumstances: (a) chargebacks in excess of Association monitoring guidelines; (b) Business's percentage of error Card Transactions or retrieval requests is excessive in the opinion of Payload; or (c) Business appears on an Association terminated merchant file. For the avoidance of doubt, Business understands and agrees that nothing contained in the Agreement will lessen or otherwise interfere with the rights of Processor, Bank, or the Associations to terminate Business's ability to process Cards at any time.

23. Indemnification

In addition to Business's other indemnification obligations under the Agreement, Business agrees to indemnify, defend and hold Payload, Processor and Bank harmless from any and all Losses arising out of any of: (a) Card-Not-Present Transactions; (b) unauthorized Card Transactions; or (c) prohibited Card Transactions.

24. Limitation of Liability

In addition to any other limitations on damages and on liability as provided in the Agreement, Payload, Bank, and Processor shall not be liable to Business, Clients or any other person for any Losses resulting from the denial of credit to any person.

Commercial Entity Agreement

This Commercial Entity Merchant Agreement (this "Agreement") applies to all merchants that (a) use's Payload, LLC's ("TP3's") service (the "Service") for the acceptance of credit or debit card payments; and (b) are considered "Commercial Entities" as defined by Visa, Inc. and MasterCard International, Inc. (collectively, the "Card Brands"). Contingent and effective upon being considered a Commercial Entity, the merchant ("Merchant") is entering into this Agreement with JPMorgan Chase Bank, N.A. (the "Member"), and Paymentech, LLC ("Paymentech"), to govern the authorization, conveyance and settlement of Transactions utilizing the Service. By agreeing to the TP3 Payment Card Processing Schedule to the Payment Processing Agreement for Businesss to which this Agreement is an exhibit (by "click through" agreement or otherwise), Merchant is fulfilling the Card Brand Rules requiring a direct contractual relationship between the Member and Merchant, and Merchant is agreeing to comply with Card Brand Rules as they pertain to payments Merchant receives through TP3. Certain capitalized terms are defined in Section 12 below. Capitalized terms not otherwise defined herein have the respective meanings given them in the TP3 Terms of Service. Paymentech shall be a third-party beneficiary of, and may enforce any provisions of, or cease providing credit card processing services under, the TP3 Terms of Service between Merchant and TP3.

1. Merchant's Acceptance of Payment Cards

1.1 Payment Card Acceptance Policies and Prohibitions.

1.2 Card Brand Rules.

1.3 Requirements for Certain Transactions.

2. Authorizations.

Merchant is required to obtain an authorization code through Paymentech for each Transaction. Paymentech reserves the right to refuse to process any Transactions presented by Merchant unless it includes a proper authorization.

3. Refund and Adjustment Policies and Procedures; Privacy Policies.

3.1 Merchant must:

3.2 Policies for Ecommerce Merchants. Merchant must (subject to subsection (c) below):

4. Chargebacks.

4.1 Chargeback Reasons. Merchant is liable for all chargebacks.

4.2 Responding to Chargebacks. If Merchant has reason to dispute or respond to a chargeback, then Merchant must do so by the date provided on the applicable chargeback notice. If Merchant misses the chargeback due date, Paymentech has no obligation to investigate or attempt to obtain a reversal or other adjustment to any chargeback on Merchant’s behalf. Upon receiving a chargeback Merchant may resubmit the applicable Transaction for a second presentment if permitted by the Card Brand Rules.

4.3 Excessive Chargebacks. If Merchant is receiving an excessive amount of chargebacks, in addition to Paymentech’s other remedies under this Agreement, Paymentech may terminate this Agreement and cease providing processing services.

5. Display of Card Brand Marks.

Merchant is authorized to use the Visa and MasterCard names, logos, or marks only at the point of sale, on Merchant's promotional materials, and on Merchant’s website to indicate that Visa and MasterCard cards are accepted payment methods for the purchase of goods or services from Merchant through its use of the Service.

6. Term and Termination.

6.1 Term. This Agreement is effective upon the date Merchant becomes a Commercial Entity and continues so long as Merchant uses the Service or until sooner terminated by Merchant or Paymentech. This Agreement will terminate automatically upon any termination or expiration of Merchant's agreement with TP3. This Agreement may be terminated by Paymentech at any time (a) based on a breach of any of Merchant's obligations under this Agreement; (b) based on a breach of any of Merchant’s obligations under Merchant’s agreement with TP3; or (c) based on the termination of the payment processing relationship between TP3 and Paymentech.

6.2 Post Termination. If this Agreement is terminated by Paymentech, Merchant acknowledges that Paymentech may be required to report Merchant’s business name, and information about its principals, to the Card Brands, and Merchant expressly agrees and consents to such reporting. The termination of this Agreement will not affect either party’s rights or obligations with respect to Transactions submitted prior to termination. Therefore, the provisions governing processing and settlement of Transactions, all related adjustments, fees, and other amounts due from Merchant, and the resolution of any related chargebacks, disputes, or other issues involving Transactions, will continue to apply for all Transactions made prior to termination.

7. Indemnification.

Paymentech agrees to indemnify and hold Merchant harmless from and against all losses, liabilities, damages and expenses arising from our or our employee's gross negligence or willful misconduct in connection with this Agreement. Merchant agrees to indemnify Paymentech, Member, the Card Brands, and their respective affiliates, officers, directors, employees, agents, and sponsoring banks from any losses, liabilities, and damages of any and every kind (including, without limitation, Paymentech’s costs, expenses, and reasonable attorneys’ fees) arising out of:

8. Payment Card Industry Compliance.

Merchant must not:

Merchant must:

Paymentech may:

9. Disclaimer; Limitation of Damages.

Paymentech will, at its own expense, correct any Transaction if errors have been caused by Paymentech or by malfunctions of Paymentech’s processing systems.

PLEASE READ THIS PROVISION CAREFULLY

UNDER NO CIRCUMSTANCES WILL PAYMENTECH’S FINANCIAL RESPONSIBILITY FOR ITS FAILURE OF PERFORMANCE UNDER THIS AGREEMENT EXCEED THE TOTAL FEES PAID TO PAYMENTECH BY MERCHANT UNDER THIS AGREEMENT (NET OF CARD BRAND FEES, THIRD PARTY FEES, INTERCHANGE, ASSESSMENTS, PENALTIES, AND FINES) FOR THE SIX (6) MONTHS PRIOR TO THE TIME THE LIABILITY AROSE.

EXCEPT AS OTHERWISE PROVIDED FOR IN THIS AGREEMENT, AND EXCEPT WITH RESPECT TO MERCHANT’S FAILURE TO COMPLY WITH PCI-DSS OR OTHER SECURITY STANDARDS, IN NO EVENT WILL ANY PARTY, ITS RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES, OR AFFILIATES, BE LIABLE FOR SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, REGARDLESS OF THE FORM OR ACTION AND EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR ANY LOSS, THEFT, DISAPPEARANCE, OR DAMAGE TO DATA TRANSMITTED ELECTRONICALLY IN CONNECTION WITH THIS AGREEMENT.

ANY FINES, FEES, PENALTIES OR ASSESSMENTS IMPOSED BY THE CARD BRANDS RELATED TO MERCHANT’S ACCEPTANCE OF PAYMENT CARDS SHALL NOT BE DEEMED TO BE CONSEQUENTIAL DAMAGES.

ALL PARTIES ACKNOWLEDGE THAT THIS IS AN AGREEMENT FOR COMMERCIAL SERVICES. THE UNIFORM COMMERCIAL CODE DOES NOT APPLY AND PAYMENTECH AND MEMBER HEREBY DISCLAIM ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, MADE TO MERCHANT OR ANY OTHER PERSON, REGARDING QUALITY, SUITABILITY, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR OTHERWISE (REGARDLESS OF ANY COURSE OF DEALING, CUSTOM, OR USAGE OF TRADE) OF ANY SERVICES PROVIDED UNDER THIS AGREEMENT OR ANY GOODS PROVIDED INCIDENTAL TO SUCH SERVICES.

10. Miscellaneous.

10.1 Section Headings. The section headings of this Agreement are for convenience only and do not define, limit, or describe the scope or intent of this Agreement.

10.2 Assignment. Merchant may not transfer or assign this Agreement without the prior written consent of Paymentech. Any transfer or assignment of this Agreement by Merchant, by operation of law, merger, or otherwise, without Paymentech’s prior written consent is null and void, and Merchant is fully responsible with respect to all Transactions submitted by the purported assignee/transferee, and for any and all related liabilities, chargebacks, expenses, costs, fines, fees or penalties arising from such Transactions. Subject to Card Brand Rules, Paymentech may assign or transfer this Agreement and its rights and obligations hereunder and may delegate its duties hereunder, in whole or in part, to any third party, without notice to or consent of Merchant.

10.3. Parties; Independent Contractor. No agency, partnership, joint venture or employment relationship is created between Merchant and Member by this Agreement. In the performance of their respective obligations hereunder, the parties are, and will be, independent contractors. Neither party will bind, or attempt to bind, the other party to any contract or the performance of any obligation, and neither party will represent to any third party that it has any right to enter into any binding obligation on the other party’s behalf.

10.4 Severability. Should any provision of this Agreement be determined to be invalid or unenforceable under any law, rule, or regulation, including any Card Brand Rule, such determination will not affect the validity or enforceability of any other provision of this Agreement.

10.5 Waivers. No term or condition of this Agreement may be waived except pursuant to a written waiver executed by the party against whom such waiver is sought to be enforced.

10.6 Entire Agreement. This Agreement represents the entire understanding between Merchant and Paymentech with respect to the matters contained herein and supersedes any prior agreements between the parties. Merchant agrees that in entering into this Agreement it has not relied on any statement of Paymentech or its representatives.

10.7 Notices. Except as otherwise provided in this Agreement, all notices must be given in writing and either hand delivered, faxed, mailed first class, postage prepaid, sent via electronic mail transmission, or sent via overnight courier (and will be deemed to be given when so delivered or mailed) to Merchant’s legal address, to Paymentech at: Attn: Legal Department, 8181 Communications Pkwy, Plano, Texas 75024, or to such other address as either party may from time to time specify to the other party in writing.

10.9 Governing Law; Waiver of Right to Contest Jurisdiction; Waiver of Jury Trial; Arbitration. This Agreement will be governed by and construed in accordance with the laws of the State of Texas without reference to conflict of law provisions. Any action, proceeding, arbitration hearing or mediation relating to or arising from this Agreement must be brought, held, or otherwise occur in Dallas County, Dallas, Texas.

PLEASE READ THIS PROVISION CAREFULLY. IT PROVIDES THAT ANY CLAIM MAY BE RESOLVED BY BINDING ARBITRATION.

WITH BINDING ARBITRATION MERCHANT ACKNOWLEDGES AND AGREES THAT:

1. MERCHANT IS GIVING UP ITS RIGHT TO HAVE A TRIAL BY JURY TO RESOLVE ANY CLAIM ALLEGED AGAINST PAYMENTECH, MEMBER, OR RELATED THIRD PARTIES;

2. MERCHANT IS GIVING UP ITS RIGHT TO HAVE A COURT RESOLVE ANY CLAIM ALLEGED AGAINST PAYMENTECH, MEMBER OR RELATED THIRD PARTIES; AND

3. MERCHANT IS GIVING UP ITS RIGHT TO SERVE AS A REPRESENTATIVE, AS A PRIVATE ATTORNEY GENERAL, OR IN ANY OTHER REPRESENTATIVE CAPACITY, AND TO PARTICIPATE AS A MEMBER OF A CLASS OF CLAIMANTS, IN ANY LAWSUIT OR ARBITRATION FILED AGAINST PAYMENTECH, MEMBER, AND RELATED THIRD PARTIES.

IN THE ABSENCE OF THIS ARBITRATION AGREEMENT, MERCHANT AND PAYMENTECH MAY OTHERWISE HAVE HAD A RIGHT OR OPPORTUNITY TO LITIGATE CLAIMS THROUGH A COURT BEFORE A JUDGE OR A JURY AND TO PARTICIPATE OR BE REPRESENTED IN LITIGATION FILED IN COURT BY OTHERS (INCLUDING CLASS ACTIONS). BUT, EXCEPT AS OTHERWISE PROVIDED ABOVE, THOSE RIGHTS, INCLUDING ANY RIGHT TO A JURY TRIAL, ARE WAIVED AND ALL CLAIMS MUST NOW BE RESOLVED THROUGH ARBITRATION.

Any claim, dispute, or controversy ("Claim") by either Merchant, Paymentech or Member against the other, or against the officers, directors, employees, agents, parents, subsidiaries, affiliates, beneficiaries, agents, successors, or assigns of the other, arising from or relating in any way to this Agreement or to the relationship formed between the parties as a result of this Agreement, including Claims regarding the applicability of this arbitration clause or the validity of the entire Agreement, shall be resolved exclusively and finally by binding arbitration administered by the American Arbitration Association (“AAA”). All Claims are subject to arbitration, no matter what theory they are based on. This includes Claims based on contract, tort (including intentional tort), fraud, agency, Merchant, Paymentech’s or Member’s negligence, statutory or regulatory provisions, or any other source of law. Claims and remedies sought as part of a class action, private attorney general, or other representative action are subject to arbitration on an individual (non-class, non-representative) basis only, and the arbitrator may award relief only on an individual (non-class, non-representative) basis. Merchant and Paymentech will agree on another arbitration forum if the AAA ceases operations. The arbitration will be conducted before a single arbitrator and will be limited solely to the Claim between Merchant and Paymentech and/or Member. The arbitration, or any portion of it, will not be consolidated with any other arbitration and will not be conducted on a class-wide or class action basis. The prohibition against class action contained in this Section shall be non-severable from the remainder of this Section. If either party prevails in the arbitration of any Claim against the other, the non-prevailing party will reimburse the prevailing party for any fees it paid to the AAA in connection with the arbitration, as well as for any reasonable attorneys' fees incurred by the prevailing party in connection with such arbitration. Any decision rendered in such arbitration proceedings will be final and binding on the parties, and judgment may be entered in a court of competent jurisdiction. Rules and forms of the AAA may be obtained and Claims may be filed at any AAA office, www.adr.org, or 335 Madison Avenue, New York, NY 10017, telephone 1-800-778-7879. Any arbitration hearing at which Merchant appears will take place at a location within Dallas County, Dallas, Texas. This arbitration agreement is made pursuant to a transaction involving interstate commerce, and shall be governed by the Federal Arbitration Act, 9 U.S.C. §§ 1-16. This arbitration agreement applies to all Claims now in existence or that may arise in the future. Nothing in this Agreement shall be construed to prevent any party's use of (or advancement of any Claims, defenses, or offsets in) bankruptcy or repossession, replevin, judicial foreclosure, or any other prejudgment or provisional remedy relating to any collateral, security, or other property interests for contractual debts now or hereafter owned by either party to the other.

10.10  Force Majeure. Neither party will be liable for delays in processing or other nonperformance caused by such events as fires, telecommunications failures, utility failures, power failures, equipment failures, labor strife, riots, war, terrorist attack, nonperformance of Paymentech’s vendors or suppliers, acts of God, or other causes over which the respective party has no reasonable control, except that nothing in this Section 10.10 will affect or excuse Merchant’s liabilities and obligations for chargebacks, refunds, or unfulfilled goods and services.

10.11  Amendment. This Agreement may only be amended by Merchant upon mutual written agreement. Paymentech may amend this Agreement at any time via TP3 posting a revised version on the TP3 Website. The revised version will be effective at the time TP3 posts it. You will be considered as having expressly consented to all changes to this Agreement if you continue to use the Service

11. Survival.

The following Sections survive termination of this Agreement: 4, 6.3, 7, 8, 10, 11 and 12.

12. Terms Used in This Agreement.

“Card Brand” means is any payment method provider whose payment method is accepted by Paymentech for processing, including, but not limited to, Visa, U.S.A., Inc., MasterCard International, Inc., Discover Financial Services, LLC and other credit and debit card providers, debit network providers, electronic check and ACH payments, gift card and other stored value and loyalty program providers.

“Card Brand Rules” means the bylaws, rules, and regulations, as they exist from time to time, of the Card Brands, including, without limitation, any operating principles, as may be revised from time to time by the Card Brands in their sole discretion.

“Customer” means the person or entity to whom a Payment Card is issued or who is otherwise authorized to use a Payment Card.

“Payment Card” means an account, or evidence of an account, authorized and established between a Customer and a Card Brand, or representatives or members of a Card Brand that TP3 or Merchant accepts from Customers as payment for a good or service. Payment Cards include, but are not limited to, credit and debit cards, electronic check and ACH payments, stored value cards, loyalty cards, electronic gift cards, authorized account or access numbers, paper certificates and credit accounts.

“Payment Card Information” means Information related to a Purchaser or the Purchaser’s Payment Card that is obtained by Merchant from the Purchaser's Payment Card, or from the Purchaser in connection with his or her use of a Payment Card). Such information may include, but is not limited to:

• the Payment Card account number and expiration date;

• the Customer’s name or date of birth;

• PIN data, security code data (such as CVV2 and CVC2); and

• and any data read, scanned, imprinted, or otherwise obtained from the Payment Card, whether printed thereon, or magnetically, electronically, or otherwise stored thereon.

For the avoidance of doubt, the data elements that constitute Payment Card Information are treated according to their corresponding meanings as “cardholder data” and “sensitive authentication data” as such terms are used in the then current PCI DSS.

“Transaction” means is a transaction conducted between a Customer and Merchant utilizing a Payment Card in which consideration is exchanged between the Customer and Merchant, and which is submitted to Paymentech by TP3.

“Transaction Receipt” means a paper or electronic receipt evidencing a Transaction containing the information required by Card Brand Rules applicable to Transaction Receipts.

ACH Transaction Services

Customer may elect to receive from Payload the ability to originate and accept ACH credit and debit payments for goods and services ("ACH Transaction Services"). If Payload agrees to provide ACH Transaction Services to Customer, the terms of this Schedule 2 - ACH Transaction Services ("Schedule 2") will apply to Customer's access to and use of the ACH Transaction Services. This Schedule 2 (and any attachments hereto) is a schedule to the Payment Processing Agreement ("Payments Agreement") with Payload and, together with the Payment Agreement, Terms of Use, and any schedules, exhibits, or other documents attached thereto or incorporated therein form a part of the Agreement between Payload and Customer for ACH Transaction Services. Unless separately terminated in accordance with the terms of the Agreement, this Schedule 2 will automatically terminate upon termination or expiration of the Payments Agreement. Capitalized terms used but not defined in this Schedule 2 will have the meaning given to them in Payments Agreement (including Appendix A), the Terms of Use or the Nacha Rules, as applicable. Any inconsistency, conflict, or ambiguity between this Schedule 2 and any other portion of the Agreement will be resolved by giving precedence and effect to this Schedule 2, but only to the extent of the inconsistency, conflict, or ambiguity. Other than as expressly amended by this Schedule 2, all other provisions of the Agreement will remain in full force and effect.

1. Customer Authorization

Customer hereby authorizes Payload and Bank to (a) initiate and receive ACH debit and credit Entries on behalf of Customer; (b) make adjustments to debit and credit Entries to Customer's Bank Account; and (c) provide various ACH Transaction Services as described below, to Customer pursuant to the terms and conditions specified in this Schedule 2.

2. Origination

For the purposes of the ACH Transaction Services, the Parties acknowledge and agree that Customer is an Originator of credit and debit Entries pursuant to the Nacha Rules. Upon Customer's initiation of Entries, Customer will transmit to Payload all information necessary for Payload to effectuate the ACH transactions in accordance with the Nacha Rules and with any additional written requirements set forth by Payload or Bank's written requirements for ACH transactions, as may be amended by Payload and Bank in their sole discretion from time to time. Customer further agrees that any such Entries shall comply with the Nacha Rules and Payload's and the Bank's security procedures and formatting requirements, which are subject to change upon notice to Customer. Entries received after 6:00 pm EST for next day settlement shall be deemed to have been received on the next Business Day. Customer acknowledges and agrees that Payload, Processor, or Bank may, at any time, determine to restrict the amount or type of transactions they are willing to accept. Supported transaction types currently include WEB, CCD, PPD and ARC Entries. Payload, Processor, or Bank may reject any ACH Entry which does not comply with the requirements of the Agreement, the Nacha Rules, Applicable Laws, or Payload's, Bank's, or Processor's requirements and specifications. Customer has no right to cancel or amend any Entry after its receipt by Processor or Bank. Customer is responsible for payment for an Entry even if the Entry is erroneous or is a duplicate Entry and regardless of whether Customer was the source of the error or duplicate Entry. Customer agrees to make payment for any credit Entries originated and for any debit Entries returned by the RDFI.

3. Authorization; Retention

4. Returns; Reinitiated Entries

5. Notification of Change

From time to time, Bank may receive a non-monetary Entry transmitted by a Receiver's financial institution for the purposes of (a) identifying incorrect information contained in an Entry; and (b) providing correct data to be used in future Entries (each a "Notification of Change" or "NOC"). In connection with each NOC, Payload may, in its sole discretion, elect to investigate the purported errors and to make the corresponding changes on behalf of Customer ("NOC Services"). In such instances, Payload will provide notice to Customer of any changes it makes pursuant to the terms of the Agreement and Customer must make the corresponding updates to any such account information maintained by Customer. Notwithstanding the foregoing, nothing in this Section 5 shall relieve Customer of its obligations under the Nacha Rules or the Agreement with respect to NOCs. In addition to Customer's indemnification obligations under the Agreement, Customer specifically agrees to indemnify and hold Payload harmless from any Losses resulting from the provision of NOC Services on Customer's behalf.

6. Representations and Warranties

In connection with each Entry originated by Customer, Customer represents and warrants: (a) each Entry is made in accordance with each of the general ODFI and Originator warranties set forth in the Nacha Rules; (b) each individual and entity shown as Receiver of an Entry has (i) authorized Customer or its agents to initiate such Entries in accordance with the Nacha Rules and Applicable Laws; and (ii) authorized Customer and Bank to credit or debit its account in the amount and on the ACH Settlement Date shown on such Entry; (c) such Receiver's ACH Authorization remains effective and has not been revoked as of the time of transmittal, crediting, or debiting by Bank; (d) such Entry is initiated by Customer in connection with the ACH Transaction Services; (e) it has no knowledge of Receiver's revocation of its ACH Authorization or of Receiver terminating its relationship with its RDFI; (f) each Entry accurately reflects the terms of the Receiver's ACH Authorization, and does not violate any agreement between Customer and the Receiver; and (f) it will not originate Entries in violation of the Nacha Rules or Applicable Laws.

7. Exposure Limits; Origination Restrictions

Payload or Bank may from time to time establish one or more credit limits or ACH origination limits applicable to Entries involving Customer ("Exposure Limits"). Such Exposure Limits shall be established by written notice from Payload or Bank, as applicable, and will be effective immediately unless such notice states otherwise. In the event that an Entry or Entries exceed such Exposure Limits, Payload or Bank will promptly provide oral or written notice to Customer. Payload and Bank may either approve the Entry as an exception to the credit limit, request that it be held over to the next day, or reject such Entry.

8. Consent for Electronic Records and Notices

To the extent that the Parties agree that Payload will capture the ACH Authorization from the Receiver on Customer's behalf, Payload will also obtain, on Customer's behalf, the Receivers' affirmative consent to the electronic receipt of records and notices. Unless otherwise agreed to by the Parties in writing, Payload will provide an electronic copy of the Receivers' ACH Authorization to each Receiver at the email address provided by each respective Receiver. In the event any Receiver opts not to receive electronic disclosures or notices, Customer shall provide a physical copy of the authorization to such Receiver. Nothing in this Section 8 shall relieve Customer of its obligation to ensure that it has satisfied its obligation under the Nacha Rules and Applicable Laws with respect to its obligation to provide a copy of the ACH Authorizations to its Receivers (including Company's continuing obligation to monitor the Nacha Rules and Applicable Laws for any changes or additional requirements related to the provision of electronic copies of such authorizations to Receivers).

9. ACH Compliance Generally

Customer agrees to be bound by the Nacha Rules, as may be modified by Nacha from time to time. This includes, but is not limited to, specific obligations relating to the origination of WEB debits and the implementation of commercially reasonable fraud monitoring policies and procedures as required by the Nacha Rules. Furthermore, Customer represents and warrants that the origination of ACH transactions and all such actions of Customer contemplated in this Schedule 2, including the preparation and transmittal of Entries and payment orders, shall comply with the Nacha Rules and Applicable Laws, and Customer agrees not to originate Entries that violate such Nacha Rules or Applicable Laws.

10. Fines and Suspension

Customer acknowledges Payload will charge Customer any fines or penalties imposed by Nacha, any regulatory authority, or any other third party which are incurred as a result of non-compliance with the Nacha Rules or Applicable Laws by Customer or Receiver, and Customer agrees to fully reimburse and indemnify Payload and Bank for such charges or fines. Payload and its Bank reserve the right to audit the Customer for compliance with this Agreement and with the Nacha Rules, Applicable Laws, and the Agreement (including this Schedule 2) and to terminate or suspend Customer's use of the ACH Transaction Services immediately due to Customer's noncompliance with the same.

11. No Guarantees

Payload does not guarantee timely delivery of any Entry. Neither Payload nor Bank shall have any liability to Customer as a result of any late delivery, except to the extent such late delivery is: (a) more than 24 hours late; and (b) caused by the gross negligence or willful misconduct of Payload or Bank.

12. Limitation

Notwithstanding any provision in the Agreement to the contrary, Payload's liability to Customer for claims arising out of the ACH Transaction Services performed by Payload pursuant to this Schedule 2 shall be limited to the extent of errors and omissions which are caused by Payload's gross negligence or willful misconduct and which cannot be remedied through the processing of appropriate corrected Entry(ies).

CHECK21 SERVICES SCHEDULE

Customer may elect to receive from Payload a service that enables Customer to electronically deposit checks received from Clients ("Check21 Services"). If Payload agrees to provide Check21 Services to Customer, the terms of this Schedule 3 – Check21 Services ("Schedule 3") will apply to Customer's access to and use of the Check21 Services. This Schedule 3 (and any attachments hereto) is a schedule to the Payment Processing Agreement ("Payments Agreement") with Payload and, together with the Payments Agreement, Terms of Use, and any schedules, exhibits, or other documents attached thereto or incorporated therein forms a part of the "Agreement" between Payload and Customer for Check21 Services. Unless separately terminated in accordance with the terms of the Agreement, this Schedule 3 will automatically terminate upon termination or expiration of the Payments Agreement. Capitalized terms used but not defined in this Schedule 3 will have the meaning given to them in the Payments Agreement (including Appendix A) or the Terms of Use, as applicable. Any inconsistency, conflict, or ambiguity between this Schedule 3 and any other portion of the Agreement will be resolved by giving precedence and effect to this Schedule 3, but only to the extent of the inconsistency, conflict, or ambiguity. Other than as expressly amended by this Schedule 3, all other provisions of the Agreement will remain in full force and effect.

1. Service Description

Check21 Services allow Customer to scan images of paper checks payable in U.S. Dollars (each, a "Check") for electronic deposit to the Settlement Account and transfer to Customer's designated Bank Account.

2. Instruction and Authorization

By using the Check21 Services, Customer hereby instructs Payload to: (a) convert the scanned Check images to X9 or image cash letter files ("ICL"); (b) submit such ICL files to Bank for deposit to the Settlement Account on Customer's behalf; and (c) transfer an amount equal to the face value of the Check, subject to any adjustments authorized or necessary under the terms of the Agreement, to the designated Bank Account via ACH. Customer acknowledges and agrees that, in connection with the transfer of funds from the Settlement Account to the Bank Account, Customer is an "Originator" under the Nacha Rules. Customer hereby appoints Payload as its agent and "Third Party Sender" under the Nacha Rules.

3. Approval

Customer's use of the Check21 Services will be subject to Payload's, Processors, Bank's and any applicable TPSP's prior and continuing approval. In connection with such approval, Payload may request or require information regarding Customer and Customer's business operations from Customer. Customer will provide all information requested by Payload in connection with such approval process. The Parties understand that Customer's approval to use the Check21 Services may be subject to certain conditions, including but not limited to settlement hold times and deposit amount limitations, and such conditions may be modified from time-to-time by Payload or Bank, in their sole discretion.

4. Responsibilities

5. Hardware

To the extent Customer is authorized to receive and capture Checks for processing using the Check21 Services, Customer is solely responsible for the selection, use, and operation of the hardware used to capture the electronic image of the paper Checks, including the quality of the scanned check image results generated. Such hardware must be certified for use with the Check21 Services in order to be deemed compatible with the Check21 Services or otherwise included on Payload's hardware lists.

6. Equipment

To use the Check21 Services, Customer must use software and telecommunication services that are acceptable to or specified by Payload from time to time. Failure to use acceptable or specified software and/or telecommunication services may impact Customer's ability to use, or affect the quality of, the Check21 Services.

7. Security

Customer agrees that: (a) Customer shall adopt Check destruction policies, procedures, and practices designed to prevent re-transmission of already submitted Check images; (b) after the Check has been scanned and submitted for deposit, Customer shall not otherwise transfer or negotiate the original Check, Substitute Check or any other image thereof; (c) Customer shall be solely responsible for the original Check, including storage, retrieval and destruction; and (d) the electronic image of the Check or any Substitute Check will become the legal representation of the Check for all purposes (except for funds availability, see Section 5 below), including return Checks processing.

8. Monitoring

Payload and its TPSPs may perform ongoing monitoring of Customer's use of the Check21 Services, business methods, and operations. Customer will provide any information regarding the foregoing to Payload within five (5) business days of Payload's request.

9. Restrictions

Customer's use of the Check21 Services is subject to the following restrictions:

10. Settlement and Funds Availability

Customer agrees that Checks submitted using the Check21 Services are not subject to the funds availability requirements of Federal Reserve Board Regulation CC. If Payload receives the scanned Check on or before 6:00 pm ET, as may be updated by Payload from time to time ("Check21 Cutoff Time") on a business day that Bank is open, funds from the deposit made via the Check21 Service will be available for transfer from the Settlement Account to Customer's Bank Account on the same day and will be available for withdrawal by Customer based upon the funds availability policy of the bank where the Bank Account is held. If the Check is not received by Payload until after the Check21 Cutoff Time, funds from the deposit made via the Check21 Service will be available for transfer to the Bank Account on the next business day that Bank is open and will be available to Customer for withdrawal from the Bank Account based upon the funds availability policy of the bank where the Bank Account is held. Settlement of funds is subject to Bank's receipt of funds from the paying bank (the Client's bank) and will remain subject to reversal if such Check becomes subject to a stop payment. Bank may place limitations on the availability of funds settled to the Settlement Account and Payload will have no liability or obligation with respect to such limitations. Customer acknowledges and agrees that Payload does not receive, take possession of, or transmit any funds to Customer for settlement. Notwithstanding the foregoing, in the event Payload is deemed to receive, take possession of, or transmit Customer's settlement funds, Customer acknowledges and agrees that such conduct is performed on behalf of Customer as Customer's non-fiduciary, limited-purpose agent and that such funds will be deemed received by Customer upon Payload's receipt. In such event, if Payload fails to remit those funds to Customer, Customer's sole recourse is against Payload, not Client.

11. Check Quality and Processing

The Check images transmitted to Payload using the Check21 Services must be legible. If the electronic files and/or images transmitted to Payload with respect to any Check do not comply with Payload's requirements for content and/or format, Payload may, in its sole discretion: (i) further transmit the Check and data in the form received from Customer; (ii) repair or attempt to repair the Check or data and then further transmit it; (iii) process the Check as photocopies in lieu of originals; or (iv) return the data and Check to Customer unprocessed (and charge back Customer's Bank Account, when applicable).

12. Processing

All Checks deposited electronically through the Check21 Services will be subject to the following requirements:

13. Representations, Warranties and Covenants of Customer

Customer represents, warrants and covenants to Payload that:

(a) it has provided bona fide services or goods to the Client for which payment is lawfully due, and that all Checks imaged and transmitted to Payload are for services or goods lawfully provided and received.

(b) Any image that Customer submits and Payload receives accurately and legibly represents all of the information on the front and back of the original Check as originally drawn, including without limitation the amount, routing number, account number, and check serial number.

(c) The information Customer transmits to Payload corresponding to a Check contains a record of all applicable MICR-line information required for a Substitute Check and the accurate amount of the Check;

(d) the Check conforms to the technical standards for an Electronic Item set forth in Federal Reserve Board Regulation J, or Federal Reserve Bank operating circulars and for a Substitute Check set forth in Federal Reserve Board Regulation CC;

(e) No person will receive a transfer, presentment, or return of, or otherwise be charged for, the Check (either the original Check, or a paper or electronic representation of the original Check) such that the person will be asked to make payment based on an Check that has already paid;

(f) Customer will not redeposit through the Check21 Services any Check previously deposited and returned to Customer unless Payload advises Customer otherwise;

(g) Customer will employ commercially reasonable security measures and firewalls sufficient to protect transmissions and storage to ensure no unauthorized access or duplicate presentment;

(h) Customer will use the Check21 Services only to transmit Checks that originated as paper Checks;

(i) if Customer is depositing Checks on behalf of third parties, the owner of the Check has authorized Customer to negotiate the Check and electronically transmit the Check;

(j) Customer will comply with all Applicable Laws in Customer's use of the Check21 Services and not use the Check21 Services for any purpose prohibited by foreign exchange regulations, postal regulations or any other treaty, statute, regulation or authority;

(k) Customer will only transmit Check(s) that are drawn on or payable at or through banks located within the United States; and

(l) If Customer is scanning Checks from a location outside of the United States, Customer's such authorizations in this Schedule 3 cover the cross-border transmittal of the Check.

14. Support and Training

Payload will be the primary point of contact for all communications regarding the Check21 Services and Customer will direct all customer service matters to Payload, including without limitation problems, questions, inquiries, and technical assistance.

15. Customer Liability

Customer shall be solely liable and responsible for all Losses arising from any of the following:

16. Recordkeeping

During the term of this Schedule 3 and for two (2) years thereafter, Customer shall keep and maintain accurate records of its activities and sales in connection with the Check21 Services. Customer shall provide a photocopy or electronic copy of such records to Payload within twenty (20) days of Payload request, or such shorter period required to respond to any governmental authority or regulatory agency. These records shall not be used by Customer except as permissible under Applicable Laws.

17. Indemnification

In addition to the other indemnification obligations set forth in the Agreement, Customer will indemnify, defend, and hold Payload and its owners, directors, officers, employees, agents, Bank, Processor and TPSPs harmless from and against: (a) the duplication of images of Checks deposited using the Check21 Services; (b) the alteration of scanned images of deposited Checks; (c) inaccurate or incomplete data captured from the deposited Check; (d) deposit of checks on accounts with insufficient funds, counterfeit checks, fraudulent checks, or checks bearing unauthorized or forged endorsements; (e) the failure of any hardware or scanner; (f) the failure to properly store or destroy the original Checks in accordance with the Applicable Laws and Nacha Rules; (g) any Check which bounces; (h) any fees incurred in the rejection, investigation, or monitoring of processed Checks; or (i) any failure to fulfill its obligations under the Agreement.

18. Suspension and Termination

Payload may immediately and without notice suspend or terminate provision of the Check21 Services to Customer if Payload, its Processor, Bank or TPSP: (a) discover that Customer has violated any of the restrictions set forth in this Schedule 3 or elsewhere in the Agreement, or (b) in their sole discretion, believe provision of the Check 21 Service would be, or that Customer is engaged in activity that is, illegal or reasonably likely to cause material liability.

REAL TIME PAYMENTS (RTP) SERVICES

Customer may elect to send final and irrevocable settlement for credit transfers by means of the Real Time Payments ("RTP") network owned and operated by The Clearing House Payments Company LLC ("RTP Services"). If Payload agrees to provide RTP Services to Customer, the terms of this Schedule 4 - Real Time Payments Services Schedule ("Schedule 4") will apply to Customer's access to and use of the RTP Services. This Schedule 4 (and any attachments hereto) is a schedule to the Payment Processing Agreement ("Payments Agreement") with Payload and, together with the Payments Agreement, Terms of Use, and any schedules, exhibits, or other documents attached thereto or incorporated therein forms a part of the Agreement between Payload and Customer for RTP Services. Unless separately terminated in accordance with the terms of the Agreement, this Schedule 4 will automatically terminate upon termination or expiration of the Payments Agreement. Capitalized terms used but not defined in this Schedule 4 will have the meaning given to them in the Payments Agreement (including Appendix A), the Terms of Use or the RTP Rules (defined below), as applicable. Any inconsistency, conflict, or ambiguity between this Schedule 4 and any other portion of the Agreement will be resolved by giving precedence and effect to this Schedule 4, but only to the extent of the inconsistency, conflict, or ambiguity. Other than as expressly amended by this Schedule 4, all other provisions of the Agreement will remain in full force and effect.

1. Compliance

In order to use the RTP Services, Customer must transmit to Payload all information necessary to effectuate payment in accordance with the operating rules established by The Clearing House that govern the RTP network ("RTP Rules"), available at https://www.theclearinghouse.org/payment-systems/rtp/document-library. By using RTP Services, Customer agrees to comply with the then-current version of the RTP Rules.

2. Waiver and Liability

Customer waives, releases, and discharges all rights or claims against Payload, Processor and/or Bank in connection with the RTP Services. Customer acknowledges and agrees that all transactions initiated and completed through the RTP network are irrevocable. Customer understands that RTP transactions cannot be canceled, reversed, or modified by Payload, Processor or Bank once executed. Customer is responsible for ensuring the accuracy and legitimacy of all transaction details prior to submission. Consequently, Customer hereby releases, indemnifies, and holds harmless each of Payload, Processor and Bank and their affiliates from any Losses arising from or related to the irrevocability of such transactions, including those stemming from transaction errors, fraud, or unauthorized access.

3. Cancellations and Delays

Customer acknowledges that RTP transactions and related messages may be rejected or delayed for any reason including, but not limited to, for risk management, fraud review, legal compliance or other reasons. Payload and Bank shall have no liability to Customer for any rejections or delays. Customer will receive a notification of such action through standard reporting channels.

4. Cooperation

Customer agrees to cooperate with Payload, Processor and Bank to: (a) implement any applicable RTP Rules or changes thereto; and (b) satisfy Payload's, Processor's or Bank's compliance with such RTP Rules, including any reporting, audit, or certification requirements.

5. Records

Customer agrees to retain records related to its RTP payments for six (6) years following the date of such RTP instructions and to provide such data to Payload, Processor or Bank upon request. Without limiting the generality of the foregoing, Customer may not send RTP instructions: (a) that exceed the limits provided for in the RTP Rules or any other applicable transaction limits expressly imposed on the RTP Services; or (b) to any account not located within the United States.

6. Errors

7. Representations and Warranties

Customer is deemed to make the same representations and warranties to Payload, Processor and Bank as Bank makes under the RTP Rules and Applicable Laws to other financial institutions participating in the RTP network with respect to each transaction and request made by Customer. Customer represents and warrants that:

Push to Card Services

Customer may elect to initiate credits to a recipient's designated debit Card account as described below ("Push to Card Services"). If Payload agrees to provide Push to Card Services to Customer, the terms of this Schedule 5 - Push to Card Services ("Schedule 5") will apply to Customer's access to and use of the Push to Card Services. This Schedule 5 (and any attachments hereto) is a schedule to the Payment Processing Agreement ("Payments Agreement") with Payload and, together with the Payments Agreement, Terms of Use, and any schedules, exhibits, or other documents attached thereto or incorporated therein forms a part of the Agreement between Payload and Customer for Push to Card Services. Unless separately terminated in accordance with the terms of the Agreement, this Schedule 5 will automatically terminate upon termination or expiration of the Payments Agreement. Capitalized terms used but not defined in this Schedule 5 will have the meaning given to them in the Payments Agreement (including Appendix A), the Terms of Use or the Operating Regulations, as applicable. Any inconsistency, conflict, or ambiguity between this Schedule 5 and any other portion of the Agreement will be resolved by giving precedence and effect to this Schedule 5, but only to the extent of the inconsistency, conflict, or ambiguity. Other than as expressly amended by this Schedule 5, all other provisions of the Agreement will remain in full force and effect.

1. Service Description

Push to Card Services permit Customer to instruct Payload, through Bank, to initiate credits to the designated Card of a designated Cardholder recipient ("Recipient"). Pursuant to Operating Regulations and Applicable Laws, and provided that the Card issuing bank of the Recipient participates in a push payment program, Payload will initiate credit amounts as instructed by Customer to Recipient's qualified Card account.

2. Customer Requirements

Customer is wholly responsible for designing and implementing all corresponding processes necessary to effectuate and receive Push to Card Services from Payload, including obtaining any necessary authorizations from its Recipients prior to permitting the receipt of Push to Card Services. Customer will make all necessary changes or updates to its systems or procedures at no cost to Payload, including in the event Payload updates the Push to Card Services in response to a change to Operating Regulations, or for any other reason. Payload will have no obligation for Customer's inability to receive Push to Card Services or a Recipient's inability to receive a payment that result from Customer's failure to change or update its systems in response to such a change, and Payload will have no liability resulting from inaccuracies in the Card account information or instructions provided to Payload by Customer.

3. PUSH TO CARD SERVICES TERMS, CONDITIONS AND LIMITS; NO WARRANTY

Payload provides no express or implied warranties with respect to the Push to Card Services, including without limitation the implied warranties of merchantability or fitness for a particular purpose. Payload makes no representations, warranties, or guarantees of any kind with respect to its Push to Card Services, including that the Push to Card Services will ensure Customer, or Recipients receive funds in an expedited or the most expeditious possible time-frame for any particular transaction or for its transactions in the aggregate. Payload will have no liability for declined transactions on account of any action or inaction by any Association or Card issuing bank that impacts the designed result of the Push to Card Services. Customer agrees to indemnify and hold Payload and Bank harmless from any and all Losses whatsoever, including all reasonable legal and accounting fees and expenses and all reasonable collection costs, incurred by Payload and/or Bank, its directors, officers, employees, affiliates and agents resulting from or arising out of Payload's and Bank's provision of, and Customer's use of, the Push to Card Services. Push to Card Services are subject to the terms and restrictions of Applicable Laws and other Association requirements for push payment transactions, the Payload's and/or Bank's standards (which may be updated from time to time) as well as the terms, restrictions and conditions in this Schedule 5.

4. Limits

Card issuers may set daily, rolling seven (7) day, or rolling thirty (30) day limits on transaction counts and/or transaction amounts or other limits regarding the receipt of push payment transactions that are beyond the control of Payload, Bank and/or Customer and that may impact the intended results of the Push to Card Services.

5. Limitations on Availability of Push to Card Services

Push to Card Services are offered to Customer for commercial purposes only and cannot be used by consumers for personal, family, or household purposes. Customer represents, warrants, and covenants that it will only use the Push to Card Services in a manner consistent with the Agreement. Push to Card Services are not supported by all Card issuers. Further, certain financial institutions may delay the posting of credits from the Push to Card Services. Should additional applicable transactions or higher per-transaction dollar limits be made available, Customer will receive notification when those additional programs and/or use-cases have become available and may be processed pursuant to all necessary registration with the Associations, the completion of any additional documentation, and subject to any additional Payload terms, conditions or standards, as applicable. Customer acknowledges and agrees that Push to Card Services may only be used for transactions made to Card accounts within the United States. In addition, Payload may refuse to act on any instruction from Customer regarding the Push to Card Services if Payload learns or determines that facilitating one or more transactions in accordance with Customer's instructions is not permitted for whatever reason (e.g., the designated Recipient is a person or entity not supported by the Push to Card Services program requirements, the disbursement or transaction amount exceeds the amount permitted under the Push to Card Services program requirements, the disbursement or transaction is or may be illegal or could result in regulatory or other scrutiny, or the disbursement or transaction is or may be impermissible for any other reason), or if Customer is in default of any provision of the Agreement or otherwise has an unsatisfied monetary obligation with Payload.

6. Prefunding

If the Customer participates in Push to Card Services then: (a) Customer understands that, each day, the Customer's Bank Account must have a balance in good and available funds equal to its transaction requests ("Prefunding Obligation"); (b) Customer consents to restricting ACH debits from only its Bank Account; and (c) any ACH withdrawal, wire out or similar withdrawal requests must be approved by Payload, which will not be unreasonably withheld if the Prefunding Obligation is met. Payload has no obligation to process any transaction for which the Prefunding Obligation has not been met.

7. Compliance with Operating Regulations and Applicable Laws

Customer shall comply with and conduct its Card activities in accordance with all applicable Operating Regulations and Applicable Laws, including those pertaining to marks, acceptance, risk management, transaction processing, products, programs, and services in which Customer is required to, or chooses to, participate. Failure to comply with Operating Regulations may result in Customer being terminated for cause and listed on various Association and industry databases, including the Consortium Merchant Negative File ("CMNF"), the Combined Terminated Merchant File ("CTMF") and the Merchant Alert to Control High Risk Merchants file ("MATCH"). Customer may not: (a) disburse funds in the form of travelers cheques, if the sole purpose is to allow the Recipient to make a cash purchase of goods or services from Customer; or (b) charge a convenience fee which does not meet the criteria set by Operating Regulations. Customer will pay all Association fines, fees, penalties and all other assessments or indebtedness levied by Associations to Bank or Payload which are attributable, at Payload's discretion, to Customer's transaction processing or business. By using the Push to Card Services, Customer represents and warrants that (i) Customer is not subject to sanctions programs administered or enforced by OFAC; (ii) the information Customer provides to Payload is true, accurate, and complete; (iii) Customer's actual and intended use of the Push to Card Services complies with Applicable Laws and does not constitute or facilitate money laundering or any other illicit activity; (iv) Customer has all necessary consents, registrations, permits, and other rights in connection with its activities related to the Push to Card Services including, as applicable, the distribution of funds to third parties (whether as a payment facilitator or otherwise); and (v) Customer is compliant with and will continue to meet all the applicable association requirements for the Push to Card Services and for domestic funds disbursement, including any required registration requirements.

8. Customer Transaction Prohibitions

When using Push to Card Services, Customer is prohibited from (a) submitting any transaction into the payment system that is, or that Customer knows or should have known was, illegal or not in compliance with the Operating Regulations (including that if transactions are executed in different jurisdictions, such transactions must be legal in both the Recipient's and Customer's jurisdictions); (b) submitting a transaction into the payment system that Customer knows or should have known to be either fraudulent or not authorized by the Recipient; and (c) accepting a transaction that does not result from an act between the Recipient and the Customer.

9. Permitted Use of Third Party Processor

Customer may designate a third party processor that does not have a direct agreement with Bank as its agent for the direct delivery of transactions to the applicable Association for clearing and settlement. For purposes of this permitted use of third party processors, Customer must (a) advise Bank that it will use a third party processor; (b) agree that Bank is only liable to reimburse Customer for the transactions effectively delivered by that third party processor to the applicable Association; and (c) assume responsibility for any failure by its third party processor to comply with the Operating Regulations.

This Disclosure sets forth a summary of certain information in the Payment Processing Agreement ("Payments Agreement") between Customer (as reflected on the Application) and Payload, LLC ("Payload") relating to the Payment Card Acceptance Services described in Schedule 1 to the Payments Agreement. This Disclosure is for your information only and does not provide all information pertinent to the Payments Agreement. Customer should thoroughly review the full Payments Agreement, including the Payload Terms of Use ("Terms of Use") which are incorporated into the Payments Agreement, and contact Payload with any questions. In the event of a conflict between terms of this Disclosure and the terms of the Payments Agreement, including any terms in the Terms of Use, the terms of the Payments Agreement will control. Capitalized terms not otherwise defined in this Disclosure have the meanings set forth in the Payments Agreement.