Client Agreement — Version 1.0 · Effective date: 11 September 2025
These Terms & Conditions (the "Agreement") are a binding contract between PUSH2PAY CORP. ("Push2Pay", "P2P", "we", "us") and the client identified in an accepted Order Form, onboarding application or API enrollment (the "Client", "you"). By signing an Order Form, clicking to accept, using the P2P dashboard/API, or initiating a payment through P2P Services, you agree to this Agreement.
"Act" / "RPAA": the Retail Payment Activities Act (Canada). "Regulations" / "RPAR": the Retail Payment Activities Regulations. "End User": a payer or payee that uses a payment service. "Electronic Funds Transfer" or "EFT": a placement, transfer or withdrawal of funds by electronic means.
"Payment Functions": as defined in RPAA s.2, including (a) provide/maintain account; (b) hold end-user funds; (c) initiate an EFT; (d) authorize or transmit an instruction for an EFT; (e) provide clearing or settlement services.
"Services": Push2Pay's non-custodial payment initiation and authorization/transmission services offered as P2P Payouts and P2P PayLink, and related tools, dashboards and APIs. "Partners": banks, small EMIs, gateways and other third-party providers engaged by P2P to execute EFTs and provide accounts/clearing/settlement.
Push2Pay performs the RPAA Payment Functions of (c) initiation and (d) authorization/transmission only. Push2Pay does not provide or maintain payment accounts for end users, does not hold end-user funds, and does not perform clearing or settlement. These functions are performed by Partners.
The Services are B2B and enable Clients to originate authorized EFT instructions (e.g., EFT, ACSS, SWIFT, SEPA, FPS) via the P2P dashboard/API. Execution, clearing and settlement occur within Partner rails and accounts.
Push2Pay is registered with FINTRAC as an MSB and maintains an AML/ATF compliance program. We are not a bank, trust company, credit union, or deposit-taking institution and do not accept deposits.
Client must provide accurate corporate and beneficial ownership information, sanctions/PEP screening information, and supporting documents. Push2Pay may approve or refuse onboarding at its discretion and may require updates or additional information at any time.
Client represents and warrants continued compliance with applicable sanctions, AML/ATF laws, the Travel Rule (where applicable), and card/network rules (if using such methods through Partners).
Client must promptly notify Push2Pay of any material changes (ownership/control, business activities, geographies, licensing), and cooperate with enhanced due diligence as required.
Client is responsible for the security of its credentials, API keys, and users. Client shall implement multi-factor authentication (MFA), role-based access controls, and least-privilege principles for all users invoking the Services.
Client is responsible for any activity performed using its credentials, unless it notified Push2Pay without undue delay upon becoming aware of compromise.
Push2Pay will maintain an operational risk and incident response framework commensurate with its activities and aligned to RPAA/RPAR expectations.
Client must obtain and retain valid end-user authorization and consent for each instruction initiated via the Services, and must comply with all applicable rules governing returns, recalls and disputes.
Push2Pay may reject, suspend or reverse instructions that appear unauthorized, incomplete, erroneous, duplicative, illegal or sanction-restricted, or that exceed limits or violate risk controls.
For collections via P2P PayLink, Client is responsible for accurate invoice data and disclosures to payers, and for communicating settlement timelines to payees.
Funds are not held by Push2Pay. All client/beneficiary monies are received, held and disbursed by Partners in segregated or safeguarded accounts, as applicable to those Partners' regulatory obligations.
Push2Pay does not assume fiduciary or trustee obligations with respect to funds. Client acknowledges that safeguarding duties under the RPAA apply only to PSPs that perform the holding-of-funds function.
Fees are as agreed in an Order Form or schedule (including per-transaction fees, FX spreads, and pass-through network fees). Fees may vary by corridor, risk tier and volume.
Unless otherwise stated, fees are exclusive of taxes. Client is responsible for all applicable taxes and assessments.
Push2Pay may offset or net fees against amounts payable by Partners to Client where permitted by law and applicable Partner rules.
Client acknowledges that Push2Pay relies on Partners to provide accounts, execution, clearing and settlement, and on other service providers for technology and compliance tooling. Push2Pay remains responsible for oversight of its agents under applicable law but is not liable for Partner system outages, network rules, or actions outside its reasonable control.
Push2Pay will investigate operational incidents without delay and take steps to mitigate impact. Where an incident has a material impact on end users, another PSP or a clearing house, Push2Pay will notify affected parties without delay and provide status updates as appropriate.
Client must notify Push2Pay without undue delay of any security incident affecting its access to the Services or data, including credential compromise or fraud.
Each party shall keep records sufficient to demonstrate compliance with this Agreement and applicable law for at least five (5) years or longer if required by law.
Push2Pay may request logs, consents and transaction records from Client to investigate fraud, disputes or compliance matters. Client will provide reasonable cooperation.
Each party shall protect Confidential Information and Personal Information using administrative, technical and physical safeguards appropriate to the sensitivity of the data.
Push2Pay may process data (including cross-border) to provide and improve the Services, perform risk screening and comply with legal obligations. Client will provide required privacy notices to end users and obtain consents where required.
Except where Push2Pay acts as an independent controller for its own compliance purposes, Push2Pay acts as a service provider/processor to Client with respect to Client-submitted data.
Push2Pay grants Client a limited, non-exclusive, non-transferable licence to use the APIs and SDKs to integrate the Services. Client will comply with published API documentation, rate limits and security requirements and will not reverse engineer, copy or misuse the APIs.
Except as expressly set out in this Agreement, the Services are provided "as is" and "as available." Push2Pay disclaims all implied warranties including merchantability, fitness for a particular purpose and non-infringement to the maximum extent permitted by law.
To the maximum extent permitted by law, Push2Pay's aggregate liability arising from or relating to the Services in any twelve-month period will not exceed the fees paid or payable by Client to Push2Pay for the Services giving rise to the claim during that period.
Neither party is liable for indirect, incidental, special, consequential, exemplary or punitive damages, lost profits, loss of goodwill, or loss/corruption of data.
Each party will indemnify the other against third-party claims arising from the indemnifying party's breach of law or this Agreement, or from gross negligence or willful misconduct.
Push2Pay may suspend or terminate the Services immediately for suspected illegal use, sanctions risk, fraud, security incidents, or material breach.
Either party may terminate for convenience on thirty (30) days' notice, or for cause upon material breach not cured within fifteen (15) days after notice.
Upon termination, Client remains responsible for fees accrued, and for providing any required refunds or reversals to end users per applicable rules.
Push2Pay may modify the Services or this Agreement to reflect regulatory, security or operational changes. Material changes will be communicated to Client with at least thirty (30) days' notice unless a shorter period is required by law or to address security or legal obligations.
Client may contact Push2Pay at info@push2pay.net for support or complaints. We aim to acknowledge within two (2) business days and to resolve within fifteen (15) business days where feasible.
Nothing herein limits Client's rights or obligations to notify or report to regulators, law enforcement or Partners where applicable.
This Agreement is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein. The parties submit to the exclusive jurisdiction of the courts of Ontario (Toronto).
Notices to Push2Pay must be sent to: 1-300 Supertest Rd, Unit 1, North York, Ontario, M3J 2M2, with a copy to legal@push2pay.net. Notices to Client will be sent to the address or email set out in the Order Form or onboarding application.
Force majeure; assignment (no assignment by Client without consent, except to an affiliate or in connection with a permitted change of control); relationship of the parties (independent contractors); severability; waiver; entire agreement; order of precedence (Order Form, then these Terms, then policies referenced herein).
By executing an Order Form or using the Services, the parties agree to be bound by this Agreement as of the Effective Date.