<!DOCTYPE html><html><head><title>Google Pay API Terms of Service</title><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"/><meta name="format-detection" content="address=no"><meta name="format-detection" content="telephone=no"></head><body><h2>GOOGLE PAY API TERMS OF SERVICE</h2><p><i>Effective on: March 1, 2021</i></p><p>By accessing or using the Google Pay API and any of its associated APIs (the "API"), you agree to these terms (the "Google Pay API ToS") and the Google APIs Terms of Service ("Google API ToS") at <a href="https://developers.google.com/terms">https://developers.google.com/terms</a>. Collectively, the Google Pay API ToS and the Google API ToS (which is incorporated into these terms by reference) create a binding agreement between Google LLC ("Google") and you ("You"). Capitalized terms used but not defined in this Google Pay API ToS have the meanings given to them in the Google API ToS.</p><h3>Section 1: General Obligations</h3><p>You agree that:</p><ul><li>Google only enables transactions through the sharing of payment credentials, sales are transactions solely between you and the user who purchases a product or service from You (each, an <b>"End User"</b>), and Google is not a party to these transactions.</li><li>Google is not and will not be responsible for any aspect of the products or services You sell.</li><li>Google is not responsible for the acts of End Users, including if they do not complete a transaction.</li><li>Google's enablement of a transaction does not mean that an End User has sufficient funds available in the payment instrument he or she used, that the transaction will be authorized or processed, or that the transaction will not later result in a chargeback or other reversal.</li><li>You are solely responsible for the establishment of a payment card acquiring agreement with a card acquiring bank (and all fees, charges and expenses arising from that relationship) for processing transactions, and for complying with that agreement and with any applicable payment network rules.</li><li>You are solely responsible for investigating and resolving disputes with your End Users and Google is not a party to and will not be responsible for any disputes.</li></ul><h3>Section 2: Permissible Payment Transactions</h3><p>As used in this Google Pay API ToS, the term <b>"Google Pay API"</b> means Google’s APIs that You access under this Agreement related to payments from End Users for your products or services. You may only use the API in accordance with the Terms and only in connection with a payment transaction initiated by an End User for a bona fide sale of your products or services, unless otherwise permitted by Google in writing or permitted in Section 5. You cannot use the API to process a payment transaction, or otherwise transfer money between you and an End User, that does not directly result from that End User's purchase of a product or service. Notwithstanding the foregoing, if You identify your primary product or service type as "non-profit", and You are in compliance with all of your applicable requirements (legal or otherwise), then You may use the API to receive donations from End Users. With respect to the sale of digital products and services, these terms apply for any transactions completed exclusively through a web browser. If You want to sell digital products or services through mobile applications, You may not use the API (please see <a href="https://developer.android.com/google/play/billing/index.html">In-App Billing</a>).To the extent You use the API in connection with any regulated financial services transactions, You represent and warrant that You possess all applicable licenses and registrations for such transactions, and You acknowledge that Google expressly disclaims any obligations arising out of Your use of the API in connection with regulated financial services transactions.</p><h3>Section 3: Use of the Google Pay API</h3><p>You must comply with the Terms, the <a href="https://payments.developers.google.com/terms/aup">Google Pay APIs Acceptable Use Guidelines</a>, and the Google Pay API Brand Guidelines found at the <a href="https://developers.google.com/pay/api/">Google Pay API developer site</a>. You agree to use the isReadytoPay API only for determining whether to show or suppress Google Pay as a payment option during checkout, and to delete any data received in connection with the isReadytoPay API immediately thereafter. Google may update or modify the API in its discretion.</p><p>Unless Google provides otherwise, You may arrange for a platform provider to assist You in integrating Your payment transaction interfaces with the API. Such platform provider must act exclusively on Your behalf and in accordance with its own written agreement with Google. You agree that Google may require you to disengage from Your platform provider if, in Google's discretion, the platform provider contributed to a violation of these Terms or other harm to Google.</p><h3>Section 4: Prohibited Actions</h3><p>You may not: (a) establish a minimum or maximum purchase amount that is specific to an End User making a purchase through the API; (b) require an End User to provide you with the account numbers of any credit card, debit card, or other payment instrument in addition to information provided through the API; or (c) add any service use surcharge that is specific to an End User making a purchase through the API.</p><h3>Section 5: Data Privacy</h3><p><b>(a) End User Personal Information</b>. You are solely responsible for ensuring that your use of End User Personal Information, including payment account information, complies with applicable law, your agreements with your card acquiring bank, your privacy policy, and any other applicable rules (e.g., network rules). You will only use Personal Information provided by the API to process the then-current transaction and perform any post-transaction activities for that transaction (e.g., chargeback), unless that End User has expressly consented to allow you to use his or her information for other purposes. For purposes of these Terms, <b>"Personal Information"</b> means (i) any information that directly or indirectly identifies a natural person; or (ii) information that is not specifically about an identifiable individual but, when combined with other information, may directly or indirectly identify a natural person. For the avoidance of doubt, Personal Information includes names, email addresses, postal addresses, telephone numbers, government identification numbers, financial account numbers, payment card information, credit report information, biometric information, IP addresses, network and hardware identifiers, and geolocation information. In this Agreement “Personal Information” has the same meaning as “personal data” under the EU Data Protection Law. Google may, in its reasonable discretion, request verification that is reasonably acceptable to Google of your compliance with this Agreement, including Privacy Laws (as defined below).</p><p><b>(b) Independent Controllers</b>. Each of You and Google:<ul style="list-style:lower-roman;"><li>is an independent controller of Personal Information subject to EU Data Protection Laws (<b>"EU Personal Information"</b>) and</li><li>will individually determine the purposes and means of its processing of EU Personal Information.</li></ul><p>For purposes of these Terms, <b>"EU Data Protection Laws"</b> means EU Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and any other relevant and applicable data protection laws or regulations.</p><h3>Section 6: Data Security</h3><p><b>(a) Safeguards</b>. At all times that you (or those acting on your behalf) have access to Google confidential information (which includes, for purposes of these Terms, Personal Information), you (and those acting on your behalf) will maintain reasonable administrative, technical and physical controls designed to ensure the privacy, security, and confidentiality of that information. These controls will meet or exceed relevant industry standards and limit the collection, storage, disclosure, use of, or access to Personal Information solely to personnel and for purposes authorized by the Terms. These controls will be appropriate to your role, operations and exposure to Personal Information under the Terms. You will ensure that any party who receives Personal Information from You is subject to these controls or otherwise provides equivalent or greater protections for the security and privacy of Personal Information. At any time upon Google's request, You will cooperate with Google's reasonable efforts to assess the adequacy of these controls and the controls of anyone acting on your behalf.</p><p><b>(b) Access Controls</b>. You and those acting on your behalf will: (a) maintain reasonable controls to ensure that only individuals who have a legitimate need to access Google confidential information under the Terms will have such access; (b) promptly terminate an individual's access to Google confidential information when such access is no longer required for performance under the Terms; and (c) be responsible for any unauthorized access to Google confidential information under your custody or control.</p><p><b>(c) Data Protection</b>. To the extent that you access, use or otherwise process Personal Information made available by Google, you will:<ul style="list-style:lower-roman;"><li>comply with all privacy, data security, and data protection laws, directives, regulations, and rules in any jurisdiction applicable to You ("Privacy Laws");</li><li>use or otherwise access Personal Information only for purposes which are consistent with the consent obtained by the individual to whom the Personal Information relates or as expressly permitted in the Terms;</li><li>implement appropriate organizational and technical measures to protect the Personal Information against loss, misuse, and unauthorized access, disclosure, alteration and destruction; and</li><li>provide the same level of protection as is required by the EU-US and the Swiss-US Privacy Shield Principles.</li></ul><p>You will regularly monitor your adherence to this obligation and immediately notify Google in writing if you determine that you can no longer, or there is a significant risk that you can no longer, meet the obligation in this subsection (c) and either cease processing or immediately take other reasonable and appropriate steps to remediate such failure to provide adequate levels of protection.</p><p><b>(d) Security Incident Response Program</b>. You will maintain a reasonable incident response program to respond to Security Incidents. If you have reason to believe that a Security Incident has occurred, you will promptly send an email to external-incidents@google.com and provide a complete description of the details known about the Security Incident. "Security Incident" means an actual or reasonably likely loss of or unauthorized disclosure, access, or use of Google confidential information.</p><h3>Section 7: Taxes</h3><p>You are solely responsible for any taxes, fees, and duties imposed by governmental entities related to payment transactions facilitated through the API.</p><h3>Section 8: Co-Marketing Agreements</h3><p>If the parties wish to engage in a co-marketing campaign, the parties will enter into an agreement covering that co-marketing campaign’s terms. You agree that Google may enter into that agreement using a Google affiliate.</p><h3>Section 9: Governing Law and Arbitration</h3><p>The following terms apply if you access or use the API in Central America, South America or China:</p><p>(a) The Terms are governed by California law, excluding California's choice of law rules.</p><p>(b) Nothing in the Terms will limit a party's ability to seek equitable relief. The parties will try in good faith to settle any dispute relating to the Terms ("Dispute") within 30 days after such Dispute arises. If the Dispute is not resolved within 30 days, it must be resolved by arbitration by the International Centre for Dispute Resolution of the American Arbitration Association and conducted in accordance with its Expedited Commercial Rules in force as of the date of the Terms. There will be one arbitrator selected by mutual agreement of the parties. The arbitration will be conducted in English in Santa Clara County, California, USA. Any decision rendered by the arbitrator will be final and binding on the parties, and judgment thereon may be entered in accordance with subsection (c) below. The arbitrator may order equitable or injunctive relief consistent with the remedies and limitations in the Terms. All information disclosed in connection with the arbitration, including the existence of the arbitration, will be considered confidential information and will not be disclosed to third parties except as required by law. The parties may, however, disclose such information to an appropriate court under confidentiality restrictions, as necessary to seek enforcement of any arbitration award or judgment or to seek any relief permitted under the Terms. Nothing in the Terms will limit a party's ability to seek equitable relief necessary to protect its rights pending resolution of the arbitration.</p><p>(c) Either party may petition any competent court to issue any order necessary to protect that party's rights or property; this petition will not be considered a violation or waiver of this governing law and arbitration section and will not affect the arbitrator's powers, including the power to review the judicial decision. The parties stipulate that the courts of Santa Clara County, California, USA, are competent to grant any order under this subsection (c).</p></body></html>