> For the complete documentation index, see [llms.txt](https://docs.alignlabs.dev/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.alignlabs.dev/legal/developer-terms.md). # Developer Terms These Developer Terms (the "**Terms**") govern access to and use of the Align API and the Services. Please read them carefully. They form a binding legal agreement. ### Acceptance By executing an Order Form that references these Terms, by creating a developer account, or by accessing or using the API - whichever occurs first - the entity doing so ("**Developer**") agrees to be bound by these Terms, together with the Data Transfer and Consent Addendum set out in Schedule 1 and any applicable Order Form (together, the "**Agreement**"). If you accept these Terms on behalf of an organisation, you represent that you are authorised to bind that organisation. ### Parties This Agreement is entered into between: **Align Payments Ltd**, a company incorporated in Canada with MSB registration number N300000203 and registered office at 130 Spadina Avenue, Unit 807, Toronto, Ontario, Canada, M5V2L4, acting on its own behalf and on behalf of its Affiliates (together, "**Align**"); and **Developer**, being the entity that accepts these Terms in accordance with the Acceptance section above, each a "**Party**" and together the "**Parties**." *** ### 1. Definitions In this Agreement, unless the context requires otherwise: "**Applicable Law**" means all laws, regulations, rules, orders, directives, and guidance applicable to a Party's performance under this Agreement, including AML, CFT, sanctions, data protection, and financial services laws in each relevant jurisdiction. "**API**" means the Align application programming interface, including all endpoints, documentation, SDKs, and related tools made available by Align to Developer. "**Align Data**" means all data collected or generated by Align in connection with an End-User's use of the Services, including KYC/KYB verification data, Transaction data, sanctions screening results, compliance records, and service information. "**Affiliate**" means, in respect of Align Payments Ltd, any entity that directly or indirectly controls, is controlled by, or is under common control with Align Payments Ltd from time to time. For this purpose, "control" means the power to direct the management or policies of an entity, directly or indirectly, through the ownership of 25% or more of a class of voting securities or equivalent ownership interest. References to "Align" in this Agreement include Align Payments Ltd and each of its Affiliates. Any rights, obligations, protections, and indemnities conferred on Align under this Agreement extend to and may be enforced by each Affiliate. Align Payments Ltd shall remain primarily responsible for performance of Align's obligations under this Agreement. "**Banking Partner**" means any Canadian or foreign bank, trust company, credit union, money services business, payment processor, card network, or stablecoin issuer that Align engages to facilitate the settlement, funding, conversion, or routing of Transactions under the Services. "**Business Day**" means a day (other than a Saturday, Sunday, or public holiday) on which banks are open for general business in Ontario, Canada. "**Confidential Information**" means all information disclosed by one Party to the other in connection with this Agreement that is designated as confidential or that a reasonable person would understand to be confidential, including technical, commercial, financial, and compliance information, API keys, transaction data, and the contents of any Order Form. These published Terms are not Confidential Information. Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the receiving Party; (b) was known to the receiving Party before disclosure; (c) is independently developed by the receiving Party; or (d) is received from a third party without breach of any confidentiality obligation. "**Developer Application**" means any software application, product, or service operated by Developer that integrates with the Services via the API. "**Developer Data**" means all data collected or generated by Developer in connection with an End-User's use of the Developer Application, including End-User identifiers, account information, and usage data. Developer Data is Developer's Confidential Information. "**Developer Tier**" means the service tier selected by Developer from Align's then-current published pricing tiers (as at the date of these Terms, "Build", "Scale", and "Enterprise"), as set out at or any successor page. The Developer Tier applicable to Developer is identified in the applicable Order Form or other written communication agreed between the Parties. Align may rename, restructure, or update the available Developer Tiers from time to time on not less than thirty (30) days' written notice to Developer. "**Effective Date**" means the date on which Developer first accepts these Terms in accordance with the Acceptance section above (whether by executing an Order Form, creating a developer account, or accessing the API, whichever is earliest). "**End-User**" means any individual or entity that accesses or uses the Services through the Developer Application. "**Fiat Currency**" means a currency that is issued by a country and is designated as legal tender in that country. For the purposes of this Agreement, Fiat Currency includes Canadian dollars and any other foreign currency that meets this criteria, but specifically excludes any Virtual Currency. "**Insolvency Event**" means circumstances where a Party: (a) becomes or is declared insolvent, is unable to pay its debts as they fall due, or admits inability to pay its debts; (b) is the subject of liquidation or insolvency proceedings, including appointment of a receiver or administrator; (c) makes an assignment for the benefit of creditors; (d) enters into a composition or arrangement with creditors; or (e) files a voluntary insolvency petition or has an involuntary petition filed against it that is not dismissed within sixty (60) days. "**Order Form**" means any order form, statement of work, fee schedule, or other written or electronic commercial document agreed between the Parties that references these Terms and sets out, among other things, the applicable Developer Tier, the fees payable, and Developer's designated contacts. "**Personal Information**" has the meaning given to 'personal information' under section 2(1) of the Personal Information Protection and Electronic Documents Act (Canada). "**Personnel**" means a Party's officers, directors, employees, agents, representatives, and contractors. "**Prohibited Person**" means any person or entity that is: (a) listed on any Sanctions List; (b) located, organised, or resident in a Sanctioned Jurisdiction; (c) owned or controlled by, or acting on behalf of, a person described in (a) or (b); or (d) otherwise the target of sanctions administered by any Sanctions Authority. "**Restricted Jurisdiction**" means any country, territory, region, or part thereof in respect of which Align does not provide, or determines in its sole discretion not to provide, the Services from time to time. The list of Restricted Jurisdictions includes, without limitation, every Sanctioned Jurisdiction, and may also include jurisdictions designated by Align for any other reason it considers appropriate, including FATF high-risk or monitoring status, elevated financial crime risk, banking partner or service provider restrictions, absence of appropriate licensing or regulatory coverage, or operational, legal, or reputational considerations. Align maintains the list of Restricted Jurisdictions and may update it at any time without prior notice. "**Sanctions Authority**" means FINTRAC, Global Affairs Canada (including under the Special Economic Measures Act, the Justice for Victims of Corrupt Foreign Officials Act, and the United Nations Act), the Office of the Superintendent of Financial Institutions, the Office of Foreign Assets Control of the U.S. Department of the Treasury, His Majesty's Treasury (United Kingdom), the European Union, the United Nations Security Council, and any other governmental authority administering sanctions programmes applicable to either Party. "**Sanctions Lists**" means any of the consolidated lists of designated persons and entities maintained by FINTRAC, Global Affairs Canada, the Office of the Superintendent of Financial Institutions, the Office of Foreign Assets Control of the U.S. Department of the Treasury, His Majesty's Treasury (UK), the European Union and the United Nations Security Council, in each case as updated from time to time. "**Sanctioned Jurisdiction**" means any country, territory, or region that is the subject of comprehensive (country-wide or region-wide) economic or trade sanctions administered by any Sanctions Authority from time to time. Align maintains and may update the list of Sanctioned Jurisdictions in its sole discretion to reflect changes in Applicable Law. "**Security Breach**" means any act or omission that materially compromises the security, confidentiality, or integrity of a Party's Confidential Information, Personal Information, or End-User data, or the physical, technical, administrative, or organisational safeguards put in place to protect such data. "**Services**" means the fiat-stablecoin payment orchestration, routing, conversion, and settlement services provided by Align via the API, including KYC/KYB verification, virtual account provisioning, and transaction processing. "**Stablecoin**" means a cryptographic token designed to maintain a stable value by reference to a Fiat Currency or other reference asset. "**Transaction**" means any instruction submitted by Developer or an End-User via the API that initiates a payment, conversion, or settlement through the Services. ### 2. Services 2.1 Align provides proprietary API infrastructure ("Align API", "API") to enable Fiat Currencies and Stablecoin payments, routing, conversion, and settlement services. Developer may integrate and use the Services to power payments within the Developer Application. 2.2 The current list of supported corridors, currencies, blockchains, and settlement methods is maintained in the Align developer documentation and incorporated by reference. Align may add or remove corridors with not less than fifteen (15) days' written notice to Developer. Align shall exclusively control the list of supported Fiat Currencies and Stablecoins. Align may suspend or cancel any Order or corridor immediately for compliance, legal, or regulatory reasons without prior notice. Removal of a corridor actively used by Developer shall require thirty (30) days' notice. 2.3 Align may modify, update, or enhance the Services from time to time, provided that any material reduction in functionality shall be subject to not less than thirty (30) days' written notice. 2.4 Align may suspend the Services, in whole or in part, for scheduled maintenance (with not less than 48 hours' notice), emergency maintenance (with notice as soon as reasonably practicable), or for compliance, legal, or regulatory reasons (immediately and without notice where necessary). ### 3. API Access and Restrictions 3.1 **Licence.** Align grants Developer a limited, revocable, non-exclusive, non-transferable licence to use the API solely to integrate the Developer Application with the Services for the duration of this Agreement. 3.2 **Developer obligations.** Developer shall: (a) develop, deploy, and securely maintain the integration between the Developer Application and the API throughout the Term, and promptly remediate any defect, vulnerability, or incompatibility identified by Developer or notified by Align; (b) secure all API keys, credentials, and authentication tokens at all times by implementing security procedures that meet or exceed the standards applicable to federally regulated financial institutions in Canada and the requirements of Section 22 (Developer Security Obligations) and not share them with any third party; (c) implement and maintain reasonable security controls, including encryption of data in transit and at rest; (d) comply with Align's API documentation and integration guidelines; (e) not reverse engineer, decompile, scrape, or attempt to derive the source code of the API or the Services; (f) not resell, sublicence, or provide access to the API to any third party, except as strictly necessary to operate the Developer Application; (g) not use the API in a manner that exceeds reasonable usage limits or that could impair the performance or availability of the Services; (h) offer and provide the Services to End-Users using Developer-branded marketing and End-User communications that comply with Section 23 (Marketing and Financial Promotions); (i) provide Align with accurate, up-to-date, and complete End-User information sufficient to permit Align to (i) evaluate an End-User's eligibility to receive the Services and (ii) conduct ongoing customer due diligence and Transaction monitoring in accordance with Sections 4 and 5; (j) ensure that each End-User is bound by Align's End-User Terms and Privacy Policy prior to being granted access to the Services, in accordance with Section 11.2; (k) monitor End-User usage of the Services and promptly report End-User complaints to Align; (l) inform Align of any suspicious activity by End-Users, and of any termination or suspension by Developer of an End-User's access to the Developer Application, in accordance with Sections 4.4 and 6 (Tipping Off); (m) ensure the delivery to, and acceptance by, End-Users of Transaction confirmations, periodic Align disclosures, and any other documents that Align is required to provide to End-Users under Applicable Law, in the form and manner reasonably specified by Align; and (n) assist Align in verifying the identity of each End-User as reasonably required by Align, Align's banking partners, or any regulatory authority (including FINTRAC), and provide Align with such identity verification information as reasonably requested. By accepting this Agreement, Developer also agrees, on its own behalf, to Align's End-User Terms (as published by Align and updated from time to time) to the extent Developer itself receives the Services as an End-User. Developer shall not use the Services or the API, and shall not permit its Affiliates or End-Users to use the Services or the API, for any activity prohibited by Section 9 (Acceptable Use) or by Align's Prohibited Activities Policy referenced in Section 9. 3.3 **Align obligations.** Align shall: (a) pursuant to Section 3.1, provide Developer with secure access to the API environment; (b) provide integration and ongoing technical support to Developer in connection with the initial design, development, testing, and go-live of the integration between the Developer Application and the API, the scope of which depends on Developer's Developer Tier and which may, at lower Developer Tiers, be limited to self-serve documentation; (c) onboard End-Users to the Services in accordance with Align's AML and sanctions compliance programme maintained under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (Canada) and applicable FINTRAC guidance, and with the End-User eligibility criteria established by Align from time to time (including performing identity verification required to receive the Services) (the "Onboarding Criteria"); (d) use commercially reasonable efforts to process and settle Transactions submitted by Developer through the API in partnership with one or more banking partners, payment service providers, virtual currency trading facilities, and stablecoin issuers, provided that Align does not guarantee that any individual Transaction will be processed, settled, or completed within any particular timeframe; (e) maintain Transaction records in accordance with Section 21 (Record Retention); (f) monitor End-User compliance with Applicable Law and Align's End-User Terms on an ongoing basis. Align retains sole discretion to establish and modify the Onboarding Criteria and to refuse, suspend, or terminate any End-User's access to the Services at any time in accordance with Section 5.5. 3.4 **Rate limiting and fair use.** Align may implement rate limits, throttling, and fair use policies on API usage. Align may restrict or suspend access if Developer's usage exceeds published limits or constitutes abuse. 3.5 **Subcontracting restriction.** Developer shall not permit any third party to access or use the API through Developer's integration, or white-label, resell, or redistribute the Services, without Align's prior written consent. 3.6 **Developer Tiers.** The scope, channels, response times, escalation paths, availability, and any service level commitments applicable to the support described in Section 3.3(b) vary by Developer Tier and are set out in Align's then-current support policies and procedures published at (or any successor page). Dedicated integration engineering, dedicated account management, dedicated communication channels, and uptime or support service level commitments are provided only at the Developer Tiers that expressly include them. Align may update its support policies and procedures from time to time in its sole discretion and without Developer's consent. Where an update would materially reduce the support level applicable to Developer's Developer Tier, Align shall give Developer not less than thirty (30) days' prior written notice, and the update shall take effect automatically at the end of the notice period. Developer's sole remedy in respect of any such material reduction is, before the update takes effect, to (a) change to a different Developer Tier, (b) terminate this Agreement on written notice in accordance with Section 10.1, or (c) accept the change. Continued use of the Services after the update takes effect constitutes acceptance of the updated Developer Tier, support policies and procedures. ### 4. Compliance and Onboarding 4.1 **Developer AML programme.** Developer shall establish, implement, and maintain an AML and sanctions compliance programme appropriate to its business, users, geographies, and products. At Align's reasonable request, Developer shall provide summaries of its AML controls and promptly notify Align of any material changes, investigations, or enforcement actions relevant to the Services. 4.2 **Information requests.** Other than where Section 4.5 applies, Align may request information from Developer on an ongoing basis and may approve, limit, refuse, or suspend access to the Services based on Align's compliance, risk, or banking partner requirements. Developer shall provide all requested data, documents, and records within forty-eight (48) hours of receipt of Align's request. Failure to respond within this timeframe entitles Align to suspend Developer's access to the Services until the information is provided. Any regulatory fines or penalties imposed on Align as a direct result of Developer's failure to respond shall be recoverable from Developer under Section 15.1. 4.3 **Transaction and account blocking.** Align may block, freeze, delay, or reject any Transaction, or suspend any End-User account, for compliance reasons, and may request any information necessary to satisfy its AML, CFT, and sanctions obligations. Developer shall cooperate fully and promptly with any such request. 4.4 **Developer notification obligations.** Developer shall notify Align within twenty-four (24) hours if Developer becomes aware or has reasonable grounds to suspect that any End-User: (a) is or may be a Prohibited Person; (b) is under investigation by any law enforcement or regulatory authority; (c) is involved in or connected to money laundering, terrorist financing, or sanctions evasion; or (d) has provided false or misleading identification information. 4.5 **Requests for information.** Where Align requests information from Developer in connection with an actual or anticipated request from a regulator, law enforcement authority, banking partner, or other competent authority, Developer shall provide all requested data, documents, and records within two (2) Business Days of receipt of Align's request, or within such shorter period as Align may reasonably specify where the requesting authority has imposed a shorter deadline on Align. Developer shall also cooperate with any regulatory examination or supervisory review relating to the Services, including by making Personnel available as reasonably required. Failure to respond within the required timeframe entitles Align to suspend Developer's access to the Services. Any regulatory fines or penalties imposed on Align as a direct result of Developer's failure to respond shall be recoverable from Developer under Section 15.1. This Section 4.5 prevails over Section 4.2 in the event of any inconsistency. 4.6 **Notification of material business changes.** Developer shall notify Align in writing within three (3) days of any of the following: (a) any change in Developer's ultimate beneficial ownership, including the addition, removal, or change of any individual or entity holding, directly or indirectly, 25% or more of Developer's shares or voting rights; (b) any change of Developer's directors, officers, or persons with significant control; (c) any change of Developer's legal name, jurisdiction of incorporation, or registered address; (d) any change of Developer's regulatory status, including the grant, refusal, suspension, revocation, or material variation of any licence, registration, or authorisation relevant to Developer's use of the Services; (e) any material change to Developer's business model, product offering, or End-User base that could affect the risk profile of Transactions processed through the Services; (f) any Insolvency Event; or (g) any litigation, regulatory investigation, or enforcement action that could materially affect Developer's ability to perform its obligations under this Agreement. Upon receipt of any such notification, Align may reassess Developer's risk profile and may require additional information, impose conditions, or suspend or terminate this Agreement in accordance with Section 10. 4.7 **Sanctions monitoring of Developer's Personnel, Affiliates, and service providers.** Developer shall continuously monitor its own Personnel, Affiliates, and service providers involved in the performance of this Agreement against applicable Sanctions Lists. Developer shall promptly notify Align if any such Person becomes a Prohibited Person, and shall remove or replace any such Person within a reasonable time after discovery. Failure to do so is a material breach of this Agreement. 4.8 **Developer recordkeeping.** Developer shall maintain accurate records relating to the Developer Application, End-User onboarding and consent, End-User communications, and Developer's performance under this Agreement, for a minimum of five (5) years from the date of the relevant record or Transaction (whichever is later), mirroring Align's own retention obligations under Section 21. Developer shall grant Align reasonable access to such records on request from a banking partner, payment service provider, or regulatory authority with jurisdiction over Developer or Align, subject to Section 6 (Tipping Off) and Applicable Law. 4.9 **Mutual cooperation.** The Parties shall cooperate to put in place sufficient controls and procedures to obtain and maintain any approvals required for the Services from banking partners, payment service providers, and regulatory authorities (including FINTRAC), and shall otherwise assist each other in fulfilling their respective obligations under Applicable Law in connection with this Agreement. Neither Party shall require the other to take any action that would cause it to violate Applicable Law. ### 5. KYC/KYB Responsibility Allocation 5.1 **Align responsibilities.** Align shall: (a) perform initial KYC verification of individual End-Users in accordance with Align's risk-based customer due diligence procedures; (b) perform initial KYB verification of business End-Users, including beneficial ownership identification; (c) screen End-Users and Transactions against applicable Sanctions Lists; and (d) conduct transaction monitoring for suspicious activity on Transactions processed through the Services. 5.2 **Developer responsibilities.** Developer shall: (a) collect and submit to Align accurate and complete End-User identification information as required by Align's onboarding procedures; (b) maintain its own AML compliance programme proportionate to its business; (c) perform ongoing customer due diligence on its End-Users, including monitoring for changes in risk profile, and promptly notify Align of any material change; (d) apply enhanced due diligence for high-risk End-Users, PEPs, and End-Users in high-risk jurisdictions, and provide Align with the results upon request; and (e) not onboard or submit Transactions for End-Users that Developer knows or suspects are engaged in financial crime. 5.3 **Reliance on Developer-submitted information.** If Align relies on information submitted by Developer to perform KYC, KYB, or sanctions screening, and such information is later found to be false, incomplete, or misleading, Developer shall bear the compliance risk and any resulting liability, including regulatory fines, remediation costs, and banking partner penalties. 5.4 **Bank-initiated enhanced due diligence.** Where a banking partner or upstream financial institution requires enhanced due diligence on any End-User or Transaction, Align may request that Developer promptly provide such additional information as is necessary. Developer shall use commercially reasonable efforts to provide the requested information within forty-eight (48) hours. Align may suspend processing of the relevant End-User's Transactions until the EDD request has been satisfied. Failure to cooperate with EDD requests may result in suspension of affected payment corridors or termination of this Agreement. 5.5 **Dual relationship.** Developer acknowledges that, while Developer maintains the primary commercial relationship with its End-Users, each End-User whose Transactions are processed through the Services is also a customer of Align for all compliance, regulatory, and reporting purposes. Align shall have the independent right and obligation to: (a) perform customer due diligence, enhanced due diligence, and ongoing monitoring on End-Users; (b) screen End-Users and their Transactions against applicable Sanctions Lists; (c) file SARs, STRs, or equivalent reports with relevant authorities without Developer's prior knowledge or consent; (d) block, freeze, delay, or reject any Transaction or refuse to onboard or continue to service any End-User based on Align's own risk assessment, compliance obligations, or the requirements of its banking partners; and (e) retain End-User identification records and Transaction data as required by Applicable Law. Nothing in this Agreement shall be construed to limit Align's ability to satisfy its obligations as a regulated money services business. 5.6 **Regulatory reporting.** Each Party shall be independently responsible for filing SARs, STRs, or equivalent reports with its relevant regulatory authority to the extent required by Applicable Law. Neither Party's obligation to report is contingent on the other Party having identified or flagged the relevant activity. 5.7 **No agency or mandatary relationship.** The Parties expressly acknowledge and agree that Developer is not, and shall not be deemed to be, an agent, mandatary, branch, authorised person, employee or representative of Align for any purpose, including for the purposes of subsection 9.31(1) of the PCMLTFA or the regulations made thereunder. Without limiting the generality of the foregoing: (a) Developer does not conduct any money services business activity on Align's behalf; (b) Developer does not perform customer identification, customer due diligence, enhanced due diligence, sanctions screening, beneficial ownership determination, third-party determination, transaction monitoring, recordkeeping or regulatory reporting on Align's behalf or as Align's agent or mandatary, and Align does not rely on Developer for the performance of any such function; (c) Align discharges its obligations under the PCMLTFA directly, independently and in its own name, using its own personnel, systems and contracted identity verification providers; (d) each End-User enters into a direct contractual relationship with Align by accepting Align's End-User Terms, and is a customer of Align for the purposes of the PCMLTFA independently of any relationship between the End-User and Developer; (e) Developer is an independent business that operates the Developer Application in its own name and under its own regulatory authorisations (if any), and neither Party holds the other out to End-Users or to any third party as its agent, mandatary or representative; and (f) neither this Agreement nor the integration of the Developer Application with the Services creates any partnership, joint venture, fiduciary, custodial, principal-and-agent or principal-and-mandatary relationship between the Parties. The Parties have drafted this Section 5.7 with specific reference to FINTRAC guidance on the principal-and-agent relationship under the PCMLTFA, and intend this Section 5.7 to govern any question of classification that may arise under Canadian AML legislation. ### 6. Tipping Off and Confidentiality of Compliance Actions 6.1 **Non-disclosure obligation.** Developer shall not, and shall ensure that its Personnel do not, disclose to any person (including any End-User, counterparty, or third party) that: (a) a SAR, STR, or equivalent disclosure has been filed or is being considered by either Party; (b) Align has blocked, frozen, delayed, or flagged any Transaction, account, or wallet for compliance, sanctions, or regulatory reasons; (c) any investigation relating to money laundering, terrorist financing, sanctions, or other financial crime is underway or being contemplated; or (d) Align has requested information from Developer in connection with a specific Transaction or End-User for compliance purposes. 6.2 **Permitted disclosures.** Section 6.1 does not prevent disclosure: (a) to the extent required by Applicable Law or order of a competent authority; (b) to Developer's legal counsel for the purpose of obtaining legal advice; or (c) to Developer's own compliance officer or MLRO for internal compliance purposes. 6.3 **End-User communications.** Where Align blocks or delays a Transaction for compliance reasons, Developer may inform the affected End-User only that the transaction is under review or cannot be processed at this time. Developer shall not provide any further detail regarding the reason, the involvement of any regulatory body, or the existence of any report or investigation. 6.4 **Criminal liability notice.** Developer acknowledges that tipping off may constitute a criminal offence under Applicable Law, including section 8 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, S.C. 2000, c. 17 (Canada), Section 333A of the Proceeds of Crime Act 2002 (United Kingdom), 31 U.S.C. § 5318(g)(2) (United States), and equivalent provisions in other jurisdictions. ### 7. Settlement and Execution 7.1 Developer shall provide accurate settlement details for each Transaction, including recipient bank details, wallet addresses, amounts, and currency. 7.2 **Finality.** Completed settlements are final and irreversible. A Transaction shall be deemed final upon confirmation of receipt by the destination bank, payment system, or blockchain network. 7.3 Align does not provide investment advice, portfolio management, or custody of digital assets. Align holds stablecoins and fiat currency solely for the purpose of processing Transactions. 7.4 **FX margin.** Exchange rates applied to Transactions are determined at the time of execution and include Align's margin. ### 8. Settlement Errors and Loss Allocation 8.1 **Developer or End-User error.** (a) Where a Transaction is executed based on incorrect information provided by Developer or an End-User (including incorrect wallet addresses, bank details, amounts, or duplicate submissions), Align shall have no liability to Developer or the End-User for any resulting loss of funds. Completed Transactions based on the instructions received by Align are final and irreversible regardless of error. (b) Align may, but is not obligated to, attempt to recover funds on a best-efforts basis. Any costs incurred by Align in attempting recovery shall be borne by Developer or, where the error is attributable to the End-User, may be passed through by Developer to the End-User. Developer shall reimburse Align for any such costs within seven (7) days of invoice. (c) Where the error is attributable to an End-User, Developer shall be entitled to recover the full amount of any loss from the End-User in accordance with Developer's own end-user terms. Developer shall ensure that its end-user terms expressly state that End-Users are solely responsible for the accuracy of wallet addresses, bank details, and payment instructions, and that neither Align nor Developer shall be liable for funds sent to incorrect destinations as a result of End-User error. (d) Where the error is attributable to Developer, Developer shall bear the financial loss and shall have no right of recovery against Align. (e) Developer shall implement reasonable validation controls in the Developer Application, including wallet address format verification and chain-matching checks, before submitting Transaction instructions to the API. 8.2 **Align error.** Where Align executes a Transaction incorrectly due to a system error, routing mistake, or operational failure attributable to Align, Align shall use commercially reasonable efforts to recover the funds and shall bear the loss up to the liability cap set out in Section 14.1. Developer must notify Align of any suspected error within thirty (30) days of the Transaction date. Align shall have no liability for errors reported after this period. 8.3 **Upstream partner failures.** Where a settlement failure, reversal, freeze, or loss of funds is caused by an act or omission of a banking partner, payment service provider, stablecoin issuer, blockchain network, or other upstream infrastructure provider, neither Party shall be liable to the other. Align shall use commercially reasonable efforts to recover affected funds but does not guarantee recovery. 8.4 **Clawback right.** If a banking partner or payment service provider reverses, recalls, or claws back a settlement that Align has already disbursed to Developer or Developer's End-Users, Align may deduct the corresponding amount from Developer's next settlement payment or invoice Developer for the amount. Developer shall pay any such invoice within seven (7) days. 8.5 **Currency and blockchain risk.** Developer acknowledges the inherent risks associated with stablecoin and blockchain-based payments, including: stablecoin depeg events, blockchain network congestion or outage, smart contract failure, bridge or cross-chain failures, and foreign exchange rate movement between instruction and execution. Align shall not be liable for losses arising from these risks unless caused by Align's gross negligence or wilful misconduct. 8.6 **Dispute timeframe.** Developer must raise any Transaction dispute with Align in writing within thirty (30) days of the Transaction date. Align shall investigate and provide a response within ten (10) Business Days. Disputes not raised within thirty (30) days shall be deemed waived. 8.7 **Developer liability for security failures.** Developer shall be liable for all losses incurred by Align that arise out of, are caused by, or are related to: (a) loss, theft, disclosure, or unauthorised use of API keys or other credentials issued to Developer; (b) unauthorized access to or use of any system operated by Developer or a Developer service provider; or (c) any Security Breach caused by Developer, its Personnel, or a service provider engaged by Developer. Developer's liability for losses caused by its negligence, fraud, or wilful misconduct in connection with Transaction instructions is governed by Section 8.1(d). 8.8 **Risk Reserve.** If Developer wishes to enable End-Users to fund Transactions using reversible pay-in methods (including credit or debit card, ACH, EFT, Interac e-Transfer, Pre-Authorised Debits, SEPA Direct Debit, or any other method subject to chargeback, recall, or reversal), Align and Developer shall agree in writing, in advance, on the size, funding mechanism, and release conditions of a risk reserve to cover Transaction chargebacks, reversals, and recalls. Align may adjust the required reserve amount from time to time based on observed chargeback rates, banking partner requirements, or Developer's risk profile, on not less than fifteen (15) days' notice (or immediately where required by a banking partner or regulator). Align may deduct amounts due from the reserve to satisfy any chargeback, reversal, recall, or other Developer liability under this Agreement. ### 9. Acceptable Use 9.1 **Prohibited activities.** Developer shall not use the Services, and shall ensure that End-Users do not use the Services, for any activity that: (a) is unlawful, unlicensed, or contrary to Applicable Law in any relevant jurisdiction; (b) involves or facilitates financial crime; (c) involves or benefits a Prohibited Person, or is conducted in or involves any Sanctioned Jurisdiction or Restricted Jurisdiction; (d) infringes the intellectual property or other rights of any third party; or (e) is, in Align's reasonable determination, prohibited or restricted by (i) Align's internal compliance, risk, sanctions, or anti-money-laundering policies, (ii) the requirements or restrictions of any Align banking partner, payment service provider, or stablecoin issuer, (iii) any guidance, directive, or instruction issued by FINTRAC or any other regulatory authority with jurisdiction over Align, or (iv) any other internal policy adopted by Align from time to time to manage financial, legal, regulatory, or reputational risk (collectively, the "Align Compliance Policies"). 9.2 **Align Compliance Policies.** The Align Compliance Policies form part of Align's internal AML and risk management program and are confidential. Align may, where consistent with Applicable Law, communicate specific restrictions to Developer where (a) Align declines to onboard a particular End-User or category of End-Users, (b) Align blocks, freezes, or reverses a particular Transaction or category of Transactions, (c) Align identifies a use case that Developer has proposed or implemented as falling within the Align Compliance Policies, or (d) Align determines that disclosure of a specific restriction is necessary to enable Developer to comply with this Section 9. Any such communication forms part of the Align Compliance Policies as between Align and Developer and is binding on Developer from the moment of communication. 9.3 **Updates and discretion.** Align may update, expand, or restrict the Align Compliance Policies at any time and in its sole discretion, without prior notice to Developer and without requiring any amendment to this Agreement. Developer acknowledges that the Align Compliance Policies may change in response to regulatory developments, banking partner requirements, sanctions designations, FATF guidance, or Align's own risk assessment, and that Align is the sole arbiter of whether a particular activity falls within the Align Compliance Policies. 9.4 **Compliance and material breach.** Any use of the Services in breach of Section 9.1 is a material breach of this Agreement. Align may, at its sole discretion and without prior notice or liability to Developer, (a) suspend or terminate Developer's access to the Services, (b) block, freeze, delay, reverse, or refuse to process any affected Transaction, (c) refuse to onboard or terminate any affected End-User, and (d) terminate this Agreement immediately under Section 10.2. ### 10. Termination 10.1 **Termination for convenience.** Either Party may terminate this Agreement by giving not less than thirty (30) days' written notice. 10.2 **Termination for cause.** Either Party may terminate this Agreement immediately by written notice if the other Party: (a) commits a material breach that is not remedied within fourteen (14) days of written notice specifying the breach; (b) commits fraud or is involved in fraudulent activity; (c) becomes the subject of sanctions or is designated as a Prohibited Person; (d) experiences an Insolvency Event; (e) poses a material legal, regulatory, or reputational risk to the other Party; (f) upon thirty (30) days' notice (or immediately where prior notice is prohibited by the relevant authority or Applicable Law) if the terminating Party reasonably believes that termination is required by Applicable Law, or if the terminating Party is expressly required to terminate by a banking partner, payment service provider, or the order of a regulatory authority (including FINTRAC) having jurisdiction over the terminating Party; or (g) immediately if the other Party fails to maintain any licence, registration, or authorisation materially necessary to perform its obligations under this Agreement, including (in the case of Align) its FINTRAC MSB registration. 10.3 **Effects of termination.** Upon termination: (a) in-flight Transactions shall be completed; (b) Developer shall immediately cease using the API and any other Align products; (c) each Party shall return or destroy the other Party's Confidential Information (except as required by Applicable Law); and (d) all outstanding fees shall become immediately due and payable. 10.4 **Wind-down period.** For a period of three (3) months following termination or expiry (or such shorter period as Align determines) (the "Wind-Down Period"): (a) Developer shall continue to make the Services available to End-Users to the extent necessary for Align to complete outstanding Transactions; (b) each Party shall cooperate to address End-User complaints; (c) Developer shall not submit new Transactions or onboard new End-Users; and (d) all compliance obligations shall continue in full. ### 11. End-User Terms 11.1 **Required terms.** Developer shall maintain legally binding end-user terms that are at least as protective as this Agreement with respect to: (a) prohibited activities and acceptable use; (b) compliance with Applicable Law; (c) data protection; and (d) limitation of liability. Developer shall not make representations to End-Users regarding the Services that are inconsistent with this Agreement. 11.2 **End-User acceptance of Align terms.** Developer shall ensure that each End-User is bound by Align's End-User Terms and Privacy Policy (as published by Align and updated from time to time) prior to that End-User being granted access to the Services. Developer may satisfy this obligation by any of the following methods: (a) incorporating Align's End-User Terms by reference into Developer's own end-user terms, such that each End-User is bound by Align's End-User Terms upon agreeing to Developer's terms, and making Align's End-User Terms accessible to End-Users via a link within the Developer Application; (b) presenting Align's End-User Terms directly to End-Users for acceptance within the Developer Application; or (c) where permitted by Applicable Law, accepting Align's End-User Terms on behalf of each End-User, provided that Developer warrants it has obtained the legal authority to do so under its own end-user terms and Applicable Law. Align may, upon thirty (30) days' written notice, require Developer to adopt a different method if required by Applicable Law, a regulatory authority, or a banking partner. Regardless of the method selected, Developer warrants that the implementation is legally sufficient to bind End-Users to Align's End-User Terms under Applicable Law in each jurisdiction where the Developer Application operates. Developer shall be liable to Align for any failure to bind an End-User to Align's End-User Terms. Align's End-User Terms establish a direct contractual relationship between Align and each End-User that is independent from Developer's own relationship with its End-Users. 11.3 **Liability for End-Users.** Developer is solely responsible for the acts and omissions of its End-Users in connection with the Services. Developer shall be liable to Align for any breach of this Agreement caused by or attributable to an End-User as if the breach had been committed by Developer. 11.4 **End-User disputes.** Developer is solely responsible for handling disputes with its End-Users, including refund requests, complaints, and chargebacks. Align has no obligation to engage directly with End-Users unless required by Applicable Law. ### 12. Data Protection and Ownership 12.1 **Data transfer and consent.** The transfer of Personal Information from Developer to Align, Align's handling of that Personal Information, and the onward transfer of that Personal Information by Align to its service providers, banking partners, and regulatory authorities, are governed by the Data Transfer and Consent Addendum set out at Schedule 1 to this Agreement, which is incorporated into and forms an integral part of this Agreement. The Parties acknowledge that Align receives Personal Information as an independent recipient, and not as Developer's processor or agent, because Align determines the purposes and means of processing Personal Information independently in accordance with its obligations as a money services business registered with FINTRAC under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (Canada). Each Party is independently accountable under the Personal Information Protection and Electronic Documents Act (Canada) for the Personal Information it holds. 12.2 **Breach notification.** Each Party shall promptly (and in no event more than forty-eight (48) hours after discovery) notify the other Party of any Security Breach affecting the other Party's Confidential Information or End-User data, and shall take all steps at its own expense as reasonably requested to limit, contain, and remedy the breach. 12.3 **Data ownership.** (a) Align shall own, administer, and control all Align Data. Developer shall have no proprietary rights to Align Data except as necessary to fulfil its obligations under this Agreement. (b) Developer shall own, administer, and control all Developer Data. Align shall have no proprietary rights to Developer Data except as necessary to provide the Services and comply with Applicable Law. (c) The Parties acknowledge that End-User data submitted to Align may overlap with data held by Developer, and each Party independently owns such overlapping data pursuant to its own end-user agreements. End-User data provided by Developer to Align shall be deemed Align Data upon creation of an Align compliance record for that End-User. Align shall not use Developer Data to directly or indirectly solicit End-Users to use services that compete with the Developer Application. ### 13. Confidentiality 13.1 Each Party shall keep the other Party's Confidential Information confidential and shall use it only for purposes of this Agreement. Each Party shall apply industry-standard safeguards to protect the other Party's Confidential Information. 13.2 A Party may disclose Confidential Information to the extent required by Applicable Law, regulation, or order of a competent court or authority, provided that the disclosing Party gives the other Party prompt notice (to the extent legally permitted) and cooperates in seeking confidential treatment. 13.3 A Party may disclose Confidential Information to Personnel, affiliates, or service providers with a legitimate need to know, provided such persons are bound by confidentiality obligations at least as protective as this Section 13. 13.4 The notice requirement in Section 13.2 shall not apply where a Party is required to share the other Party's Confidential Information with a regulatory authority (including FINTRAC, the Office of the Superintendent of Financial Institutions, or any provincial regulator) in connection with a required periodic examination or supervisory review of the disclosing Party's business. ### 14. Limitation of Liability 14.1 **Cap on liability.** Except as set out in Section 14.3, Align's total aggregate liability under this Agreement shall not exceed one hundred thousand US dollars (US$100,000). 14.2 **Exclusion of consequential loss.** Neither Party shall be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits, revenue, data, or business opportunity, however caused and regardless of theory of liability. 14.3 **Exceptions.** Nothing in this Section 14 shall limit liability for: (a) fraud or fraudulent misrepresentation; (b) death or personal injury caused by negligence; (c) any liability that cannot be excluded by Applicable Law; (d) Developer's indemnification obligations under Section 15; (e) Developer's breach of Section 4.4 (Developer notification obligations), Section 4.5 (Regulatory and law enforcement information requests), Section 4.6 (Notification of material business changes), Section 4.7 (Sanctions monitoring), Section 6 (Tipping Off), or Section 9 (Acceptable Use); (f) Developer's obligation to reimburse Align under Section 8.1 or 8.4; or (g) Developer's breach of Section 17 (Anti-Bribery and Corruption). 14.4 **Disclaimer of warranties.** EXCEPT AS EXPRESSLY STATED IN THIS AGREEMENT, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE." ALIGN MAKES NO EXPRESS OR IMPLIED REPRESENTATIONS OR WARRANTIES REGARDING THE SERVICES, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, OR ANY WARRANTIES ARISING FROM COURSE OF DEALING OR TRADE USAGE. ALIGN DOES NOT WARRANT THAT THE SERVICES WILL BE ERROR-FREE OR UNINTERRUPTED. ### 15. Indemnification 15.1 **Developer indemnity.** Developer shall indemnify, defend, and hold harmless Align and its Personnel from and against any claims, losses, liabilities, damages, costs, and expenses (including reasonable legal fees) arising out of: (a) Developer's breach of this Agreement; (b) any act or omission of Developer's End-Users; (c) Developer's failure to comply with Applicable Law; (d) any claim by a third party arising from the Developer Application; or (e) any regulatory investigation, enforcement action, or fine imposed on Align as a result of Developer's or its End-Users' conduct. 15.2 **Align indemnity.** Align shall indemnify Developer from claims arising out of Align's material breach of this Agreement or Align's wilful infringement of a third party's intellectual property rights through the Services, subject to the liability cap in Section 14.1. 15.3 **Procedure.** The indemnified Party shall: (a) notify the indemnifying Party in writing no later than twenty (20) days after receipt of any formal third-party claim that has commenced before a court, arbitral tribunal, or regulatory authority, and no later than thirty (30) days after receipt in all other cases (including, where possible, the amount or estimated amount of liability); a failure to provide notice within these timeframes shall only relieve the indemnifying Party of its indemnification obligation to the extent such failure has caused material prejudice to the indemnifying Party; (b) grant the indemnifying Party sole control of the defence and settlement (provided any settlement imposing obligations on the indemnified Party requires prior written consent); and (c) provide reasonable cooperation at the indemnifying Party's expense. ### 16. Representations and Warranties 16.1 **Mutual representations.** Each Party represents and warrants that: (a) it is duly incorporated, validly existing, and in good standing; (b) it has full power and authority to enter into and perform this Agreement; (c) the execution and performance does not conflict with any other agreement to which it is a party; (d) it is not a Prohibited Person and is not owned or controlled by a Prohibited Person; and (e) no statement or information contained in this Agreement, or furnished by or on behalf of such Party to the other Party in connection with this Agreement, when taken as a whole, contains any untrue statement of a material fact or omits a material fact necessary to make the statements made, in light of the circumstances in which they were made, not misleading. 16.2 **Developer representations.** Developer additionally represents that: (a) it holds all licences and authorisations required to operate its business in each jurisdiction where it uses the Services; (b) it is not the subject of any pending investigation or enforcement action relating to financial crime; and (c) it will promptly notify Align if any of these representations ceases to be true. 16.3 **Align representations.** Align represents that it holds a valid FINTRAC MSB registration and will notify Developer if its regulatory status materially changes. 16.4 A breach of any representation in this Section 16 shall entitle the other Party to terminate immediately. ### 17. Anti-Bribery and Corruption Each Party shall comply with all applicable anti-bribery and anti-corruption laws, including the Corruption of Foreign Public Officials Act (Canada), the Criminal Code (Canada) (including sections 119 to 125 dealing with bribery, fraud on the government, and breach of trust by a public officer). To the extent applicable to the Parties' activities under this Agreement, each Party shall also comply with the U.S. Foreign Corrupt Practices Act and the U.K. Bribery Act 2010. Neither Party shall, directly or indirectly, offer, promise, give, request, agree to receive, or accept any bribe, kickback, facilitation payment, secret commission, or other improper financial or non-financial advantage, whether to or from a public official, a private person, or any intermediary, in connection with this Agreement or the Services. Each Party shall maintain accurate books, records, and internal accounting controls sufficient to evidence compliance with this Section 17 and with the recordkeeping requirements of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (Canada). A breach of this Section 17 is a material breach entitling the other Party to terminate this Agreement immediately under Section 10.2. ### 18. Intellectual Property and Publicity 18.1 Align owns all rights in the Services, the API, and related documentation. No rights are granted except those expressly stated. Developer retains ownership of the Developer Application. 18.2 Feedback provided by Developer to Align may be used freely by Align without obligation. 18.3 Align may identify Developer as a customer in its website, pitch materials, and commercial presentations, provided Align does not imply endorsement or disclose Confidential Information. Developer may request removal at any time for reasonable cause. ### 19. Fees and Payment 19.1 Developer agrees to pay the fees set out in the applicable Order Form. Where the Parties agree additional fees in writing (including by email) before or after the Effective Date, such fees shall apply in addition to those in the Order Form. 19.2 Unless otherwise agreed in the Order Form: (a) fees are invoiced monthly in arrears; (b) invoices are payable within seven (7) days of issue; and (c) all fees are exclusive of VAT or other applicable taxes. 19.3 **Late payment.** Overdue invoices shall bear interest at 4% per annum above the Bank of Canada base rate. If an invoice remains unpaid for more than fourteen (14) days, Align may suspend the Services upon seven (7) days' written notice. 19.4 **Changes to fees.** Align may update the fees with at least thirty (30) days' written notice. Continued use after the effective date of such changes constitutes acceptance. If Developer does not agree, Developer may terminate this Agreement before the changes take effect. ### 20. Audit Rights 20.1 Align may, upon not less than ten (10) days' written notice (or immediately where required by a regulator), audit or appoint a qualified third party to audit Developer's compliance with this Agreement. Developer shall provide reasonable access and cooperation. 20.2 Align shall bear the cost of any audit unless it reveals a material breach, in which case Developer shall reimburse Align's reasonable audit costs. 20.3 Align shall conduct no more than one routine audit per twelve-month period. This limitation does not apply to audits triggered by regulatory requirement or a suspected breach. ### 21. Record Retention Align shall retain all records relating to Transactions, End-User identification and verification, and communications with Developer and end-users, for a minimum of five (5) years from the date of the relevant Transaction or the termination of the End-User relationship, whichever is later. ### 22. Developer Security Obligations 22.1 Developer shall implement and maintain administrative, physical, and technical security safeguards designed to protect Confidential Information, Personal Information, and End-User data from unauthorised access, disclosure, loss, destruction, or alteration. Such safeguards shall be no less protective than those Developer applies to its own confidential information of a similar nature, and shall in all cases meet industry-standard security practices. 22.2 Developer's security measures shall include, at a minimum: (a) encryption of data in transit and at rest; (b) access controls limiting data access to Personnel with a legitimate business need; (c) multi-factor authentication for all systems that access or store End-User data or connect to the API; (d) regular vulnerability scanning and timely patching of known vulnerabilities; (e) secure development practices for the Developer Application, including code review and testing for common vulnerabilities; (f) logging and monitoring of access to systems that process End-User data or connect to the API; and (g) a documented incident response plan that is tested at least annually. 22.3 Developer shall promptly notify Align (and in no event more than forty-eight (48) hours after discovery) of any Security Breach or suspected Security Breach affecting End-User data, Personal Information, API credentials, or any system connected to the Services. Developer shall take all steps at its own expense as reasonably necessary to contain, investigate, and remedy the breach, and shall cooperate fully with Align's own investigation and any notification obligations Align may have under Applicable Law. 22.4 Align may, upon reasonable notice, request evidence of Developer's compliance with this Section 22, including security questionnaires, penetration test summaries (with findings and remediation status), and certifications. Developer shall provide such evidence within ten (10) Business Days of request. 22.5 If Align reasonably determines that Developer's security practices pose a material risk to the Services, End-User data, or Align's infrastructure or banking relationships, Align may require Developer to implement specific remediation measures within a timeframe specified by Align. If Developer fails to implement the required measures, Align may suspend Developer's access to the Services until the deficiency is resolved. ### 23. Marketing and Financial Promotions Developer is solely responsible for all marketing, advertising, financial promotions, and communications about its products that integrate the Services, in every jurisdiction where such materials are published, distributed, or made available to End-Users or prospective End-Users. 23.1 **Local law compliance.** Developer shall ensure that all marketing materials, financial promotions, advertisements, website content, social media communications, and End-User communications comply with all Applicable Laws, regulations, rules, and industry codes in each jurisdiction where they are published or directed, including (without limitation): (a) financial promotions and advertising regulations applicable to payment services and stablecoin-related products in the relevant jurisdiction, including (in Canada) the Retail Payment Activities Act, the Competition Act, guidance issued by the Financial Consumer Agency of Canada, and applicable Canadian Securities Administrators and provincial securities legislation; (b) consumer protection laws, including prohibitions on misleading, unfair, or deceptive practices; (c) data protection and privacy laws governing marketing communications; and (d) any rules or guidance issued by a Sanctions Authority, regulatory body, or industry self-regulatory organisation that apply to the marketing of payment services or stablecoin-related products. 23.2 **Prohibited claims.** Developer shall not, in any marketing material or End-User communication: (a) make misleading, inaccurate, or unsubstantiated claims about the Services, including claims about transaction speed, availability, fees, exchange rates, or regulatory status; (b) describe the Services or any Transaction as "insured," "guaranteed," "risk-free," or use any equivalent language that could mislead End-Users about the nature of the risks involved; (c) represent or imply that Align endorses, sponsors, or approves of the Developer Application without Align's prior written consent; (d) misrepresent Align's regulatory status or licences, or suggest that Align's regulatory status extends to Developer or the Developer Application. 23.3 **Required disclosures.** Developer shall include in its marketing materials and End-User communications all disclosures required by Applicable Law. 23.4 **Liability.** Developer shall be solely liable for any regulatory investigation, enforcement action, fine, penalty, claim, or loss arising from Developer's marketing, advertising, or financial promotions in any jurisdiction. Such liability shall be recoverable from Developer under the indemnification provisions in Section 15.1, and shall not be subject to the liability cap in Section 14.1. ### 24. Notices 24.1 All formal notices under this Agreement shall be in writing and sent by email. Notices to Align shall be sent to (Compliance). Notices to Developer shall be sent to the email address designated by Developer in the applicable Order Form or developer account profile. 24.2 Notices shall be deemed received on the Business Day of transmission if sent before 17:00 (London time), or on the next Business Day otherwise. 24.3 Operational communications via Slack or other agreed channels shall not constitute formal notice. ### 25. Force Majeure Neither Party shall be liable for any failure or delay in performing its obligations (other than payment obligations) to the extent caused by circumstances beyond that Party's reasonable control, including: natural disaster, pandemic, war, terrorism, government action, regulatory change, blockchain network outage or congestion, bank or payment partner suspension, sanctions designation of a counterparty, or failure of third-party infrastructure. The affected Party shall notify the other promptly and use reasonable efforts to mitigate the impact. If the force majeure event continues for more than sixty (60) days, either Party may terminate on written notice. ### 26. Assignment and Change of Control 26.1 Developer shall not assign this Agreement without Align's prior written consent. 26.2 Align may assign this Agreement to an affiliate or in connection with a merger, acquisition, or sale of all or substantially all of its assets. 26.3 **Change of control.** Developer shall notify Align within fourteen (14) days of any change of control. Align may reassess Developer's risk profile and terminate on thirty (30) days' notice if the reassessment identifies material concerns. ### 27. Governing Law and Dispute Resolution 27.1 This Agreement is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein. 27.2 Any dispute shall be resolved as follows: (a) good faith negotiation between designated representatives within fifteen (15) Business Days from the date one Party notifies the other in writing of the dispute; (b) if unresolved, escalation to senior executives of the Parties for a further fifteen (15) Business Days; (c) if still unresolved, and except for disputes relating to Section 6 (Tipping Off), Section 13 (Confidentiality), or Section 18 (Intellectual Property and Publicity), which shall be resolved by the courts of the Province of Ontario sitting in Toronto, any remaining dispute shall be finally resolved by arbitration administered by the London Court of International Arbitration in accordance with the LCIA Arbitration Rules in force at the time of commencement of the arbitration, which Rules are deemed to be incorporated by reference into this clause. The seat (legal place) of arbitration shall be London, England. The number of arbitrators shall be one. The language of the arbitration shall be English. The substantive law of the arbitration shall be the law of the Province of Ontario and the federal laws of Canada applicable therein. The arbitral award shall be final and binding on the Parties, and judgment on the award may be entered in any court of competent jurisdiction; (d) the existence and content of any negotiation, escalation, or arbitration proceedings under this Section 27.2 shall be Confidential Information of both Parties; and (e) nothing in this Section 27.2 prevents either Party from seeking urgent injunctive, declaratory, or other interim relief from a court of competent jurisdiction in aid of arbitration or in respect of any matter referred to in (c) above. ### 28. General Provisions 28.1 **Entire agreement.** This Agreement (together with Schedule 1 and any applicable Order Form) constitutes the entire agreement between the Parties and supersedes all prior discussions, negotiations, and agreements. 28.2 **Amendments.** Align may update these Terms with thirty (30) days' written notice (which may be given by posting an updated version with a revised version number and effective date, or by notifying Developer's designated contact). Continued use after the effective date constitutes acceptance. Developer may terminate before changes take effect. 28.3 **Severability.** If any provision is held invalid, it shall be modified to the minimum extent necessary, and the remaining provisions shall continue in full force. 28.4 **Waiver.** No failure or delay in exercising any right shall constitute a waiver. 28.5 **Third-party rights.** This Agreement does not confer rights on any person other than the Parties. 28.6 **Electronic acceptance.** Developer accepts this Agreement electronically, by executing an Order Form, creating a developer account, or accessing or using the API. The Parties expressly consent to acceptance and execution of this Agreement, and any Order Form, amendment, addendum, or notice hereunder, by electronic means, including signatures captured through DocuSign, Adobe Sign, or any equivalent electronic signature platform, by click-through or in-product acceptance, and by the exchange of executed counterparts by email or other electronic means. Each Party agrees that an electronic signature or electronic acceptance shall have the same legal force and effect as an original handwritten signature. Each Party further agrees that the electronic acceptance and execution of this Agreement is valid, enforceable, and admissible in evidence under the Personal Information Protection and Electronic Documents Act (Canada), the Ontario Electronic Commerce Act, 2000, and any equivalent electronic transactions or electronic signature legislation in the Developer's jurisdiction (including, without limitation, the United States Electronic Signatures in Global and National Commerce Act ("ESIGN"), the Uniform Electronic Transactions Act ("UETA") as adopted in any US state, Regulation (EU) No 910/2014 ("eIDAS"), and the United Kingdom Electronic Communications Act 2000). Each Party represents that the person accepting this Agreement on its behalf has been duly authorised to do so. Neither Party shall contest the validity, enforceability, or admissibility of this Agreement, or of any Order Form, amendment, addendum, or notice hereunder, on the grounds that it was accepted, executed, or delivered by electronic means. 28.7 **Independent contractors.** This Agreement does not create a partnership, joint venture, agency, or trust. Each Party is an independent contractor. Neither Party has authority to bind the other. 28.8 **Further assurances.** Each Party shall execute such documents and perform such acts as the other Party may reasonably require to give effect to this Agreement, including documents required by Align's banking partners or regulatory authorities. 28.9 **Complaints and litigation.** Each Party shall promptly provide the other with copies of any formal proceedings, investigations, subpoenas, or lawsuits received from an End-User, regulatory authority, or third party relating to the Services, unless disclosure is prohibited by Applicable Law. 28.10 **Group structure and parent company.** Align Payments Ltd is a wholly owned subsidiary of Align Labs Ltd, a company incorporated in England and Wales (Company No. 14583880, registered office: 90a High Street, Berkhamsted, Hertfordshire, HP4 2BL, United Kingdom) ("Align Labs"). Align Labs is the parent company of the Align group of companies and is the owner and licensor of the API and related technology, which Align Payments Ltd makes available to Developer under this Agreement pursuant to a sub-licence from Align Labs. Align Labs does not provide any regulated financial services to Developer or to End-Users, is not a party to this Agreement, and has no contractual, custodial, fiduciary, or other obligation to Developer or to any End-User in respect of the Services or any Transaction. All references in this Agreement to "Align" mean Align Payments Ltd only, except where the context expressly requires otherwise. Developer's sole recourse in respect of the Services and this Agreement is against Align Payments Ltd, and Developer waives any right of action, claim, or remedy against Align Labs in connection with the Services. ### 29. Survival The termination or expiry of this Agreement shall not affect any rights, remedies, or obligations that have accrued before termination or expiry, or that are intended by their nature or by express provision to continue beyond it. Without limiting the foregoing, the following provisions survive termination or expiry of this Agreement and shall continue in full force and effect: (a) **indefinitely:** Section 1 (Definitions); Section 4.5 (Requests for Information); Section 5.5 (Dual Relationship); Section 5.6 (Regulatory Reporting); Section 5.7 (No Agency or Mandatary Relationship); Section 6 (Tipping Off); Section 7.2 (Finality); Section 8 (Settlement Errors and Loss Allocation); Section 10.3 (Effects of Termination); Section 10.4 (Wind-Down Period); Section 11.3 (Liability for End-Users); Section 12 (Data Protection and Ownership); Section 13 (Confidentiality); Section 14 (Limitation of Liability); Section 15 (Indemnification); Section 16 (Representations and Warranties); Section 17 (Anti-Bribery and Corruption); Section 18.1 and 18.2 (Intellectual Property); Section 23.4 (Marketing Liability); Section 27 (Governing Law and Dispute Resolution); Section 28.1 (Entire Agreement); Section 28.3 (Severability); Section 28.5 (Third-party Rights); Section 28.9 (Complaints and Litigation); and this Section 29; (b) **for the longer of five (5) years from termination or expiry, or the period required by Applicable Law (including the PCMLTFA):** Section 4.8 (Developer Recordkeeping); and Section 21 (Record Retention); (c) **for two (2) years from termination or expiry:** Section 20 (Audit Rights); and (d) **for twelve (12) months from termination or expiry:** Section 22 (Developer Security Obligations). *** ## Schedule 1 — Data Transfer and Consent Addendum This Data Transfer and Consent Addendum (the "**Addendum**") forms part of, and is subject to, the Align API Developer Terms between Align Payments Ltd ("Align") and Developer (the "Agreement"). Capitalised terms used but not defined in this Addendum have the meanings given to them in the Agreement. This Addendum governs the transfer of Personal Information from Developer to Align, Align's handling of that Personal Information, and the onward transfer of that Personal Information by Align to its service providers, banking partners, and regulatory authorities in connection with the Services. This Addendum is drafted for compliance with the law of Ontario and the federal law of Canada. It does not address the laws of any other jurisdiction. ### 1. Definitions "**PIPEDA**" means the Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5, as amended from time to time, together with any regulations, guidance, and findings issued under it by the Office of the Privacy Commissioner of Canada. "**PCMLTFA**" means the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, S.C. 2000, c. 17, as amended from time to time, together with any regulations and guidance issued under it by FINTRAC. "**Service Provider**" means, in relation to Align, any third party that Align engages to process Personal Information on Align's behalf in connection with the Services, including cloud hosting providers, KYC/KYB verification vendors, sanctions screening vendors, fraud analytics providers, and professional advisers. "**Regulatory Authority**" means FINTRAC, the Financial Services Regulatory Authority of Ontario, the Office of the Privacy Commissioner of Canada, any provincial privacy commissioner, any Canadian law enforcement authority, and any court, tribunal, or self-regulatory body with jurisdiction over Align, Developer, or the Services. "**Privacy Notice**" means Developer's privacy notice, privacy policy, or equivalent disclosure document provided to End-Users at or before the point of collection of Personal Information. ### 2. Roles of the Parties 2.1 **Developer as source.** Developer collects Personal Information directly from End-Users and transfers it to Align for the purposes set out in Section 3 of this Addendum. Developer is responsible for the lawful collection of Personal Information from End-Users under PIPEDA, including obtaining valid consent under sections 6.1 and 7 of PIPEDA. 2.2 **Align as independent recipient.** Align receives Personal Information from Developer and uses it for the purposes set out in Section 3. Align does not act as Developer's agent or processor in respect of Personal Information; Align determines the purposes and means of processing Personal Information independently, in accordance with its obligations as a money services business registered with FINTRAC. Each Party is independently accountable for the Personal Information it holds under PIPEDA. 2.3 **No joint controllership.** The Parties do not intend to create a joint controllership, partnership, or agency relationship in respect of Personal Information. Each Party is separately accountable for its own handling of Personal Information under PIPEDA. ### 3. Permitted Purposes Align shall use Personal Information received from Developer only for one or more of the following purposes: (a) verifying the identity of End-Users and conducting customer due diligence, enhanced due diligence, and ongoing monitoring as required by the PCMLTFA and FINTRAC guidance; (b) screening End-Users and their Transactions against sanctions lists maintained by Canadian and applicable foreign sanctions authorities; (c) processing, routing, converting, and settling Transactions through Align's Banking Partners and Service Providers; (d) detecting, investigating, preventing, and reporting money laundering, terrorist financing, sanctions evasion, fraud, and other financial crime; (e) responding to requests, inquiries, audits, examinations, or orders from a Regulatory Authority; (f) filing suspicious transaction reports, large cash transaction reports, large virtual currency transaction reports, and any other reports required under the PCMLTFA; (g) maintaining records required under the PCMLTFA and other Applicable Law; (h) providing, maintaining, securing, and improving the Services; and (i) complying with Align's obligations under the Agreement and Applicable Law. Align shall not use Personal Information for marketing, advertising, or profiling unrelated to the purposes set out in this Section 3 without obtaining a separate consent directly from the relevant End-User. ### 4. Developer Warranties 4.1 **Lawful collection and consent.** Developer warrants that, in respect of each End-User whose Personal Information is transferred to Align: (a) Developer has collected the Personal Information in accordance with PIPEDA and any other Applicable Law governing the collection of personal information; (b) Developer has obtained the End-User's knowledge and consent, in a form valid under sections 6.1 and 7 of PIPEDA, to (i) the collection of the Personal Information, (ii) the transfer of the Personal Information to Align, (iii) Align's use of the Personal Information for the purposes set out in Section 3 of this Addendum, and (iv) the onward transfer of the Personal Information by Align to Service Providers, Banking Partners, and Regulatory Authorities as contemplated by Section 5 of this Addendum; (c) the Personal Information is accurate, complete, and up to date to the extent necessary for the purposes set out in Section 3; and (d) Developer has no reason to believe that any End-User has withdrawn consent or objected to the transfer of their Personal Information to Align. 4.2 **Privacy Notice.** Developer warrants that its Privacy Notice clearly and plainly discloses: (a) that Personal Information will be transferred to Align for the purposes set out in Section 3 of this Addendum; (b) that Align is a Canadian money services business registered with FINTRAC; (c) that Align may onward-transfer Personal Information to Service Providers, Banking Partners, and Regulatory Authorities inside and outside Canada; (d) that Personal Information will be retained for at least five (5) years as required by the PCMLTFA; and (e) how End-Users may contact Align to exercise their access and correction rights under PIPEDA. Developer shall provide Align with a copy of its current Privacy Notice on reasonable written request. 4.3 **Withdrawal of consent.** If an End-User withdraws consent to the transfer or use of their Personal Information by Align, Developer shall notify Align within two (2) Business Days. Align may nevertheless continue to retain and use the Personal Information to the extent required by the PCMLTFA, any other Applicable Law, or any order or request of a Regulatory Authority, and Developer acknowledges that withdrawal of consent does not override these statutory obligations. 4.4 **No special categories.** Developer shall not transfer to Align any information about an End-User's health, genetic or biometric characteristics, political opinions, religious beliefs, trade union membership, sexual orientation, or criminal record, except to the extent that a document containing such information (such as a government-issued identity document) is reasonably required for identity verification under the PCMLTFA. ### 5. Onward Transfers by Align 5.1 **Service Providers and Banking Partners.** Developer acknowledges and consents, on its own behalf and on behalf of each End-User whose consent Developer has obtained under Section 4.1, that Align may transfer Personal Information to its Service Providers and Banking Partners for the purposes set out in Section 3 of this Addendum. Such transfers may occur inside or outside Canada, including to the United States, the European Union, and the United Kingdom. 5.2 **Contractual safeguards.** Align shall ensure that each Service Provider is bound by written terms that require the Service Provider to (a) use Personal Information only for the purposes for which it was transferred, (b) implement safeguards appropriate to the sensitivity of the Personal Information and consistent with Principle 4.7 of Schedule 1 to PIPEDA, and (c) return or destroy Personal Information on termination of its engagement, subject to any retention obligations under Applicable Law. Align remains accountable under PIPEDA for Personal Information transferred to a Service Provider for processing. 5.3 **Banking Partners as independent recipients.** Developer acknowledges that Banking Partners receive Personal Information as independent recipients (and not as Align's service providers), because Banking Partners are subject to their own regulatory obligations including customer due diligence, sanctions screening, and recordkeeping. Each Banking Partner is independently accountable for its handling of Personal Information under its own legal and regulatory framework. 5.4 **Regulatory Authorities.** Align may disclose Personal Information to any Regulatory Authority to the extent required or permitted by Applicable Law, including in response to a production order, summons, search warrant, administrative request, examination, audit, or mandatory reporting obligation under the PCMLTFA. Align is not required to notify Developer or any End-User of any such disclosure where notification is prohibited by law (including the tipping-off prohibition in section 8 of the PCMLTFA). 5.5 **Transfers outside Canada.** Developer acknowledges that Personal Information transferred outside Canada by Align or its Service Providers may become subject to the laws of the receiving jurisdiction, including laws permitting access by foreign courts, law enforcement, and national security authorities. Align shall use contractual and technical measures consistent with the Office of the Privacy Commissioner of Canada's guidance on transfers for processing to protect Personal Information transferred outside Canada. ### 6. Safeguards 6.1 **Security standards.** Align shall implement and maintain administrative, physical, and technical safeguards appropriate to the sensitivity of the Personal Information, consistent with Principle 4.7 of Schedule 1 to PIPEDA and industry-standard practices for regulated financial institutions in Canada. These safeguards shall include, at a minimum: encryption of Personal Information in transit and at rest; role-based access controls; multi-factor authentication; logging and monitoring; secure disposal of records; and employee training. 6.2 **Personnel.** Align shall ensure that its Personnel who access Personal Information are bound by written confidentiality obligations and have received appropriate training on the handling of Personal Information under PIPEDA. ### 7. Breach Notification 7.1 **Align notification.** If Align becomes aware of a breach of security safeguards involving Personal Information that creates a real risk of significant harm to any End-User (as defined in section 10.1 of PIPEDA), Align shall notify Developer without unreasonable delay and in any event within seventy-two (72) hours of becoming aware of the breach. The notification shall include the information required by section 10.1 of PIPEDA and section 2 of the Breach of Security Safeguards Regulations to enable Developer to assess its own reporting obligations. 7.2 **Independent reporting.** Each Party shall independently assess its obligations to report a breach of security safeguards to the Office of the Privacy Commissioner of Canada and to affected End-Users under section 10.1 of PIPEDA. Neither Party's reporting obligation is contingent on the other Party having reported. 7.3 **Developer notification.** If Developer becomes aware of a breach of security safeguards affecting Personal Information in Developer's possession or control that has been or will be transferred to Align, Developer shall notify Align without unreasonable delay and in any event within seventy-two (72) hours. ### 8. Access and Correction Requests 8.1 **End-User requests to Developer.** Where an End-User submits an access or correction request to Developer under sections 8 and 9 of PIPEDA, Developer shall handle the request in respect of Personal Information held by Developer. If the request relates to Personal Information held by Align, Developer shall direct the End-User to contact Align's privacy officer at the address published on Align's website. 8.2 **End-User requests to Align.** Where an End-User submits an access or correction request to Align under sections 8 and 9 of PIPEDA in respect of Personal Information held by Align, Align shall handle the request in accordance with PIPEDA. Align may refuse or limit access to the extent permitted by sections 9(1) to 9(3) of PIPEDA, including where disclosure would reveal information about a money laundering or terrorist financing investigation or would contravene the tipping-off prohibition in section 8 of the PCMLTFA. 8.3 **Cooperation.** Each Party shall provide reasonable cooperation to the other Party in responding to End-User access, correction, and withdrawal requests, subject to Applicable Law and the tipping-off prohibition in section 8 of the PCMLTFA. ### 9. Retention and Disposal 9.1 **Retention period.** Align shall retain Personal Information for a minimum of five (5) years from the date of the relevant Transaction or the termination of the End-User relationship (whichever is later), as required by sections 12.1 and 13 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations. Align may retain Personal Information for a longer period to the extent required or permitted by any other Applicable Law. 9.2 **Disposal.** On expiry of the applicable retention period, Align shall securely dispose of Personal Information in accordance with Principle 4.5 of Schedule 1 to PIPEDA. 9.3 **Return on termination.** On termination or expiry of the Agreement, each Party may retain Personal Information to the extent required by Applicable Law, including the PCMLTFA. The confidentiality, security, and permitted-purpose obligations of this Addendum shall continue to apply to any Personal Information retained after termination for as long as it is retained. ### 10. Audit and Evidence of Compliance On reasonable written notice (and not more than once per twelve (12) month period, unless a Regulatory Authority requires otherwise or a breach is suspected), Developer may request written evidence of Align's compliance with this Addendum, including a summary of Align's information security controls, its privacy policy, and the list of categories of Service Providers to which Personal Information is transferred. Align shall provide a reasonable response within twenty (20) Business Days of receipt of the request. ### 11. Liability The Parties' respective liabilities under this Addendum are subject to the limitations and exclusions set out in Section 14 of the Agreement, except that nothing in this Addendum or the Agreement limits either Party's liability for statutory obligations under PIPEDA or the PCMLTFA that cannot be limited by contract. ### 12. Precedence and General Provisions 12.1 **Precedence.** In the event of any conflict between this Addendum and the main body of the Agreement in respect of the handling of Personal Information, this Addendum shall prevail. 12.2 **Governing law.** This Addendum is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein, and is subject to the dispute resolution provisions of Section 27 of the Agreement. 12.3 **Amendments.** Any amendment to this Addendum will be made in accordance with Section 28.2 of the Agreement. 12.4 **Term.** This Addendum takes effect on the Effective Date of the Agreement and continues for the duration of the Agreement. Sections 5.4, 7, 8, 9, and 11 of this Addendum survive termination of the Agreement for as long as Align retains any Personal Information. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.alignlabs.dev/legal/developer-terms.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.