Last updated on January 1, 2025
Definitions
- “API” refers to the Pandabase Application Programming Interface, which allows Merchants to integrate their Applications with Pandabase services.
- “Application” refers to the software or application developed by the Merchant that integrates with the Pandabase API.
- “Merchant” refers to the entity or individual accessing and using the Pandabase API, and who is both developing an Application and acting as a merchant within the context of this agreement.
- “Pandabase” refers to the company providing the API and the payment processing services.
- “Cardholder Data” means any personally identifiable data associated with a payment card, such as, but not limited to, primary account numbers (PAN), card verification values (CVV), expiration dates, and cardholder names.
- “PCI DSS” refers to the Payment Card Industry Data Security Standard, a set of requirements for ensuring that all companies that process, store, or transmit credit card information maintain a secure environment.
- “Raw Cardholder Data” specifically refers to unencrypted or untokenized Cardholder Data.
- “Payment Processing Services” means the transaction and payment services provided by Pandabase.
1. Acceptance of Terms
By accessing or using the Pandabase API (the “API”), the Merchant agrees to be bound by these Terms of Use (“Terms”). If the Merchant does not agree to these Terms, they must not access or use the API. These Terms constitute a legally binding agreement between the Merchant and Pandabase. These Terms may be updated from time to time, and the Merchant’s continued use of the API is deemed acceptance of the updated Terms.
2. Grant of License
Pandabase grants the Merchant a limited, non-exclusive, non-transferable, non-sublicensable, and revocable license to access and use the API solely for the purpose of developing, testing, and supporting Applications that integrate with Pandabase. This license is personal to the Merchant and is subject to their continued compliance with these Terms.
3. API Access and Usage
- Authentication: The Merchant is responsible for maintaining the security and confidentiality of their API keys, tokens, passwords, or other authentication credentials. The Merchant must not share these credentials with any unauthorized third party. The Merchant must use one of the authentication methods provided by Pandabase. In the event of a security breach involving the Merchant’s credentials, the Merchant must notify Pandabase within 24 hours and will be responsible for any damages or losses caused by such breach.
- Rate Limiting: Pandabase reserves the right to impose rate limits on API requests to ensure fair usage and prevent abuse. The Merchant agrees to comply with these rate limits, which may be changed at any time with notice from Pandabase. Pandabase will provide notice of such changes via email or on the developer documentation site. Attempts to circumvent rate limits are a material breach of these Terms.
- Permitted Use: The Merchant is permitted to use the API for the development and operation of their Application solely as it integrates with the Pandabase services. The Merchant’s use of the API does not grant the Merchant any financial access to Pandabase’s underlying transaction systems, except through explicitly permitted and standard API calls. The Merchant must ensure their Application and their use of the API complies with all applicable laws and regulations.
- Prohibited Uses: The Merchant agrees not to use the API in any manner that:
- Violates any applicable laws or regulations, including but not limited to data privacy laws and PCI DSS standards.
- Infringes upon the intellectual property rights of Pandabase or any third party.
- Is abusive, disruptive, harmful, or detrimental to Pandabase, its users, or any third party. This includes any form of harassment, defamation, or hate speech.
- Circumvents or attempts to circumvent any security measures or access restrictions implemented by Pandabase, or bypass Pandabase’s direct transaction processing.
- Transmits malware, viruses, worms, or any other harmful code.
- Collects, stores, or processes personal data without obtaining explicit consent or otherwise violating applicable data privacy laws. All data collection through the API should be in compliance with all relevant data protection regulations. The Merchant is expressly prohibited from receiving, processing, or storing Raw Cardholder Data through the Pandabase API. Only tokenized or aliased card data as supplied by Pandabase is permitted to be handled by the Application.
- Performs excessive API calls that could degrade or disrupt the Pandabase services.
- Attempts to reverse engineer, decompile, or disassemble any part of the API. Reverse engineering the API shall lead to immediate revocation of API keys.
- Engages in any activity that is deemed by Pandabase to be illegal, unethical, or harmful.
- Impersonates any person or entity, or otherwise misrepresents their affiliation with a person or entity.
- Interferes with or disrupts the operation of the API or the Pandabase services.
- Resells, sublicenses, or redistributes the API or any part of Pandabase’s Payment Processing Services to any third party. This includes but is not limited to the creation of a marketplace or platform that uses the Pandabase API to facilitate payments on behalf of other parties.
4. Intellectual Property
All intellectual property rights in and to the API, including any associated documentation, belong to Pandabase. These Terms do not grant the Merchant any rights to Pandabase’s intellectual property except for the limited right to use the API as expressly permitted by these Terms. The Merchant agrees that they will not attempt to claim any ownership of the API, associated services, or any derivative works created using the API which shall belong to Pandabase and considered IP of Pandabase.
5. Data Privacy, Security, and PCI Compliance
- The Merchant is solely responsible for the security, privacy, and legal compliance of their Application.
- The Merchant must implement and maintain adequate security measures to protect any data they process using the API.
- If the Merchant’s Application receives, transmits, or processes any data through the API, the Merchant agrees to fully comply with the Payment Card Industry Data Security Standard (PCI DSS) to the extent applicable to their environment. The Merchant acknowledges that Pandabase is responsible for maintaining PCI compliance for the Pandabase platform itself and that this does not extend to their environment or systems. The Merchant acknowledges and agrees that the Pandabase API is designed to prevent access to Raw Cardholder Data, and the Merchant must not attempt to circumvent this security measure. The Merchant further acknowledges that the use of this API does not grant them direct access to transaction data other than via methods provided by the API.
- The Merchant must comply with all applicable data protection laws and regulations, including obtaining any necessary consents. All data collected via the API is handled under the Merchant’s own privacy policy, not Pandabase’s.
- The Merchant acknowledges that Pandabase may collect usage data as is defined in our Privacy Policy.
- Pandabase retains full ownership and control of all transaction data, and will provide access to transactional information for reconciliation and reporting, but these remain the property of Pandabase.
6. Modifications and Availability of the API
Pandabase will use commercially reasonable efforts to maintain an API uptime of 99.9% excluding scheduled maintenance, but reserves the right to modify, suspend, or discontinue the API (or any part thereof) at any time, with or without notice, and without liability to the Merchant. While Pandabase aims to provide a reliable and available API, it makes no guarantee of its uninterrupted availability or that it will be free from errors. Pandabase will make a reasonable effort to inform the Merchant of any significant interruptions. Pandabase shall have no liability in case of modification, suspension, or discontinuation.
7. Disclaimer of Warranty
THE API IS PROVIDED “AS IS” AND “AS AVAILABLE,” WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED. PANDABASE EXPRESSLY DISCLAIMS ALL WARRANTIES, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. PANDABASE DOES NOT WARRANT THAT THE API WILL BE UNINTERRUPTED OR ERROR-FREE, EXCEPT AS PROVIDED IN SECTION 6 WITH REGARDS TO UPTIME.
8. Limitation of Liability
IN NO EVENT SHALL PANDABASE BE LIABLE TO THE MERCHANT FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, DATA, OR USE, ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR THE MERCHANT’S USE OF THE API, EVEN IF PANDABASE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. PANDABASE’S TOTAL AGGREGATE LIABILITY UNDER THESE TERMS SHALL NOT EXCEED THE AMOUNT THE MERCHANT HAS PAID PANDABASE (IF ANY) IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE LIABILITY.
9. Indemnification
The Merchant agrees to indemnify, defend, and hold harmless Pandabase and its officers, directors, employees, and agents, from and against any and all claims, damages, liabilities, losses, costs, and expenses (including reasonable attorneys’ fees) arising out of or in connection with the Merchant’s use of the API, their Application, or their violation of these Terms, or those of their customers using the application. Pandabase has the right to assume control of the defense of any claims where its financial liability is at stake.
10. Termination
Pandabase may terminate these Terms and the Merchant’s access to the API at any time, with or without cause and with or without notice, without liability to the Merchant. Upon termination, the Merchant shall immediately cease all use of the API, and all related data provided via the API. Sections 4 (Intellectual Property), 5 (Data Privacy and Security), 7 (Disclaimer of Warranty), 8 (Limitation of Liability), 9 (Indemnification), and 11 (Governing Law and Jurisdiction) shall continue to apply post-termination. Upon Termination, the Merchant will cease access immediately, but will have 30 days in which to migrate off the service.
11. Governing Law and Jurisdiction
These Terms shall be governed by and construed in accordance with the laws of Florida, United States, without regard to its conflict of law principles. The Merchant agrees to submit to the exclusive jurisdiction of the courts located in Florida, United States for the resolution of any disputes arising under these Terms.
12. Changes to These Terms
Pandabase reserves the right to modify these Terms at any time. The Merchant is responsible for checking these Terms periodically for changes. The Merchant’s continued use of the API after any such changes constitutes their acceptance of the modified Terms. Should the Merchant not agree with the changes, they have 14 days to inform Pandabase. Following the 14-day notice period, Pandabase reserves the right to disable the Merchant’s access to the API and to terminate their Merchant account.