Contents
- General Terms
- Service-Specific Terms
- General Legal Terms
Introduction
Basic information about us and this MSA
About our Services
Considerations while using our Services
Fees and payment terms
Term and Termination
Intellectual property
Technology Provider
Confidentiality
Source of funds, anti-money laundering, and fraud prevention compliance
Indemnity
Limitation of liability
Miscellaneous
Dispute resolution
General Terms
Introduction
This Master Subscription Agreement (this “Agreement” or “MSA”) is entered into by and between Prometeo (“Provider”) and the customer identified in the applicable Order Form (“Customer”), and is effective as of the Effective Date set forth in such Order Form. Each Order Form forms an integral part of this Agreement and is governed by its terms.
What does this MSA cover?
This MSA governs your access to and use of Prometeo’s software product (the “Product” or the “Services”), which is made available via API and enabled through API credentials. This Agreement sets out the rights and obligations of both parties and forms a legally binding contract between you and Prometeo.
You’ll access everything through an API key. Keep it safe — it's like your password.
Where are the specific conditions?
The applicable Services, fees, and other commercial terms will be specified in the respective Order Form.
Acceptance of services and the importance of the KYC/KYB process
You acknowledge and agree that the Services are provided on an "as is" and "as available" basis, without any express or implied warranties. This means that we do not guarantee uninterrupted availability, error-free operation, or compatibility with your systems. We expressly disclaim any warranties of merchantability, fitness for a particular purpose, non-interference, accuracy, or reliability of the information provided through the Services.
As part of our compliance and risk management procedures, Know Your Customer (KYC) and Know Your Business (KYB) processes are essential. Prometeo, in collaboration with its partners (such as banks and payment service providers, amongst others), reserves the right to request additional information or documentation at any time. Failure to provide the required information may result in delays, limitations, or suspension of the Services.
Important! Make sure you review this.
This section is important
You can access and use our Services via our website or API or an authorised third party.
When you use our Services you might be doing business with other entities, depending on the country and, if applicable, on the currency as well.
You must keep your security details safe and not allow anyone else to use our Services on your behalf, other than Authorised Users.
We might suspend your access to our Services if we think your access might be compromised, you engage in a restricted activity or we believe you may have or will violate any applicable laws.
Third-Party Providers and Information Sharing
To deliver our Services, we rely on third-party partners/providers, such as banks, payment service providers, and other technology partners. By using our Services, you acknowledge and consent to the necessary sharing of information with these providers, strictly for the purpose of enabling and improving the Services.
We take reasonable measures to ensure that our providers meet appropriate security and compliance standards. However, since their operations are independent and outside our direct control, we cannot assume responsibility for any actions, omissions, or service disruptions attributable to such third parties. Even so, we remain committed to working with trusted providers to deliver a reliable and secure service experience.
Please note that, depending on the jurisdiction in which the Services are provided, additional information, consents, or documentation may be required in order to comply with local legal, regulatory, or operational requirements.
Basic information about us and this MSA
About Us and how to contact us
Who we are
You may know us by our brand names, such as Prometeo and PrometeoAPI. Whenever we refer to "Prometeo," "we," "us," or "our," we mean the entity identified as Provider in the applicable Order Form.
How to contact us
You can reach us using the contact details specified in the applicable Order Form. For general inquiries, you may also contact us through support@prometeoapi.com.
About You
The entity identified as "Customer" in the applicable Order Form will be referred to in this Agreement as "you," "your," “Merchant” or "Customer."
This includes affiliates or subsidiaries, provided they are explicitly mentioned in the Order Form. Otherwise, access to the service will be limited to the contracting entity and the users specified in the Order Form.
About this MSA
This MSA governs the provision of our Services and may be supplemented by:
- Order Forms, detailing the specific Services, pricing, and terms. The Initial Order Form is the first executed, with additional Order Forms possible over time.
- Annexes, as required for certain Services.
- Additional Documents, such as our Code of Ethics and Privacy Policy.
In case of conflict, the following order of precedence applies:
- Order Form
- This MSA
- DPA
- Privacy Policy
- Website Terms and Conditions
- Other policies or notices.
MSA = base rules. Order Forms = case-by-case terms.
Changes we can make
We may update this Agreement from time to time. If we make changes, we will notify you at least 30 calendar days in advance via email or the platform where the Services are accessed. If you do not agree with the changes, you may terminate the Agreement during the notice period. If you continue using the Services after the effective date, the changes will be considered accepted.
Some changes may take effect immediately without notice if they clarify terms, comply with laws, introduce new services without added obligations, or reflect industry changes. All updates will be reasonable, necessary, and legally compliant.
About our Services
Access to our Product and new versions
During the Term specified in the Order Form, the Customer may access and use the Services using the authentication method designated by Prometeo — which may include an API Key or mutual TLS (mTLS), depending on the Service. The applicable authentication method will be specified in the technical documentation provided by Prometeo.
We’ll let the Customer know about every new platform release. If the Customer asks to delay an update — and the reason is exceptional and justified — we’re not responsible for any errors or issues that happen during that deferred period.
SaaS Model
Customer will access the Services under a managed services model ("Software as a Service" or “SaaS”), meaning that the underlying infrastructure required for its operation is managed by the Provider.
Restrictions
The Customer may only use the Services as contracted and authorized. Unauthorized use, including resale, third-party access, modification, competitive use, or prohibited activities, is strictly forbidden.
Requirements
1. Eligibility
To access and use our Services, Customer must be a legally registered entity in a supported country or territory and successfully complete our Know Your Customer (KYC) / Know Your Business (KYB) verification process.
2. Authorized Users
The Customer may designate individuals (“Authorized Users”) to use the Services. Each will receive an individual API Key, and access will be linked to their email domain. The Customer must share a list of authorized email addresses with the Provider, which will be used to manage access, monitor activity, and handle billing.
The Customer is fully responsible for what Authorized Users do, including any misuse or unauthorized use. The Provider does not check the authority of each user beyond the initial email match.
In some cases, the Provider may require two-factor authentication (2FA) to access the Services. The Customer agrees to follow these steps when requested.
The Provider may add more advanced user management tools later, including admin roles and permissions.
3. Disputes with Authorized Users
Any issues between the Customer and its Authorized Users about access or use of the Services are their responsibility to resolve. The Provider is not responsible for any problems, losses, or claims that come from those disputes. The Customer must manage and regularly review who has access.
4. Additional Terms and Third-Party Agreements
To provide its Services, the Provider may work with designated institutions or third-party partners/ providers. The Customer acknowledges that access to certain Services may be subject to additional terms and conditions established by such entities. By entering into this Agreement, the Customer expressly agrees to be bound by any applicable terms and conditions required by these third-party providers, as referenced in the Order Form and related schedules.
5. Customer Information and Verification
The Customer must provide complete, accurate, and up-to-date information at all times. The Provider is not liable for any issues arising from inaccurate or outdated information and may request confirmation or supporting documents as needed.
The Provider conducts KYC/KYB and security checks, which may include verifying other parties involved in transactions.
The Customer agrees to promptly provide requested information in an acceptable format. The Provider may verify information through third parties, including credit checks, and disclose relevant data for compliance purposes. Failure to provide or verify required information may result in suspension, limitation, or termination of Services.
Considerations while using our Services
Important! Make sure you review this.
Disclaimer
We do not control or guarantee the time required for validation, transfers, or any other service-related actions, as they depend on third-party processing times, including financial institutions and payment service providers, amongst others.
Provider's Role and Communication
Direct communication with the Provider regarding unauthorized transactions does not imply its involvement in regulated financial activities. Customer acknowledges that Prometeo is not a licensed financial institution and relies on licensed partners/ providers for such activities.
Any communication regarding unauthorized transactions is solely for initial reporting. As a technology service provider, the Provider facilitates the transmission of such reports to its licensed partners, who are responsible for handling regulated activities in accordance with operational protocols and agreements.
Suspension of your access to the Services
The Provider may suspend or restrict the Customer’s access to the Services if it has reasonable grounds to believe that:
- The security of the account or the service of the banking provider has been compromised.
- There is unauthorized or fraudulent activity involving the account or the Services.
- The Customer has violated this Agreement, any applicable policies, or related documentation.
- The Customer has breached the Restrictions clause.
- The Customer is using the Services in a manner that interferes with Provider’s platform or adversely affects third parties.
- The Customer has failed to pay undisputed amounts within the applicable Payment Period, as outlined in the section about Non-Payment.
Provider will notify Customer of any suspension or restriction and the reasons for it as soon as reasonably possible, either prior to or promptly after it takes effect, unless such notification is prohibited by law or would compromise security.
The suspension will end once the Customer resolves the issue, including paying any overdue amounts if needed.
Fees and payment terms
Important! Make sure you review this.
Fees
The Customer will pay the fees listed in the Order Form for each billing period during the term of the Agreement. The setup fee is due when the Agreement is signed.
After that, we’ll send monthly invoices on the first business day of each month, based on the previous month’s usage or the agreed minimum. If the Order Form says something different, that applies.
We may update the fees with at least sixty (60) calendar days’ prior notice.
Additional Charges, Minimum Fees and Implementation Period
Depending on the contracted Services, additional fees may apply if usage exceeds the agreed limits. Any such charges, along with any applicable minimum monthly fees, will be specified in the Order Form.
If the parties agree on an implementation period, the default maximum will be two (2) months — unless a different timeline is stated in the Order Form.
If implementation is not completed by then:
- The Provider may reassign the team starting in the third month.
- The minimum monthly fee may start to apply.
Taxes
Payments must be made free of any deductions or withholdings unless required by law. If withholding is necessary, Customer must increase the payment so that Provider receives the full invoiced amount.
Billing and Payment Period
Invoices will always be issued as specified in the Order Form in USD. If a local currency is referenced, the official exchange rate from the previous business day before the invoice date will apply.
Payment must be made within 30 calendar days from the invoice date (the 'Payment Period').
Here's how billing works, plain and simple.
API call pricing model
The pricing model for API calls may follow a tiered structure, where the unit price goes down as usage increases.
If applicable, the specific tiers and rates will be detailed in the Order Form.
The Provider may also apply flat or volume-based pricing, depending on the type of service and agreement with the Customer.
Payment Disputes
If the Customer disputes an invoice in good faith, it must notify the Provider within the Payment Period. The parties will work to resolve the dispute within 15 calendar days (Discussion Period). During this time, the Customer is not required to pay the disputed amount but must pay all undisputed amounts on time. If no resolution is reached after the Discussion Period, either party may pursue available legal remedies.
Non-Payment
If Customer fails to pay an undisputed invoice within the Payment Period, Provider may suspend services or terminate the Agreement,subject to the following conditions:
The Provider has sent two notifications:
- The first notifying of the outstanding balance.
- The second warning of potential suspension or termination, allowing 10 (calendar) additional days for payment.
The Customer has not paid within 10 (calendar) days of the second notification.
If services are suspended, access will be restored promptly upon full payment.
If the Agreement is terminated:
- Any applicable minimum monthly fee become immediately due.
- The Customer will not be entitled to any refunds.
- The Provider may recover outstanding amounts, including legal fees and collection costs.
If payment is missed and not resolved after notice, the service may be interrupted until payment is completed.
Term and Termination
Term of the Agreement
This Agreement starts on the date shown in the Order Form and lasts for the period stated there (the “Initial Term”). After that, it will automatically renew for 12-month periods unless either party gives written notice at least 30 calendar days before the current term ends.
Termination for breach
Either party can end this Agreement if the other seriously breaks its obligations. The terminating party must send written notice describing the issue. The breaching party has 30 calendar days to fix it.
If the issue isn’t fixed in time — or can’t be fixed — the Agreement ends at the end of that period, or immediately if the problem can’t be solved.
Note: Late payments are handled under the Non-Payment section.
Termination for Regulatory Reasons
Either party may terminate this Agreement if a regulator or competent authority requires it, due to a legal or compliance issue that is attributable to the other party.
The terminating party must:
- Send a written notice explaining the situation, and
- Include any relevant documents that support the regulatory requirement.
If the issue can reasonably be solved without termination, both parties will work together to find a solution before ending the Agreement.
Termination by Notice
Either Party may terminate this Agreement for convenience by providing the other Party with no less than thirty (30) days’ prior written notice. This termination right may be exercised in light of legitimate business, strategic, or regulatory considerations, including product evolution, operational needs, or a material change in business conditions.
Termination under this clause shall not give rise to any indemnity, penalty, or compensation obligation for either Party. The terminating Party shall make reasonable efforts to ensure continuity during the notice period and to fulfill any outstanding obligations agreed before the termination date.
Effects of Termination
When this Agreement ends:
- The Customer must stop using the Services and delete or return any related materials.
- Any outstanding payments become due immediately.
- The Provider will not issue refunds for unused Services.
The following sections will remain in effect:
Intellectual Property, Confidentiality, Indemnity, Limitation of Liability, Dispute Resolution, and any others that by their nature should survive termination.
Even after termination, some sections still apply (like IP or liability).
Service-Specific Terms
The Provider offers two main service verticals: (i) Data Services and (ii) Payment Services. The specific services within each vertical may evolve over time and will be detailed in the applicable Order Form. However, the following sections outline the general terms that govern each category.
Data
This section applies to all data-related services offered by Provider, including, but not limited to, our Account Validation API service. The countries where these services are available may vary from time to time, and any updates to coverage will be communicated accordingly.
Scope of service
The Provider grants the Customer access to its data services, including but not limited to Account Validation, Identity, Fiscal and Banking.
The specific functionalities, technical specifications, and usage limits applicable to the Customer will be detailed in the corresponding Order Form.
Just a reminder: Your actual service is listed in the Order Form.
Account Validation
This service allows the Client to validate the status and ownership of the consulted bank or virtual account, as appropriate, aligned with the service documentation.
Identity
The Identity Validation API allows you to validate identification based on a unique attribute assigned to a person. Currently available: CURP API.
Fiscal
The Fiscal API allows you to obtain or validate tax and/or fiscal information from Tax Agencies, Fiscal or Government Entities. Currently available CEP API (Mexico) and BCU API (Uruguay).
Banking
The Banking API allows you to access your bank's information, such as balances, movements and accounts, with your authorization and in a structured and standardized way.
Usage Restrictions
The Customer agrees to use the data services strictly in accordance with the terms of this Agreement and all applicable laws and regulations.
The data services may be used solely for the purpose of validating bank account details of payees or beneficiaries in connection with payments or transfers to be made by the Customer. Such validation may occur in advance of the payment or transfer and need not be immediate, provided that it is reasonably connected to a legitimate transactional use.
The Customer can’t share, resell, or distribute any data from the Services to third parties unless we give written permission in advance.
The Customer is solely responsible for obtaining the appropriate consent from, or ensuring the informed awareness of, the bank account holder whose data is being validated, as required under applicable data protection laws.
Under no circumstances may the data be used for profiling, marketing, or any other purposes not expressly authorized under this Agreement.
Third-Party Data Sources
We obtain financial and banking data directly from third-party sources such as financial institutions, banks, open banking platforms, amongst others. We act solely in an advisory capacity, providing services for informational purposes only, and disclaim any liability regarding the accuracy or completeness of the validation responses. While we make reasonable efforts to ensure the accuracy and availability of the data, we cannot guarantee its completeness, accuracy, or real-time availability, as the information reflects the latest update made available by the source institution and is subject to the limitations of external providers.
We rely on external sources. That means the info might change,or be incomplete, it's for reference only.
For Informational Use Only
The services are provided solely for informational purposes and do not constitute, and shall not be construed as, financial, legal, tax, accounting, compliance, or any other form of professional advice. The Client acknowledges and agrees that certain information may originate from third-party sources and may include third-party content or opinions. The Provider makes no representations or warranties, express or implied, as to the accuracy, completeness, or timeliness of such information.
The Customer is fully responsible for any decisions made based on the information provided. The Provider is not liable for any loss or damage caused by those decisions.
Service Availability & Updates
The Provider reserves the right to modify, update, or discontinue certain data services or features. Updates may include:
- New functionalities or improvements.
- Changes in response to regulatory requirements.
- Discontinuation of specific data endpoints or integrations.
The Provider will notify the Customer of any material changes affecting the availability or functionality of the services within a reasonable timeframe, unless otherwise required by law or urgent security measures.
Billing for API Responses
The Customer acknowledges and agrees that queries made to the API in the production environment that generate a 200 response code (valid account) or 404 response code (invalid account) will be considered for service billing.
Payments
The Payments section contains general terms for payment services, including A2A and borderless. Details vary by service and are defined in your Order Form.
Scope of Service
The Provider grants the Customer access to its payment services, including, but not limited to, A2A (account-to-account), Borderless, and other related services that may apply depending on the specific operation. This service will enable the Customer to transact through the channels and in the countries made available by Prometeo may provide from time to time.
The specific functionalities, operational limits, and transaction types applicable to the Customer will be detailed in the corresponding Order Form. Service availability may vary by country over time, and the Provider will communicate any updates accordingly.
Just a reminder: Your actual service is listed in the Order Form.
Account to account
Prometeo gives the Customer access to domestic account-to-account (A2A) payment services, which allow real-time bank transfers between end-users and merchants — no cards or intermediaries needed.
The service supports various integration methods, including embedded checkout via widget, Payment Link API or Payment Link non-code.
A2A transfers are domestic and real-time.
Borderless
Prometeo may facilitate access to local collection infrastructure through licensed third parties, enabling the Customer to collect funds in certain countries without requiring local legal incorporation, subject to applicable laws and operational feasibility. Settlement of such funds may occur locally or, in the case of cross-border payments, be requested in a different currency and to a destination of the Customer’s choice, provided the corresponding corridor is enabled and permitted by regulation.
Cross-border collections made simple — where available.
Regulatory and Operational Framework
Prometeo is a technology provider and does not engage in financial intermediation. Certain services may be delivered through integrations with licensed third parties — such as financial institutions, payment processors, or local partners — depending on the service and jurisdiction.
The Customer is responsible for:
- Complying with all applicable laws and regulations, including KYC/AML requirements.
- Obtaining all required licenses, permits, or approvals to use the services as intended.
- Prometeo is not responsible for delays, limitations, or disruptions resulting from third-party infrastructure or legal constraints.
Fees
The applicable Order Form will specify the commercial terms for each Service, which may include, amongst others, one or more of the following:
- One-time setup fee, charged upon activation of the Service.
- Transaction fee, applicable to each processed transaction.
- Tiered pricing, subject to monthly transaction volume thresholds.
- Minimum monthly fee or minimum per-transaction fee, which may be offset based on actual usage.
Fees may vary depending on the type of Service contracted, the country of operation, and the operational model adopted by the Customer (e.g., use of virtual accounts, cross-border settlement, or currency conversion).
Fees vary by service and volume. See the Order Form for details.
Fraud prevention and third-party errors
Fraud Prevention
The Customer is responsible for implementing and maintaining fraud detection and prevention measures in line with industry best practices. The Customer shall immediately notify the Provider upon detecting any fraudulent or suspicious activity related to the services under this Agreement.
Third-Party Errors
The Provider is not responsible for any damage, loss, or harm caused by third-party errors — whether or not those third parties work with us. This includes banks, payment networks, Users, the Customer’s customers, or external technology providers.
Collaboration and Incident Management
In cases of fraud or third-party errors, the Customer shall lead the investigation and resolution while collaborating with the Provider when necessary. The Customer must provide all relevant information to mitigate potential damages or losses.
Audit Rights
The Provider reserves the right to periodically audit the Customer’s use of the Services to verify compliance with fraud prevention and detection obligations. The Customer agrees to fully cooperate with such audits, including providing access to relevant documentation and information.
Liability Reference
The Provider’s liability regarding fraud and third-party errors is subject to the limitations established in the Liability & Indemnification section of this Agreement.
Unauthorized Transactions
If an unauthorized transaction takes place, the Provider may refund the amount to the Customer if:
- The Customer didn’t cause it through fraud or negligence.
- The Customer reported the issue promptly.
- The transaction didn’t use exposed or compromised credentials.
The Provider won’t be liable if:
- The Customer acted fraudulently.
- The Customer delayed reporting the issue.
- The security breach was due to gross negligence.
Make sure you review this.
Chargebacks
If a chargeback, fraud case, or disputed transaction happens, the Provider may withhold, offset, or deduct amounts from future settlements to cover the related loss. This includes any charge or adjustment passed on by payment processors, banks, or other providers involved in the transaction.
The Customer is responsible for these losses if they are connected to its operations, transactions, or end users — even if the chargeback or claim was triggered by a third party.
The Customer must also send any documents or information needed to help resolve the issue.
Settlement period and Timing
Settlement timelines vary depending on the country, type of service, and operational setup. Funds may be settled in real time (T+0), on the next business day (T+1), or within two business days (T+2).
In some cases, settlements may be processed in periodic batches (e.g., daily or weekly), and may also be subject to cut-off times, compliance reviews, or minimum accumulated volume thresholds — especially when using virtual accounts for cross-border collection. As a result, settlement availability may not depend solely on time, but also on regulatory, operational, or commercial conditions.
Timing varies. Some payouts need volume minimums or may settle up to T+2.
Collection and Payment Mandate
If applicable and subject to applicable laws, the Customer may authorize Prometeo to collect payments or receive funds from third parties, and/or to make disbursements to third parties designated by the Client, in connection with the services provided. In such cases:
- Prometeo shall act solely as an intermediary or agent, under a collection mandate or similar arrangement, and shall not acquire ownership or control over the funds at any time;
- All funds received under this mandate shall be held in segregated accounts, separate from Prometeo’s own operational or corporate accounts, and shall not be commingled;
- Prometeo shall not be entitled to use, pledge, or dispose of the funds for any purpose other than carrying out the Client’s payment or disbursement instructions;
- Prometeo shall not be required to execute any disbursement unless sufficient funds have been made available in advance;
- The Customer remains solely responsible for compliance with any legal, regulatory, or tax obligations arising from the use of the service or from the disbursements made, including (but not limited to) reporting, withholding, and remittance of applicable taxes, and any licensing or registration requirements that may apply to the Client’s activities;
- Nothing in this Agreement shall be interpreted as Prometeo engaging in deposit-taking, fund custody, or any regulated financial activity, unless expressly authorized under applicable law.
For clarity, Prometeo acts in its own name but on behalf of the Customer, and shall not be deemed to represent or act in the name of the Client before third parties. Prometeo shall have no liability or obligation toward any third party recipient or payer, and any claims arising from the use of the service shall be directed exclusively to the Client.
Prometeo shall not be liable before regulatory authorities, financial institutions, or third parties for the use, destination, or final traceability of the funds collected or disbursed, as full responsibility for such matters rests exclusively with the Client.
Mandate terms may vary by jurisdiction.
General Legal Terms
Intellectual property
Ownership of the solution and Services
The Provider retains all rights, title, and interest in and to the solution and Services, including, but not limited to:
- The software used to provide the Services.
- All graphics, user interfaces, logos, trademarks, and other materials related to PrometeoAPI.
This Agreement does not grant the Customer any ownership rights over the Provider’s intellectual property, except for the limited right to use the Services as expressly authorized in this Agreement and the applicable Order Form. The Customer acknowledges that PrometeoAPI and its components are protected by intellectual property laws and other applicable regulations.
Feedback
If the Customer provides the Provider with suggestions or ideas for improving the Services ("Feedback"), the Provider may use this Feedback freely, without restrictions or obligations. The Customer acknowledges that:
- Feedback will not be considered confidential.
- The Provider may use, modify, publish, or commercialize Feedback without compensation or credit to the Customer.
- Feedback will not be considered Customer’s trade secret.
Technology Provider
Technology Provider
The Provider is a technology provider and does not engage in financial intermediation under any circumstances.
The technical documentation for the Services is available at: https://docs.prometeoapi.com/docs/te-damos-la-bienvenida-a-prometeo-docs.
Standard Product
The Services are provided as a standard API for all customers and do not constitute a customized solution. However, the parties may agree, through an Order Form, on additional customizations or functionalities, specifying applicable conditions such as timelines and pricing. Any customization will be subject to the Intellectual Property clause.
Confidentiality
Keeping information private
Each party agrees to keep the other party’s Confidential Information private and secure for the entire duration of this Agreement — and for three (3) years after it ends.
You can only use this information to carry out this Agreement. You may only share it with team members, contractors, or advisors who need to know it — and only if they agree to protect it the same way.
What counts as confidential
“Confidential Information” means any information that’s clearly marked as confidential or that should reasonably be understood as confidential — including business plans, technology, pricing, or client data.
Confidential Information does not include information that:
- Is already public (and not because someone broke this Agreement).
- Was known by the receiving party before it was shared.
- Was received from another source that wasn’t under a duty of confidentiality.
- Was developed independently without using the other party’s information.
Legal disclosures
If a party is legally required to share Confidential Information (for example, by a court or regulator), they must let the other party know as soon as possible — unless the law says they can’t. Both parties will work together to limit how much is shared and try to keep it protected.
Return or deletion of information
When this Agreement ends — or earlier if asked — each party must return or securely delete all Confidential Information they received within 30 calendar days.
Each party must also confirm in writing that this is done, unless a law requires them to keep it. In that case, they can only keep it for legal reasons and must keep it safe.
Source of funds, anti-money laundering, and fraud prevention compliance
Please, don’t skip this part.
Lawful Transactions and Compliance
The Customer represents, warrants, and undertakes that all transactions conducted using the Services will be lawful and fully compliant with applicable laws and regulations. The Customer is solely responsible for the legality, execution, and fulfillment of its transactions and obligations towards its own clients, including but not limited to:
(i) The agreements governing payment transactions conducted through the Services; and
(ii) Any applicable laws and regulations governing such transactions.
The Customer agrees to defend, indemnify, and hold harmless the Provider, as well as its affiliates, officers, directors, employees, agents, and advisors, from any liability, claim, damage, or loss arising from Customer’s business activities and relationships with its end users.
Source of Funds
The Customer represents, warrants, and undertakes that all funds used in any transaction related to this Agreement, whether directly or indirectly, have a lawful origin and come from legitimate sources. The Customer guarantees compliance with all applicable laws and regulations on:
- Anti-Money Laundering (AML)
- Counter-Terrorism Financing (CTF)
- Anti-Corruption
- Other regulations related to illicit financial activities
Due Diligence Obligations
The Customer agrees to implement and maintain effective internal controls to verify the identity and legitimacy of the funds, end users, and any parties interacting with the Services under this Agreement.
Upon Provider’s request, the Customer shall provide supporting documentation to verify:
- The lawful origin of the funds used in transactions.
- Transaction records ensuring full traceability and compliance.
The Customer must submit such documentation within a maximum period of three (3) business days.
Service Suspension and Preventive Measures
The Provider reserves the right, at its sole discretion, to request additional documentation from the Customer at any time to verify compliance with this clause. If the Provider has reasonable suspicion that the Customer, its clients, or end users are involved in illegal activities or that the funds used in transactions are of illegitimate origin, the Provider may, without prior notice and without incurring liability:
- Suspend or restrict Customer’s access to the Services.
- Immediately terminate this Agreement.
- Report the matter to relevant authorities and fully cooperate with any official investigation.
Liability Disclaimer
The Customer is fully responsible for meeting financial crime prevention requirements. This includes monitoring its own clients and end users. The Provider is not responsible for any illegal activity carried out by the Customer, its clients, or any third party using the Services.
The Customer agrees to defend, indemnify, and hold harmless the Provider, as well as its affiliates, officers, directors, employees, agents, and advisors, from any liability, claim, damage, or loss resulting from:
(i) Non-compliance with these obligations; and/or
(ii) Any unlawful activity conducted by Customer.
For identification only. We may show your name as a client, but public or marketing use needs your written approval.
Use of name, logos and references
The Provider may include the Customer’s name and logo in its website or pitch materials to show that the Customer uses the Services.
Any other use — including press releases or public announcements — will require the Customer’s prior written approval.
The Customer grants the Provider a non-exclusive right to use its name and logo for these limited purposes, for the duration of the Agreement.
Indemnity
Indemnification by Customer
The Customer will indemnify and hold harmless the Provider from any claims, losses, or damages that come from:
(a) the Customer breaking this Agreement or the law,
(b) the Customer not having the right consents or authorizations to use the data, or
(c) misuse of the Services by the Customer or its users.
This does not apply if the problem comes from a failure or limitation in the Services themselves.
Indemnification by Provider
The Provider will indemnify and hold harmless the Customer from any third-party claims that say PrometeoAPI infringes their intellectual property rights — as long as:
(a) the Customer uses the Services as agreed, and
(b) the claim is not based on changes made by the Customer or used in combination with systems not provided by the Provider.
Indemnification Procedure
The party asking for indemnification must notify the other party in writing as soon as reasonably possible.
The indemnifying party will take over the defense of the claim and can choose its own lawyers. The other party must help if needed.
If the indemnifying party does not act, the other party can handle the defense and seek reimbursement.
Limitation of liability
Important! Make sure you review this.
Liability cap
The Provider’s total liability related to a specific order form won’t be more than the greater of:
the total amount the customer paid under that order form in the last 12 months, or
the annual value of the minimum monthly fee stated in that order form.
This limit applies no matter what kind of legal claim is made — contract, negligence, or any other — and it includes all claims combined.
The Customer agrees that this limit is fair based on the nature of the service and the fees agreed between the parties.
Exclusions from Indemnification Obligations
The Provider’s indemnification obligations shall not apply to claims arising from:
(i) Unauthorized modifications to PrometeoAPI that were not performed by the Provider or were made according to the Customer’s instructions
(ii) Unauthorized use of the Services, including any violations of this Agreement.
(iii) Use of PrometeoAPI in conjunction with third-party components not supplied by the Provider.
(iv) The use of an outdated version of PrometeoAPI when an updated version, capable of preventing such liability, was made available by Provider.
Excluded Damages
Except for breaches of Confidential Information section, neither party shall be liable for:
- Loss of profits, revenue, or business interruption.
- Loss of data or information.
- Loss of opportunity.
- Any consequential, indirect, special, incidental, or punitive damages arising from or related to this Agreement.
Technology and Third-Party Risks
The Provider is not liable for damages caused by viruses, cyberattacks, or other harmful technological elements that may affect the Customer’s systems.
The Provider assumes no responsibility for third-party materials linked to its platform or used by the Customer.
Scope and Disclaimer of Liability
The limitations of liability set forth in this section apply to the benefit of Provider’s officers, directors, employees, agents, and third-party contractors, regardless of:
(a) The legal theory under which the claim is brought, whether contractual, tort-based, or otherwise.
(b) Whether Customer was advised in advance of the possibility of such damages or if such damages were foreseeable.
The Customer agrees that the Provider’s pricing — and the decision to move forward with this Agreement — are based on the liability limits and disclaimers in this section. These terms are a key part of the deal between the parties.
If applicable law limits the enforceability of this section, Provider’s liability shall be limited to the maximum extent permitted by law.
Specific liability for chargebacks, fraud, or unauthorized transactions is described under the Payment Services section.
How is data handled? The processing of personal data is governed by the DPA.
Data Privacy
Data privacy rules may vary depending on the Service and the country where it’s used. Prometeo’s role — as Controller or Processor — and the applicable obligations are described in our Data Processing Addendum (DPA), available at prometeoapi.com/en/legal/dpa.
The DPA is part of this Agreement and applies to all handling of personal data under the Services.
The Customer also agrees to follow Prometeo’s Privacy Policies, which may differ by country. All versions are available at prometeoapi.com/en/legal
Miscellaneous
Force Majeure
Neither party is responsible for delays or failures caused by events outside their control — like natural disasters, wars, pandemics, civil unrest, terrorism, or outages in internet or public services. This doesn’t affect the Customer’s obligation to pay.
The affected party must take reasonable steps to reduce the impact of the situation.
Independent Parties
Each party acts independently. This Agreement doesn’t create a partnership, joint venture, agency, or employment relationship.
Each party is responsible for its own taxes, labor matters, and operating costs.
Entire Agreement
This Agreement, along with the Order Form, any annexes, and linked documents, is the full agreement between the parties. It replaces any earlier agreements — written or verbal — about the same topic.
Severability
If any part of this Agreement turns out to be invalid or unenforceable, the rest stays in effect as if that part were never included.
No Waiver
If a party delays or chooses not to enforce a right under this Agreement, that doesn’t mean they’ve waived it.
Even a partial use of a right doesn’t stop that party from using it fully later.
Assignment
Neither party can transfer this Agreement without the other’s written permission.
However, either party may transfer it with at least 30 days’ notice if there’s a merger, acquisition, major change in control, or corporate restructuring.
Prometeo may also transfer this Agreement to one of its affiliates without asking for consent. The Customer may do the same, as long as any access limits in the Order Form stay the same.
Notices & Communications
The contact details in the Order Form apply to all communications. Notices sent by email or other verifiable methods are valid. If a party changes its address, it must report it within 48 hours — otherwise, the last known address will be used.
Default
If either party fails to meet a material obligation under this Agreement, it will be considered a default. Unless the Agreement says otherwise, the other party may send a written notice giving 10 business days to fix the issue before taking further action.
Electronic Signatures
This Agreement is valid even if it's not signed separately, as long as the Customer signs the related Order Form. That signature confirms acceptance of the MSA and any referenced documents.
Signatures can be electronic (e.g., via PDF or signature platforms). Each signed copy counts as an original. By signing electronically, the parties agree not to challenge the Agreement’s validity.
Dispute resolution
General
In the event of any disagreement arising from this Agreement, the parties agree to make reasonable efforts to reach an amicable resolution through the Dispute Resolution Process outlined below. This section does not limit either party’s right to seek urgent injunctive or interim relief when necessary.
Dispute Resolution Process
Either party may notify the other of a dispute at any time. The designated representatives of both Customer and Provider will discuss the matter in good faith to seek a mutual resolution.
If the dispute is not resolved within 15 business days of notification, each party must submit its position in writing to the other. Senior management representatives from both parties will then meet to discuss the conflict and explore possible solutions.
If the dispute remains unresolved after an additional 15 business days following the written submissions, either party may proceed with a claim in accordance with the following section.
Governing Law and Jurisdiction
The governing law and jurisdiction applicable to this Agreement shall depend on the contracting Provider entity. The following table outlines the applicable legal framework for each jurisdiction:
Entity
QUALIA FINTECH SAS
PROMETEO BRASIL LTDA
PROMEQUALIA S.A. de C.V.
PROMETEAM LLC
PROMEPE S.A.C.
Country
Uruguay
Brazil
Mexico
USA
Peru
Other
Applicable law
Laws of Uruguay
Law of Brazil
Laws of Mexico
Laws of State of Delaware
Laws of Peru
As specified in the applicable Order Form
Jurisdiction
Exclusive jurisdiction of the courts of Montevideo, Uruguay.
Exclusive jurisdiction of the courts of São Paulo, Brazil.
Exclusive jurisdiction of the courts of Mexico City, Mexico.
Exclusive jurisdiction of the state and federal courts located in Delaware
Any dispute shall be finally settled by arbitration under the Centro de Arbitraje de la Cámara de Comercio de Lima (CCL), conducted in Lima, Peru, in Spanish, with one arbitrator. The arbitration award shall be final and binding.
As specified in the applicable Order Form.
General Provisions
This Agreement shall be governed and interpreted according to the laws of the country where the contracting Provider entity is established, as specified in the applicable Order Form.
Any disputes arising from or related to this Agreement shall be subject to the exclusive jurisdiction of the courts listed in the table above.
If the applicable jurisdiction is not explicitly listed, the governing law and jurisdiction shall be those specified in the Order Form.