These Supplemental Terms for iPay services (the “Supplemental Terms”) strictly pertain to Customer’s election and use of the “iPay Services” and/or the “iPay Ebill Services” by Bottomline through its third-party service provider, Jack Henry & Associates, Inc. (“JHA”).
1. iPay Services
(i) Transaction Delivery. JHA will use commercially reasonable efforts to deliver all payments made to a Payee (as defined herein), including bill payments (each a “Transaction”) in accordance with the Customer’s end users’ payment instructions. JHA makes no representation or warranty that any person or entity to whom Customer’s end users send funds (each a “Payee”) will post a credit to the Customer’s end users’ account in an accurate or timely manner. Due to circumstances beyond JHA’s control, Transactions may take longer to be credited to the Payee account. Therefore, Customer’s end users must schedule the Transaction accordingly. Transactions scheduled after the daily cutoff time or on non-Business Days (as defined below) will be considered entered on the next Business Day. “Business Day” means Monday through Friday, excluding holidays observed by the United States Federal Reserve System. Customer may cancel Transactions by logging onto JHA’s website prior to the established deadlines. There is no charge for canceling a Transaction.
(ii) PCI Compliance. JHA will maintain all PCI DSS requirements to the extent that JHA (i) handles, has access to, or otherwise stores, processes, or transmits Customer’s end users’ cardholder data or sensitive authentication data, or (ii) manages a cardholder data environment on Customer’s behalf.
(iii) Overnight Funds. Funds JHA holds overnight will be deposited in secure overnight accounts. Any income on such funds will be paid to JHA to further offset processing and other costs.
(iv) Transaction Method. Customer authorizes JHA and its third-party providers to remit Transactions using checks, ACH entries, credit or debit cards, EFT or any other method of payment including, but not limited to, the Payee’s IVR or web services or other electronic systems or networks, and to take all actions necessary to process such Transactions.
(v) Funding for iPay Services. JHA will send an ACH debit each Business Day on JHA’s behalf to Customer to collect the funding for the Transactions initiated by Customer’s end users. Any return by Customer of the debit sent to collect the cumulative amount for all daily Transactions is strictly prohibited, and JHA, at its option, may suspend processing of any Transactions on behalf of Customer. As soon as notice is provided to Customer that any debited funds have been returned, Customer shall wire to JHA on that same day immediately available funds in the amount of any returned debit. Customer acknowledges that time is of the essence in its obligation to immediately cover any such returned debited funds. Customer shall indemnify JHA from any and all actual direct loss suffered by either of them from any such returned debit.
(vi) Suspension of iPay Services. JHA reserves the right in its sole discretion to delay or stop scheduled Transactions, or suspend or deactivate the iPay Services at any time without prior notice as reasonably required to terminate or investigate suspicious activities that are potentially illegal, fraudulent or otherwise improper. iPay Services will be suspended or deactivated only for Transactions pertaining to the affected Customer’s end users, and then only to the degree necessary for such purpose. Termination or suspension shall not affect Customer’s liability obligations.
(vii) Biller Directory. Customer may be provided access to a directory of Payees (the “Biller Directory”) compiled by JHA. The Biller Directory is confidential information belonging to JHA and its third-party providers. Customer may only use the Biller Directory in connection with Customer’s use of iPay Services, and Customer may not otherwise use, resell, disclose or otherwise distribute the Biller Directory or the information contained in the Biller Directory. Customer shall cease use of the Biller Directory upon termination of the iPay Services.
2. iPay eBill Services.
(i) No Dependence. The iPay eBill Service is made available only as a component of the bill pay functionality of the iPay Services and is intended to enhance user experience thereof. iPay eBill Services is not intended to replace electronic bills or statements that Customer’s end users are receiving from a person or entity (each a “Biller”) via other means, and Customer’s end users should not depend on the accuracy or timely delivery of eBills provided under the iPay eBill Service. iPay eBill Service cannot be used for other solutions, such as personal financial management.
(ii) Paper Turn-Off. If a Biller decides to terminate the mailing of paper statements to Customer’s end users, JHA will request Customer’s end users’ consent for “Paper Turn-Off”. If a Customer’s end user does not consent to Paper Turn-Off, then that Customer’s end users cannot use the iPay eBill Service for that Biller.
(iii) Requirements. Customer’s end users may be required to agree to certain JHA terms and conditions. In addition, Customer’s end users may be required to agree to certain Biller terms and conditions, and provide JHA with information used by a Customer’s end users to access its accounts with a Biller, such as but not limited, login credentials (“Access Info”). The iPay eBill Service may use Access Info to obtain Customer’s end users’ most recent statement in order for JHA to present such information to Customer’s end users in conjunction with the iPay eBill Service. Customer’s end users’ use of the iPay eBill Service for a Biller is dependent upon acceptance of the terms and conditions, and disclosure of Access Info.
(iv) Access Policies. JHA investigates and remediates unusual activity or attacks on the system hosting the iPay Services. During such investigations or remediations, JHA may limit, suspend, or deny access to the iPay Services for a commercially reasonable period to protect the integrity of the system, and will not be subject to any warranties, service levels, or performance standards for the affected iPay Services. JHA reserves the right to deny or refuse to provide the iPay eBill, Service, or to suspend or terminate access to the iPay eBill Service (a “Denial”) to mitigate JHA’s liability in the following circumstances: (i) a Denial is requested by law enforcement or regulatory agency; (ii) a security breach of or unauthorized access to iPay eBill Services; (iii) JHA deems a Denial necessary for risk management purposes; (iv) suspected or actual fraudulent acts, violations of law, or violations of these Supplemental Terms; or (v) JHA has reason to believe continued access to iPay eBill Service is commercially unreasonable. Denials under this paragraph will continue as long as necessary and will not create any liability from JHA to Customer. JHA shall provide Customer with prompt notice of any such Denial. Customer shall fully cooperate and assist with any investigation of a security breach related to iPay eBill Services.
(v) Data Analytics. “Data Analytics” means monitoring click activity (via tagging) of (i) of any eBill landing page that allows a Customer’s end users to view eBills for an individual Biller, and (ii) an imbedded digital ad graphic so that a Biller may learn whether an eBill ad graphic appearing on its eBill landing page was clicked by a Customer’s end users. Customer authorizes JHA to share Customer’s anonymized Data Analytics with JHA’s third-party providers, permitted assigns, subcontractors, agents and applicable eligible Biller(s). No account or other personal information shall be collected, and use of the Data Analytics shall be limited to click events. Customer’s privacy policies with its end users shall permit Customer to share aggregated, anonymous user behavior information relating to the iPay eBill Service with JHA, its third party providers, permitted assigns, subcontractors, agents and applicable eligible Biller(s).
3. Customer Responsibilities.
(i) Reporting. JHA shall use reasonable care in processing accounts and reports, and Customer will, on a daily basis, check and verify all such reports to confirm that all data has been accurately processed and reported. Customer will report any discrepancies, including without limitation, those related to balancing Customer’s accounts no later than three (3) Business Days following receipt of such reports (the “Reporting Period”). JHA will correct discrepancies reported within the Reporting Period at no charge to Customer. Discrepancies reported after the Reporting Period will be corrected upon request by Customer at JHA’s then-current standard professional services rate.
(ii) Enrollment. Customer shall cause its end users to agree to terms and conditions that include without limitation, authorization to allow Customer, and JHA and its third-party providers, to provide the iPay Services and, if applicable, authorization for Customer or JHA to initiate ACH debits to the Customer’s end users’ DDA account. Customer should review new enrollments and add-on accounts into the iPay Services daily and comply with “know your customer” rules and principles. Customer shall reject or deactivate any fraudulent or ineligible enrollment.
(iii) Compliance. Customer shall be responsible for compliance with all applicable laws and regulations including, without limitation, compliance with error and dispute resolution procedures specified under OFAC, the Electronic Funds Transfer Act of 1978 and the regulations and interpretations promulgated thereunder (including, without limitation, Regulation E of the Federal Reserve Board (“Reg E”)) relating to Customer’s use of the iPay Services and obtaining express authorization for each Customer’s end users’ use of the iPay Services. Customer agrees to comply with all NACHA Rules, and that JHA and its Originating Depository Financial Institution (ODFI) (as defined by NACHA) have the right to audit Customer’s compliance with these Supplemental Terms and the NACHA Rules, and to terminate or suspend the iPay Services for breach thereof. In accordance with NACHA rules, (a) Customer authorizes JHA and its ODFI to originate ACH entries on behalf of Customer to receivers’ accounts; (b) Customer agrees not to originate entries that violate the US or state laws; and (c) Customer understands and agrees that JHA will not process or originate any international ACH or other Transactions identified by JHA.
(iv) Texas Regulatory Requirements. Where Transactions are being processed on a Texas ”pay-from” account, Customer agrees that (a) JHA is acting as Customer’s agent for the purpose of providing the iPay Services and JHA agrees to act only within the scope of authority conferred by these Supplemental Terms; (b) Customer assumes all legal responsibility in the State of Texas for satisfying all money services obligations owed to Customer’s end users in Texas upon receipt of the Customer’s end users’ money or monetary value; and (c) Customer assumes all risk of loss that a Customer’s end users may suffer as the result of the failure of JHA or its agents to transmit the Customer’s end users’ funds to the intended Payee.
(v) Disclosures. Customer will provide its end users with all disclosures required under applicable federal, state and local laws, rules and regulations related to use of the iPay Services, including without limitation, the initial disclosures required under Reg E (the “Initial Disclosures”). Customer shall include in the Initial Disclosures the appropriate telephone number or email address (which may be a telephone number or email address maintained by Customer or a telephone number maintained by JHA) for the Customer’s end users to contact with questions about the iPay Services, and a statement that Customer may require written confirmation of any oral notice of billing errors. Where a JHA hosted interface is used, JHA will provide Customer with the ability to present Transaction disclosures to its end users during the enrollment process; however, Customer is responsible for creating such documents and providing the documents to its end users. The disclosure must specifically address, but not be limited to, the requirements of Reg E and the Customer’s end users’ responsibility for maintaining the security and determining the strength of the Customer’s end users’ passwords.
(vi) Fraud Mitigation. If Customer (a) becomes aware of suspected or confirmed fraud event, (b) determines that its end users’ information has been compromised, or (c) processes a change in the ownership of an account, Customer must notify JHA as soon as practical to limit potential losses to the Customer and its end user(s). JHA will conduct periodic reviews of certain high-risk activity and will notify Customer of the existence of “red flags” as it relates to fraud or identity theft, provided however, JHA makes no guarantee that all fraud and identify theft will be identified. JHA will provide available information to assist with any investigation. JHA shall not be liable for fraudulent and otherwise unauthorized access to and use of the iPay Services except to the extent attributable to JHA’s gross negligence or willful misconduct. Customer is responsible for the selection and use of user authentication and other security features.
(vii) Error Notification. Customer is responsible for assisting JHA with returns, exception handling and recovery of funds in the event of erroneous credit entries. JHA reserves the right to correct Transactions that were incorrectly executed, regardless of the nature and cause of the error.
(viii) Payment Files. Where JHA is providing a daily payment file to Customer for processing, Customer is responsible for the timely receipt and posting of the payment file. Cancellations must be complete before the cancellation cut off time specified for Customer. If Customer elects to operate under the managed risk model, Customer understands and agrees that it will not have the opportunity to review and cancel Transactions and assumes all liability for Transactions scheduled on its Customer’s end users’ accounts, including without limitation, Transactions scheduled by Customer’s end users in error, Transactions scheduled on accounts with insufficient funds or closed accounts, or Transactions identified as fraudulent.
(ix) Returned Debits. JHA provides the iPay Services based on an ACH debit sent by JHA to Customers to collect the funding for the bill payments initiated by Customer’s end users. Any return of the debit is strictly prohibited. In the event of any returned debits, JHA shall notify Customer via telephone and email. Customer shall make alternate arrangements with JHA for its immediate payment to JHA of the amount of the returned debit as set forth herein. Customer acknowledges that it is responsible for ensuring strict compliance with the collection of such cumulative amount through such debit sent by JHA, and adherence to the requirement that such debit may not be returned. Customer guarantees payment to JHA, as described herein, of such correctly debited funds. As soon as notice is provided to Customer that any debited funds have been returned, Customer shall promptly wire to JHA on that same day available funds in the amount of any returned debit. Customer acknowledges that time is of the essence in its obligation to cover any such returned debited funds. Subject to the limitations forth in these Supplemental Terms, Customer shall indemnify JHA from any and all actual direct loss suffered by JHA from any returned debits.
(x) Multi-Factor Authentication. JHA offers Customer options on how to implement multi-factor authentication (“MFA”) each time a Customer’s employee logs in to the JHA website and iPay Services portal. Customer acknowledges and agrees use of such MFA options will reduce the risk of unauthorized access to Customer information, including non-public personal information of Customer’s End-Users. If Customer declines to use such MFA options, Customer accepts the risk of unauthorized access to the JHA website and iPay Services portal and Customer releases JHA of any responsibility or liability related thereto.
4. Subcontractors; Third Party Software & Services. JHA may use subcontractors at its discretion and shall remain responsible for the performance thereof. JHA reserves the right to replace third party software and services integrated into the iPay Services upon prior written notice to Customer. Customer shall not use third party software and services separately from the iPay Services. Customer authorizes JHA to report applicable Customer metrics associated with Customer’s use of any third party software or service to its third party providers. Customer accepts all risk of loss or damage related to applicable third party software and services and will address any issues related thereto directly with the provider thereof. Customer’s use of third party software and services may be subject to provider’s EULA. Subject to section 9 below, JHA’s liability damages with respect to third party software and services for any cause whatsoever, regardless of the form of action, whether in contract or in tort, including negligence, shall be limited to the lesser of (i) the actual damages suffered by Customer, or (ii) the purchase price of the third party software and services that caused the damages. In no event will JHA be liable for (i) any damages caused by Customer’s failure to perform its responsibilities, (ii) any third party claims against Customer, (iii) any damages caused by the performance or non-performance of the third party software and services, (iv) programming not designed or manufactured by JHA, or (v) loss of funds contained in, dispensed by, or associated with any third party software and services.
5. JHA Representations & Warranties. JHA warrants that for a period of ninety (90) days following the date of implementation by JHA, the unmodified iPay Services will operate in accordance with the related Documentation. Documentation means all installation and operating instructions, end-user manuals, end-user agreements, training materials, guides, listings, functional and technical specifications relating to the iPay Services, including any revisions or additions thereto. JHA does not warrant that the iPay Services are error-free or will operate in an uninterrupted manner, however JHA shall apply commercially reasonable efforts to correct errors in the unmodified iPay Services that Customer reports during the warranty period at no extra charge to Customer. This section sets forth Customer’s sole remedy with respect to errors. THE FOREGOING WARRANTIES ARE IN LIEU OF ALL OTHER WARRANTIES RELATING TO THE IPAY SERVICES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. JHA makes no warranties for third party software and services and any warranties provided to Customer, or to JHA for the purpose of passing through to Customer, by an applicable provider exclusively apply.
6. Confidentiality. Confidential Information means all information and material that is confidential and proprietary to a party, whether provided in writing, electronically, orally, or by any other means or medium, and whether or not marked as confidential, and includes, but is not limited to trade secrets, software, object code, source code, file specifications, Documentation, systems, procedures, manuals, confidential reports, business plans and customer lists, and nonpublic personal information as defined in the Gramm-Leach-Bliley Act. All Confidential Information shared between the JHA and Customer during the term of these Supplemental Terms is received in strict confidence. Each party agrees not to disclose Confidential Information to any third party and to take reasonable precautions to prevent the unauthorized disclosure of the Confidential Information to any third party, except as necessary by reason of legal, accounting, or regulatory requirements beyond the reasonable control of the parties. The receiving party agrees to treat the Confidential Information with the same degree of care that it applies to its own Confidential Information, but with at least reasonable care. The receiving party will ensure that any person given access to Confidential Information is legally bound to protect the Confidential Information on terms no less strict than those set forth herein.
7. Intellectual Property.
(i) Websites. Where Customer is using the JHA-hosted website, Customer acknowledges and agrees that the Customer-branded iPay Services web pages, together with associated URLs and web addresses owned or registered to JHA, and all design elements and features, remain the exclusive property of JHA. and that all rights of Customer to access and use the same will terminate upon termination of these Supplemental Terms. JHA acknowledges and agrees that all logos and trademarks of Customer incorporated into the design of Customer’s iPay Services web pages will remain the exclusive property of Customer and may not be used by JHA following termination of these Supplemental Terms. Customer warrants that it holds a valid copyright title or license to any and all text and images which it wishes to display on its iPay Services web pages and Customer grants JHA a non-exclusive royalty-free license to display such text and images.
(ii) General. All intellectual property, including without limitation, all rights in patentable inventions, trade secrets, know-how, database interests, and copyrights that JHA uses to provide the iPay Services are the sole property of JHA and its licensors. Customer’s rights to use iPay Services are limited to Customer’s access thereto. Any derivative works of the iPay Services are the property of JHA and its licensors, regardless of who creates or pays for the derivative work. If Customer is enjoined or otherwise prohibited from using the iPay Services as a result of an infringement claim against JHA, JHA shall, at its sole expense and option, promptly (i) procure for Customer the right to continue to use the iPay Services, (ii) modify the iPay Services so that it becomes non-infringing, without substantially diminishing the form, features, functionality, or performance of the iPay Services, or (iii) replace the iPay Services with Services that are non-infringing, with materially equivalent features, functionality, and performance. If JHA cannot, within a reasonable period of time, procure, modify, or replace the iPay Services involved, JHA may terminate Customer’s right to use the iPay Services after giving Customer advance notice, if possible, under the circumstances. Upon such termination, JHA shall pay a refund to Customer equal to the fees received for iPay Services involved for the previous twelve (12) months. THIS SECTION SETS FORTH JHA’S ENTIRE LIABILITY, AND CUSTOMER’S EXCLUSIVE REMEDY, FOR ANY INFRINGEMENT OF THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS.
8. Customer Indemnification. JHA will not be liable for and Customer will indemnify JHA and its third party providers, and at JHA’s option will defend JHA and its third party providers, for Losses (as defined below) from any (A) infringement claim that arises out of (a) Customer’s text, images, copyrights, trademarks, service marks, trade names and/or patents, or (b) the following acts by Customer, or any third party engaged by Customer, (i) any combination of the iPay Services with any other non-JHA software or services; (ii) any unauthorized installation, use, access, copying, reproduction and/or distribution of any portion of the iPay Services; (iii) any modification of the iPay Services; (iv) failure to implement corrective or updated iPay Services in a timely manner; or (v) use of the iPay Services not in compliance with its Documentation, or (B) Customer’s end user(s) claims relating to the authorization of JHA and its third party providers to provide iPay Services and the attendant results from the provision of the iPay Services, including but not limited to insufficient funds, repudiation of authorization for payment, fraud on a Customer’s end users account, and late fees.
9. Limitation of Liability The maximum amount of JHA’s cumulative liability for losses, liabilities, damages, claims, costs, expenses, and reasonable attorney fees actually paid (collectively, “Losses”) recoverable by Customer with respect to any iPay Service will not exceed the fees received for the iPay Services during the previous twelve (12) months, less expenses and pass-through costs. JHA WILL NOT BE LIABLE FOR ANY INCIDENTAL, CONSEQUENTIAL, INDIRECT, PUNITIVE, OR SPECIAL DAMAGES UNDER THIS AGREEMENT, WHETHER FORESEEABLE OR UNFORESEEABLE AND WHETHER BASED ON BREACH OF EXPRESS OR IMPLIED WARRANTY, BREACH OF CONTRACT, STATUTE, MISREPRESENTATION, NEGLIGENCE, STRICT LIABILITY IN TORT, OR OTHER CAUSE OF ACTION, EVEN IF JHA WAS AWARE OF THE POSSIBILITY THAT THOSE DAMAGES COULD OCCUR. Additionally, JHA shall incur no liability because of the existence of any one or more of the following circumstances: (i) the iPay Services are not working properly and Customer knows or has been advised by JHA about the problem before the Customer’s end user executes the Transaction, (ii) a Customer’s end user has not provided JHA with accurate personal information, the correct name, address, phone number, or account information for the Payee, or otherwise provided incomplete Transaction instructions, or (iii) issues with the timely delivery by the US Postal Service. The remedies expressly set forth in these Supplemental Terms are exclusive. Notwithstanding the foregoing, in the event of a threatened or actual breach of these Supplemental Terms, JHA or Customer may seek injunctive or other equitable relief without posting security and without prejudice to any other rights. No action arising out of these Supplemental Terms may be brought by Customer or JHA more than two (2) years after the cause of action has accrued. The prevailing party in any litigation conducted in relation to these Supplemental Terms will be entitled to recover its reasonable attorneys’ fees from the other party.
10. Audit. The records that JHA maintains for Customer are subject to examination by Customer’s regulators and Customer authorizes JHA to provide the examiners access thereto. Reasonable expenses that JHA incurs during any examination may be charged to Customer. JHA shall provide an accounting of all expenses upon Customer’s request.
11. Force Majeure. JHA will not be liable to Customer or any other person or entity for failure to fulfill JHA’s obligations due to the occurrence of a Force Majeure Event. Upon the occurrence of a Force Majeure Event, JHA shall apply reasonable steps to mitigate the effect of the event upon its performance of these Supplemental Terms. Force Majeure Event means an event beyond the reasonable control of a party, including, but not limited to, acts of God, public disaster, fire, weather conditions, flood, riot, war, terrorism, civil discord, labor strikes or labor disputes impacting other parties, judicial orders or judicial decrees, governmental laws, governmental regulations, Destructive Elements introduced by other parties, electronic attack or infiltration, internet disturbance, or interruptions of communications, transportation, electricity or other public utilities. Destructive Elements means computer code that is not part of the product design as described in the Documentation and is designed to disrupt, disable, harm, or otherwise impede the operation of the Software or any other software, firmware, hardware, computer system or network (sometimes referred to as “viruses” or “worms”) or to allow a third party to gain unauthorized access to data.
