Terms of Service

"Agreement" means these Terms of Service together with any order form, pricing schedule, or addendum agreed between the parties in writing.

"BankLink", "we", "us", or "our" refers to BankLink, a company registered under the laws of the Republic of South Africa.

"Client", "you", or "your" refers to the legal entity or individual that has accepted these Terms and is accessing the Services.

"Services" means the BankLink API, dashboard, developer tools, sandbox environment, and any associated documentation and support services made available by BankLink.

"API" means the application programming interface provided by BankLink through which Clients may request access to financial account data held by South African financial institutions.

"Developer Product" means any software application, platform, or service built by the Client that incorporates the Services.

"End User" means any individual who uses the Client's Developer Product and whose financial account data is accessed through the Services pursuant to that individual's consent.

"Financial Data" means transaction records, account balances, account metadata, and any other financial information retrieved from a financial institution through the Services.

"Personal Information" has the meaning assigned to it in the Protection of Personal Information Act 4 of 2013 ("POPIA").

"Confidential Information" means any information disclosed by one party to the other that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and circumstances of disclosure.

By registering for, accessing, or using the Services, you confirm that you have read, understood, and agree to be bound by this Agreement. If you are accepting on behalf of a legal entity, you represent and warrant that you have authority to bind that entity.

BankLink may amend this Agreement at any time by providing not less than 30 days written notice to the email address associated with your account. Amendments will take effect at the end of the notice period. Your continued use of the Services after that date constitutes acceptance of the amended Terms. If you do not accept an amendment, you must cease using the Services before the amendment takes effect.

BankLink may also update the Agreement immediately and without prior notice where required to comply with applicable law, regulatory requirements, or a binding order of a court or regulatory authority. BankLink will notify you of such changes as soon as reasonably practicable.

Access to the live production environment of the Services requires successful completion of BankLink's accreditation process. BankLink reserves the right to decline or revoke accreditation at its sole discretion.

You must provide accurate, truthful, and complete information during registration and accreditation, and must update such information promptly if it changes.

You are responsible for maintaining the confidentiality of your account credentials, including API keys and dashboard access credentials. You must notify BankLink immediately at security@banklink.co.za if you suspect any unauthorised access to or use of your account or credentials.

You may not share, transfer, or assign your account or credentials to any third party without BankLink's prior written consent.

BankLink may require you to re-complete accreditation at any time if there is a material change to your business, Developer Product, or the nature of data you intend to access through the Services.

Subject to this Agreement and payment of applicable fees, BankLink grants you a limited, non-exclusive, non-transferable, non-sublicensable, revocable licence to access and use the Services solely for the purpose of building, operating, and maintaining your Developer Products.

This licence does not permit you to: (a) use the Services on behalf of third parties other than your End Users; (b) sublicence or resell access to the Services or the API; or (c) use the Services for any purpose not expressly permitted by this Agreement.

BankLink may introduce new features, modify existing features, or discontinue features of the Services at any time. Where discontinuation materially affects the Services, BankLink will provide reasonable prior notice.

You acknowledge that Financial Data constitutes Personal Information and must be handled in accordance with POPIA and all other applicable data protection legislation.

You must obtain and maintain valid, informed, and freely given consent from each End User before initiating any request to access that End User's Financial Data through the Services. You must be able to demonstrate such consent upon request.

You may only process Financial Data for the specific purpose disclosed to the End User at the time of obtaining consent. You may not use Financial Data for secondary purposes including marketing, profiling, model training, credit scoring unrelated to the disclosed purpose, or sale to third parties.

You must implement and maintain appropriate technical and organisational measures to protect Financial Data against unauthorised access, disclosure, alteration, or destruction, in accordance with ISO 27001 or equivalent standards.

You must promptly notify BankLink and affected End Users of any actual or suspected breach of Personal Information within 72 hours of becoming aware of the breach, and must cooperate with BankLink in any investigation or remediation.

You must honour all End User requests to withdraw consent, access their data, or request deletion of their data, and must communicate the outcome of any such request to BankLink within 5 business days where BankLink's action is required.

Where BankLink processes Personal Information on your behalf, BankLink acts as an operator under POPIA and shall process such data only in accordance with your documented instructions and BankLink's Privacy Policy.

Fees for access to the Services are as specified in your order form or pricing schedule. BankLink reserves the right to revise its pricing with not less than 30 days written notice.

Invoices are issued monthly in arrears unless otherwise agreed. All amounts are stated exclusive of VAT. Where VAT is applicable, it will be charged at the prevailing rate.

Payment is due within 30 days of the invoice date unless a different payment term is specified in your order form.

If you fail to pay any amount due by the payment deadline, BankLink may: (a) charge interest on the outstanding amount at the prime rate plus 2% per annum, calculated daily; (b) suspend your access to the Services until full payment is received; and (c) terminate this Agreement in accordance with Section 9.

All fees paid are non-refundable except where expressly stated otherwise or required by applicable law.

You must raise any invoice dispute in writing within 10 business days of receipt. Undisputed amounts remain payable by the due date.

You must use the Services in compliance with this Agreement, all applicable laws and regulations, and any acceptable use policies published by BankLink from time to time.

You must not use the Services to: (a) access Financial Data without a valid End User consent; (b) circumvent or attempt to circumvent any security controls, rate limits, or authentication mechanisms; (c) transmit malware, viruses, or other harmful code through the Services; (d) engage in scraping, harvesting, or systematic data extraction beyond what is authorised under this Agreement; (e) impersonate any person or entity or misrepresent your affiliation with any person or entity; (f) engage in any activity that places an unreasonable load on BankLink's infrastructure; or (g) use the Services to facilitate unlawful financial transactions.

You must not reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code, algorithms, or trade secrets underlying the Services.

You must not use the Services to develop, market, or operate a service whose primary function is to provide open banking API infrastructure to third parties, where such service would directly compete with BankLink.

BankLink may monitor your use of the Services for compliance with this Agreement and applicable law. BankLink will handle any information obtained through such monitoring in accordance with its Privacy Policy.

You are solely responsible for the development, content, operation, maintenance, and compliance of your Developer Product, including its compliance with all applicable laws and regulations.

You must ensure your Developer Product accurately represents to End Users the nature and scope of data access being requested, the identity of BankLink as the data access intermediary, and the End User's right to revoke consent.

You must maintain a publicly accessible privacy policy that accurately describes your data practices, including the use of BankLink's Services.

You are responsible for ensuring that your use of the Services does not infringe the intellectual property rights, privacy rights, or other rights of any third party.

Where your Developer Product is subject to regulation (including but not limited to authorisation as a financial services provider under the Financial Advisory and Intermediary Services Act 37 of 2002, or registration under the National Credit Act 34 of 2005), you are solely responsible for obtaining and maintaining such authorisation or registration.

This Agreement commences on the date you accept these Terms and continues until terminated in accordance with this Section.

Either party may terminate this Agreement for convenience by providing not less than 90 days written notice to the other party.

BankLink may suspend or terminate your access to the Services immediately and without notice if: (a) you commit a material breach of this Agreement and, where the breach is capable of remedy, fail to remedy it within 10 business days of written notice from BankLink; (b) you become insolvent, enter business rescue proceedings, are wound up, or make any arrangement with creditors; (c) BankLink reasonably believes continued access poses a risk to End Users, BankLink's infrastructure, or third parties; or (d) you engage in fraudulent or unlawful conduct.

On termination or expiry: (a) the licence granted under Section 4 will immediately cease; (b) you must promptly delete or return all BankLink Confidential Information in your possession; (c) accrued payment obligations survive termination; and (d) you must notify End Users that their connections through your Developer Product will be discontinued.

Sections 1, 5, 6, 9.4, 10, 11, 12, 13, 14, and 15 survive termination or expiry of this Agreement.

BankLink retains all right, title, and interest in and to the Services, the API, all software, technology, documentation, trade marks, and any other intellectual property comprised in or relating to the Services.

Nothing in this Agreement transfers any intellectual property rights from BankLink to you. You acquire only the limited licence expressly granted in Section 4.

You grant BankLink a non-exclusive, royalty-free licence to use, reproduce, and display any materials, data, or feedback you provide to BankLink solely for the purpose of operating, improving, and supporting the Services.

You retain all intellectual property rights in your Developer Products, provided that no rights in BankLink's intellectual property are transferred to you as a result.

Each party agrees to hold the other's Confidential Information in strict confidence and not to disclose it to any third party without prior written consent, except as expressly permitted by this Agreement.

Each party may disclose the other's Confidential Information to its employees, contractors, and professional advisers who have a need to know and who are bound by confidentiality obligations no less protective than those in this Agreement.

Confidentiality obligations do not apply to information that: (a) is or becomes publicly available other than through breach of this Agreement; (b) was known to the receiving party prior to disclosure; (c) is independently developed by the receiving party without use of the Confidential Information; or (d) must be disclosed by law or court order, provided the receiving party gives the disclosing party reasonable prior notice where permitted.

Financial Data and End User Personal Information are not subject to this Section and are governed exclusively by Section 5 and applicable data protection legislation.

Confidentiality obligations under this Section survive termination of this Agreement for a period of 5 years.

Each party warrants that it has full legal authority to enter into this Agreement and to perform its obligations hereunder.

You warrant that your Developer Product and your use of the Services will not infringe the rights of any third party and will comply with all applicable laws.

The Services are provided "as is" and "as available". To the maximum extent permitted by applicable law, BankLink excludes all express or implied warranties, including but not limited to implied warranties of merchantability, fitness for a particular purpose, uninterrupted availability, and accuracy of data. BankLink does not warrant that the Services will meet your requirements or that Financial Data retrieved through the Services will be complete, accurate, or up to date.

BankLink is a data access intermediary and is not responsible for the accuracy, completeness, or timeliness of data held by financial institutions. Any Financial Data provided through the Services reflects information as held by the relevant financial institution at the time of retrieval.

To the maximum extent permitted by applicable law, neither party will be liable to the other for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, loss of revenue, loss of data, loss of goodwill, or business interruption, arising out of or in connection with this Agreement, even if advised of the possibility of such damages.

BankLink's aggregate liability to you for all claims arising out of or in connection with this Agreement, whether in contract, delict, or otherwise, is limited to the total fees paid by you to BankLink in the 6-month period immediately preceding the event giving rise to the claim.

Nothing in this Agreement limits or excludes liability for: (a) death or personal injury caused by negligence; (b) fraud or wilful misconduct; (c) liability that cannot be excluded or limited by applicable law.

You acknowledge that the fees payable under this Agreement reflect the allocation of risk set out in this Section, and that BankLink would not have entered into this Agreement on different terms.

You agree to indemnify, defend, and hold harmless BankLink, its affiliates, officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or in connection with: (a) your breach of this Agreement; (b) your misuse of the Services; (c) your Developer Product, including any claim by an End User; (d) your breach of applicable law; or (e) any infringement of a third party's rights by you or your Developer Product.

BankLink will notify you promptly of any claim subject to indemnification, will give you reasonable control of the defence and settlement of the claim (provided you may not settle any claim that imposes obligations on BankLink without BankLink's prior written consent), and will provide reasonable assistance at your expense.

BankLink makes a sandbox environment available for development and testing purposes. Sandbox access is provided free of charge and does not require completion of the accreditation process.

Sandbox environments return simulated data only. No real Financial Data or End User Personal Information is accessible through the sandbox.

You must not use sandbox access for commercial purposes, to process real financial transactions, or to access real End User data under any circumstances.

Sandbox access is provided "as is" without any uptime guarantee or support commitment. BankLink may modify or discontinue sandbox access at any time without notice.

All other terms of this Agreement apply to sandbox access where relevant, including Sections 7, 10, and 11.

This Agreement is governed by and construed in accordance with the laws of the Republic of South Africa, without regard to conflict of law principles.

The parties will attempt to resolve any dispute arising out of or in connection with this Agreement through good-faith negotiation. If a dispute is not resolved within 30 days of written notice from either party, either party may refer the dispute to mediation administered by the Arbitration Foundation of Southern Africa (AFSA) before commencing litigation.

Subject to 20.2, each party irrevocably submits to the non-exclusive jurisdiction of the courts of South Africa. Nothing in this Section limits either party's right to seek urgent or interim relief from a competent court.