Terms of Service
Example H3
Last Updated: Feb 16, 2026

Partner Terms and Conditions

ZEAL GLOBAL PARTNERSHIP

TERMS AND CONDITIONS

Version 2.1 | Effective: January 2026

These Terms and Conditions ("Terms") govern the partnership relationship between Zeal IO Limited ("Zeal", "we", "us") and any entity entering into a partnership agreement with Zeal ("Partner", "you"). These Terms apply globally to all Zeal partners including ZMS Controllers, Payment Service Providers, Independent Sales Organisations (ISOs), distributors, consumer goods companies, retailers, financial institutions, technology partners, and any other commercial partners operating in any jurisdiction worldwide.

Commercial terms, including compensation structures, performance incentives, regional requirements, and specific partnership obligations, are set forth in separate commercial agreements ("Commercial Agreement") executed between the parties. By entering into a partnership with Zeal, you acknowledge and agree to be bound by these Terms.

1. DEFINITIONS AND INTERPRETATION

1.1 Definitions

In these Terms, the following definitions apply:

"Affiliate" means any entity that controls, is controlled by, or is under common control with a party, where "control" means ownership of more than fifty per cent (50%) of the voting securities or equity interests, or the power to direct management and policies.

"Applicable Data Protection Laws" means all applicable laws, regulations, and binding guidance relating to data protection, privacy, and electronic communications in the relevant jurisdiction(s), including the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, the EU General Data Protection Regulation (EU GDPR), the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), and any other applicable regional, national, or state data protection legislation.

"Business Day" means any day other than Saturday, Sunday, or a public holiday in the jurisdiction where performance is required.

"Confidential Information" means all non-public, proprietary, or confidential information disclosed by one party (the "Disclosing Party") to the other party (the "Receiving Party"), whether disclosed orally, in writing, or in any other form, including business strategies, customer data, pricing, financial information, technical information, software specifications, trade secrets, and the terms of these Terms and any Commercial Agreement.

"Consumer" means an individual who uses a Merchant's services and whose personal data may be processed through the Zeal Platform, including through loyalty programme participation.

"Controller, Processor, Data Subject, Personal Data, Personal Data Breach, and Processing" means have the meanings ascribed to them under Applicable Data Protection Laws in the relevant jurisdiction.

"Cross-Border Data Transfer" means any transfer or making available of Personal Data from one country or region to another country or region where different data protection laws apply.

"DPA" means the Data Processing Addendum entered into between the parties governing data processing activities, as may be attached to or incorporated by reference into the applicable Commercial Agreement.

"Effective Date" means the date specified in the Commercial Agreement between the parties.

"Export Control Laws" means all applicable laws and regulations relating to the export, re-export, transfer, and import of goods, software, technology, and services, including economic sanctions and embargoes.

"Intellectual Property Rights" means all intellectual property rights worldwide, whether registered or unregistered, including patents, trade marks, copyrights, design rights, database rights, trade secrets, know-how, and all applications and rights to apply for the same.

"Merchant" means a business that accepts payment cards through Terminals and uses Zeal's Value-Added Services.

"Merchant Data" means data relating to Merchants provided to Zeal under a Commercial Agreement, including business identification information, Merchant Identification Numbers (MIDs), Terminal Identification Numbers (TIDs), Merchant Category Codes (MCCs), and business contact information.

"Partner Data" means any data provided by Partner to Zeal in connection with the partnership, including customer information, Merchant Data, Transaction Data, and business information.

"Payment Service Provider or PSP" means any entity operating within the payment ecosystem that maintains Merchant relationships, including payment acquirers, payment gateways, payment facilitators, and Independent Sales Organisations (ISOs).

"Privacy Policy" means Zeal's privacy policy as published at www.getzeal.io/privacy, as may be updated from time to time.

"Restricted Territory" means any country or region subject to comprehensive trade sanctions or embargoes under applicable laws, including those designated by the United Nations, United States, European Union, or United Kingdom.

"Sanctioned Person" means any individual or entity that is the target of economic sanctions administered by any governmental authority, including lists maintained by the United Nations, United States (OFAC), European Union, or United Kingdom.

"Terminal" means a payment terminal on which Zeal Software may be deployed.

"Territory" means the geographic region(s) specified in the Commercial Agreement where Partner is authorised to operate under the partnership.

"Transaction Data" means data derived from payment transactions processed at Terminals, including transaction amounts, dates and times, Merchant category codes (MCCs), and Tokens. For the avoidance of doubt, Transaction Data does not include PANs, CVV/CVC codes, PINs, or any other data required for payment authorisation.

"Token" means a surrogate value that replaces the PAN for the purpose of identifying a payment card without exposing the actual card number.

"Value-Added Services or VAS" means the non-payment services delivered through the Zeal Platform, including transaction reporting, loyalty programmes, analytics, marketing services, consumer engagement tools, and branded mobile applications. For the avoidance of doubt, VAS does not include payment acquiring, payment processing, payment gateway, or merchant services.

"Zeal Intellectual Property" means all Intellectual Property Rights owned by or licensed to Zeal, including the Zeal Platform, Zeal Software, trade marks, patents, copyrights, trade secrets, documentation, and know-how.

"Zeal Management System or ZMS" means Zeal's proprietary web-based platform through which ZMS Controllers and PSPs manage Merchant Data uploads, deployment status, and reporting.

"Zeal Platform" means Zeal's proprietary technology platform for loyalty programmes, customer identification, data analytics, and related Value-Added Services, including all software, APIs, portals, documentation, and updates.

"Zeal Software" means the software applications deployed on Terminals to enable Value-Added Services.

"ZMS Controller" means a Terminal Management System Controller, payment terminal logistics company, terminal distributor, payment application provider, or similar entity that manages the deployment, configuration, or maintenance of payment terminals on behalf of acquirers, ISOs, or Merchants, and has been granted access to the ZMS Portal under a ZMS Controller Partnership Agreement with Zeal.

1.2 Interpretation

In these Terms: (a) references to clauses and sections are to clauses and sections of these Terms unless otherwise stated; (b) headings are for convenience only and do not affect interpretation; (c) words in the singular include the plural and vice versa; (d) the words "including", "include", or "includes" mean including without limitation; (e) references to "writing" or "written" include email and other electronic communication unless expressly stated otherwise; (f) references to any statute or statutory provision include all amendments, extensions, consolidations, re-enactments, or replacements; and (g) any obligation not to do something includes an obligation not to permit, suffer, or cause that thing to be done.

2. PARTNERSHIP FRAMEWORK

2.1 Nature of Relationship

The relationship between Zeal and Partner is that of independent contractors. Nothing in these Terms creates a partnership, joint venture, agency, employment, franchise, or fiduciary relationship between the parties.

Neither party is authorised to: (a) bind or obligate the other party in any manner; (b) make representations, warranties, or guarantees on behalf of the other party; (c) negotiate, execute, or enter into any contract purportedly on behalf of the other party; (d) incur any debt, liability, or obligation in the name of the other party; or (e) hold itself out as having authority to act for or on behalf of the other party.

2.2 Non-Exclusive Partnership

Unless otherwise agreed in writing in the Commercial Agreement, the partnership is non-exclusive. Zeal reserves the right to engage other partners, distributors, resellers, or sales channels in any territory, market and sell its services directly to customers worldwide, and enter into partnerships with entities that may compete with Partner.

2.3 Scope and Territory

The specific scope of partnership activities, performance obligations, deliverables, and authorised Territory are defined in the Commercial Agreement. Partner shall not operate outside the designated Territory without Zeal's prior written consent. These Terms provide the foundational legal and operational framework applicable to all partnerships with Zeal globally.

2.4 Regulatory Compliance by Region

Partner acknowledges that Zeal's services and Partner's obligations may be subject to different regulatory requirements in different jurisdictions. Partner is solely responsible for understanding and complying with all local laws, regulations, licensing requirements, and industry standards applicable in its Territory.

2.5 Deployment via ZMS Controllers and PSPs

Where Zeal Software or services are deployed via a ZMS Controller or authorised by a PSP, the provisions of this Section 2.5 apply in addition to the other terms of these Terms.

(a) ZMS Controller / PSP Authority and Representations

The ZMS Controller or PSP represents and warrants that it: (i) has the legal authority and contractual right to deploy third-party value-added services software, including Zeal, on payment terminals under its management, control, or authorisation; (ii) has obtained all necessary approvals from relevant acquirers, payment service providers, payment schemes, and terminal manufacturers required for such deployment; (iii) has the authority to grant Zeal access to terminal-level transaction data and Merchant identifiers for the purposes set out in Section 5; (iv) will comply with all applicable payment network rules, scheme requirements, and regulatory obligations in connection with the deployment of Zeal Software; and (v) will maintain accurate records of terminal deployments.

(b) Merchant Notification and Transparency Mechanisms

Where Zeal is deployed via ZMS Controller infrastructure or under PSP authorisation:

(i) Email Notification Requirement

The ZMS Controller or PSP shall provide Zeal with accurate merchant email addresses, and Zeal shall send merchants proactive email notification within 24 hours of first deployment of Zeal Software to merchant terminal(s), containing:

  • Clear explanation that Free Tier Services have been deployed via PSP or ZMS Controller authorization
  • Description of data collected (Transaction Data: amounts, timestamps, card tokens; Merchant Data: business name, MID, TID)
  • Description of how data is used (generate business analytics dashboards for merchant benefit)
  • Links to Merchant Terms of Service (getzeal.io/merchant-terms), Privacy Policy (getzeal.io/privacy), and Legitimate Interests Assessment (getzeal.io/legal/lia-free-tier)
  • Clear and prominent opt-out instructions with multiple mechanisms (web portal, email, via PSP)
  • 30-day opt-out period: merchants have 30 days to opt out at no cost; if they do not opt out within 30 days, continued use of Free Tier Services constitutes deemed acceptance of Merchant Terms of Service
  • Confirmation that opting out will NOT affect payment processing services

(ii) PSP/ZMS Controller Supplementary Communications

In addition to Zeal's direct email notification, the ZMS Controller or PSP may provide supplementary notice through their own merchant communications, including software release notes, terms of service updates, merchant bulletins, or onboarding materials.

(c) Free Tier Services and Legitimate Interest

Where Zeal provides free tier services through ZMS Controller or PSP deployment: (i) free tier services (including transaction analytics, business insights, and operational reporting) operate under the legal basis of legitimate interest as permitted under Applicable Data Protection Laws, on the grounds that such analytics constitute the Merchant's own operational data being processed for the Merchant's benefit; (ii) no data monetisation, data licensing, or sharing of Merchant or Consumer data with third parties for commercial purposes shall occur under the free tier without the Merchant's separate, explicit consent; and (iii) Zeal shall maintain clear technical and organisational separation between free tier analytics processing and any data monetisation activities requiring consent.

(d) Merchant Opt-Out Rights

Notwithstanding the deployment mechanism, Merchants retain full control over Zeal's presence on their Terminals:

(i) Multiple Opt-Out Mechanisms

Merchants may opt out of Zeal Free Tier Services through any of the following mechanisms:

  • Web Portal: https://getzeal.io/optout (enter Terminal ID or Merchant ID; submit request; receive email confirmation)
  • Email Request: optout@getzeal.io (subject: "Merchant Opt-Out Request"; include business name, MID/TID, contact email)
  • Via PSP or ZMS Controller: Contact their PSP, acquirer, or ZMS Controller to request Zeal opt-out (PSP/ZMS Controller must notify Zeal within 5 Business Days per their agreement obligations)
  • Merchant Portal: If merchant has created a Merchant Portal account, navigate to account settings > "Free Tier Services" > "Disable"
  • Direct Support Contact: support@getzeal.io (for merchants requiring assistance with opt-out process)

(ii) 30-Day Opt-Out Window

Following initial email notification, merchants have a 30-day period to opt out at no cost and with no consequences. During this period, Free Tier Services may be active, but merchants can immediately cease data collection by submitting an opt-out request.

(iii) Opt-Out Processing Timeline

Upon receiving a valid opt-out request through any mechanism, Zeal shall:

Step Timeframe Action
1 2 Business Days Acknowledge receipt of opt-out request via email to merchant
2 5 Business Days Cease all data collection from affected Terminal(s); disable Zeal Software analytics functionality
3 30 Calendar Days Delete identifiable Merchant Data collected from opted-out merchant (subject to legal retention requirements); confirm deletion to merchant

(iv) No Barriers to Opt-Out

Neither ZMS Controllers, PSPs, nor Zeal shall impede, discourage, or create unreasonable barriers to Merchant opt-out requests. Payment processing services shall not be conditioned on acceptance of Zeal Free Tier Services.

(v) Post-Opt-Out Status

Following opt-out: (A) Zeal Software may remain installed on the Terminal but will not collect or transmit any Transaction Data or Merchant Data; (B) the merchant may re-enable Zeal services at any time by contacting support@getzeal.io or re-registering through the Merchant Portal; (C) aggregated, anonymised data generated prior to opt-out may be retained by Zeal for statistical and benchmarking purposes, as such data is no longer Personal Data.

(e) Liability Allocation

In ZMS Controller or PSP deployment scenarios: (i) the ZMS Controller or PSP shall be responsible for ensuring it has the authority and approvals described in Section 2.5(a) and shall indemnify Zeal against any claims arising from deployment without proper authority; (ii) the ZMS Controller or PSP shall be responsible for providing accurate merchant email addresses for notification under Section 2.5(b); (iii) Zeal shall be responsible for ensuring that data processing activities comply with the limitations set out in Section 2.5(c) and the broader requirements of Section 5; and (iv) all parties shall cooperate in responding to Merchant complaints, regulatory inquiries, or data subject requests.

3. PARTNER OBLIGATIONS

3.1 Compliance with Applicable Laws

Partner shall comply with all applicable laws, regulations, and industry standards in its Territory and any jurisdiction in which it operates, including: (a) Data Protection and Privacy Laws: all Applicable Data Protection Laws governing the collection, use, processing, storage, and transfer of Personal Data; (b) Consumer Protection Laws: all laws protecting consumers' rights, prohibiting unfair or deceptive practices, and requiring transparent disclosures; (c) Financial Regulations: payment services regulations, banking laws, electronic money regulations, and financial services licensing requirements (where applicable); (d) Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF): all AML/CTF laws, including customer due diligence, beneficial ownership identification, suspicious activity reporting, and record-keeping requirements; (e) Economic Sanctions and Export Controls: all Export Control Laws, trade sanctions, and embargoes; (f) Anti-Bribery and Anti-Corruption: all anti-bribery and anti-corruption laws, including the UK Bribery Act 2010, US Foreign Corrupt Practices Act, and similar legislation; (g) Tax Laws: all applicable tax laws, including VAT/GST, withholding tax, sales tax, and income tax reporting requirements; and (h) Payment Card Industry Standards: PCI DSS and payment network rules (where applicable).

3.2 Prohibited Activities

Partner shall not: (a) engage in any illegal, fraudulent, or deceptive practices; (b) deal with, facilitate transactions for, or provide services to Sanctioned Persons or entities in Restricted Territories; (c) use Zeal's services for money laundering, terrorist financing, or other illegal financial activities; (d) violate any applicable Export Control Laws or trade sanctions; (e) make false or misleading statements to customers, regulators, or Zeal; (f) engage in bribery, corruption, or improper payments to government officials or commercial parties; (g) violate any third-party Intellectual Property Rights; or (h) engage in any activity that could damage Zeal's reputation or business interests.

3.3 Data Quality and Accuracy

Partner warrants that all Partner Data provided to Zeal is: (a) accurate, complete, and current to the best of Partner's knowledge; (b) obtained lawfully and in compliance with all Applicable Data Protection Laws; and (c) free from malicious code, viruses, or harmful components.

3.4 Required Consents and Legal Basis

Partner represents and warrants that it has: (a) obtained all necessary consents, permissions, and authorisations required to share Partner Data with Zeal; (b) a valid legal basis under Applicable Data Protection Laws for collecting and sharing Partner Data; (c) provided Data Subjects with clear and transparent privacy notices regarding data sharing with Zeal; and (d) complied with all consent requirements for marketing communications.

3.5 Reporting Obligations

Partner shall promptly notify Zeal (within forty-eight (48) hours or such shorter period as required by law) of: (a) any actual or suspected Personal Data Breach affecting data shared with Zeal; (b) any regulatory investigation, inquiry, enforcement action, or material compliance issue; (c) any actual or threatened litigation that could affect the partnership or Zeal's interests; (d) any circumstances that may materially affect Partner's ability to perform its obligations; (e) any actual or suspected fraud, security incident, or criminal activity related to the partnership; and (f) any contact from data protection authorities or other regulators regarding Zeal or the partnership.

4. ZEAL'S OBLIGATIONS

4.1 Platform and Services

Zeal shall use commercially reasonable efforts to: (a) maintain and operate the Zeal Platform in accordance with industry standards; (b) provide reasonable technical support and documentation; and (c) ensure platform availability during normal business hours (acknowledging scheduled maintenance). Zeal does not warrant that the Zeal Platform will be uninterrupted, error-free, or meet all specific requirements.

4.2 Regulatory Compliance

Zeal shall: (a) maintain appropriate licences, authorisations, and registrations required for its business operations; (b) comply with applicable laws and regulations, including Applicable Data Protection Laws and payment card industry standards; and (c) implement and maintain appropriate compliance programmes and internal controls.

4.3 Data Security

Zeal shall implement and maintain appropriate technical and organisational measures to: (a) protect the security, confidentiality, and integrity of Partner Data and Personal Data; (b) prevent unauthorised access, use, disclosure, alteration, or destruction of data; (c) comply with Applicable Data Protection Laws and recognised security standards (including ISO 27001 practices and PCI DSS where applicable); and (d) maintain incident response and business continuity capabilities.

4.4 Non-Competition with Payment Services

Zeal covenants and agrees that it shall NOT:

(a) solicit, encourage, or induce any Merchant to switch, transfer, or migrate its payment processing relationship away from its current PSP, acquirer, or ISO;

(b) offer, sell, or provide payment acquiring, payment processing, payment gateway, or merchant services to any Merchant;

(c) share Merchant contact information with any third party for the purpose of marketing payment services; or

(d) use Merchant Data for any purpose other than the provision of Value-Added Services.

Zeal's business is value-added services. Payment relationships belong to PSPs, and Partner's commercial relationships are respected and protected.

5. DATA PROTECTION AND PRIVACY

5.1 General Data Protection Principles

Both parties shall comply with all Applicable Data Protection Laws in their respective jurisdictions in connection with their Processing of Personal Data under or in relation to these Terms. Each party shall: (a) Process Personal Data fairly, lawfully, and transparently; (b) collect Personal Data only for specified, explicit, and legitimate purposes; (c) ensure Personal Data is adequate, relevant, and limited to what is necessary; (d) maintain accurate and up-to-date Personal Data; (e) retain Personal Data only for as long as necessary; (f) implement appropriate security measures; and (g) demonstrate accountability and compliance.

5.2 Data Processing Roles and Responsibilities

The parties acknowledge that: (a) Zeal typically acts as a Controller in respect of data collected and processed through the Zeal Platform; (b) Partner may act as a Controller, Processor, or both, depending on the nature of its operations and relationship with Data Subjects; and (c) the specific data processing roles, purposes, and responsibilities shall be documented in a separate DPA where required by Applicable Data Protection Laws.

5.3 Lawful Basis and Transparency

Partner shall have and maintain a valid lawful basis under Applicable Data Protection Laws for: (a) collecting and processing Personal Data from Data Subjects; (b) sharing Personal Data with Zeal; and (c) any other processing activities undertaken in connection with these Terms. Lawful bases may include consent of the Data Subject, performance of a contract with the Data Subject, compliance with legal obligations, legitimate interests (having conducted appropriate balancing tests), and other lawful bases recognised under applicable law.

5.4 Data Subject Rights

The parties shall cooperate to respond to requests from Data Subjects exercising their rights under Applicable Data Protection Laws, including the right of access, right to rectification, right to erasure ("right to be forgotten"), right to restriction of processing, right to data portability, right to object to processing, and rights related to automated decision-making and profiling.

5.5 Personal Data Breach Management

Each party shall: (a) implement procedures for detecting, responding to, and reporting Personal Data Breaches; (b) notify the other party without undue delay, and in any event within twenty-four (24) hours, upon becoming aware of a Personal Data Breach affecting Personal Data shared under these Terms; (c) provide reasonable details including nature and scope of breach, data affected, potential consequences, and measures taken; (d) cooperate fully in investigating, containing, mitigating, and remediating the breach; and (e) comply with all applicable breach notification requirements to regulators and Data Subjects.

5.6 Cross-Border Data Transfers

The parties acknowledge that Personal Data may be transferred internationally across different jurisdictions as part of the partnership. All Cross-Border Data Transfers shall comply with Applicable Data Protection Laws, including implementing appropriate safeguards such as adequacy decisions, Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), UK International Data Transfer Agreements (IDTAs), or other lawful mechanisms recognised under Applicable Data Protection Laws.

5.7 Data Processing Addendum and Joint Controller Arrangements

(a) Data Processing Addendum

Where required by Applicable Data Protection Laws, the parties shall execute a DPA governing the processing of Personal Data. The DPA shall comply with Article 28 of the UK GDPR and/or EU GDPR (as applicable to the relevant jurisdiction) and shall set out:

  • Subject matter, duration, nature, and purpose of processing
  • Types of Personal Data and categories of Data Subjects processed
  • Obligations and rights of each party (Controller and Processor responsibilities)
  • Sub-processing authorizations, restrictions, and requirements
  • Security measures (technical and organizational)
  • Personal Data Breach notification procedures
  • Data Subject rights facilitation mechanisms
  • Cross-border data transfer mechanisms (Standard Contractual Clauses, UK International Data Transfer Agreements, adequacy decisions, or other lawful mechanisms)
  • Audit rights and compliance verification procedures
  • Return and deletion of Personal Data upon termination

(b) Joint Controller Arrangements

Where Zeal and Partner (or Zeal and Merchants facilitated by Partner) act as joint controllers under Applicable Data Protection Laws (meaning both parties jointly determine the purposes and means of processing Personal Data), the following applies:

(i) Article 26 UK GDPR Compliance

The parties shall enter into a joint controller arrangement in accordance with Article 26 UK GDPR (and Article 26 EU GDPR where applicable), which shall transparently determine their respective responsibilities for compliance with data protection obligations, including:

  • Which party is responsible for providing privacy notices to Data Subjects
  • Which party serves as the primary contact point for Data Subject requests
  • How Data Subject rights requests will be handled and coordinated
  • Responsibility for maintaining records of processing activities
  • Allocation of liability for data protection breaches

(ii) Joint Controller Arrangement Notice

In accordance with Article 26(2) UK GDPR, the essence of the joint controller arrangement shall be made available to Data Subjects. Zeal publishes a summary of joint controller arrangements applicable to its services at:

https://getzeal.io/legal/joint-controller-arrangement

This notice explains: (A) how Zeal and its partners (PSPs, ZMS Controllers, Merchants) share responsibility for Personal Data processing; (B) the respective roles of each party in the data processing chain; (C) which party is responsible for responding to Data Subject requests; and (D) how Data Subjects can exercise their rights under Applicable Data Protection Laws.

(iii) Data Subject Contact Rights

Irrespective of the terms of any joint controller arrangement, Data Subjects may exercise their rights under Applicable Data Protection Laws against and in respect of each of the controllers. Zeal accepts Data Subject requests at privacy@getzeal.io and will coordinate with relevant joint controllers to ensure timely and complete responses.

6. INTELLECTUAL PROPERTY RIGHTS

6.1 Ownership of Zeal Intellectual Property

All Zeal Intellectual Property remains the sole and exclusive property of Zeal or its licensors. Partner acquires no ownership rights, title, or interest in any Zeal Intellectual Property by virtue of these Terms or any use of Zeal's services, products, or platforms. All rights not expressly granted to Partner under these Terms are reserved to Zeal.

6.2 Limited Licence to Partner

Subject to Partner's compliance with these Terms and the Commercial Agreement, Zeal grants Partner a limited, non-exclusive, non-transferable, non-sublicensable, revocable licence during the term to use Zeal Intellectual Property solely as necessary to fulfil its obligations under the Commercial Agreement. This licence terminates automatically upon termination or expiration of these Terms or the Commercial Agreement.

6.3 Restrictions on Use

Partner shall not, and shall not permit any third party to: (a) reverse engineer, decompile, disassemble, or attempt to derive source code from any Zeal technology; (b) copy, reproduce, duplicate, or create derivative works except as expressly authorised; (c) bypass, disable, or circumvent any security measures or technical protection measures; (d) use Zeal Intellectual Property for purposes of developing competing products or services; (e) conduct competitive benchmarking or analysis without Zeal's prior written consent; or (f) introduce viruses, malware, or malicious code.

6.4 Partner Intellectual Property

Partner retains ownership of its own pre-existing Intellectual Property Rights. To the extent necessary for Zeal to fulfil its obligations under these Terms, Partner grants Zeal a limited, non-exclusive, royalty-free, worldwide licence to use Partner's intellectual property.

6.5 Feedback

If Partner provides suggestions, ideas, or feedback regarding the Zeal Platform or services ("Feedback"), Partner hereby grants Zeal a perpetual, irrevocable, worldwide, royalty-free, fully paid-up, transferable, sublicensable licence to use, implement, modify, commercialise, and incorporate such Feedback into Zeal's products and services without restriction or compensation.

7. CONFIDENTIALITY

7.1 Obligations

Each party ("Receiving Party") agrees to hold all Confidential Information of the other party ("Disclosing Party") in strict confidence, using at least the same degree of care used to protect its own confidential information of a similar nature, but in no event less than reasonable care.

The Receiving Party shall: (a) not disclose Confidential Information to any third party without the Disclosing Party's prior written consent; (b) not use Confidential Information for any purpose other than performing obligations under these Terms; (c) limit access to Confidential Information to employees and contractors who have a legitimate need to know and are bound by confidentiality obligations; and (d) protect Confidential Information with appropriate safeguards.

7.2 Permitted Disclosures

The Receiving Party may disclose Confidential Information: (a) to the extent required by applicable law, regulation, court order, or governmental authority, provided that the Receiving Party gives prompt notice to the Disclosing Party (where legally permitted) and cooperates with efforts to seek confidential treatment or protective orders; (b) to professional advisers bound by professional confidentiality; and (c) to Affiliates bound by confidentiality obligations no less protective than this Section 7.

7.3 Exceptions

Confidentiality obligations do not apply to information that: (a) was in the public domain at the time of disclosure or subsequently becomes publicly available through no breach by the Receiving Party; (b) was rightfully in the Receiving Party's possession prior to disclosure; (c) is independently developed without reference to the Disclosing Party's Confidential Information; or (d) is rightfully received from a third party without breach of confidentiality obligations.

7.4 Duration

Confidentiality obligations continue for five (5) years from the date of disclosure for general Confidential Information, and indefinitely for Confidential Information that constitutes trade secrets under applicable law.

7.5 Return or Destruction

Upon termination or expiration of these Terms, or upon request by the Disclosing Party, the Receiving Party shall promptly return or securely destroy all Confidential Information, except for copies required by law or reasonable archival purposes, which shall remain subject to confidentiality obligations.

8. TRADE COMPLIANCE, SANCTIONS, AND EXPORT CONTROLS

8.1 Compliance with Trade Laws

Each party shall comply with all applicable Export Control Laws, trade sanctions, embargoes, and import/export regulations in all jurisdictions where it operates. Neither party shall, directly or indirectly: (a) export, re-export, transfer, or make available any products, services, software, or technology in violation of Export Control Laws; (b) deal with, facilitate transactions for, or provide services to any Sanctioned Person; (c) operate in or conduct transactions involving Restricted Territories; or (d) engage in any transaction that would violate economic sanctions or embargoes.

8.2 Representations

Each party represents, warrants, and covenants that: (a) it is not, and its officers, directors, or controlling shareholders are not, Sanctioned Persons or subject to economic sanctions, owned or controlled by any Sanctioned Person, or located in, organised under the laws of, or resident in any Restricted Territory; (b) it has not been and is not currently engaged in any dealings or transactions with Sanctioned Persons or involving Restricted Territories; and (c) it has implemented appropriate policies, procedures, and controls to ensure ongoing sanctions compliance.

8.3 Right to Suspend or Terminate

Either party may immediately suspend performance or terminate these Terms (in whole or in part) without liability if: (a) the other party becomes a Sanctioned Person; (b) compliance with these Terms would violate Export Control Laws or sanctions; or (c) authorities require or recommend suspension or cessation of activities.

9. ANTI-BRIBERY AND ANTI-CORRUPTION

9.1 Compliance with Anti-Corruption Laws

Each party shall comply with all applicable anti-bribery and anti-corruption laws, including the UK Bribery Act 2010, US Foreign Corrupt Practices Act (FCPA), OECD Convention on Combating Bribery, and local anti-corruption laws in jurisdictions where the party operates.

Neither party shall, directly or indirectly: (a) offer, promise, give, request, or accept any bribe, kickback, or improper payment; (b) make facilitation payments; (c) provide anything of value to government officials to obtain or retain business or secure improper advantage; (d) engage in commercial bribery or corrupt practices; or (e) falsify books, records, or accounts to conceal improper payments.

9.2 Due Diligence

Each party shall conduct appropriate anti-corruption due diligence on sub-contractors, agents, or intermediaries engaged in connection with the partnership, and on any third party that will interact with government officials on the party's behalf.

10. REPRESENTATIONS, WARRANTIES, AND DISCLAIMERS

10.1 Mutual Representations

Each party represents and warrants to the other party that: (a) it is duly organised, validly existing, and in good standing under the laws of its jurisdiction; (b) it has full corporate power and authority to enter into, execute, and perform these Terms; (c) execution and performance do not violate its organisational documents or any applicable law; and (d) it is in compliance with all applicable laws and regulations.

10.2 Disclaimer of Warranties

EXCEPT AS EXPRESSLY PROVIDED IN THESE TERMS, NEITHER PARTY MAKES ANY OTHER REPRESENTATIONS, WARRANTIES, GUARANTEES, OR CONDITIONS OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND TITLE.

ZEAL SPECIFICALLY DOES NOT WARRANT OR GUARANTEE THAT: (A) THE ZEAL PLATFORM WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE; (B) THE ZEAL PLATFORM WILL MEET PARTNER'S SPECIFIC REQUIREMENTS; (C) ANY DEFECTS OR ERRORS WILL BE CORRECTED; OR (D) PARTNER WILL ACHIEVE ANY PARTICULAR BUSINESS RESULTS.

11. LIMITATION OF LIABILITY

11.1 Exclusion of Consequential Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY: (A) INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES; (B) LOST PROFITS, LOST REVENUE, OR LOST BUSINESS OPPORTUNITIES; (C) LOSS OF DATA, LOSS OF USE, OR COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; (D) BUSINESS INTERRUPTION OR LOSS OF BUSINESS GOODWILL; OR (E) PUNITIVE OR EXEMPLARY DAMAGES; REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR OTHERWISE), WHETHER THE PARTY WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR WHETHER SUCH DAMAGES WERE FORESEEABLE.

11.2 Cap on Monetary Liability

EXCEPT FOR EXCLUDED LIABILITIES, EACH PARTY'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THESE TERMS SHALL NOT EXCEED THE GREATER OF: (A) THE AMOUNTS PAID OR PAYABLE BY PARTNER TO ZEAL UNDER THE COMMERCIAL AGREEMENT IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO LIABILITY; OR (B) ONE HUNDRED THOUSAND POUNDS STERLING (£100,000).

11.3 Excluded Liabilities

The limitations and exclusions in Sections 11.1 and 11.2 do NOT apply to: (a) death or personal injury caused by negligence; (b) fraud or fraudulent misrepresentation; (c) violations of Applicable Data Protection Laws or Personal Data Breaches; (d) breach of Intellectual Property Rights restrictions or confidentiality obligations; (e) violations of sanctions, export controls, or anti-corruption laws; (f) indemnification obligations under Section 12; (g) gross negligence or wilful misconduct; (h) breach of Section 4.4 (non-competition covenant); or (i) liabilities that cannot be limited by law.

12. INDEMNIFICATION

12.1 Partner Indemnification

Partner shall indemnify, defend, and hold harmless Zeal and its Affiliates, and their respective officers, directors, employees, and agents from and against any and all third-party claims, losses, damages, liabilities, and expenses (including reasonable legal fees) arising out of or relating to: (a) claims that Partner Data infringes or misappropriates third-party rights; (b) breach of any representation, warranty, or covenant by Partner; (c) Partner's violation of applicable laws; (d) Partner's dealings with Sanctioned Persons or operations in Restricted Territories; (e) Partner's breach of Intellectual Property Rights or confidentiality obligations; and (f) Partner's negligence, gross negligence, or wilful misconduct.

12.2 Zeal Indemnification

Zeal shall indemnify, defend, and hold harmless Partner and its Affiliates, and their respective officers, directors, employees, and agents from and against any and all third-party claims, losses, damages, liabilities, and expenses (including reasonable legal fees) arising out of or relating to: (a) third-party claims that the Zeal Platform infringes third-party Intellectual Property Rights (subject to exclusions); (b) breach of any representation, warranty, or covenant by Zeal; (c) Zeal's violation of Applicable Data Protection Laws in its capacity as Controller; (d) breach of Section 4.4 (non-competition covenant); and (e) Zeal's gross negligence or wilful misconduct.

12.3 IP Indemnity Exclusions

Zeal's indemnification under Section 12.2(a) does not apply to claims arising from: (a) Partner's modification of the Zeal Platform; (b) Partner's use of the Zeal Platform in combination with third-party products not approved by Zeal; (c) Partner's use in violation of these Terms or Zeal's instructions; or (d) Partner's continued use after Zeal provides a non-infringing alternative.

12.4 Indemnification Procedure

The party seeking indemnification shall: (a) promptly notify the indemnifying party in writing of any claim; (b) allow the indemnifying party to assume control of the defence using counsel of its choice; (c) cooperate reasonably in the defence; and (d) not settle any claim without the indemnifying party's consent (not to be unreasonably withheld). The indemnified party may participate in the defence at its own expense.

13. TERM AND TERMINATION

13.1 Term

These Terms commence on the Effective Date and continue for the initial term specified in the Commercial Agreement, and shall automatically renew for successive renewal periods as specified in the Commercial Agreement, unless earlier terminated.

13.2 Termination for Convenience

Either party may terminate these Terms for convenience by providing written notice to the other party as specified in the Commercial Agreement (typically sixty (60) to ninety (90) days' notice).

13.3 Termination for Cause

Either party may terminate these Terms immediately upon written notice if the other party: (a) commits a material breach that is not cured within thirty (30) days of written notice specifying the breach; (b) becomes insolvent, enters administration, or experiences an analogous event; (c) ceases or threatens to cease carrying on business; (d) engages in fraudulent, dishonest, or criminal conduct; (e) becomes a Sanctioned Person or violates sanctions/export controls; (f) violates anti-bribery or anti-corruption laws; (g) commits serious or repeated data protection violations; or (h) materially breaches Intellectual Property Rights or confidentiality obligations.

13.4 Effect of Termination

Upon termination: (a) Partner shall immediately cease all use of Zeal Intellectual Property; (b) Partner shall cease marketing, promoting, or referencing Zeal; (c) Partner shall cease representing itself as a Zeal partner; (d) Partner shall cease all access to Zeal systems and platforms; (e) each party shall return or destroy all Confidential Information of the other party; and (f) all accrued payment obligations remain due and payable.

13.5 Survival

The following provisions survive termination: Section 1 (Definitions), Section 5 (Data Protection and Privacy, to the extent necessary), Section 6 (Intellectual Property Rights), Section 7 (Confidentiality), Section 8 (Trade Compliance), Section 9 (Anti-Bribery), Section 10.2 (Disclaimers), Section 11 (Limitation of Liability), Section 12 (Indemnification), Section 13.4 (Effect of Termination), Section 14 (General Provisions), and any other provisions that by their nature are intended to survive.

14. GENERAL PROVISIONS

14.1 Governing Law

Unless otherwise specified in the Commercial Agreement, these Terms shall be governed by and construed in accordance with the laws of England and Wales, without regard to conflict of law principles. The United Nations Convention on Contracts for the International Sale of Goods (CISG) shall not apply.

14.2 Jurisdiction

Unless otherwise specified in the Commercial Agreement, the parties irrevocably agree that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with these Terms.

14.3 Dispute Resolution

Before initiating formal proceedings, the parties agree to attempt in good faith to resolve any dispute through informal negotiations between senior executives for a period of thirty (30) days. If informal negotiation is unsuccessful, either party may refer the dispute to mediation. If mediation does not resolve the dispute within sixty (60) days, either party may pursue litigation as provided in Section 14.2. Notwithstanding the foregoing, either party may seek immediate injunctive or equitable relief from a court of competent jurisdiction where necessary to prevent irreparable harm.

14.4 Force Majeure

Neither party shall be liable for failure or delay in performing its obligations (other than payment obligations) to the extent caused by events beyond a party's reasonable control, including acts of God, natural disasters, war, terrorism, civil unrest, labour disputes, failure of telecommunications or utilities, cyberattacks, or government orders. The affected party shall notify the other party promptly and use commercially reasonable efforts to mitigate the effects. If a force majeure event continues for more than ninety (90) consecutive days, either party may terminate these Terms upon written notice.

14.5 Notices

All notices required or permitted under these Terms shall be in writing and delivered by personal delivery, registered or certified mail, internationally recognised courier service, or email (for routine communications, followed by hard copy for material notices). Notices shall be sent to the addresses specified in the Commercial Agreement and shall be deemed received: (a) if delivered by hand, upon delivery; (b) if sent by registered or certified mail, five (5) Business Days after posting; (c) if sent by courier, two (2) Business Days after delivery to the courier; or (d) if sent by email, upon receipt of confirmation of delivery.

14.6 Assignment

Partner may not assign, transfer, or delegate these Terms or any rights or obligations without Zeal's prior written consent. Zeal may assign these Terms to any Affiliate or in connection with a merger, acquisition, or sale of substantially all assets. Any purported assignment in violation of this section is null and void.

14.7 Amendment

These Terms may be amended, modified, or supplemented only by a written instrument signed by authorised representatives of both parties. Zeal may update these Terms from time to time by providing at least thirty (30) days' notice to Partner. If Partner objects to any material change, Partner may terminate these Terms upon sixty (60) days' written notice, provided such notice is given within thirty (30) days of receiving notice of the change.

14.8 Waiver

No waiver of any provision shall be effective unless in writing. No waiver of any breach shall be deemed a waiver of any subsequent breach. Failure or delay in exercising any right shall not operate as a waiver.

14.9 Severability

If any provision is held invalid, illegal, or unenforceable, such provision shall be modified to the minimum extent necessary to make it valid while preserving its intent. If modification is not possible, the invalid provision shall be severed and the remaining provisions shall continue in full force.

14.10 Entire Agreement and Order of Precedence

These Terms, together with the Commercial Agreement, any DPA, and any documents expressly incorporated by reference, constitute the entire agreement between the parties concerning the subject matter and supersede all prior agreements, understandings, and negotiations.

In the event of conflict between documents, the following order of precedence applies (highest to lowest): (1) the specific Commercial Agreement (including Deal Variables and Schedules); (2) these Global Partnership Terms and Conditions; (3) the DPA (for data protection matters); (4) the Privacy Policy (as notice to Data Subjects); and (5) other policies (including the Acceptable Use Policy and security requirements).

14.11 Third-Party Beneficiaries

These Terms are for the sole benefit of the parties and their respective successors and permitted assigns. Nothing herein is intended to confer upon any other person or entity any legal or equitable right, benefit, or remedy, except that the indemnification provisions in Section 12 are intended to benefit and may be enforced by the indemnified parties.

14.12 Counterparts

These Terms may be executed in counterparts, each of which shall constitute an original. Electronic signatures shall be treated as original signatures.

14.13 Relationship

The parties are independent contractors. Nothing in these Terms creates a partnership, joint venture, agency, or employment relationship.

15. ZEAL CONTACT INFORMATION

Zeal IO Limited

Company Number: 11998285

Registered Office: 85 Great Portland Street, First Floor, London, W1W 7LT, United Kingdom

Contact Details:

Contact Purpose
www.getzeal.io Corporate website, legal documents, product information
info@getzeal.io General inquiries, sales inquiries, corporate information
partnerships@getzeal.io Partnership inquiries (for prospective partners, partnership proposals, commercial discussions)
support@getzeal.io Merchant support (technical issues, account access, terminal deployment assistance, general support)
privacy@getzeal.io Data Subject Requests (primary contact for Data Subject access requests, deletion requests, rectification, data portability, objection to processing, restriction of processing, privacy inquiries)
optout@getzeal.io Merchant Opt-Out Requests (Free Tier service removal, cease data collection, data deletion requests from merchants)
dpo@getzeal.io Data Protection Officer (escalations, complaints about data processing, regulatory inquiries, GDPR compliance questions)
legal@getzeal.io Legal notices (formal legal correspondence, contract disputes, intellectual property matters, litigation, regulatory enforcement)

Upon receiving a valid opt-out request through any mechanism, Zeal shall

Response Timelines:

Request Type Response Timeline
Data Subject Access Requests Within 30 days (may be extended by 60 days for complex requests with notification)
Merchant Opt-Out Requests Acknowledgment within 2 Business Days; data collection ceased within 5 Business Days
General Support Inquiries Initial response within 2 Business Days
Partnership Inquiries Initial response within 5 Business Days
Legal Notices Acknowledgment within 5 Business Days
Security Incidents Immediate escalation; acknowledgment within 24 hours

16. ACKNOWLEDGMENT AND ACCEPTANCE

By entering into a Commercial Agreement with Zeal, Partner acknowledges that:

(a) Partner has read, understood, and agrees to be bound by these Terms;

(b) Partner has had adequate opportunity to review these Terms with legal counsel;

(c) Partner has full authority to accept these Terms on behalf of its organisation;

(d) Partner understands that these Terms apply globally and govern all aspects of the partnership except as specifically addressed in the Commercial Agreement;

(e) Partner acknowledges the importance of compliance with Data Protection Laws, Export Control Laws, anti-corruption laws, and all other applicable legal requirements; and

(f) Partner agrees to conduct business ethically, professionally, and in compliance with all applicable laws.

END OF TERMS AND CONDITIONS

© 2026 Zeal IO Limited. All rights reserved.

These Terms and Conditions are effective as of January 2026 and apply to all Zeal partnerships globally.

SUMMARY OF REVISIONS FROM v2.0 to v2.1

Section Revision Description Reason for Change Legal Impact
2.5(b) Terminal notifications replaced with email notification requirement within 24 hours Align with PSP Agreement 7.1(f) and LIA v1.1; terminal notifications not technically feasible Strengthens transparency and merchant notice; provides auditable notification mechanism
2.5(d) Detailed opt-out timeline added (2-day acknowledgment, 5-day cease collection, 30-day deletion) Align with PSP Agreement 7.1(f)(iv) and Merchant ToS; operational clarity Clear commitment and accountability; demonstrates responsiveness to merchant requests
5.7 Joint Controller Arrangement Notice requirement added per Article 26(2) UK GDPR Article 26(2) UK GDPR compliance; align with DPA Section 3.3(b) Ensures transparency for Data Subjects; satisfies regulatory requirement for joint controller disclosure
15 Contact details updated with privacy@getzeal.io and optout@getzeal.io Operational accuracy; align with all other agreements Correct contact routing; improves Data Subject and merchant experience

Overall Impact:

Version 2.1 ensures consistency across Zeal's entire legal framework by aligning the Global Partnership T&Cs with the revised PSP Agreement, ZMS Agreement, Merchant ToS, LIA v1.1, and DPA. The changes strengthen merchant transparency (email notifications), demonstrate responsiveness to opt-out requests (detailed timeline), ensure GDPR compliance (Joint Controller Notice), and provide accurate operational contact details.