Terms and Conditions

‍

1. DEFINITIONS

For the purposes of these Terms and Conditions, the following definitions apply:

‍

1.1. Akua Platform: Cloud-native acquiring processing platform, powered by Artificial Intelligence, that provides payment infrastructure for all payment rails through APIs.

‍

1.2. Client: Legal entity that contracts Akua's services, including financial institutions with acquiring licenses, banks, fintechs, payfacs, gateways, and orchestrators.

‍

1.3. Services: Payment processing solutions offered by Akua, including but not limited to transaction processing, tokenization, fraud prevention, chargeback management, reconciliation, and settlement.

‍

1.4. APIs: Application programming interfaces that enable the integration of the Akua Platform with the Client's systems.

‍

1.5. Dashboard: White-label self-management interface provided to the Client for user management, configurations, reporting, and monitoring.

2. PURPOSE AND ACCEPTANCE

2.1. These Terms and Conditions govern the access and use of the Akua Platform and its payment processing-related services.

‍

2.2. By contracting Akua's services, the Client declares that they have read, understood, and fully accepted these Terms and Conditions.

‍

2.3. Akua reserves the right to modify these Terms at any time, with prior notice to the Client, with a minimum of 30 (thirty) days in advance.

3. SERVICE MODELS

3.1. Acquiring Processor (Technology Only - SaaS)

Targeted at institutions with their own Acquiring License. Akua provides exclusively the processing technology platform.

‍

3.2. Acquiring Processor + License Enabler (Technology + License - PaaS/SaaS)

Targeted at Banks, Fintechs, Payfacs, Gateways, and Orchestrators. Akua provides the technology platform and enables the use of an acquiring license.

‍

3.3. The specific contracted model, scope of services, functionalities, and responsibilities of each party will be detailed in the specific commercial contract (Statement of Work - SOW).

4. ACCESS AND INTEGRATION

4.1. Access to the Akua Platform is 100% through REST APIs, following the provided technical documentation.

‍

4.2. Akua will provide the Client with:

‍

Complete API documentation
Sandbox environment for testing
API keys for staging and production environments
Technical support during the integration process

‍

4.3. The Client is responsible for:

‍

Implementing integration according to technical documentation
Maintaining the security and confidentiality of their API keys
Immediately notifying Akua in case of credential compromise
Conducting adequate testing before going into production

‍

4.4. The estimated integration timeframe is from days to weeks, depending on complexity and the Client's technical readiness.

5. SERVICE LEVEL AGREEMENTS (SLA)

5.1. Platform Availability

‍

Guaranteed SLA: Minimum of 99.90% monthly availability
Objective (SLO): 99.95% availability
Architecture Uptime: 99.99% (infrastructure distributed across more than 6 datacenters)

‍

5.2. Authorization Response Time

‍

Guaranteed SLA: Maximum of 1 second
Objective (SLO): Maximum of 500 milliseconds
Error Budget: 5% of transactions may exceed the target time

‍

5.3. Transaction Success Rate

‍

Guaranteed SLA: Minimum of 98.0% of successfully processed transactions
Objective (SLO): 99.0% success rate

‍

5.4. Technical Support - First Response Time (FRT)

‍

Critical Incidents:
- SLA: Maximum of 2 hours
- SLO: Maximum of 15 minutes

‍

Non-Critical Incidents:
- SLA: Maximum of 4 business hours
- SLO: Maximum of 2 business hours

‍

5.5. Transparency: Akua maintains a public real-time status page with 100% transparency about availability and incidents.

‍

5.6. SLA Breach Credits: In case of non-compliance with guaranteed SLAs, the Client will be entitled to credits as defined in the commercial contract policy.

6. SECURITY AND COMPLIANCE

6.1. Certifications and Standards

The Akua Platform maintains compliance with the following standards and certifications:

‍

PCI DSS 4.0.1 Level 1 (100% compliance)
ISO 27001:2022 (100% compliance)
SOC 2 Type II (88% compliance)
ISO 27018 (86% compliance)
GDPR - General Data Protection Regulation (86% compliance)
Mastercard and Visa standards

‍

6.2. Data Protection

‍

6.2.1. Data security and privacy are top priorities. All data is processed in compliance with applicable data protection laws, including GDPR.

‍

6.2.2. Akua implements appropriate technical and organizational measures to protect data against unauthorized access, loss, destruction, or alteration.

‍

6.2.3. Tokenization: The platform offers PCI PAN Vault service for secure card data tokenization, allowing the Client to create their own secure tenant.

‍

6.3. Architecture and Resilience

‍

6.3.1. Akua's infrastructure uses Active-Active Multi-Region architecture, distributed across 2 AWS regions, utilizing 3 availability zones per region.

‍

6.3.2. This architecture ensures business continuity even in the event of data center or complete region failure.

‍

6.4. Data Separation

‍

6.4.1. Single-Tenant: For clients opting for a dedicated environment, Akua guarantees a completely isolated instance, with exclusive infrastructure and physical data separation.

‍

6.4.2. Multi-Tenant: For clients in a shared environment, there is strict logical data separation, ensuring security and privacy through application-level isolation.

‍

6.5. The Client must follow security best practices when using APIs and handling sensitive data, according to Akua's technical guidelines.

7. PAYMENT PROCESSING

7.1. Available Features

‍

The Akua Platform supports, according to the contracted model:

‍

Online payment processing (Card-Not-Present)
In-person payment processing (Card-Present)
Multiple payment methods (cards, instant payments, digital wallets, alternative methods)
Card data tokenization (PAN Vault)
3D Secure authentication (3DS)
Network Tokenization
Multi-currency support
Processing across multiple payment rails

‍

7.2. Client Responsibilities

‍

7.2.1. The Client is responsible for:

‍

Validating the legitimacy of transactions originating from their systems
Implementing adequate security controls in their environment
Complying with regulatory requirements applicable to their business
Providing accurate and complete information in transaction requests
Properly managing credentials and access for their users

‍

7.3. Limitations and Restrictions

‍

7.3.1. Akua reserves the right to refuse processing of transactions that:

‍

Violate applicable laws or regulations
Are related to activities prohibited by payment networks
Show signs of fraud or suspicious activity
Do not meet the platform's technical requirements

‍

7.4. Authorization Rates

‍

7.4.1. Akua employs technology and artificial intelligence to optimize authorization rates, but does not guarantee transaction approval, which depends on the card issuer and other external factors.

8. FRAUD PREVENTION AND RISK MANAGEMENT

8.1. The Akua Platform includes fraud prevention functionalities powered by Artificial Intelligence.

‍

8.2. The Client can configure custom rules according to their risk profile and business needs.

‍

8.3. Akua is not responsible for fraud occurring due to failures in controls implemented by the Client or vulnerabilities in their systems.

‍

8.4. The Client must immediately report any suspected fraud or irregular activity.

9. CHARGEBACKS

9.1. The platform offers real-time chargeback management, with automatic notifications and dispute tools.

‍

9.2. The Client is responsible for responding to chargebacks within the timeframes established by card networks.

‍

9.3. Chargebacks and their associated costs are the responsibility of the Client or the acquirer, according to the contracted model.

10. RECONCILIATION AND SETTLEMENT

10.1. The Akua Platform offers automatic reconciliation functionalities and settlement management (clearing/settlement).

‍

10.2. Detailed reports are available in the Dashboard and via API.

‍

10.3. Specific settlement timeframes and processes depend on the contracted model and agreements with financial institutions.

11. TECHNICAL SUPPORT

11.1. Availability

Technical support is available 24 hours a day, 7 days a week, including holidays.

‍

11.2. Support Channels

Integrated chat in the Dashboard
Technical support email
Telephone (red-line) for critical emergencies

‍

11.3. Support Model

11.3.1. Akua uses an AI First Support model:

1st Layer: Self-management via Dashboard and documentation
2nd Layer: AI Agent (Ina) for automated support
3rd Layer: Specialized human agents
4th Layer: Escalation to engineering and specialized teams

‍

11.4. Incident Classification

Critical: Total or significant partial platform unavailability
High: Important functionality compromised, with a workaround available
Medium: Problem affecting operation but not preventing platform use
Low: Minor issues, questions, or improvement requests

‍

11.5. Proactive Monitoring

Akua maintains 24/7 automated monitoring with proactive alarms to identify and resolve issues before they impact the Client.

12. DASHBOARD AND SELF-MANAGEMENT

12.1. The Client has access to the white-label Dashboard to:

‍

Manage users, roles, and permissions
Configure and manage API keys
Access the Sandbox environment
Configure webhooks and real-time alerts
View reports and analytics
Manage merchant configurations (merchant onboarding)
Monitor transactions in real-time

‍

12.2. The Client is responsible for properly managing access and permissions for their users.

13. INTEGRATIONS

13.1. Akua offers ready-made integrations with:

‍

E-commerce platforms (VTEX, Shopify, Magento, among others)
ERPs and management systems
Point of sale (POS) systems
Tap-to-Phone / SoftPOS solutionsç

‍

13.2. The Client may request certification of new POS or custom integrations, subject to technical and commercial analysis.

14. INTELLECTUAL PROPERTY

14.1. All intellectual property rights to the Akua Platform, including but not limited to software, documentation, trademarks, logos, and technology, belong exclusively to Akua or its licensors.

‍

14.2. These Terms do not transfer any intellectual property rights to the Client, granting only a limited use license for the purposes provided herein.

‍

14.3. The Client may not:

‍

Copy, modify, or create derivative works of the platform
Reverse engineer, decompile, or disassemble the software
Remove or alter copyright notices
Sublicense, sell, or transfer their access rights

‍

14.4. In the white-label model, the Client may use their own brand in the Dashboard interface, as contractually agreed.

15. CONFIDENTIALITY

15.1. The parties commit to maintaining confidentiality regarding all technical, commercial, and operational information exchanged during the term of the contract.

‍

15.2. The confidentiality obligation remains valid for 5 (five) years after contract termination.

‍

15.3. Exceptions to confidentiality include information that:

‍

Is in the public domain
Must be disclosed by court order or legal requirement
Was already known by the receiving party before disclosure

16. PRICING AND PAYMENT

16.1. Values, pricing model (MDR, fixed fees, SaaS model, etc.), and payment terms are established in the specific commercial contract.

‍

16.2. Akua reserves the right to adjust prices with 60 (sixty) days' prior notice.

‍

16.3. Payment delays may result in:

‍

Interest and penalty charges according to applicable legislation
Temporary suspension of services after notification
Contract termination in case of default exceeding 30 days

17. LIMITATION OF LIABILITY

17.1. Akua is not responsible for:

‍

Authorization or refusal decisions by issuers
Fraud originating from Client security failures
Interruptions caused by force majeure
Third-party actions, including cyber attacks (DDoS, etc.)
Losses resulting from improper use of the platform
Chargeback decisions by card networks
Unavailability of third-party services (payment networks, infrastructure providers)

‍

17.2. Under no circumstances shall Akua's total liability exceed the amount paid by the Client in the 12 (twelve) months before the event that originated the damage.

‍

17.3. Akua shall not be liable for indirect damages, loss of profits, data loss, or consequential damages, except in cases of proven willful misconduct or gross negligence.

‍

17.4. The Client is solely responsible for the legality of their operations and compliance with regulations applicable to their business.

18. PERSONAL DATA PROTECTION

18.1. The parties shall comply with all obligations under applicable data protection laws, including GDPR and local data protection regulations.

‍

18.2. Akua acts as a data processor in payment processing, following the Client's instructions, who acts as the data controller.

‍

18.3. The processing of personal data by Akua is detailed in the Privacy Policy available at [URL], which complements these Terms.

‍

18.4. The Client must:

‍

Obtain necessary consents from data subjects
Provide adequate privacy notices
Respond to data subject requests
Notify Akua about any security incident

‍

18.5. Akua implements appropriate technical and administrative security measures to protect personal data.

‍

18.6. International data transfers, when applicable, follow appropriate legal mechanisms.

19. TERM AND TERMINATION

19.1. The contract enters into force on the signature date and remains valid according to the term established in the commercial contract.

‍

19.2. Either party may terminate the contract with 90 (ninety) days' prior notice.

‍

19.3. Akua may terminate immediately in case of:

‍

Material breach of these Terms by the Client
Default exceeding 30 days
Use of the platform for illegal activities
Compromise of platform security or integrity

‍

19.4. After termination:

‍

The Client must immediately cease use of the platform
Data will be retained according to the legal period and then deleted
The Client may request data export within 30 days
Confidentiality and payment obligations remain valid

20. GENERAL PROVISIONS

20.1. Severability: The invalidity of any clause does not affect the validity of the others.

‍

20.2. Waiver: A party's tolerance regarding the other's non-compliance does not imply waiver of rights.

‍

20.3. Assignment: The Client cannot assign their rights without Akua's prior written consent.

‍

20.4. Communications: All notifications must be sent to the addresses indicated in the contract, being considered received after 3 business days of sending or immediately if by email.

‍

20.5. Amendments: Amendments to these Terms will only be valid if formalized in writing and signed by both parties, except for general amendments notified according to clause 2.3.

‍

20.6. Force Majeure: Neither party shall be liable for non-performance resulting from force majeure events.

‍

20.7. Relationship Between Parties: The relationship between Akua and Client is one of technology services provision, with no employment, partnership, or representation relationship.

21. GOVERNING LAW AND JURISDICTION

21.1. The laws of Colombia govern these Terms and Conditions.

‍

21.2. The parties elect the jurisdiction of Bogotá, Colombia, to resolve any disputes arising from these Terms, with express waiver of any other, however privileged it may be.