Skip to content
PAY BY BANK

Instant Payments
Real-time payment processing.

Same Day ACH
Same day payment processing.

Standard ACH
Standard processing times.

 

 

 
FEATURES

Unified API
Fast transactions integrated with open banking all in one platform.

Automated Payments
Modernize your payments with pay by bank automation.

Mass Pay
Send multiple bank transfers with a single API request.

Open Banking Services
Instant account verification, balance checks and fraud mitigation.

Digital Wallet
Initiate faster transactions by utilizing Dwolla's Digital Wallet to hold funds.

 

 

Data Visibility
Access and manage your payments data through our user-friendly dashboard.

Security
Dwolla's platform is monitored 24/7/365 using a combination of internal and external tools and services.

Integration
Dwolla makes integrating pay by bank payments fast and easy.

Sandbox Environment
Simulate use cases and try out features.

Dedicated Support
Supporting your payments journey every step of the way.

SOLUTIONS

Enterprise
High-transacting payment automation

Balance
A digital wallet solution 

Connect
Direct bank connections 

 

 
INDUSTRIES

Insurance
Modernize outdated insurance payments

Real Estate
Revolutionize your real estate payments

Lending
Accelerate your lending operations

Healthcare
Elevate your healthcare payments

Manufacturing
Transform your manufacturing payments

USE CASES

B2B Payments
Streamline your business payments

Unload/Load Digital Wallet
Seamlessly move funds on and off your platform

Payouts
Pay out funds quickly and securely

LEGAL DOCUMENTATION

For Dwolla Clients
  1. SECURITY INCIDENT
    1. Notification. You will promptly (and in any event, within 48 hours of discovery) notify Dwolla of a Security Incident (as defined below). Such notice must include a detailed description of the Security Incident, and any other information Dwolla may reasonably request concerning the Security Incident, including, without limitation, the number of records, types of information, and number of End Users impacted by the Security Incident, the known or suspected causes of the Security Incident, any actual or anticipated impact on Dwolla or its customers, and remediation plans. You will maintain records of all actual or suspected Security Incidents consistent with security best practices in the financial services industry and will make such reports available to Dwolla upon request.
    2. Mitigation. You agree to promptly and at your own cost and expense investigate and take all reasonable measures necessary or advisable to mitigate the effects of and remedy any Security Incident, including, where appropriate and without limitation, providing credit monitoring services and related call center or similar support activities to impacted parties.
    3. Reasonable Assistance. You further agree to fully cooperate with and provide all reasonable assistance to Dwolla in regard to its investigation of any Security Incident. Without limiting the generality of the foregoing, you will cooperate with Dwolla in determining its legal obligations with respect to notification of End Users, regulators, and/or law enforcement, if any, and you agree to provide to Dwolla any documentation in your possession which is necessary for Dwolla to issue required or advisable notifications or communications.
    4. Disclosure. Unless otherwise required by Applicable Law or pursuant to an agreement with an unrelated third party, you will not (and will ensure that each of your representatives and agents do not) inform or make any statements to any unrelated third party of any Security Incident without first obtaining Dwolla’s prior written consent. Where any disclosure of a Security Incident is required by Applicable Law, you will use commercially reasonable efforts to obtain Dwolla’s approval regarding such disclosure.
    5. Dispute Management. You must notify Dwolla within 48 hours of receiving any complaint alleging the improper or unauthorized access or use of End User Data. You will be responsible for managing all disputes or issues raised by an End User with respect to any of your applications; provided, however, that Dwolla, Third-Party Service Provider and/or Service Provider may, at its option, as applicable, engage directly with any End User with respect to issues or complaints relating to the authorized access or use of End User Data, and may take all steps deemed necessary by Dwolla, Third-Party Service Provider or Service Provider to resolve such issues or complaints, including, without limitation, terminating access to the Open Banking Services and/or to any End User Data. Notwithstanding the foregoing, you acknowledge and agree that you will remain responsible for any unauthorized access or use of End User Data once it has been accessed through the Open Banking Services, is in your possession or control, or thereafter.
    6. Definition. For purposes of this Open Banking Services Agreement, “Security Incident” will mean any actual or reasonably suspected breach, incident or other event that compromises (or would be reasonably likely to result in a compromise of) the security, integrity or confidentiality of the End User Data, Dwolla’s or Third-Party Service Provider’s Confidential Information, or Confidential Information of Dwolla or Third-Party Service Provider held by your third party service providers that handle or otherwise process End User Data, or that otherwise results in (or that would be reasonably likely to result in) the unauthorized access, use, disclosure or loss of End User Data, Dwolla’s or Third-Party Service Provider’s Confidential Information, or Confidential Information of Dwolla or Third-Party Service Provider held by your third party service providers that handle or otherwise process End User Data.

  2. BACKGROUND INVESTIGATIONS. During the Term hereof and for such period thereafter as you will retain possession or control of End User Data, you will maintain comprehensive hiring and employment policies and procedures designed to ensure that all of your personnel with access to the Open Banking Services or to any End User Data possess appropriate character, disposition and honesty. In connection with the foregoing, you must, to the extent permitted by Applicable Law, conduct at your expense pre-employment background checks and other investigations of your employees and other personnel that may obtain access to the Open Banking Services or End User Data. Such background checks and investigations must include, but are not limited to: (a) confirmation of identity and personal information; (b) felony and misdemeanor and national criminal searches (where permissible); and (c) confirmation the individual is not on the Specially Designated Nationals (SDNs) list published by the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) (or national equivalent) and global sanctions enforcement searches. You must not permit any of your employees or other personnel to access the Open Banking Services or End User Data until such individual has passed the outlined background screening. You will not permit any employee or other personnel who has been formally charged with a crime that is a dishonest act or breach of trust as set forth in Section 19 of the Federal Deposit Insurance Act, or who you know has otherwise engaged in any material act of dishonesty or breach of trust, to access or use the Open Banking Services or End User Data, in accordance with all applicable federal, state, and local law. You must reasonably cooperate with any investigation undertaken by Dwolla and/or Third-Party Service Provider with respect to any act of dishonesty, breach of trust, or violation of law by any of you employees or personnel with respect to the Open Banking Services or the End User Data.

  3. INSURANCE. You must obtain and maintain at your own expense, throughout the Term and for a period of two years thereafter, (a) sufficient insurance coverage for your business, your activities hereunder, and any reasonably anticipated risks; and (b) without limiting the foregoing, as applicable (1) Commercial General Liability Insurance, (2) Crime Insurance (Employee Dishonesty), and (3) Cyber Risk/Data Security and Privacy Liability Insurance covering claims (and any associated costs and damages, including data breach investigation, data breach notification and credit monitoring costs) arising from: (i) breaches of computer systems and data security, (ii) violations of any privacy right, (iii) breaches of data privacy and data security laws and regulations, (iv) breach of PCI-DSS or any similar rules promulgated by the PCI Council, and (v) data theft, damage, destruction, or corruption, including unauthorized access, unauthorized use, identity theft, theft of personally identifiable information, and transmission of a computer virus or other type of malicious code.  For the avoidance of doubt, your insurance coverage shall not limit your liability as set forth under this Open Banking Services Agreement.

Exhibit D
Third-Party Data Provider Terms

  1. EULA
    (A) End User Access. You must ensure, prior to any access or use of the Open Banking Services, each End User’s agreement to minimum end user terms and conditions governing such End User’s use and access to the Open Banking Services in the form of an end user license agreement governing such End User’s use of the Open Banking Services that is substantially equivalent to and includes terms at least as protective of Dwolla and Third-Party Service Provider as those minimum end user terms and conditions as detailed in the Open Banking Services End User Terms and Conditions (“EULA”) (set forth at https://www.dwolla.com/legal/open-banking-end-user-terms) and incorporated herein by reference. You are responsible for all activity that occurs in your End User accounts and for your End User’s compliance with this Open Banking Services Agreement and the EULA.
    (B) Updates. Dwolla and Third-Party Service Providers may amend and supplement the EULA at any time during the Term by providing notice to you, either directly or through Dwolla. You will have thirty (30) days from receipt of such notice to update your EULA to reflect such amendment or supplement, or as otherwise provided for by Dwolla and/or Third-Party Service Providers.
    (C) Your specific Terms. You must update the EULA, based on your specific use case, to: (i) accurately set forth what data, including all compilations, aggregations, and combinations of the same, is collected, how collected data will be used, and how collected data will be accessed, shared, exchanged, or sold; (ii) provide clear and conspicuous disclosures to all End Users and prospective End Users sufficient to comply with Applicable Law regarding the collection, use, and sharing described, including Anonymous & Aggregated Data; (iii) identify or disclose to each End Users any and all categories of third parties to whom End User Data may be provided or who may use, receive, store, or process the same; and (iv) describe how the End User Data will be protected in the event that you cease operating as a going concern or otherwise cease to make available your application and/or mobile website to End Users, describing how End User Data in your possession or control will be safeguarded, deleted, and purged in such circumstances.  A reference to your privacy policy is included in Section 2 of the EULA.  If your privacy policy does not cover the items set out in this Section 1(C), or meet the EULA requirements set out in this Open Banking Services Agreement, you agree to update the EULA or otherwise provide the information required by this Agreement to each of your End Users and obtain their agreement to such by express consent.

  2. DATA REQUIREMENTS. You will provide to Third-Party Service Provider, either directly or through Dwolla, as determined by Third-Party Service Provider, information regarding your data requirements, which Third-Party Service Provider may disclose to Third-Party Data Providers, in order to facilitate its provision of the Open Banking Services. You shall not charge End User any fees that identify, or are identifiable to, Dwolla, Third-Party Service Provider, any Third-Party Data Provider, or to End User’s use of the Open Banking Services.

  3. API MONITORING. Dwolla, Third-Party Service Provider, and Third-Party Data Providers, as applicable, have the right to monitor any and all use of the Open Banking Services and Third-Party Data Provider connections to the Open Banking Services (including frequency of access and types of data received) without notice to you or your personnel.

  4. DATA HOSTING. You may only host and/or store End User Data from locations within the United States unless otherwise approved in advance and in writing by Third-Party Service Provider and applicable Third-Party Data Providers.

  5. DATA USE.
    (A) End User Consent.
         
    (i) Credentials.  Except as otherwise expressly permitted in this Agreement, you shall not, and you shall not permit or enable any third party or service provider to collect, store, or use any End User bank account credentials as part of their integration with the Open Banking Services, or access to any data relating to an End User that you know or have reason to believe was procured via screen scraping.  Before accessing the Open Banking Services, you must stop using and Destroy any End User bank account credentials you hold. Upon Dwolla’s and/or Third-Party Service Provider’s request, you must certify and provide reasonable verification that you have Destroyed such data and that you do not have any End User bank account credentials.
         (ii) Previously Collected Data. Prior to accessing the Open Banking Services, you shall delete any End User data which was not obtained in accordance with the terms of this Open Banking Services Agreement or through a provider with a valid agreement with the applicable Third-Party Data Provider.
         (iii) Deletion of End User Data.  Upon termination of this Open Banking Services Agreement for any reason, you shall Destroy all End User Data in accordance with your retention policies, unless you have permission from the applicable End User to retain such End User Data and you continue to maintain appropriate technical and organizational safeguards for such End User Data.  Within sixty (60) days following termination of this Open Banking Services Agreement you must certify and provide verification to Dwolla and/or Third-Party Service Provider that you have complied with the deletion requirements of this Section 5(A)(iii).
    (B) End User Data.  With respect to End User Data made available through the Open Banking Services from Third-Party Data Provider, you will not, nor will you attempt to or otherwise enable a third party to: (i) use, disclose or process the End User Data to target market products or services to End Users that are directly competitive to those offered by any Third-Party Data Provider, by using such End Users’ status as a customer of a Third-Party Data Provider as criteria; (ii) use any APR, APY, credit limit or similar data included within the End User Data to ascertain confidential or proprietary information of any Third-Party Data Provider, including, without limitation, credit models, credit algorithms, and other business processes and calculations not available to the public;  (iii) sell, transfer or rent Nonpublic Personal Information to marketers or any other third party; (iv) use Nonpublic Personal Information for marketing purposes, unless you obtain Dwolla or Third-Party Service Provider’s prior express written consent, as applicable, express consent from the applicable End User for such use and such use is in strict compliance with privacy laws; (v) combine Nonpublic Personal Information relating to an End User with data relating to other End Users or with data obtained from third parties; (vi) process End User’s bank credentials other than as required to access or use the Open Banking Services, as authorized by End User, as permitted by Third-Party Service Provider, and as permitted under privacy laws; (vii) process any Nonpublic Personal Information, or access or use the Open Banking Services, other than in strict compliance with privacy laws; or (viii) process any Nonpublic Personal Information, or access or use the Open Banking Services, in any manner that would be a breach of contract or agreement between Dwolla and Third-Party Service Provider and End User and Third-Party Service Provider.

  6. COMPLIANCE
    (A) In addition to the audit set out in Section 6.3 of the Open Banking Services Agreement, during the Term of the Open Banking Services Agreement and for one year thereafter, you will, upon reasonable advance written notice from Third-Party Service Provider and/or Dwolla, (i) permit Third-Party Service Provider, through its internal and external auditors or those of any Third-Party Data Provider, to audit, review and inspect (A) your books, records, and other documents, including security logs, and (B) your systems, networks, and facilities (an “Audit”), or (ii) provide to Dwolla, Third-Party Service Provider or any Third-Party Data Provider a written attestation of your compliance with the terms and conditions of this Open Banking Services Agreement governing the processing of End User Data, the prompt reporting of all Security Incidents, and obligation to refrain from re-identifying or attempting to re-identify any aggregated or de-identified End User Data (an “Attestation”).
    (B) All Audits will be conducted for the sole and exclusive purposes of confirming your compliance with the data handling and security terms and conditions of this Open Banking Services Agreement, and will occur during regular business hours, at Dwolla’s, Third-Party Service Provider’s or an applicable Third-Party Data Provider’s sole cost and expense, and, except following the occurrence of a Security Incident, no more frequently than once per year. You agree to reasonably cooperate with any Audit performed pursuant to this Section 6 and must promptly take all actions necessary to remediate any material deficiencies and non-compliance discovered as a result of any Audit or Attestation.
    (C) At least annually during the Term, you must have a certified independent public accounting firm or another independent, certified, industry-recognized third party: (i) conduct a review or assessment and provide a full attestation, review, or report under SOC 2 Type II (or, such reasonably comparable standard) of all your systems and operational controls used by you to access the Open Banking Services or access, store, or process any End User Data; and (ii) conduct and provide a full report of an independent network and application penetration test.
    (D) You must provide copies of all such reports and the results of any testing to Dwolla and Third-Party Service Provider (each, an “Attestation”).
    (E) All Attestations and the results of any of your Audits will be considered your Confidential Information; provided, however, that Dwolla and/or Third-Party Service Provider may disclose copies of the same to any Third-Party Data Provider at Third-Party Service Provider’s sole discretion, provided such Third-Party Data Provider is bound by written obligations of confidentiality which are in no event less than a reasonable standard of care.
    (F) Nothing in this Section 6 is or will be construed as limiting the rights of any governmental or regulatory authority to conduct audits or investigations. You acknowledge that Dwolla and Third-Party Service Provider intend to fully comply with all governmental and regulatory authorities, including with respect to any law enforcement or judicial investigations, and that in connection with the foregoing, Dwolla and Third-Party Service Provider may disclose the identity of, and any information transmitted or received by, persons accessing the Open Banking Services. You agree to fully cooperate with any audits or investigations conducted by a governmental or regulatory authority pursuant to Applicable Law.
    (G) Notwithstanding anything to the contrary, upon written request, you will provide information reasonably needed to demonstrate compliance with the obligations in this Exhibit D and privacy laws.

 

Exhibit E

Dwolla Terms and Conditions for Plaid Open Banking Services and Products

 

The Dwolla Terms and Conditions for Plaid Open Banking Services and Products (“Open Banking Services Exhibit - Plaid”) applies to your use of the Open Banking Services provided to you through Plaid Inc. (“Plaid”). Hereinafter “you” “your” or “Client” means the Client and “us” “we” “our” or “Dwolla” refers to Dwolla, Inc. (protecting Plaid).

Dwolla may amend this Open Banking Services Exhibit - Plaid at any time by providing notice to you. Notice may be provided to you on www.dwolla.com, on any other website maintained by Dwolla, by email or by any other reasonable means. The amended Open Banking Services Exhibit - Plaid is effective when posted or as of the date indicated, and your continued use of the Open Banking Services constitutes your acceptance of any amended Open Banking Services Exhibit - Plaid.

For purposes of this Open Banking Services Exhibit - Plaid, Third-Party Service Provider or Third-Party Service Providers, as referenced in the Open Banking Services Agreement, refers to Plaid Inc. In addition, for the sake of clarity and for purposes of this Open Banking Services Exhibit - Plaid, any reference in the Open Banking Services Agreement to Exhibit B will be to this Exhibit E instead and Exhibits C and D of the Dwolla Open Banking Services Agreement do not apply to your use of the Open Banking Services provided to you through Plaid.

Definitions:

“Anonymous & Aggregated Data” means End User Data and information that is anonymized and aggregated with similar data and information to the extent that the original End User Data and information is no longer attributable to Dwolla, Plaid, you, or to any specific End User.

“Balance Check” means an Open Banking Service ordered by you that you can use to periodically gather account balances in an account without collecting transaction data. Account types accessed include depository accounts. You can retrieve these account balances using an API request to help ensure your End Users have the appropriate funds.

“Customer” means your end user that has opened a Customer Account.

“Customer Account” means an account that has been opened by an End User through the Dwolla Platform Services (as defined in the Dwolla Platform Agreement) through your Application and that you manage through your Application.

“End User” or “End Users” in addition to the definition of End Users in Section 1 below, End User means an individual who is a Customer who is at least 18 years old and a resident of the United States or a Receive-Only User who is authorized by you to use or access the Open Banking Services and who has (i) been supplied an identification and password by you or at your direction or (ii) for whom a unique user record is created by or authorized to be created by you within the Open Banking Services.

“End User Data” means End User’s login, password, any other authentication information required by you or an End User’s third-party financial institution, and any End User transaction data.

“Instant Account Verification (without identity check)” means an Open Banking Service ordered by you that accesses financial account information, including account and routing numbers, for direct deposit accounts such as checking, savings, and money market accounts.

“Nonpublic Personal Information” means personally identifiable financial information as defined under Regulation P, 12 C.F.R. 216, or the Gramm-Leach-Bliley Act, 15 U.S.C. 6801 et seq., or information otherwise considered privileged, confidential, private, nonpublic or personal given protected status under applicable law.

“Open Banking Services” means Instant Account Verification, Balance Check, and the other products and services ordered by you through an Ordering Document to which these terms apply and are made available by Plaid through its online, web-based application or mobile components via designated websites, IP addresses, application programming interface(s), or other means.

“Receive Only User” means an individual who is a resident of the United States and is at least 13 years old and has obtained parental permission if under 18 to receive funds that uses the payment services you offer through your website and/or mobile application who may only receive payments and does not create a Dwolla account.

"Third-Party Data Provider” means any third-party entity, including financial institutions, which provides End User Data or other data to Dwolla or Dwolla’s technology providers for use in the Open Banking Services.

"Your Affiliates” means any entity that directly or indirectly controls, is controlled by, or is under common control with you. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

  1. Restrictions. Unless Plaid specifically agrees otherwise in writing, you will not, and will not enable or assist any third-party to: (i) attempt to reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure, ideas, or algorithms of the Plaid services described at https://www.plaid.com ("Plaid Services"); (ii) modify, translate, or create derivative works based on the Plaid Services; (iii) make the Plaid Services or information and data of your end users ("End Users") provided to you via the Plaid Services (such information and data, the "Plaid- Provided Data") or any derivative work thereof available to, or use the Plaid Services or Plaid-Provided Data (or any derivative work thereof) for the benefit of, anyone other than you or End Users; (iv) sell, resell, license, sublicense, distribute, rent, or lease any Plaid Services or Plaid-Provided Data (or any derivative work thereof) to any third-party, or include any Plaid Services or Plaid-Provided Data (or any derivative work thereof) in a service bureau, time-sharing, or equivalent offering; (v) publicly disseminate information from any source regarding the performance of the Plaid Services or Plaid-Provided Data; or (vi) attempt to create a substitute or similar service through use of, or access to, the Plaid Services or Plaid-Provided Data. You will use the Plaid Services and Plaid-Provided Data only in compliance with: (a) your application, use case, and other restrictions agreed between Plaid and Dwolla; (b) the Plaid developer policies (available at https:// www.plaid.com/legal); (c) Plaid's applicable technical user documentation (available at https://www.plaid.com/docs); and (d) any agreements between you and End Users (for clarity, including any privacy policy or statement). Notwithstanding anything to the contrary, as between Plaid and you, you accept and assume all responsibility for complying with all applicable laws and regulations in connection with your activities involving any Plaid Services, Plaid-Provided Data, or End User data. You acknowledge and agree that: (I) Plaid is neither a "consumer reporting agency" nor a "furnisher" of information to consumer reporting agencies under the Fair Credit Reporting Act ("FCRA"); and (II) the Plaid- Provided Data is not a "consumer report" under the FCRA. You represents and warrants that it will not, and will not permit or enable any third party to, use the Plaid Services (including Plaid-Provided Data) as a or as part of a "consumer report" as that term is defined in the FCRA, or otherwise use the Plaid Services (including Plaid-Provided Data) such that the Plaid Services (including Plaid-Provided Data) would be deemed "consumer reports" under the FCRA. Notwithstanding anything to the contrary, you will be bound by, and will only use the Plaid Services and Plaid-Provided Data in compliance with, the terms and conditions set forth in this agreement.
  2. Secondary Investors. If applicable and agreed to by you and Dwolla, and subject to this Section 2 (Secondary Investors), you may request that Plaid or Dwolla disclose Plaid- Provided Data or a Dwolla product or service including or incorporating Plaid-Provided Data (collectively, the "Shared Data") to your Secondary Investors. "Secondary Investor" means a third-party investor or purchaser of a financial product originated by you and provided to an End User (e.g., a loan), with which investor or purchaser Plaid maintains a separate technical integration.

        (i) You represent and warrant to Plaid that, before disclosure of Shared Data to any Secondary Investor, you will provide and obtain all required (including under applicable law) notices and consents from the applicable End User with respect to disclosure of Shared Data to such Secondary Investor by Plaid or Dwolla.
       (ii) Notwithstanding anything to the contrary: (a) as between Plaid and you, solely you are responsible for its relationships with Secondary Investors and with Dwolla, including any related billing matters, technical support, or disputes; (b) you will enter into legally binding written agreements with each Secondary Investor that are consistent with this Section 2 (Secondary Investors) and all applicable terms and conditions of this Open Banking Services Exhibit - Plaid (Dwolla Terms and Conditions for Plaid Open Banking Services and Products), including Section 1 (Restrictions); and (c) as between Plaid and you, you will remain responsible for the Secondary Investors' compliance with all of the terms and conditions of this Open Banking Services Exhibit - Plaid (Dwolla Terms and Conditions for Plaid Open Banking Services and Products) (including terms relating to use of Plaid- Provided Data or Shared Data).
       (iii) As between Plaid and you, you will be fully liable for: (a) any breach by you of this Section 2 (Secondary Investors); (b) any acts or omissions of Secondary Investors; and (c) any dispute arising among you, Dwolla, Secondary Investors, and/or End Users relating to the disclosure or use of Shared Data as contemplated in this Section 2 (Secondary Investors).
  3. Privacy and Authorizations. Before any End User engages with Dwolla products or services which include, are derived from, or incorporate the Plaid Services, you warrant and will ensure that you provide all notices and obtain all consents required under applicable law to enable Plaid to process End User data in accordance with Plaid's privacy policy (currently available at https://www.plaid.com/privacy). You will not: (i) make representations or other statements with respect to End User data that are contrary to or otherwise inconsistent with Plaid's privacy policy; or (ii) interfere with any independent efforts by Plaid to provide End User notice or obtain End User consent.
  4. DISCLAIMER; ENFORCEMENT. THE PLAID SERVICES, PLAID-PROVIDED DATA, AND ANY OTHER INFORMATION, SOFTWARE, PRODUCTS, SERVICES AND MATERIALS PROVIDED BY PLAID IN CONNECTION WITH THIS OPEN BANKING SERVICES EXHIBIT - PLAID ARE PROVIDED "AS IS." TO THE FULLEST EXTENT PERMITTED BY LAW, NEITHER PLAID NOR ITS AFFILIATES, SUPPLIERS, LICENSORS, OR DISTRIBUTORS MAKE ANY WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR ANY WARRANTY THAT THE SERVICES ARE FREE FROM DEFECTS. WITHOUT LIMITING THE FOREGOING IN THIS SECTION 4 (DISCLAIMER; ENFORCEMENT), NEITHER PLAID NOR ITS AFFILIATES, SUPPLIERS, LICENSORS, OR DISTRIBUTORS MAKE ANY REPRESENTATION OR WARRANTY AS TO THE PLAID-PROVIDED DATA THAT MAY BE OBTAINED FROM USE OF THE PLAID SERVICES OR THAT ANY PLAID SERVICES WILL BE UNINTERRUPTED, OR THAT ANY DATA PROVIDED BY OR THROUGH ANY PLAID SERVICES WILL BE TIMELY, ACCURATE, OR COMPLETE. PLAID WILL BE AN INTENDED THIRD- PARTY BENEFICIARY OF THE AGREEMENT BETWEEN DWOLLA AND YOU AND MAY DIRECTLY ENFORCE SUCH AGREEMENT AGAINST YOU, WITHOUT DWOLLA'S CONSENT OR PARTICIPATION, BUT SOLELY RELATING TO THE PLAID-PROVIDED DATA (INCLUDING FI DATA) AND PLAID SERVICES THAT ARE PROVIDED BY PLAID TO DWOLLA OR YOU.
  5. FI Data. Through the Open Banking Services or Plaid Services, you may have access to information about or of End Users provided to Plaid by a bank, financial institution, or other data source (each, as designated by Plaid, "Fl", and such information, the "FI Data").

    (i) Your Obligations.
      (A) End User Consents. You will provide all notices to, and obtain all express consents from, each End User as required under applicable laws in connection with your use, storage, and other processing of any FI Data (such notices and consents, the "Express Consents"). Express Consents will: (A) be clear and conspicuous; (B) generally specify the categories of FI Data that you will receive and how you will use, store, and otherwise process FI Data; (C) b valid, enforceable, and expressly accepted by each End User; (D) identify any and all third parties or categories of third parties to whom End Client may provide FI Data for processing; (E) specify how End Users may exercise their right to revoke their Express Consent; and (F) include any other required disclosures under applicable laws. You will maintain records (which may include technical logs, screenshots, versions of Express Consents obtained) sufficient to demonstrate your compliance with this Section 5(i)(a) (End User Consents) and will promptly provide such records to Plaid upon request.

      (B) Scope of Access. You will only access FI Data for which you have obtained Express Consents from the End User for the use case reviewed and permitted by Plaid in writing and consented to by the applicable End User (such use case, the "Permitted Use Case"). For clarity, key factors Plaid will consider during its review of a potential Permitted Use Case include whether the use case is appropriate and useful to provide the End User with your application that the End User has enrolled in, whether your application provides a direct benefit to the End User, whether the use case directly supports the development of new or improved product features for the benefit of End Users, and the jurisdiction(s) in which you operate and/or store FI Data. If you possess FI Data that exceeds the scope of the End User's Express Consents, you will use industry-standard means to permanently and securely delete ("Delete") such FI Data; provided that you may retain such FI Data to the extent required by applicable laws. If you become aware that any data you receive from Plaid does not relate to the End User that you originally requested FI Data for, you will promptly notify Plaid and will Delete such data.

      (C) Data Use. You will use, store and otherwise process FI Data solely in accordance with the End User's Express Consents and applicable laws

      (D) Data Disclosure. You will not disclose, transfer, syndicate or distribute FI Data to any third party (including its Permitted Service Express Consent and in accordance with applicable laws. Notwithstanding anything to contrary, you will not sell FI data.

      (E) Data Deletion. You will promptly Delete any FI Data upon request by the applicable End User; provided that you may retain copies of FI Data solely to the extent required by applicable laws.

      (F) No Attribution. You will not charge End Users any fees attributable to an FI for (a) access to its FI Data or (b) use of End User's account with an FI in connection with the End Client application. In addition, you will not suggest or imply a partnership, sponsorship, or other relationship with an FI based on your receipt of FI Data under the Open Banking Services Agreement or this Section 5 (FI Data).

      (G) No Other Access. During the term of the Open Banking Services Agreement, you will only access FI Data through the Plaid Services or another manner that uses the FI's authorized APIs. You will not "screen scrape" data from Fls or collect an End User's log- on credentials for FI accounts, and will not otherwise knowingly obtain from a third party FI Data that was originally sourced through screen scraping an FI. You will immediately Delete any such End User log-on credentials in its possession. You will maintain records to demonstrate compliance with this Section 5(i)(g) (No Other Access). For the avoidance of doubt, nothing in this Section 5(i)(g) (No Other Access) will prohibit you from engaging any third party to obtain services similar to the Plaid Services, provided that such third-party services enable End Client's access to FI Data solely via the FI's authorized APIs.

      (H) Compliance with Laws. You will comply with all applicable privacy, security, and other laws pertaining to FI Data. You will not use, store, disclose, or otherwise process any FI Data for any purpose not permitted under applicable laws. For the avoidance of doubt, you acknowledge that Section 1033 of the Dodd-Frank Act may include obligations on you relating to processing, handling and protecting FI Data. You will maintain a program designed to ensure compliance with applicable laws, including appropriately training your personnel.

      (I) Information Security Program. You will maintain a comprehensive written information security program approved by your senior management ("Infosec Program"). The Infosec Program will include administrative, technical and physical measures designed to: (a) ensure the security of FI Data, (b) protect against unauthorized access to or use of FI Data and anticipated threats and hazards to FI Data and (c) ensure the proper disposal of FI Data. The Infosec Program will be appropriate to your risk profile and activities, the nature of your application, and the nature of the FI Data received by you. In any event, the Infosec Program will meet or exceed applicable control objectives captured in industry standards and best practices, such as AICPA Trust Service Criteria for Security, NIST 800-53, or ISO 27002, and will comply with applicable laws. You will use up-to-date antivirus software and anti-malware tools designed to prevent viruses, malware, and other malicious code in your application or on your systems.

      (J) Security Breach Obligations. You will notify Dwolla and Plaid promptly (and in any event within twelve (12) hours) via an email to security@plaid.com, following you becoming aware of any Security Breach, providing a description of all known facts, the types of End Users affected, and any other information related to such Security Breach that Plaid and/or Dwolla may reasonably request. You will reasonably cooperate with Plaid and/or Dwolla in investigating and remediating Security Breaches. You will be responsible for the costs of investigating, mitigating, and remediating the Security Breach. "Security Breach" means any event that compromises your application or your systems or that does or reasonably could compromise the security, integrity or confidentiality of FI Data or result in the unauthorized use, disclosure, or loss of FI Data.

      (K) FI Confidential Information. If Plaid discloses to you any confidential or proprietary materials of an FI pertaining to the provision of FI Data hereunder (such materials, "FI Confidential Information"), such materials will be subject to the same obligations that apply to Dwolla's Confidential Information under the Open Banking Services Agreement, which will in no event be less protective of such information than a reasonable standard of care. FI Confidential Information will also be subject to the same obligations as FI Data under this Section 5(i) (End Client Obligations). You will promptly Delete FI Confidential Information in your possession upon Plaid’s request and will provide a written certification regarding such Deletion.

      (L) Oversight and Cooperation. Toward assessing your material compliance with this Section 5 (FI Data), you will promptly provide all reasonably necessary information and cooperation requested by Plaid, an FI, or any entity with examination, supervision, or other legal or regulatory authority over Plaid or an FI. In the event that Plaid has a good faith reason to believe that you are not in material compliance with this Section 5 (FI Data), Plaid will notify you and, upon Plaid's request, you will promptly provide sufficient documentation to demonstrate such material compliance. If the documentation provided by you in accordance with the immediately prior sentence is insufficient (in Plaid's reasonable discretion) to demonstrate such material compliance, you will submit to a third-party audit by a firm selected by you from a list of audit firms reasonably approved by Plaid to verify such compliance. Plaid and FIs may also conduct technical or operational assessments of you, which will be subject to advance notice and will not occur more than once per year unless legally required and materially different in scope from a preceding audit.

     (M) Information Sharing. Where required by an FI or relevant to your access or use of FI Data from that FI, Plaid may share with such FI certain information related to your compliance with this Section 5 (FI Data), including with respect to your Infosec Program. Plaid will use commercially reasonable efforts to require that such FI treat any such information in a confidential manner.

     (N) Insurance. You will maintain insurance coverage appropriate to your risk profile and activities, the nature of your application, and the nature of the FI Data received by you; provided that such coverage will be no less than industry standard and will include cybersecurity liability insurance.

     (O) Access Frequency. The parties acknowledge that as of the effective date of the Open Banking Services Agreement, no guidelines regarding your frequency of "batch" pulls of FI Data (such guidelines, the "Guidelines") apply to Plaid end clients. Notwithstanding the foregoing in this paragraph: (1) You will comply with any Guidelines provided in writing by Plaid (including via Dwolla); and (2) Plaid and Dwolla may enforce such Guidelines to the extent necessary in accordance with Plaid's standard practices, which may include throttling, suspension or termination of your access.

     (P) Your Marks License.  You hereby grant to Palid, each FI (and each of their third-party service providers), and Dwolla the non-exclusive and non-transferrable right and license to use your trademarks and service marks solely in connection with consent management activities, including use associated with your facing consent management portals operated by Plaid or an FI.

    (ii) Suspension. Plaid and/or Dwolla may suspend your access to the Open Banking Services, Plaid Services or FI Data, in whole or in part, if Plaid and/or Dwolla determines or reasonably believes that: (a) there is unauthorized access to the Plaid Services and/or the Open Banking Services via your Dwolla account; (b) you have breached this Section 5 (FI Data); (c) your use of the Open Banking Services, Plaid Services or FI Data will or has materially violated the Open Banking Services Agreement and/or an agreement between Plaid and an applicable FI; (d) your use of the Open Banking Services, Plaid Services or FI Data will or does pose a risk of material harm, including material reputational harm, to End Users, an FI, the Open Banking Services or the Plaid Services. In addition, an FI may suspend your access to FI Data with respect to such FI. Plaid will use commercially reasonable efforts to: (1) notify Dwolla prior to any suspension described in this paragraph; (2) discuss with Dwolla in good faith any such suspension; and (3) resume your access to the Plaid Services and FI Data as promptly as is practicable after the basis for such suspension is cured to Plaid's (and, as applicable, the relevant FI's) reasonable satisfaction. Unless prohibited by Applicable Law, in the event of a suspension by Dwolla, Dwolla will use reasonable efforts to provide timely notice of the suspension to you, including a description of the scope and reasons for the suspension. Such notice may occur after the suspension or restriction has occurred. Dwolla may also, in its reasonable discretion, contact any End User for Dwolla’s purposes, including fraud investigation and/or risk management purposes. If Dwolla contacts an End User for such purposes, Dwolla will notify you to the extent permissible under Applicable Law. The Parties will cooperate in good faith to remediate the reason for any suspension. Upon resolution of the issue causing the suspension, Dwolla will promptly permit you to resume using the Open Banking Services.

    (iii) Indemnity. In addition to Section 8.4 of the Open Banking Services Agreement You will indemnify, defend and hold harmless each FI, Plaid, Dwolla and the affiliates of each of the foregoing from any claims, actions, suits, demands, losses, liabilities, damages (including taxes), costs, and expenses arising from or in connection with: (a) any Security Breach resulting in unauthorized disclosure of FI Data provided to you hereunder; or (b) your unauthorized or improper use of FI Data provided to you hereunder (including any unauthorized Data Sharing, transmission, access, display, storage, or loss). This Section 5(iii) (Indemnity) is not subject to any limitation of liabilities set forth in the Open Banking Services Agreement. Each FI is a third-party beneficiary of this Section 5(iii) (Indemnity).

    (iv) Modifications. You acknowledge that continued access to FI Data provided by certain FIs may necessitate modifications to this Section 5 (FI Data) pertaining to all applicable Plaid end clients. You will accept such modifications to continue accessing or using the Plaid Services with respect to such FIs. Plaid will use commercially reasonable efforts to notify Dwolla of the modifications and the effective date of such modifications. If you object to the modifications, your exclusive remedy is to cease any and all access and use of the Plaid Services as it relates to the applicable FI(s). Continued access to or use of such Plaid Services after the effective date of such modifications to this Section 5 (FI Data) will constitute your acceptance of such modifications.

    (v) Miscellaneous. In the event of a conflict with any other agreement or provision (including other provisions within the Open Banking Services Agreement), the terms and conditions of this Section 5 (FI Data) will govern and prevail. Capitalized terms used in this Section 5 (FI Data) and not otherwise defined will have the meanings ascribed to them in the Agreement. All provisions of this Section 5 (FI Data) will remain in force in the event of the termination or expiration of this Section 5 (FI Data), this Open Banking Services Exhibit - Plaid, or the Open Banking Services Agreement.