FinHub Service Terms

The FinHub Service Terms below govern the Client’s use of the requested services and their integration within the Client’s infrastructure.  

1. Unauthorized use   

Except as expressly and unambiguously authorized under this Agreement, the Client will not:  

Disclose or provide access to the Account, Application System, Services and Documentation to any person or entity other than the Clint’s employees, end-users, legal representatives, and independent contractors who individuals (a) are entering into an agreement with the Client at least as a protection of FinHub’s rights stated in this Agreement, and (b) the Client hereby agree to be responsible for, and liable to FinHub for any breaches of such agreement by Client’s independent contractors;  

Use the Account/ Application System for any illegal, unauthorized or otherwise improper purposes, or in any manner which would violate this Agreement or the Documentation, or breach any laws or regulations, or violate the rights of third parties.  

Remove any legal, copyright, trademark or other proprietary rights, notices contained in or on materials that the Client had received or accessed pursuant to this Agreement, including but not limited to the Application System, the Documentation, and the Content.  

Claim or register ownership of FinHub IP on its behalf or on behalf of others.  

Sublicense any rights of FinHub IP granted by FinHub to the Client.  

Use FinHub IP in a manner that violates this Agreement or Laws or attempts to do any of the foregoing.  

Use the Application System in a manner that competes completes with products or services offered by FinHub  

Interfere with or disrupt FinHub’s services, servers or networks connected to FinHub’s services, or disobey any requirements, procedures, policies or regulations of networks connected to FinHub’s services, or transmit any viruses, worms, defects, or any items of a destructive nature through the Clint’s use of the Account/Application System, Services or Documentation  

Copy, adapt, reformat, reverse-engineer, disassemble, decompile, download, translate or otherwise modify the Application System, Services, Documentation, FinHub’s website other content or services. 

2. Content 

2.1 The Client may use the Services to upload or publish text, images, and other content (collectively “Content”) to its Account and to third-party sites or applications but only if it agrees to obtain the appropriate permissions and, if required, licenses to upload or publish any such Content using the Services. The Client agrees to fully reimburse FinHub for all fees, fines, losses, claims, and any other costs FinHub may incur that arise from publishing illegal Content through the Services or claims that the Content the Client published infringes the intellectual property, privacy, or other proprietary rights of others. 

 

3. Implementation of the Services 

3.1 By using the fully automated platform, BaaS/SaaS services provided by FinHub, the Client can conceptualize the BaaS/SaaS solutions to be developed in a way to meet all intended business requirements of the Client. The fully automated platform for product self-parameterization, FinConfig, offers a streamlined way for corporate clients to define, customize, and activate digital and financial products for deployment on FinLive, the live operational stage. Here’s a breakdown of the process: 

  

1. Product Parameterization on FinConfig** 

   – Self-Parameterization: Users can access FinConfig to configure product features autonomously, using a guided setup to adjust parameters like pricing, product terms, user access levels, and transactional or operational rules. 

   – Product-Specific Options: Each product type (e.g., credit cards, digital wallets, or payment gateways) has a distinct parameterization path with tailored options to suit its functional requirements. 

  – Customizable Rules and Conditions: Clients can define conditional logic for various use cases, transaction limits, regional regulations, and compliance requirements through the interface, allowing flexibility based on their specific needs. 

  

    2.  Corporate Onboarding Process 

    – Automated Onboarding Workflow**: Once parameterization is complete, FinConfig initiates a corporate onboarding process that varies depending on the product type. This process includes verifying regulatory and compliance requirements, Know Your Customer (KYC) checks, and fulfilling any necessary due diligence steps. 

    – Dynamic Workflow Adjustments**: The onboarding process is adjusted dynamically for each product type. For simpler products, onboarding may be immediate, whereas products with complex regulatory requirements or third-party integrations may have additional steps. 

  

   3. Product Activation and Back-Office Review 

   – Product Activation: After successful onboarding, the product is activated and ready for deployment on FinLive. This activation makes the product accessible to end users or client teams, depending on the parameters set in FinConfig. 

   – Back-Office Review for Complex Products: Products requiring integration with external financial networks, such as ISO 8583 or ISO 20022, trigger a review from the back office. The back-office implementation team evaluates the setup to ensure compliance with technical, regulatory, and security standards before final deployment or Key implementation.  

   – In certain scenarios an internal approval forms the Payment messaging network provider might be required to be activated and triggered to whitelist  

• PCR number (in ISO 8583) 

• IP Adress whitelisting for (ISO 20022) 

• VPN Establishment for new Personalization services Providers  

• • File Transfer Protocol (FTP) 

• And other payment network as per product  

• Regulatory reporting services to Government authority’s  

• • PLAIS  

• • STI/VMI  

• • And others depending on the geography and types of service booked/activated 

  

    4. Availability on FinLive 

    – Final Validation and Go-Live: Once all necessary reviews are complete, FinLive publishes the product, making it fully operational for clients. FinLive monitors product performance, regulatory compliance, and real-time updates, with FinConfig remaining accessible for any needed reparameterizations. 

   

By automating these steps, FinConfig allows users to create products swiftly, while the back-office review ensures that complex or high-risk products adhere to strict operational and regulatory standards. 

 

3.2 In the event the provision of the requested services is delayed, solely attributable to Client’s fault – and not mutually agreed by the Parties, FinHub in its absolute discretion retain the right to charge the minimum processing and authorization fees, with effect from the Effective Date. Finhub will install, provide, and maintain the means for communicating data between FinHub’s System and Client’s system as required performing its obligations under this Agreement. For the avoidance of doubt, FinHub will be responsible only for the installation, maintenance, and infrastructure from FinHub’ side and the Client is responsible for any infrastructure, installation, and maintenance from the Client’s side.  

3.3 For the implementation documents and to complete implementation in accordance with the communicated period, the Parties each agree to do such acts as are necessary. This will include the following:  

(a) The Client will:   

 – Use all reasonable resources, including the assignment of adequate and appropriately qualified and/or experienced staff to assure timely performance of those functions required of the Client under the implementation documents.  

–  Make available to FinHub all necessary documentation, technical specifications, data interfaces, software, information, and records in each case as may be specified in the implementation documents or as may be subsequently reasonably requested by FinHub for the provision of the services  

– Comply with the provisions of the implementation documents and with any reasonable directions given by FinHub in relation to Implementation  

–  Provide all assistance and cooperation to FinHub for the completion of the Application System timely and efficiently  

– Provide initial information and supply all content for the Application System  

 

(b) FinHub will:  

1.1.0. For Regulated Entities (Banks, Financial Institutions, Payment Service Providers, etc.) 

   1.1.1. Compliance and Regulatory Support:  

   1.1.2. Ensure that the platform complies with relevant regulatory standards (e.g., KYC, AML, PSD2 in the EU, Dodd-Frank in the U.S.). 

   1.1.3. Support client compliance by enabling tools that fulfill their regulatory obligations, like audit trails, data security protocols, and transaction monitoring. 

1.2.0. Data Security and Privacy:  

   1.2.1. Implement strict data protection standards, ensuring compliance with laws like GDPR (EU), CCPA (California), and PCI-DSS (for card payments). 

   1.2.2. Ensure data encryption, secure storage, and management to protect sensitive financial and personal information. 

1.3.0. Financial Network Integrations:  

   1.3.1. Provide secure, compliant connectivity to financial networks (ISO 8583, ISO 20022, SWIFT, etc.) to support transactions. 

   1.3.2. Ensure all integrations meet regulatory and network standards for security, messaging protocols, and operational reliability. 

1.4.0. Operational Risk Management: 

   1.4.1. Establish robust disaster recovery and business continuity plans to mitigate service disruptions. 

   1.4.2. Support regulated clients in maintaining their own risk management frameworks, including support for system audits and reviews. 

1.5.0. Reporting and Audit Support:  

   1.5.1. Provide access to detailed logs and records to support regulatory audits and compliance reporting. 

   1.5.2. Enable features for regulatory filings and reporting that can be adapted to different regional sandards. 

1.6.0. Client Account Security: 

   1.6.1. Enforce multi-factor authentication (MFA) and role-based access control to prevent unauthorized access. 

   1.6.2. Implement fraud detection and alerting features to help clients proactively manage security risks. 

1.7.0. Transparent and Periodic Reviews: 

   1.7.1. Conduct periodic reviews of the SaaS platform, including penetration testing and security audits, and report findings to clients. 

   1.7.2. Offer service-level agreements (SLAs) that are tailored to meet the operational needs of regulated financial entities. 

  

 2.1.0. For Non-Regulated Entities (Non-Financial Businesses, Retail, and E-commerce) 

 2.1.1. Data Protection and Privacy: 

   2.1.2. Ensure data protection through encryption and secure access protocols, adhering to applicable data privacy regulations (e.g., GDPR, CCPA). 

   2.1.3. Provide user-friendly data management and privacy options to help clients comply with their data protection obligations. 

 2.2.0. Payment and Transaction Security: 

   2.2.1. Offer PCI-DSS compliant solutions if handling card payments and implement fraud prevention tools suitable for non-regulated environments. 

   2.2.2. Ensure secure payment processing and protect transaction data to maintain consumer trust. 

2.3.0. Scalability and Flexibility: 

   2.3.1. Provide scalable features that allow non-regulated clients to grow and adapt without requiring deep technical knowledge of financial compliance. 

   2.3.2. Offer customization and modularity so clients can choose features that match their specific needs without adding complexity. 

2.4.0. Basic Compliance Features: 

   2.4.1. Offer foundational compliance features, such as simple reporting, audit trails, and basic access control to meet general data and transaction security standards 

2.5.0. Business Continuity and Support: 

   2.5.1. Ensure a high-availability platform with clear SLAs covering uptime (see SLAs), support response times, and incident resolution. 

   2.5.2. Provide basic business continuity and disaster recovery support to help non-regulated entities minimize disruption. 

2.6.0. Client Security and Access Controls: 

   2.6.1. Implement access controls that are simple and manageable, allowing non-regulated clients to easily maintain secure access for users. 

   2.6.2. Provide guidance on security best practices, such as MFA and password management, to reduce vulnerability to attacks. 

2.7.0. Transparent Product Documentation: 

   2.7.1. Provide clear, accessible documentation on product functionality, security features, and recommended configurations. 

   2.7.2. Offer training resources or tools for self-service support to empower non-regulated clients to manage the product effectively. 

By providing tailored features and support for both regulated and non-regulated clients, Finhub as SaaS provider can ensure compliance and security for those in highly regulated sectors, while providing essential security and functional flexibility for non-regulated businesses. 

3.4 FinHub will make standard evaluations and statistics available to the Client via web access. The details can be found in the respective FinHub Service Level Agreement.  

3.5 Changes to this Agreement and the agreed services are only possible by mutual agreement or/and by changing on Self-service base and subscription, activating or deactivating a service and/or in writing, unless:   

(a) These are necessary to meet existing legal requirements for the provision of services by FinHub  

(b) Improvements in the provision of services are to be made which:   

– Do not include a substantial change in the service provided  

– Do not alter the charges for the operation of the billing system  

– May lead to higher costs, which are assumed by FinHub  

In any case FinHub will inform the Client in advance of any adaptations to the Implementation if these changes are necessary to the Client’s system  

 

3.6 Performance  

FinHub hereby warrants and represents that the provided Services will be free from programming errors and defects.  

3.7 FinHub hereby warrants and represents that the Application System, when delivered or accessed by the Client, will be free from material, and from viruses, or other hardware component that could permit unauthorized access, disable, erase, or otherwise harm the Applications System or any software, hardware, or data, cause the Application System or any software or hardware to perform any functions other than those specified in this Agreement, disrupt, or degrade the operation of the Application System or any software or hardware, or perform any other such actions.  

  

4. Acceptance and Assurance procedure 

4.1 Testing  

To the extent that any assurance criteria include passing assurance test, such test will be carried out using simulated transaction data and using the relevant criteria in such way that the applicable process for each relevant milestone is compiled according with the requirements in the documents for implementation.  

4.2 Willingness to test.  

FinHub will notify the Client in writing or via e-mail if considers that the criteria for quality assurance are fulfilled according to the milestones (communication on the readiness to test).  

4.3 Acceptance or Rejection Notification  

After the receipt of the ready for testing notice if applicable, the Client will issue acceptance or rejection of the milestones in questions to FinHub. The Client shall not unnecessarily delay the dispatch of this notification under clause 4.3. If the Client has not issued a written acceptance or a written rejection within 3 (three) business days, an acceptance is made on the last day of the acceptance period. 

4.4 Unsuccessful Assurance  

Where the Client has validly rejected any milestone in accordance with the provisions of clause 4.3, the Client will send a written notification to FinHub with the complete details on the justification for the rejection. The Client can waive the requirement that the quality assurance criteria for the respective milestone be met and authorize FinHub about the following steps to remedy the unsuccessful aspects which do not yet meet the quality assurance criteria by:  

Requires FinHub to work on it and make further adjustments regarding the aspects of the provision of the milestone that has not been achieved to carry out a new quality assurance test   

Authorizes FinHub to carry out such services in accordance with the requirements as soon as possible.  

The right of the Client to exercise one of the abovementioned options under clause 4.4 is the only remedy for a fault or a repeatedly faulty test for quality assurance.  

 

5. Service Level  

5.1 For the provision of requested services. the service management of FinHub ensures compliance with the respective FinHub Service Level Agreement and the associated performance parameters for the services offered. In addition to the monitoring of the quality of service, service management also includes a corresponding report by FinHub to the Client.  

 

The content of the reports serves as the basis for the initiation of optimization measures and is the calculation basis for a possible malfunction regulation if the service levels are violated.  

The content of the reports, frequency, type, and form of transmission are agreed upon in the FinHub Service Level Agreement. The measurements, methods and measuring points for determining the achievement of service levels are also described in the FinHub Service Level Agreement.  

6. Incident Management 

6.1 The Incident Management process ensures that faults are remedied as soon as possible and after a fixed period needed for the said incident. The aim is to ensure the best quality and availability of the services.  

6.2 The following tasks are performed within the Incident Management:  

– Acceptance of notifications on a single point of contact (SPoC) of FinHub to be designated in the respective performance certificate  

– Client administration, monitoring, and management of malfunctions  

6.3 In case of faults which can be classified according to their effects in different classes of faults, the reaction and recovery times of the fault class are of the utmost urgency. Classes of faults, reaction and recovery periods are defined in the respective Service Level Agreement that is connected with the respective performance certificate.  

6.4 FinHub will ensure the follow-up of the causes of failures and failures within the framework of problem management as follows:  

(a)   After a failure the tracking of the causes is initiated by FinHub  

(b) Within the framework of a failure review, the causes of a fault are analyzed, and improvements are initiated in consultation with the Client.  

(c) Implementation of the initiated improvement measures is monitored on a regular basis; if necessary, a prioritization of individual measures is carried out in consultation with the Client.  

In the FinHub Service Level Agreement, the requirements and criteria of the problem management are specified.  

 

7. Change Management 

7.1 The Client will notify FinHub of any change requests about the agreed tasks concerning its client data or configurations or extensions of the services, by means of the “Change Request” form, which will be made available electronically to FinHub if required otherwise will conduct the adaptions and changes on the available FinConfig or FinLive interface based on the available parametrization.  

 

7.2 FinHub is obliged to examine the change request within a reasonable period, determine the feasibility of the change request, and, if necessary, submit a corresponding offer for the implementation of the change request to the Client.  

7.3 Any ideas, conceptions, techniques, and know-how that arise because of further development work in cooperation with FinHub can only be exploited by FinHub if this is agreed separately between the Parties in the relevant performance certificate. In this case, FinHub will retain all exploitation rights, in particular the right to make them available to third parties in any form. 

8. Business Continuity and Disaster Recovery 

8.1 FinHub will ensure the continuity of the contractual services even in emergencies by means of necessary measures to be taken. To this end, FinHub has developed an appropriate Business Continuity concept for the maintenance of the service. An emergency will be deemed to be any interruption of the Agreement or essential pats thereof, whatever the cause of such interruption is. Irrespective of this, FinHub is obliged to make regular arrangements to avoid an emergency. The entire infrastructure is monitored 24/7 live by in-house dedicated monitoring Team. 

8.2 FinHub is responsible for the ongoing review and adaptation of the valid emergency plans/emergency concepts. FinHub will inform the Client thereof in a reasonable period. The effectiveness and adequacy are checked at least once a year by emergency tests.  

8.3 The Client shall unilaterally provide communication plans for the emergency by which FinHub is involved in the internal communication structure for emergencies and disasters.  

8.4 FinHub undertakes to submit the affected service area to ongoing monitoring by the management and to report to the Client about the results, in particular the findings of any errors that have occurred.  

8.5 FinHub will undertake to carry out an independent IT review once a year.  

8.6 Where outsourcing involves time-critical activities or processes, FinHub undertakes to coordinate its business continuity concept with the Client’s emergency concept.