End-User Terms of Service
Welcome to TrueLayer!
The TrueLayer End-User Terms of Service is an agreement between TrueLayer Limited (“TrueLayer”, “we”, “us”, “our”) and a customer of our client (“End-User”, “you”) that uses TrueLayer’s services through an application. Please read these terms carefully.
There are a few other relevant policies that are linked here, which may be read in conjunction with the Agreement, or as stand alone documents. These include:
Should you have any queries on the agreement, please email us at firstname.lastname@example.org.
Set out below are the terms of service (“Terms of Service”) which apply when you (the “End-User”) use the Service (defined below) and which set out the legally binding conditions which govern our provision of the Service to you.
Your use of the Service is conditional on your acceptance of these Terms. You should read these Terms of Service carefully and make sure you understand them before agreeing to them. These Terms of Service are available for you to download. You may also request a copy of these Terms of Service from us at any time after your use of the Service by emailing us at email@example.com. The Terms of Service are only available in English.
Who we are
We are TrueLayer Limited (“TrueLayer”), a company registered in England and Wales (company number 10278251) and our registered office is at Fleet Place House, 2 Fleet Place, London, England, EC4M 7RF, UK (“we”, “us”, “our”). We are authorised by the Financial Conduct Authority under the Payment Services Regulations 2017 (SI 2017/752) (Firm Reference Number: 793171) with permission to carry on account information services and payment initiation services. Our VAT registration number is: 251953204
Our services to you include the following (together, the “Service”):
- We will provide you with a software tool (the “Tool”) which you can use to transmit information relating to payment accounts (“Account Information”) that you hold with an Account Servicing Payment Service Provider (i.e. any payment service provider (for example, a bank or credit card issuer) that maintains a payment account on your behalf that is accessible online) (“ASPSP”) to your account information or other service provider (the “Provider”), according to these Terms of Service.
- To use the Tool you will need to provide the same identifying information that you use to access the relevant payment accounts when you log in yourself (the “Credentials”).
- The Tool will allow you to use your Credentials to retrieve such Account Information as you choose to transmit to the Provider. Schedule 1 lists the information that you can elect to retrieve and transfer using the Tool.
- Our Tool may merge or aggregate Account Information retrieved from a particular ASPSP with Account Information retrieved from other ASPSPs where you have instructed us to access and transmit such information.
- We may use internet providers, web browsers or other third parties to access your Data to provide you with the Service.
The Account Information collected from your ASPSP is not checked for accuracy so we cannot check that the aggregated information provided to your Provider(s) is accurate, although we will of course use all reasonable efforts to ensure that our aggregation of that Account Information is accurate.
The services provided by each Provider and ASPSP are dealt with by the agreements that you have with each of them. As a result, we have no responsibility for the products and services provided to you by the Provider (save for where your Provider is operating as an agent of TrueLayer), any relevant ASPSP, or any other third party and are not liable to you for any harm, damage or loss arising from your use of those products and services.
In particular, you should check your ASPSP and Provider’s rules on data privacy. Once your Account Information (including any personal data) is transmitted through our software to a Provider, that Provider (and not TrueLayer) becomes responsible for it.
We are not authorised to provide financial or investment advice under the Financial Services and Markets Act 2000, and our provision of the Service does not amount to financial or investment advice. If you require financial or investment advice you should contact an appropriately authorised adviser.
We will not charge you for your use of the Service. Providers or other third parties may, however, charge you for your use of applications and other products that make use of the Tool or other services provided by TrueLayer.
How we protect your Credentials and Account Information
We will not provide your Credentials to any Provider.
Any Account Information that we access or Credentials that you provide will be encrypted with a multi-key encryption mechanism. Providers will only be able to access your Account Information where you have explicitly given them permission to do so. This ensures that the Provider that referred you to us can only see the Account Information that you have selected through the Tool. Please refer to Schedule 2 for more details on how we protect your Credentials and Account Information.
What we need from you
You are only permitted to use the Service if you are aged 18 or older and resident in the UK. By agreeing to these Terms of Service you represent that this is the case.
We are providing the Service to you only so you should not share your access to the Service or your Credentials with anyone else.
You are only entitled to access and use the Service in accordance with this Terms of Service.
We need to know we are transmitting Account Information relating to the right person. You must provide us with information which is accurate, and must not misrepresent your identity or any other information about you.
What happens when you use the Service
By using the Service, you:
- represent that you are allowed to use the Credentials for this purpose, without any obligation by us to pay any fees or subject to any other limitations including any agreements with third parties.
- give us your explicit consent to retrieve, merge and/or aggregate your Account Information for you using the Tool and transmit it to the relevant Providers for the purpose of providing the Service when you access the Tool through your Provider;
- agree that you will not:
- use any robot, spider, scraper, deep link or other similar automated data gathering or extraction tools, program, algorithm or methodology to access, acquire, copy or monitor our website at http://truelayer.com or any other TrueLayer domain (the “Site”) or the Service or any portion of them without our express written consent, which may be withheld at our sole discretion;
- use or attempt to use any engine, software, tool, agent, or other device or mechanism (including without limitation browsers, spiders, robots, avatars or intelligent agents) to navigate or search the Service, other than the search engines and search agents available through the Service;
- post or transmit any file which contains viruses, worms, Trojan horses or any other contaminating or destructive features, or that otherwise interfere with the proper working of the Site or the Service; or
- attempt to decipher, decompile, disassemble, or reverse-engineer any of the software comprising or in any way making up a part of the Service for any purpose other than those provided for by us and in conjunction with the operation of the Service.
You agree that you will be liable for any losses sustained by TrueLayer as a result of your breach of these Terms of Service and will compensate TrueLayer in full for any such losses.
Our ownership of the Site and the Service
We are the owner or the licensee of all intellectual property rights in the Service, the Site and in the material published on the Site. All of those works are protected by copyright and other intellectual property laws and treaties around the world. All rights are reserved to the relevant owner or licensee of those works.
Disclaimer of Representations and Warranties
While we will provide the Service with reasonable care and skill, the content and all services and products associated with the Service or provided through the Site or the Service are provided to you on an “as-is” and “as available” basis.
Subject to the section below, under ‘What is things go wrong?’, we make no express
representations or warranties of any kind:
as to the content or operation of the Service;
- as to the accuracy, reliability or completeness of the content of the Service (except for our aggregation methods); or
- that the content that may be available through the Service is free of infection from any viruses or other code or computer programming routines that contain contaminating or destructive properties or that are intended to damage, surreptitiously intercept or expropriate any system, data or personal information.
- and expressly disclaim any warranties of non-infringement or fitness for a particular purpose.
What if things go wrong?
We are responsible to you for foreseeable loss and damage caused by us. If we fail to comply with these terms, we are responsible for loss or damage you suffer that is a foreseeable result of our breaking these Terms of Service or our failing to use reasonable care and skill. We are not responsible for any losses that you suffer as a result of our failure to comply with these Terms of Service except those losses which are a foreseeable consequence of the breach. Loss or damage is foreseeable either if it is obvious that it will happen or if, at the time you agreed to these Terms of Service, both we and you knew it might happen.
We will not be liable nor responsible for any harm, damage or loss to you arising from or relating to hacking, tampering or any unauthorised access to your Account Information, Credentials or other data outside of the Service that we provide. You warrant that you have undertaken all reasonable efforts to ensure and secure your Credentials and Account Information outside of the Service that we provide. Subject to the section below, our liability to you for any cause whatever and regardless of the form of the action, if proven, will at all times be limited. You can read more about our security measures in Schedule 2.
We are not liable to you for any harm, damage or loss to you arising from the acts or omissions of any third parties, including in particular ASPSPs and Providers (except where your Provider is an appointed agent of TrueLayer).
We do not exclude or limit in any way our liability to you where it would be unlawful to do so. This includes liability for death or personal injury caused by our negligence or the negligence of our employees, agents or subcontractors; for fraud or fraudulent misrepresentation; or for breach of your legal rights in relation to the Service.
We are registered with the Information Commissioner’s Office (“ICO”), the regulator in charge of data protection and privacy under registration number ZA207054.
Where we become aware of any personal data breaches in relation to the Service and your Credentials where such a breach is likely to result in high risk of adversely affecting your rights and freedoms we will, where feasible report such a breach to the ICO and to you within 72 hours of becoming aware of the breach.
If you suspect that somebody else has access to your Credentials and is fraudulently using them to access the Service, you must contact us immediately by email to the following address: firstname.lastname@example.org
Where your Provider is acting as an appointed agent of TrueLayer and you feel that there may have been a breach of the agreement between you and your Provider, then please notify your Provider copying email@example.com.
About this agreement
These Terms of Service will apply each time you use our Service.
We may at any time terminate or withhold your access to all or any part of our Service at any time, effective immediately:
- if you have breached any provision of these Terms of Service (or have acted in a manner which clearly shows that you do not intend to, or are unable to comply with the provisions of these Terms of Service); or
- if we, in our sole discretion, believe we are required to do so by law (for example, where the provision of the Service to you is, or becomes, unlawful).
Changes to these Terms of Service
Each time you use our Service you will be bound by the Terms of Service in force at that time.
From time to time, we may change these Terms of Service. If we do this then we will publish those changes on our Site and you will be bound by those new terms the next time you use our Service. If you do not agree to those changes you should not use our Service. You can always ask us for the terms of service which were in force when you used the Tool.
Who Decides Disputes?
The courts of England and Wales will have exclusive jurisdiction to settle any disputes arising under or in connection with these Terms of Service.
These Terms of Service and any dispute or claim arising out of or in connection with them or their subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of England and Wales.
Should you wish to raise a complaint in relation to the service with your ASPSP or your Provider, please refer to the complaints policy of your ASPSP and/ or Provider. You have the right to raise complaints with the Financial Ombudsman Service and with TrueLayer, where your Provider is an appointed agent of TrueLayer.
Should you wish to raise a complaint with us, please review our Complaints Policy and follow the procedure contained therein. You have the right to raise complaints with the Financial Ombudsman Service, where relevant.
These Terms of Service constitute the entire agreement and understanding between the parties in respect of the Service and supersede any previous agreement between the parties relating to such matter. Each of the parties represents and undertakes that in entering these Terms of Service it does not rely on, and shall have no remedy in respect of, any statement, representation, warranty or undertaking (whether negligently or innocently made) of any person (whether party to these Terms of Service or not) other than as expressly set out in these Terms of Service.
If any provision or part-provision of these Terms of Service is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of these Terms of Service.
A waiver of any right or remedy under these Terms of Service or by law is only effective if given in writing.
A failure or delay by either party to exercise any right or remedy provided under these Terms of Service or by law shall not constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict any further exercise of that or any other right or remedy. No single or partial exercise of any right or remedy provided under these Terms of Service or by law shall prevent or restrict the further exercise of that or any other right or remedy.
All covenants, agreements, representations and warranties made in these Terms of Service shall survive your acceptance of these Terms of Service and the termination of these Terms of Service.
Schedule 1 – Account Information
Your Account Information (as defined in the Terms of Service and Customer Agreement) includes, but is not limited to, the following types of financial and personal information:
- Personal information: name, date of birth, full address(es), email address, phone number, gender;
Payment account information:
- Account type (e.g. current, saving, investment, credit card);
- Account name;
- IBAN/Account number/Sort code/SWIFT;
- Account balance information:
- Current balance;
- Available balance (credit cards);
- Overdraft balance;
- Interest rate;
- Payment due date (credit cards);
- Next closing date (credit cards);
- Minimum payment due (credit cards);
- Information on transactions:
- Metadata (arbitrary data that banks associate with a transaction e.g. category); and/or
Schedule 2 – Security
The Service uses bank grade security standards to protect your Account Information and Credentials (as defined in the Terms of Service) and ensure users' privacy. Security measures are implemented for both your Account Information and Credentials at rest and data in transport.
We are ISO27001 certified for information security systems.
Our database servers encrypt Account Information and Credentials (your username, PIN, password etc.) using the standard AES 256bit encryption. We generate a multi-part encryption key, one for you, one for us, and one that we store on behalf of the user and in a separate network.
The encrypted information needs all of the three keys simultaneously in order to be decrypted. The encryption keys are rotated and our segments of the key are managed in a network separated from the database and application servers. All the application secrets and keys are stored in a fault-tolerant key management cluster with limited access. The master key is kept in an air-gapped, secure vault to ensure a maximum level of security.
All data served over our REST API uses HTTPS. We regularly audit our security setup to ensure that the certificates we serve are up to date. We force HTTPS for all connections to our API server to ensure that the information is always encrypted during the transport from our server to the Provider (as defined in the Terms of Service) application. It is important that you use the same methods to ensure that the information is encrypted all the way to the end user.
We log all the API calls and track the interactions with TrueLayer API for later review.