Terms and Conditions for Sub-Merchants – MadfoatCom
1. Introduction
This Agreement (“Agreement”) is made between [MadfoatCom] , a registered Sadad MadfoatCom, and you (the “Sub-Merchant” or “Merchant”), and governs the use of the MadfoatCom’s payment aggregation services through the Sadad platform.
By registering, accessing, or using the MadfoatCom’s services, you agree to be bound by these Terms and Conditions and related policies.
2. Definitions
• MadfoatCom: The entity authorized by Sadad to onboard and manage sub-merchants.
• Sadad: The national electronic payment system governed by the [Central Bank/Regulatory Authority].
• Merchant/Sub-Merchant: A business or individual utilizing the MadfoatCom’s services to accept digital payments.
• Customer: An end-user making payments to the Merchant.
• Transaction: Any payment or refund processed through the Sadad platform.
• KYC: Know Your Customer, the process of verifying merchant identity.
• PII: Personally Identifiable Information.
3. Eligibility and Onboarding
To be eligible:
- Merchant must be a legally registered business or individual in Saudi Arabia
- Valid documentation (e.g., CR, ID, Tax Certificate) must be submitted for KYC verification.
- MadfoatCom retains the right to approve or reject any application at its discretion based on internal risk assessment.
4. Use of Services
- The Merchant may only use the services for legitimate, legal transactions.
- The Merchant is solely responsible for the products or services sold.
- The MadfoatCom provides access to Sadad’s APIs, dashboards, settlement tools, and reporting.
5- Fees and Settlement
- A processing fee will be charged per transaction as agreed in the Service Agreement.
- Settlement to the Merchant’s bank account will be made as per the signed merchant agreement
- MadfoatCom reserves the right to withhold or delay funds in the event of chargebacks, disputes, or regulatory investigation.
6. Prohibited Activities
The Merchant is strictly prohibited from:
- Selling illegal or unauthorized goods/services.
- Engaging in fraudulent, deceptive, or misleading conduct.
- Allowing any third party to use the account without written approval.
- Misusing Sadad or MadfoatCom branding.
7. Data Security and Privacy Policy
- Data Collection and Use
- MadfoatCom collects and processes data for operational, legal, and compliance purposes.
- All data usage is in accordance with the applicable Data Protection Law [e.g., Saudi Personal Data Protection Law
7.2 Confidentiality
- Both parties agree to keep confidential all business, financial, and customer information.
7.3 Data Sharing and Disclosure
- Data may be shared with Sadad, regulatory bodies, or banking partners as required.
- The MadfoatCom will never sell or rent merchant or customer data.
7.4 Data Rights
- Merchants have the right to request data access, correction, or deletion in compliance with applicable laws.
8. Security and Cybersecurity Policy
8.1 MadfoatCom Responsibilities
The MadfoatCom maintains a high standard of information security through:
- Compliance with national cybersecurity frameworks
- Regular vulnerability assessments and penetration testing
- Secure coding practices and endpoint protection
- Use of TLS encryption for all data in transit and AES-256 encryption for data at rest
- Real-time monitoring for fraud, anomalies, and intrusion attempts
8.2 Merchant Responsibilities
The Merchant agrees to:
- Keep login credentials secure and confidential
- Use strong passwords and enable Multi-Factor Authentication (MFA)
- Secure their systems and perform regular updates
- Avoid storing any cardholder data on their servers or systems
- Conduct security awareness training for staff
8.3 Cybersecurity Incident Management
In case of a security incident (e.g., data breach, DDoS attack, unauthorized access):
- The Merchant must immediately notify the MadfoatCom via the designated security contact
- The MadfoatCom will initiate its Incident Response Plan, including mitigation, containment, and reporting to regulators if needed
- Merchants must fully cooperate with investigations
8.4 Integration Security
For API and system integration, Merchants must:
- Avoid hardcoding credentials
- Store access tokens securely
- Secure all endpoints using HTTPS
- Pass regular security audits if requested
8.5 Third-Party Risks
If using third-party tools or platforms (e.g., website builders, CRM):
- Merchants are responsible for ensuring those platforms follow security best practices
- MadfoatCom may require a list of integrated platforms for risk evaluation
9. Compliance and Audit
- The MadfoatCom and/or Sadad reserves the right to audit the Merchant’s compliance with these terms at any time.
- Non-compliance may result in service suspension or permanent termination.
10. Limitation of Liability
- MadfoatCom is not liable for indirect, incidental, or consequential damages.
- MadfoatCom is not responsible for losses due to hacking, force majeure, or third-party misconduct.
- The Merchant indemnifies the MadfoatCom from claims arising from use of services, products sold, or data misuse.
11. Governing Law and Dispute Resolution
- This Agreement shall be governed by the laws of Saudi Arabia
- Disputes shall first be resolved through good-faith negotiation.
- If unresolved, disputes will be referred to arbitration or the courts of Saudi Arabia
12. Modifications
- MadfoatCom may modify these Terms and Conditions by time to time.
- Continued use of the service constitutes acceptance of changes.
13. Acknowledgment
By continuing to use the services, the Sub-Merchant confirms they:
- Have read and understood this Agreement
- Agree to comply with all terms, including security and privacy obligations
- Are legally authorized to enter into this agreement on behalf of their business