MERCHANT SERVICE AGREEMENT

RECITALS

1. DEFINITIONS

For the purposes of this Agreement, the following terms shall have the meanings assigned to them:

• “QChat Pay” means the digital payment platform operated by the Service Provider, including all associated software, APIs, payment gateways, and services that enable the Merchant to accept electronic payments.
• “Pay by Account” means the payment method that allows customers to authorize direct debits from their linked bank accounts to make payments to the Merchant, facilitated through the JustPay service operated by LankaPay or similar account-linking services.
• “Transaction” means any single payment made by a customer to the Merchant through the QChat Pay platform, including but not limited to pay-by-account payments, card payments, wallet payments, and QR code payments.
• “Transaction Value” means the total monetary value of a Transaction, inclusive of any taxes but exclusive of the Merchant Discount Rate (MDR) and other applicable fees.
• “Merchant Discount Rate” or “MDR” means the percentage fee charged by the Service Provider on each Transaction, as specified in Schedule A of this Agreement.
• “Settlement” means the process by which the Service Provider transfers funds to the Merchant’s designated bank account after deducting applicable fees.
• “Settlement Period” means the time period between the date of a Transaction and the date of Settlement, as specified in this Agreement.
• “Chargeback” means a reversal of a Transaction initiated by a customer through their bank or payment service provider.
• “Refund” means a voluntary reversal of a Transaction initiated by the Merchant.
• “Business Day” means any day other than Saturday, Sunday, or any public holiday declared under the Public Holidays Act of Sri Lanka.
• “Confidential Information” means all non-public information disclosed by one Party to the other, including but not limited to business plans, financial information, customer data, technical specifications, and trade secrets.
• “API” means Application Programming Interface, the technical interface that allows the Merchant’s systems to communicate with the QChat Pay platform.
• “KYC” means Know Your Customer, the process of verifying the identity of the Merchant and its authorized representatives.
• “AML/CFT” means Anti-Money Laundering and Counter Financing of Terrorism, as governed by the Financial Transactions Reporting Act, No. 6 of 2006 and any applicable subsequent amendments thereto.

2. SCOPE OF SERVICES

2.1 Payment Processing Services

The Service Provider shall provide the Merchant with the following payment processing services:

• Pay-by-Account Integration: Processing of payments initiated through customer-linked bank accounts via the JustPay service or similar account-linking mechanisms;
• QR Code Payments: Processing of LankaQR and proprietary QR code payments;
• Real-time Transaction Monitoring: Access to the Merchant Dashboard for real-time monitoring of Transactions, settlements, and reports;
• Settlement Services: Transfer of funds to the Merchant’s designated bank account as per the Settlement Schedule.

2.2 Supported Payment Networks

The Service Provider integrates with the following payment networks and systems:

• LankaPay Network: CEFTS, JustPay, LankaQR, and LPOPP;
• Card Networks: Visa, Mastercard, American Express, UnionPay;

The Service Provider shall use commercially reasonable efforts to ensure that the QChat Pay platform is available 24 hours a day, 7 days a week, with a target uptime of 99.5% per calendar month, excluding scheduled maintenance windows and circumstances beyond the Service Provider’s reasonable control.

3. INTEGRATION AND TECHNICAL REQUIREMENTS

3.1 Integration Options

The Merchant may integrate with QChat Pay through the following methods:

• API Integration: Direct integration using the QChat Pay REST API for custom implementations;
• Payment Gateway Plugin: Pre-built plugins for popular e-commerce platforms including WooCommerce, Magento, Shopify, and custom websites;
• Hosted Payment Page: Redirect customers to a secure QChat Pay-hosted payment page;
• POS Integration: Integration with point-of-sale systems for in-store payments.

3.2 Technical Requirements

The Merchant shall ensure:

1. All systems integrating with QChat Pay meet the technical specifications provided in the Integration Guide;
2. Implementation of secure communication protocols (TLS 1.2 or higher);
3. Proper handling of API credentials and authentication tokens;
4. Compliance with PCI DSS requirements where card data is handled;
5. Implementation of webhook endpoints for real-time transaction notifications;
6. Maintenance of appropriate firewall and security configurations.

3.3 Testing and Go-Live

Before processing live Transactions, the Merchant must:

• Complete integration testing in the QChat Pay sandbox environment;
• Successfully process test Transactions for all enabled payment methods;
• Obtain written approval from the Service Provider’s technical team;
• Complete the Merchant onboarding checklist and KYC verification.

3.4 API Rate Limits

The Merchant shall adhere to the API rate limits specified in the API documentation. Excessive API calls that may impact system performance may result in temporary suspension of API access.

4. FEES AND COMMISSION STRUCTURE

4.1 Merchant Discount Rate (MDR)

The Merchant agrees to pay the Service Provider a Merchant Discount Rate (MDR) on each Transaction processed through the QChat Pay platform. The MDR is calculated as a percentage of the Transaction Value and varies by payment method as set forth below:

Refer Schedule A

4.2 Fee Adjustments

The Service Provider reserves the right to adjust the MDR and other fees with ninety (90) days prior written notice to the Merchant. The Merchant may terminate this Agreement without penalty if they do not agree to the revised fee structure by providing thirty (30) days written notice before the effective date of the fee change.

5. SETTLEMENT TERMS

5.1 Settlement Schedule

The Service Provider shall settle funds to the Merchant’s designated bank account according to the following schedule: Refer to Schedule C

5.2 Settlement Account

The Merchant shall designate a bank account held with a bank in Sri Lanka for receiving settlements. The Merchant must provide:

• Bank name and branch;
• Account number;
• Account holder name (must match the Merchant’s registered business name);
• Bank Statement

5.3 Settlement Calculation

Each Settlement shall be calculated as follows:

5.4 Settlement Reports

The Service Provider shall provide the Merchant with detailed settlement reports via the Merchant Dashboard on the Merchant admin portal including:

• Transaction reference numbers;
• Transaction dates and times;
• Transaction values;
• MDR and other deductions;
• Net settlement amounts.

5.5 Settlement Discrepancies

The Merchant must report any discrepancies in settlements within five (5) Business Days of receiving the settlement report. The Merchant will be fully responsible for the refund amount and QChatPay will not refund the 1% processing fee. The full transaction value will be refunded to the customer by the Merchant. Failure to report discrepancies within this timeframe shall constitute acceptance of the settlement amount.

6. MERCHANT OBLIGATIONS

6.1 Business Conduct

The Merchant shall:

1. Operate a legitimate business in compliance with all applicable laws and regulations of Sri Lanka;
2. Maintain all necessary licenses, permits, and registrations required to conduct its business;
3. Not engage in any illegal, fraudulent, or deceptive business practices;
4. Not use the QChat Pay platform for any prohibited activities as defined in Schedule B.

6.2 Customer Service

The Merchant shall:

• Provide clear and accurate descriptions of goods and services;
• Display pricing in Sri Lankan Rupees (LKR) inclusive of all applicable taxes;
• Establish and communicate clear refund and return policies to customers;
• Respond to customer inquiries and complaints in a timely manner;
• Maintain adequate inventory to fulfill orders paid through QChat Pay.

6.3 Transaction Integrity

The Merchant shall:

• Process only genuine transactions for actual purchases of goods or services;
• Not process transactions that split a single purchase into multiple transactions to avoid limits;
• Not process transactions on behalf of third parties (aggregation);
• Immediately report any suspicious transactions or fraudulent activity to the Service Provider.

6.4 Information Accuracy

The Merchant shall provide accurate and complete information during onboarding and promptly notify the Service Provider of any changes to:

• Business name, address, or contact details;
• Ownership structure or authorized signatories;
• Bank account details for settlements;
• Nature of business or product offerings.

6.5 Compliance

The Merchant shall comply with:

• The Payment and Settlement Systems Act, No. 28 of 2005 (as amended);
• The Financial Transactions Reporting Act, No. 6 of 2006 (AML/CFT);
• The Personal Data Protection Act, No. 9 of 2022 (as amended);
• All guidelines and circulars issued by the Central Bank of Sri Lanka;
• All applicable consumer protection laws and regulations.

7. SERVICE PROVIDER OBLIGATIONS

7.1 Service Provision

The Service Provider shall:

• Provide the payment processing services described in this Agreement in a professional and workmanlike manner;
• Maintain all necessary licenses and authorizations from the Central Bank of Sri Lanka and other regulatory authorities;
• Ensure compliance with applicable payment network rules and regulations;
• Provide technical support during Business Hours (9:00 AM to 6:00 PM, Monday to Friday) and emergency support 24/7 for critical issues.

7.2 Security

The Service Provider shall:

• 24/7 service desk support (emergency support).
• Implement industry-standard encryption for data transmission and storage;
• Conduct regular security audits and vulnerability assessments;
• Notify the Merchant within twenty-four (24) hours of any security breach affecting Merchant data.

7.3 Reporting

The Service Provider shall provide the Merchant with:

• Real-time access to transaction data through the Merchant Dashboard;
• Daily settlement reports via dashboard;
• Monthly statements summarizing all transactions, fees, and settlements;
• Annual reconciliation reports upon request.

7.4 System Maintenance

The Service Provider shall:

• Provide at least forty-eight (48) hours advance notice for scheduled maintenance that may affect service availability;
• Perform maintenance during low-traffic hours whenever possible;
• Maintain backup systems and disaster recovery capabilities.

8. TRANSACTION PROCESSING

8.1 Transaction Authorization

The Service Provider shall process Transactions in accordance with the authorization received from the customer’s payment method issuer. A Transaction is considered complete when the Service Provider sends an authorization confirmation to the Merchant.

8.2 Transaction Limits

The following transaction limits shall apply: Refer to Schedule E

8.3 Transaction Holds

The Service Provider reserves the right to hold or delay settlement of any Transaction if:

• The Transaction appears suspicious or potentially fraudulent;
• The Transaction value exceeds the Merchant’s typical transaction patterns;
• The Service Provider receives a chargeback notification;
• Required by law or regulatory directive.

8.4 Transaction Reversals

The Merchant may initiate a full or partial reversal of a Transaction within twenty-four (24) hours of the original Transaction, provided the goods or services have not been delivered. Reversals after twenty-four (24) hours shall be processed as Refunds.

9. CHARGEBACKS AND DISPUTES

9.1 Chargeback Notification

The Service Provider shall notify the Merchant of any chargeback within five Business Days of receiving the chargeback notification from the payment network or issuing bank.

9.2 Chargeback Liability

The Merchant shall be liable for all chargebacks, including:

• The full Transaction amount;
• Any costs associated with representment (dispute resolution).

9.3 Chargeback Representment

The Merchant may dispute a chargeback by providing supporting documentation within the timeframe specified by the relevant payment network (typically seven to ten Business Days). The Service Provider shall assist in submitting the representment but does not guarantee the outcome.

9.4 Excessive Chargebacks

If the Merchant’s chargeback ratio exceeds one percent (1%) of total Transactions in any calendar month, the Service Provider may:

• Impose additional monitoring or reporting requirements;
• Increase the MDR for subsequent Transactions;
• Require the Merchant to implement additional fraud prevention measures;
• Suspend or terminate this Agreement with immediate effect.

9.5 Refund Policy

The Merchant shall maintain a clear refund policy and process all refunds. Refunds must be processed within the timeframe stated in the Merchant’s refund policy, not exceeding thirty (30) days from the date of the original Transaction.

10. SECURITY AND DATA PROTECTION

10.1 Data Security

Both Parties shall implement and maintain appropriate technical and organizational measures to protect customer data and Transaction information against unauthorized access, alteration, disclosure, or destruction.

10.2 Data Retention

The Merchant shall retain transaction records for a minimum period of seven (7) years as required by the Inland Revenue Act and other applicable regulations. The Service Provider shall retain transaction data for the period required by law and applicable payment network rules.

10.3 Breach Notification

In the event of a security breach affecting customer data, the affected Party shall:

• Notify the other Party within twenty-four (24) hours of discovery;
• Cooperate in investigating and remediating the breach;
• Comply with all notification requirements under the Personal Data Protection Act, No. 9 of 2022.

11. CONFIDENTIALITY

11.1 Confidentiality Obligations

Each Party agrees to:

• Maintain the confidentiality of all Confidential Information received from the other Party;
• Use Confidential Information solely for the purpose of performing obligations under this Agreement;
• Not disclose Confidential Information to any third party without prior written consent;
• Protect Confidential Information with at least the same degree of care used to protect their own confidential information.

11.2 Exceptions

The confidentiality obligations shall not apply to information that:

• Is or becomes publicly available through no breach of this Agreement;
• Was already known to the receiving Party prior to disclosure;
• Is independently developed by the receiving Party without use of the Confidential Information;
• Is required to be disclosed by law, court order, or regulatory authority.

11.3 Duration

The confidentiality obligations shall survive termination of this Agreement for a period of five (5) years.

12. TERM AND TERMINATION

12.1 Term

This Agreement shall commence on the Effective Date and continue for an initial term of one (1) year (“Initial Term”). Thereafter, this Agreement shall automatically renew for successive one (1) year periods (“Renewal Terms”) unless either Party provides written notice of non-renewal at least sixty (60) days prior to the end of the then-current term.

12.2 Termination for Convenience

Either Party may terminate this Agreement without cause by providing ninety (90) days prior written notice to the other Party.

12.3 Termination for Cause

Either Party may terminate this Agreement immediately upon written notice if:

• The other Party materially breaches any provision of this Agreement and fails to cure such breach within thirty (30) days of receiving written notice;
• The other Party becomes insolvent, files for bankruptcy, or ceases business operations;
• The other Party is convicted of a criminal offense related to fraud, money laundering, or financial crimes.

12.4 Service Provider Termination Rights

The Service Provider may terminate this Agreement or suspend services immediately if:

• The Merchant’s chargeback ratio exceeds acceptable thresholds;
• The Merchant engages in fraudulent or suspicious activity;
• The Merchant fails to pay fees when due;
• Required by law, regulatory directive, or payment network rules.

12.5 Effect of Termination

Upon termination:

• The Merchant shall immediately cease using the QChat Pay platform and remove all integration code;
• The Service Provider shall settle all outstanding funds to the Merchant within thirty (30) days, subject to any chargebacks, disputes, or fees owed;
• All provisions that by their nature should survive termination shall continue in effect.

13. REPRESENTATIONS AND WARRANTIES

13.1 Mutual Warranties

Each Party represents and warrants that:

• It is duly organized, validly existing, and in good standing under the laws of Sri Lanka;
• It has the full power and authority to enter into and perform this Agreement;
• This Agreement constitutes a valid and binding obligation enforceable against it.

13.2 Merchant Warranties

The Merchant represents and warrants that:

• All information provided during onboarding is true, accurate, and complete;
• It holds all necessary licenses and permits to conduct its business;
• Its products and services comply with all applicable laws and regulations;
• It has obtained all necessary consents to use customer data in connection with this Agreement;
• It will not use the QChat Pay platform for any illegal or prohibited purpose.

13.3 Service Provider Warranties

The Service Provider represents and warrants that:

• It holds all necessary licenses and authorizations to operate the QChat Pay platform;
• The services shall be provided in a professional and workmanlike manner;
• It complies with all applicable laws, regulations, and payment network rules.

13.4 Disclaimer

EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE SERVICE PROVIDER MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. THE SERVICE PROVIDER DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE.

14. LIMITATION OF LIABILITY

14.1 Exclusion of Consequential Damages

TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, REVENUE, DATA, OR BUSINESS OPPORTUNITIES, ARISING OUT OF OR RELATING TO THIS AGREEMENT, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

14.2 Liability Cap

THE SERVICE PROVIDER’S TOTAL LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT SHALL NOT EXCEED THE TOTAL AMOUNT OF FEES PAID BY THE MERCHANT TO THE SERVICE PROVIDER IN THE THREE (3) MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY. THIS LIMITATION DOES NOT APPLY TO:

• The Merchant’s payment obligations under this Agreement;
• Claims arising from fraud, gross negligence, or willful misconduct;
• Claims for which liability cannot be limited under applicable law.

14.3 Force Majeure

Neither Party shall be liable for any failure or delay in performance due to causes beyond its reasonable control, including acts of God, natural disasters, war, terrorism, riots, embargoes, acts of civil or military authorities, fire, floods, accidents, strikes, or shortages of transportation, facilities, fuel, energy, labor, cyber threats or materials.

15. INDEMNIFICATION

15.1 Merchant Indemnification

The Merchant shall indemnify, defend, and hold harmless the Service Provider, its affiliates, officers, directors, employees, and agents from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of or relating to:

• The Merchant’s breach of this Agreement;
• The Merchant’s products or services;
• Any claim by a customer regarding Transactions processed through QChat Pay;
• The Merchant’s violation of any applicable law or regulation;
• Any claim that the Merchant’s intellectual property infringes third-party rights.

15.2 Service Provider Indemnification

The Service Provider shall indemnify, defend, and hold harmless the Merchant from and against any and all claims that the QChat Pay platform infringes any third-party intellectual property rights.

15.3 Indemnification Procedure

The indemnified Party shall promptly notify the indemnifying Party of any claim, cooperate in the defense, and give the indemnifying Party sole control of the defense and settlement, provided that no settlement admitting liability on behalf of the indemnified Party may be made without the indemnified Party’s prior written consent.

16. INTELLECTUAL PROPERTY

16.1 Ownership

All intellectual property rights in the QChat Pay platform, including software, APIs, trademarks, logos, and documentation, are and shall remain the exclusive property of the Service Provider. This Agreement does not grant the Merchant any ownership rights in the QChat Pay platform.

16.2 License

Subject to the terms of this Agreement, the Service Provider grants the Merchant a limited, non-exclusive, non-transferable, revocable license to use the QChat Pay API and related documentation solely for the purpose of integrating with and using the payment processing services during the term of this Agreement.

16.3 Restrictions

The Merchant shall not:

• Modify, reverse engineer, decompile, or disassemble the QChat Pay platform;
• Remove or alter any copyright, trademark, or proprietary notices;
• Use the QChat Pay trademarks without prior written consent;
• Sublicense, sell, rent, lease, or transfer the license granted herein.

16.4 Feedback

Any feedback, suggestions, or ideas provided by the Merchant regarding the QChat Pay platform may be used by the Service Provider without restriction or compensation to the Merchant.

17. GOVERNING LAW AND DISPUTE RESOLUTION

17.1 Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the Democratic Socialist Republic of Sri Lanka, without regard to its conflict of laws principles.

17.2 Dispute Resolution

Any dispute arising out of or relating to this Agreement shall be resolved as follows:

1. Negotiation: The Parties shall first attempt to resolve the dispute through good faith negotiations for a period of thirty (30) days;
2. Mediation: If negotiation fails, the Parties shall attempt to resolve the dispute through mediation conducted by a mutually agreed mediator;
3. Arbitration: If mediation fails, the dispute shall be finally resolved by arbitration in Colombo, Sri Lanka, in accordance with the Arbitration Act, No. 11 of 1995. The arbitration shall be conducted by a sole arbitrator appointed by the Parties or, failing agreement, by the Institute for the Development of Commercial Law and Practice (ICLP). The language of arbitration shall be English.

17.3 Injunctive Relief

Notwithstanding the foregoing, either Party may seek injunctive or other equitable relief in any court of competent jurisdiction to prevent irreparable harm pending the resolution of a dispute.

17.4 Jurisdiction

Subject to the arbitration provisions above, the Parties submit to the exclusive jurisdiction of the courts of Sri Lanka, specifically the District Court of Colombo and the Commercial High Court of Colombo.

18. GENERAL PROVISIONS

• 18.1 Entire Agreement: This Agreement, including all schedules and annexures hereto, constitutes the entire agreement between the Parties concerning the subject matter hereof and supersedes all prior agreements, understandings, negotiations, and discussions, whether oral or written.
• 18.2 Amendments: This Agreement may not be amended or modified except by a written instrument signed by both Parties.
• 18.3 Waiver: No waiver of any provision of this Agreement shall be effective unless in writing and signed by the waiving Party. No waiver shall constitute a waiver of any other provision or a continuing waiver.
• 18.4 Severability: If any provision of this Agreement is held to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect.
• 18.5 Assignment: The Merchant may not assign or transfer this Agreement without the prior written consent of the Service Provider. The Service Provider may assign this Agreement to an affiliate or in connection with a merger, acquisition, or sale of assets.
• 18.6 Independent Contractors: The Parties are independent contractors. Nothing in this Agreement shall be construed to create a partnership, joint venture, agency, or employment relationship between the Parties.
• 18.7 Notices: All notices under this Agreement shall be in writing and delivered by hand, registered post, or email to the addresses specified in this Agreement or as subsequently notified. Notices shall be deemed received upon delivery (if by hand), five (5) Business Days after posting (if by registered post), or upon confirmation of receipt (if by email).
• 18.8 Counterparts: This Agreement may be executed in counterparts, each of which shall be deemed an original and all of which together shall constitute one and the same instrument.

19. CONTACT INFORMATION

SCHEDULE A — MERCHANT DISCOUNT RATE (MDR)

SCHEDULE B — PROHIBITED ACTIVITIES

The following activities are strictly prohibited when using the QChat Pay platform:

• Sale of illegal goods or services, including narcotics, counterfeit goods, and stolen property;
• Gambling, betting, or lottery services not licensed under Sri Lankan law;
• Adult content, pornography, or escort services;
• Sale of tobacco and alcohol to minors;
• Weapons, firearms, explosives, or dangerous materials;
• Pyramid schemes, Ponzi schemes, or other fraudulent investment schemes;
• Money laundering or terrorist financing activities;
• Sale of prescription drugs without proper authorization;
• Intellectual property infringement or sale of pirated content;
• Any activity that violates the laws of Sri Lanka or international sanctions.

SCHEDULE C — SETTLEMENT SCHEDULE

The Service Provider shall settle funds to the Merchant’s designated bank account according to the following schedule:

SCHEDULE D — SETTLEMENT TIMELINES

SCHEDULE E — TRANSACTION LIMITS