CorePay

Terms & Conditions

Terms of Service

  1. Introduction

    These Terms & Conditions (hereinafter the “Terms”) govern your access to and use of the CorePay application, software, APIs, documentation and related services (collectively, the “Service”). By accessing or using the Service, you agree to be legally bound by these Terms. If you do not agree, you should discontinue the use of the Service.

    If you use the Service on behalf of a business or other entity, you represent and warrant that you have authority to bind that entity to these Terms.

    We may amend these Terms at any time. Amendments will be effective 14 (fourteen) days after the modified terms and conditions have been posted on the Service Provider’s website, except for amendments that relate to new features or are made for legal reasons, which will become effective immediately. If You do not agree to such modified terms, you should discontinue your use of the Service.

    The name of the company offering the Service is not disclosed for security reasons.

  2. Definitions

    For purposes of these Terms:

    • “CorePay”, “we”, “us”, “our”, “Service Provider” means the operator of the CorePay Service.
    • “Merchant” means any person or entity that generates, publishes, or embeds CorePay payment links or embeds to receive payments.
    • “Payer” means any person that follows a CorePay payment link or an embed to complete a payment with a Provider.
    • “Provider” means a third-party payment provider, exchange, or integration configured and made available through CorePay.
    • “Payment Link” means a CorePay request that redirects a Payer to a Provider’s payment entry URL.
    • “Payment ID” means the unique identifier generated for a redirect/payment flow and used for reconciliation and (where enabled) webhook delivery.
    • “Webhook” means a Merchant-specified URL that may receive signed payment status data after the Provider reports a payment result to CorePay.

  3. The Service

    CorePay is a payment orchestration platform and a technical integration layer that:

    • sends payers to configured Providers via Payment Links;
    • can store a Merchant’s webhook URL (and optional associated data) per Payment Link; and
    • exposes small JSON APIs for provider listings, health checks, and server-to-server data relay.

    CorePay also provides a payment embed generator that produces a static HTML+CSS snippet (no JavaScript).

    CorePay is not a bank, exchange, broker, custodian, payment institution, or money transmitter by virtue of providing this technical Service. Providers and other third parties remain responsible for their own regulated services and obligations.

    CorePay is not at any given stage a custodian or receives, holds or pays funds on behalf of the Merchant, Payer or Provider.

  4. Eligibility

    You must be able to enter into a third party legally binding contract in your jurisdiction to use the Service.

  5. Payment Links, Redirects, and Provider Services

    Redirect-only gateway

    A Payment Link request to CorePay validates and normalizes parameters, resolves the Provider and payee, then redirects the Payer’s browser to the Provider’s payment URL. CorePay does not guarantee that a Provider will accept, execute, or complete any payment.

    Provider responsibility

    Providers control the payer experience and the underlying payment flow after redirection. Any disputes about funds movement, settlement, delays, reversals, fees charged by a Provider, or Provider account actions are between the Payer/Merchant and the Provider.

    Accuracy of inputs

    You are solely responsible for the correctness of all Payment Link/Embed parameters you submit (including but not limited to receiver identifiers, currency/asset, amount, deadlines, and any other fields). Invalid or incorrect parameters may cause rejection, misdirection, delay, or failed payment.

  6. Webhooks, Signatures, and Reconciliation

    Webhook storage and delivery model

    If a Merchant supplies a webhook URL on a request, CorePay may store that webhook URL and optional link data keyed to the Payment ID, and will not forward the webhook URL or link data to the Provider on the redirect. Delivery occurs later after the Provider reports payment state to CorePay.

    Provider-to-CorePay reporting

    Providers report payment state server-to-server to CorePay with required fields (including Payment ID, amount, currency, status, and sender/receiver identifiers).

    Signed webhooks

    Where enabled, CorePay signs the webhook body and delivers it to the stored webhook URL. Webhook bodies are signed using a JOSE. Published verification keys are made available via CorePay’s well-known signing keys endpoint.

    Your obligations (Merchants)

    You are solely responsible for:

    • securely operating and maintaining your webhook endpoint;
    • verifying webhook signatures using the published keys;
    • treating Payment IDs as reconciliation identifiers; and
    • not relying on unsigned/unauthenticated requests as proof of payment.

    No guarantee of webhook delivery

    Webhook delivery depends on multiple factors including Provider reporting, network reachability, DNS, and your server availability. CorePay may retry delivery (where configured), but does not guarantee delivery or timing.

  7. Provider Integrations

    If you apply to become a Provider, you agree to meet CorePay’s orchestration and integration requirements (including using the Payment ID variable end-to-end and reporting settlement state to CorePay) and to comply with any additional onboarding, technical, security, compliance, and operational requirements we communicate to you.

    We may approve, refuse, suspend, delist, or disable Providers (or any Provider endpoints) at our discretion, including for security, reliability, compliance, or ecosystem integrity reasons.

    If you intend to receive a fiat currency but you select a digitised asset as the payment method, you acknowledge that the relevant Provider may be unable to settle the payout in the selected fiat currency in its “native” form and may instead settle the payout in a Provider-supported equivalent (for example, a stable asset or other digitised representation of the relevant fiat currency). In such cases, you may receive the Provider-supported equivalent instead of the fiat currency you intended to receive. Any determination of the equivalent, supported asset availability, conversion method, exchange rates, spreads, rounding, timing, and related fees are determined and applied solely by the Provider under its own terms and policies and are outside of CorePay’s control.

  8. REST APIs and Rate Limits

    CorePay may expose JSON APIs (including provider listings and server-to-server reporting) and may apply rate limits, access controls, validation rules, or other technical safeguards. You must not attempt to bypass these safeguards or use the APIs in a way that disrupts, degrades, or threatens the Service.

  9. Acceptable use

    You must use the Service lawfully and must not (and must not help others to):

    • violate any law, regulation, sanctions requirement, or third-party right;
    • interfere with or disrupt the Service, its security, or its infrastructure;
    • introduce malware, spam, or abusive traffic (including scraping/botting beyond normal use);
    • attempt unauthorized access to non-public systems or data;
    • reverse engineer, decompile, or attempt to derive source code or protocols except to the extent permitted by mandatory law;
    • use the Service to mislead payers or merchants, including phishing-like payment flows or misrepresentation of receivers.

    We may investigate suspected misuse and take action including restricting traffic, disabling links, suspending access, or reporting unlawful activity where required.

  10. Fees

    CorePay does not charge any fees for use of the Service. However, when we redirect you to a third-party Provider to complete a payment, CorePay uses a Provider referral or affiliate link with each Provider. Any fees, spreads, commissions, network fees, or other charges that apply to a transaction are determined and charged solely by the relevant Provider, and/or the applicable payment rail in accordance with the Provider’s own terms and policies. CorePay does not control Provider fees and does not receive or process your payment credentials.

  11. Privacy

    Your use of the Service is also subject to the CorePay Privacy Policy.

  12. Suspension and Termination

    CorePay does not maintain user accounts and does not control Provider account decisions. In practice, access to payment functionality may be restricted or made unavailable where a third-party Provider blocks, refuses, suspends, or otherwise restricts your access or the processing of a payment flow. Certain provisions of these Terms survive termination (including intellectual property, disclaimers, limitation of liability, and indemnification).

  13. Intellectual Property

    You acknowledge and agree that the Services are the property of CorePay. Subject to your compliance with these Terms, CorePay grants you a limited right to access and/or use the Services. The right to access and/or use the Services is a non-exclusive, non-transferable, revocable, limited licence, and it is subject to the limitations and obligations contained herein. Nothing in these Terms gives you any licence (other than as set out in this section), right to use the IP of CorePay, title, or ownership of, in, or to any of the Services.

    You acknowledge and agree that CorePay retains all rights, title, and interest in and to all copyrights, trademarks, trade secrets, patents, and any other proprietary rights in the Services, the software and application programming interfaces (APIs) comprising the Services, and all content therein.

  14. Warranty Disclaimer

    Unless expressly stated otherwise in these Terms, our Services are provided on an “as is” and “as available” basis. We expressly disclaim and you waive all warranties of any kind, whether express or implied, including, without limitation, implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement concerning our Services, including the information, content, and materials contained therein.

    You acknowledge that information submitted to or processed through our Services (including Payment Link parameters, webhook configuration data, and related technical records) may become lost, corrupted, delayed, temporarily unavailable, or fail to transmit due to various causes, including software failures, protocol changes by third-party providers, internet outages, force majeure events, scheduled or unscheduled maintenance, DDoS attacks, or other causes either within or outside our control. You are solely responsible for maintaining any backups and duplicate copies of any data you submit to or rely upon through the Services. Usage of the Service does not guarantee any execution or successful provision of the Service.

  15. Limitation of Liability

    To the fullest extent permitted by applicable law, in no event will CorePay, its officers, shareholders, employees, agents, directors, subsidiaries, affiliates, successors, assigns, suppliers, or licensors be liable for any loss or damages, including without limitation, direct, indirect, special, consequential, exemplary, or punitive loss or damages, arising from or related to your use of the Service, whether in an action of contract, tort, or otherwise, and regardless of whether such damages were foreseeable and whether or not CorePay was advised of the possibility of such damages.

    Without limiting the generality of the foregoing, CorePay takes no responsibility for and will not be liable for any financial or other loss or damages arising from or related to the use of the Service, including, without limitation, any of the following:

    • loss of or inability to access the Service;
    • technical failure, malfunction, interruption, delay, or shutdown;
    • server failure, hacks, cyberattacks, or unavailability;
    • data loss, corrupted data, or failed delivery of requests or webhooks;
    • failures, delays, reversals, chargebacks, disputes, fees, or any other action/inaction of any third-party Provider or payment service used in connection with a payment flow;
    • incorrectly constructed requests, incorrect parameters, or misdirected payments caused by user-provided information;
    • “phishing” or other websites masquerading as CorePay, including cybercrime;
    • loss of business or goodwill.

    Nothing in these Terms excludes or limits any liability that cannot be excluded or limited under applicable law.

  16. Indemnification

    To the fullest extent permitted under applicable laws, you agree to hold harmless and indemnify CorePay, its officers, shareholders, employees, agents, directors, subsidiaries, affiliates, successors, assigns, suppliers, and licensors from and against all third-party claims and all liabilities, damages, assessments, losses, costs, or expenses (including reasonable attorney fees) resulting from or arising out of:

    • your alleged or actual breach of these Terms, including, without limitation, your representations and warranties;
    • your alleged or actual use or misuse of the Services;
    • your Payment Links, embeds, API usage, webhook endpoints, or any data/instructions you submit through the Services (including claims arising from incorrect receiver identifiers, amounts, currencies, or other parameters you provide); and/or
    • your alleged or actual infringement or violation of any laws or of the rights of a third party;
    • your links, embeds, webhook endpoints, or the content you supply through the Service;
    • your violation of any applicable law or third-party rights;
    • disputes between you and any Provider, payer, customer, or third party.

  17. Force Majeure

    CorePay shall not be held responsible for:

    • any inaccuracies, errors, delays, or omissions in any information, or in the transmission or delivery of any information or Services; and
    • any loss or damage arising from events beyond CorePay’s control, including, but not limited to, natural disasters (such as floods, extraordinary weather conditions, or earthquakes), acts of God, fires, wars, insurrections, riots, labour disputes, accidents, actions of government, communication failures, power outages, equipment or software malfunctions, internet outages, DDoS attacks, or any other cause beyond CorePay’s control (each, a “Force Majeure Event”).

    In the event of a Force Majeure Event, our obligations affected by the event shall be suspended for the duration of the Force Majeure Event and for a reasonable period thereafter to allow us to resume performance. CorePay will use commercially reasonable efforts to mitigate the effects of the Force Majeure Event and to resume performance as soon as reasonably practicable.

  18. Contact and Queries

    If you have questions, concerns or requests regarding these Terms, please contact us at [email protected].

Last Updated: June 3, 2026