TERMS OF SERVICE
Last updated: July 4, 2026
These Terms of Service govern access to and use of Lasso’s checkout, payment orchestration, hosted checkout components, post-purchase flows, APIs, SDKs, dashboards, integrations, identity resolution features, offer network features, analytics, support, and related services.
By accessing or using the Services, Merchant accepts these Terms for business use only and represents that it has authority to bind the legal entity or sole proprietorship using the Services.
1. Definitions
“Affiliate” means an entity that controls, is controlled by, or is under common control with a party.
“Applicable Data Protection Laws” means all privacy, data protection, data security, consumer privacy, electronic communications, online tracking, marketing, and similar laws applicable to a party’s processing of Personal Data under these Terms, including where applicable the GDPR, UK GDPR, Swiss FADP, CCPA, U.S. state consumer privacy laws, ePrivacy laws, and laws governing cookies, pixels, device identifiers, fingerprinting, profiling, targeted advertising, and consent.
“AUP” means Lasso’s Acceptable Use Policy.
“Business Hours” means 9:00 a.m. to 6:00 p.m. Eastern Time, Monday through Friday, excluding U.S. holidays.
“CCPA” means the California Consumer Privacy Act, as amended, including its implementing regulations.
“Confidential Information” means non-public information disclosed by one party to the other that is marked confidential or should reasonably be understood to be confidential given the nature of the information and circumstances of disclosure, including business plans, product plans, pricing, security information, technical information, customer information, usage information, performance data, trade secrets, and these Terms.
“Customer” or “End-Customer” means Merchant’s buyer, shopper, website visitor, checkout user, post-purchase user, or other end user.
“Customer Personal Data” means Personal Data relating to End-Customers that Lasso processes on behalf of Merchant through the Services.
“Designated Provider” means a third-party provider, platform, gateway, processor, acquirer, payment network, risk provider, identity resolution provider, offer network partner, commerce platform, or other provider that Lasso integrates with or makes available through the Services.
“Documentation” means Lasso’s technical documentation, support materials, implementation guides, dashboard instructions, and other service documentation.
“Embedded PSP Components” means provider-hosted payment fields, widgets, or components rendered within Lasso pages.
“GDPR” means Regulation (EU) 2016/679.
“Identity Resolution Services” means optional Services or integrations that use identifiers, device signals, network signals, probabilistic or deterministic matching, identity graphs, enrichment data, or similar technologies to help associate anonymous or pseudonymous website, checkout, or post-purchase visitors with known or inferred identities, attributes, or contact points.
“Merchant” means the business entity or sole proprietor using the Services.
“Merchant Data” means data, content, instructions, configuration settings, files, credentials, account information, transaction information, product information, pricing, offers, disclosures, and other materials submitted to or processed through the Services by or on behalf of Merchant.
“Offer Network Partner” means a third-party provider that selects, serves, personalizes, measures, attributes, optimizes, or monetizes offers, recommendations, promotions, advertisements, sponsored offers, post-purchase offers, upsells, cross-sells, or similar content.
“Offer Network Services” means optional Services or integrations that enable third-party offers, recommendations, promotions, advertisements, post-purchase offers, upsells, cross-sells, sponsored offers, or monetization experiences in checkout, post-purchase, or related flows.
“Order” means an order form, online order, dashboard subscription, statement of work, or other ordering document accepted by Lasso.
“Pass-Through Terms” means published terms, policies, rules, fees, requirements, and restrictions of Designated Providers, payment networks, card brands, commerce platforms, identity resolution providers, offer network partners, and other third-party providers.
“Personal Data” means any information relating to an identified or identifiable natural person, household, device, browser, or other protected data subject, and includes “personal information,” “personal data,” “personally identifiable information,” and similar terms under Applicable Data Protection Laws.
“Sanctioned Party” means any person or entity subject to sanctions, export controls, restricted party lists, or similar restrictions administered by the United States, United Kingdom, European Union, United Nations, or other applicable authority.
“Services” means Lasso’s checkout, payment orchestration, hosted checkout components, post-purchase flows, APIs, SDKs, dashboards, integrations, identity resolution features, offer network features, analytics, support, and related services.
“Sub-processor Appendix” means Lasso’s list of sub-processors and processing details made available at [insert URL] or another location designated by Lasso.
“UK GDPR” means the UK GDPR as defined in the UK Data Protection Act 2018.
2. Agreement; Business Use; Eligibility
Merchant may use the Services only for lawful business purposes. Merchant represents and warrants that it is legally permitted to do business in the jurisdictions in which it operates, is not a Sanctioned Party, is not located in or organized under the laws of a comprehensively sanctioned jurisdiction, and is not otherwise prohibited from using the Services under applicable law, card-network rules, payment provider requirements, or Lasso’s risk policies.
Merchant is responsible for determining whether the Services are appropriate for Merchant’s products, customers, territories, and legal obligations. Lasso may reject, suspend, restrict, or terminate access to the Services if Merchant fails onboarding, sanctions, fraud, underwriting, payment provider, card-network, privacy, consumer protection, or legal compliance checks.
3. Orders; Subscription Term; Renewals
Each Order, signup flow, dashboard selection, pricing page selection, or other ordering process will identify the applicable Services, subscription plan, billing cadence, fees, usage limits, and any special commercial terms.
Unless an Order or signup flow states otherwise, subscriptions are month-to-month and automatically renew each month until canceled in accordance with these Terms. If Merchant selects an annual, multi-month, or other non-monthly plan, the subscription term and renewal cadence will follow the plan selected by Merchant at signup or stated in the applicable Order.
Either party may cancel a month-to-month subscription by giving at least 30 days’ written notice. For annual or other fixed-term subscriptions, cancellation takes effect at the end of the then-current subscription term unless the applicable Order or signup flow states otherwise.
Lasso may increase fees for any renewal term by giving notice before the renewal term begins. If Merchant continues using the Services after the renewal start date, Merchant accepts the updated fees.
Merchant’s obligation to pay committed fees, minimum fees, platform fees, implementation fees, and subscription fees is non-cancellable and non-refundable except as expressly stated in these Terms, an Order, or the applicable signup flow.
4. Services; Scope; Integration Modes
Lasso provides checkout, payment orchestration, hosted checkout components, post-purchase flows, APIs, SDKs, dashboards, integrations, analytics, support, and related services.
Payment-related integrations may operate in different modes.
Provider-Hosted Checkout. A Designated Provider renders its own checkout or payment experience. Lasso places, orchestrates, redirects, or forwards events, and the Designated Provider controls payment collection, tokenization, and related payment processing.
Embedded PSP Components. Lasso renders provider-hosted payment fields, widgets, or components for payment entry and tokenization, then orchestrates routing and post-purchase logic.
In all payment integration modes, cardholder data entry occurs in provider-hosted components, not on Lasso’s servers. Lasso stores token references, aliases, and transaction metadata only, not raw card PAN or sensitive authentication data.
Certain Services are optional and must be enabled by Merchant, including Identity Resolution Services and Offer Network Services. Merchant’s enablement of an optional feature constitutes Merchant’s instruction and authorization for Lasso to provide that feature and to process and disclose data as described in these Terms, the Documentation, the Privacy Policy, and applicable provider terms.
5. Roles; Merchant of Record; No Money Services
Merchant is the seller of record and merchant of record for Merchant’s products and services. Lasso does not sell Merchant’s goods or services, take title to Merchant’s goods or services, act as merchant of record, act as payment facilitator, act as money transmitter, act as escrow agent, or act as a bank.
Funds do not flow to Lasso unless a separate written funds-flow schedule is executed.
Merchant is solely responsible for products, offers, pricing, taxes, shipping, fulfillment, returns, refunds, subscriptions, trials, customer service, receipts, disclosures, customer communications, and compliance with laws applicable to Merchant’s business.
6. Third-Party Services; Pass-Through Terms
The Services interoperate with third-party providers, including payment processors, gateways, orchestration providers, acquirers, card networks, commerce platforms, fraud providers, identity resolution providers, offer network partners, hosting providers, analytics providers, monitoring providers, support providers, and other vendors.
Merchant authorizes Lasso to disclose, transmit, receive, and otherwise process Merchant Data and Customer Personal Data with third-party providers as needed to provide, secure, support, maintain, monitor, improve, and operate the Services, or as enabled by Merchant.
Third-party services are not controlled by Lasso. Lasso is not responsible for third-party services, provider terms, provider decisions, underwriting, onboarding, reserves, holds, declines, chargebacks, settlement, payment authorization, identity match accuracy, offer selection, offer content, fill rates, conversion rates, attribution, reporting, revenue, downtime, data practices, or legal compliance.
Merchant’s use of third-party services is subject to Pass-Through Terms. Merchant is responsible for reviewing, accepting, and complying with all applicable Pass-Through Terms. If a conflict exists between these Terms and Pass-Through Terms for a third-party feature, the Pass-Through Terms govern Merchant’s use of that third-party feature, and these Terms govern Merchant’s relationship with Lasso.
Lasso may add, remove, suspend, replace, or modify third-party providers, integrations, and service categories at any time, subject to the sub-processor notice process where required by Applicable Data Protection Laws.
7. Optional Identity Resolution Services
If Merchant enables Identity Resolution Services, Merchant authorizes Lasso and Lasso’s identity resolution providers to collect, disclose, transmit, and process Customer Personal Data and related signals from Merchant’s checkout pages, post-purchase pages, embedded components, scripts, APIs, SDKs, tags, pixels, and similar technologies for the purpose of providing Identity Resolution Services.
These signals may include device identifiers, IP address, browser and session information, event data, page interaction data, hashed or pseudonymous identifiers, checkout context, order context, and other information described in the Documentation, dashboard, or applicable provider terms.
Merchant acknowledges that identity resolution providers may act in more than one capacity. For Customer Personal Data processed by such providers solely on Lasso’s behalf to provide the Services, the provider is Lasso’s sub-processor. To the extent an identity resolution provider independently maintains, builds, updates, licenses, or uses its own identity graph, data graph, enrichment data, or proprietary datasets, that provider acts as an independent controller, business, or third party under its own terms and privacy notices, and Merchant is responsible for assessing and accepting those terms before enabling the feature.
Merchant is solely responsible for providing legally sufficient notices, obtaining and maintaining legally sufficient consents, honoring opt-outs and preference signals, and configuring consent banners, cookie controls, tag controls, and similar mechanisms required for Identity Resolution Services under Applicable Data Protection Laws.
Merchant will not enable Identity Resolution Services unless Merchant has all rights, notices, consents, authorizations, and lawful bases required for the collection, disclosure, and processing of Customer Personal Data and related signals through those Services.
Merchant’s enablement of the feature through the dashboard, including acceptance of any provider terms presented in the enablement flow, constitutes Merchant’s instruction and authorization for Lasso to activate the feature and process data as described in these Terms.
8. Optional Offer Network Services
If Merchant enables Offer Network Services, Merchant authorizes Lasso to disclose, transmit, and otherwise make available Customer Personal Data and transaction context to Offer Network Partners to select, personalize, measure, attribute, optimize, and serve relevant offers in checkout, post-purchase, and related flows.
This information may include product category, cart contents, order value, checkout context, transaction metadata, device and session data, approximate location derived from IP address, hashed or pseudonymous identifiers, and other information described in the Documentation, dashboard, or applicable provider terms.
Merchant acknowledges that Offer Network Services may involve disclosure of Customer Personal Data to third parties for targeted advertising, cross-context behavioral advertising, profiling, personalization, attribution, measurement, or monetization, and may constitute a “sale,” “sharing,” targeted advertising, or similar regulated disclosure under Applicable Data Protection Laws. Merchant expressly authorizes Lasso to make such disclosures when Merchant enables Offer Network Services.
Merchant is solely responsible for providing all legally required notices, obtaining and maintaining all legally required consents, honoring opt-outs and opt-out preference signals, and configuring any consent management platform, cookie banner, tag manager, privacy controls, and “Do Not Sell or Share” or equivalent mechanisms required for Offer Network Services.
Merchant will not enable Offer Network Services for any End-Customer, jurisdiction, or data category unless Merchant has the legal right to do so.
Unless otherwise stated in the applicable provider terms, Offer Network Partners act as independent controllers, businesses, or third parties for their independent selection, personalization, delivery, measurement, reporting, and monetization of third-party offers.
Lasso is not responsible for an Offer Network Partner’s independent products, offers, advertiser relationships, content, privacy practices, or legal obligations.
Lasso and Merchant may receive compensation, revenue share, referral fees, commissions, or other consideration when End-Customers view, click, accept, purchase, or otherwise engage with offers served through Offer Network Services. Merchant is responsible for disclosing such monetization where required by applicable law.
Merchant’s enablement of the feature through the dashboard, including acceptance of any provider terms presented in the enablement flow, constitutes Merchant’s instruction and authorization for Lasso to activate the feature and process data as described in these Terms.
9. Offer Network Revenue Share
If Merchant enables Offer Network Services, Lasso may receive compensation, referral fees, revenue share, commissions, bounties, credits, rebates, or other consideration from Offer Network Partners, advertisers, agencies, or other participants.
Lasso may share a portion of such amounts with Merchant only if the applicable Order, dashboard, or written revenue share terms state that Merchant is eligible for revenue share. Unless stated otherwise:
(a) revenue share is calculated only on amounts actually received by Lasso from the applicable Offer Network Partner;
(b) Lasso may deduct refunds, chargebacks, reversals, clawbacks, taxes, fees, invalid traffic adjustments, fraud adjustments, provider deductions, and payment processing costs before calculating Merchant’s share;
(c) Lasso may withhold payment while investigating suspected fraud, invalid traffic, policy violations, unlawful activity, or provider disputes;
(d) no revenue share is owed for traffic, clicks, impressions, conversions, or transactions rejected, reversed, withheld, or clawed back by an Offer Network Partner;
(e) Lasso may offset revenue share against amounts Merchant owes Lasso;
(f) Lasso may modify or discontinue Offer Network Services or revenue share terms on notice; and
(g) revenue share is payable only while Merchant remains active, in good standing, and compliant with these Terms.
Merchant is responsible for all tax reporting, tax payment, customer disclosures, and regulatory obligations arising from Merchant’s receipt of revenue share or participation in Offer Network Services.
10. Implementation; API License; Credentials; Changes
Subject to these Terms, Lasso grants Merchant a limited, non-exclusive, non-transferable, revocable right to access and use the Services, APIs, SDKs, Documentation, and integration tools solely for Merchant’s internal business purposes and solely in accordance with these Terms, the Documentation, and applicable Orders.
Merchant is responsible for securing credentials, API keys, dashboard access, implementation code, webhooks, scripts, tags, pixels, and connected systems. Merchant will comply with rate limits, security requirements, technical restrictions, Documentation, and integration instructions.
Lasso may throttle, limit, suspend, disable, or modify access to the Services to protect the Services, prevent abuse, address security risks, address fraud, comply with law, comply with provider requirements, or maintain service integrity.
For deprecations that materially impact production traffic, Lasso will provide a commercially reasonable migration period unless immediate action is required for legal, security, fraud, abuse, or provider-related reasons.
10A. AI-Assisted Features
Lasso may make available AI-assisted store generation, content generation, product copy generation, content extraction, observability, debugging, or similar features. Merchant’s use of AI-assisted features is optional and constitutes Merchant’s instruction for Lasso and its providers to process Merchant-submitted prompts, product copy, URLs, extracted web content, generated content, metadata, and related observability data to provide, secure, monitor, improve, and support those features.
Merchant is solely responsible for reviewing, approving, and lawfully using any AI-generated or AI-assisted output. Lasso does not guarantee that AI-generated or AI-assisted output will be accurate, complete, non-infringing, lawful, suitable for Merchant’s products, or appropriate for Merchant’s customers.
Merchant will not submit to AI-assisted features any sensitive data, children’s data, special category data, health data, biometric data, government identifiers, payment credentials, confidential third-party information, or regulated data unless expressly permitted in writing by Lasso.
Lasso may use third-party providers to support AI-assisted features, including web content extraction, AI/LLM services, and LLM observability. These providers are identified in the Sub-processor Appendix where required.
11. Merchant Obligations
Merchant is solely responsible for its business, products, services, offers, claims, checkout content, post-purchase content, pricing, discounts, subscriptions, trials, renewals, cancellations, taxes, fulfillment, shipping, returns, refunds, customer service, customer communications, privacy notices, cookie notices, consent banners, and legal compliance.
Merchant will:
(a) comply with all laws, card-network rules, payment provider requirements, Pass-Through Terms, consumer protection laws, tax laws, export controls, sanctions laws, advertising laws, privacy laws, data protection laws, ePrivacy laws, marketing laws, and platform rules applicable to Merchant’s business and use of the Services;
(b) publish and honor accurate terms, privacy notices, cookie notices, refund policies, return policies, shipping terms, subscription terms, cancellation terms, and other required disclosures;
(c) obtain, maintain, and document all consents, opt-ins, lawful bases, notices, authorizations, and preference records required for Merchant’s use of checkout, payment, identity resolution, offer network, analytics, advertising, and marketing features;
(d) honor End-Customer rights, opt-outs, consent withdrawals, objections, deletion requests, correction requests, access requests, opt-out preference signals, Global Privacy Control signals, and similar choices;
(e) configure consent management platforms, cookie banners, tag managers, scripts, SDKs, pixels, checkout settings, privacy controls, and dashboard settings correctly;
(f) not enable Identity Resolution Services or Offer Network Services unless Merchant has confirmed that required notices, consents, opt-outs, and lawful bases are in place;
(g) not provide or cause Lasso to process sensitive data, children’s data, special category data, health data, precise geolocation, biometric data, government identifiers, raw card data, sensitive authentication data, regulated financial data, or confidential third-party information unless expressly permitted in writing by Lasso, including through AI-assisted features, Identity Resolution Services, Offer Network Services, APIs, SDKs, support tickets, prompts, URLs, product copy, attachments, or integrations;
(h) maintain reasonable security measures for Merchant systems, websites, credentials, code, integrations, accounts, and personnel;
(i) promptly notify Lasso of any complaint, inquiry, claim, regulatory request, data subject request, security incident, fraud issue, or provider notice relating to the Services; and
(j) cooperate with Lasso’s investigations, audits, risk reviews, provider requests, and compliance reviews.
Merchant is responsible for all acts and omissions of its employees, contractors, agents, affiliates, users, and any person using Merchant’s credentials or account.
12. Fees; Billing; Taxes; Refunds; Revenue Share; Chargebacks
Merchant will pay all fees stated in an Order, dashboard, invoice, or applicable fee schedule, including platform fees, subscription fees, implementation fees, usage fees, overage fees, transaction fees, add-on fees, pass-through fees, revenue share, and any other charges for enabled Services.
Unless stated otherwise, all fees are exclusive of taxes, duties, levies, VAT, GST, withholding, card-network fees, provider fees, payment processing fees, chargeback fees, currency conversion fees, bank fees, and similar amounts. Merchant is responsible for all such amounts, except taxes based on Lasso’s net income.
Merchant may not withhold, offset, or reduce amounts owed to Lasso. If withholding is legally required, Merchant will gross up payments so Lasso receives the full amount it would have received absent withholding.
Unless stated otherwise, invoices are due net 15. Merchant must dispute invoices in writing within 15 days after invoice date. Undisputed amounts must be paid when due. Failure to dispute an invoice within that period waives the dispute.
Merchant authorizes Lasso and its billing processor to charge, debit, or ACH pull all amounts due from Merchant’s payment method on file. Merchant must maintain a valid payment method at all times.
Overdue amounts may accrue interest at 1.5% per month or the maximum permitted by law, whichever is lower. Merchant will reimburse Lasso for reasonable costs of collection, including attorneys’ fees, collection agency fees, bank fees, and administrative costs.
All fees are non-refundable and non-creditable unless expressly stated otherwise in an Order. If Lasso terminates a Service for convenience, Lasso will provide a pro rata refund of prepaid unused subscription fees for the terminated Service, excluding implementation fees, usage fees, overages, transaction fees, add-on fees, pass-through fees, and third-party fees.
Merchant is responsible for all chargebacks, disputes, reversals, refunds, card-network fees, payment provider fees, fraud losses, and related administrative costs. Lasso may facilitate evidence packaging, but Lasso does not control or guarantee payment authorization, settlement, chargeback outcomes, reserve releases, or dispute results.
13. Funds Flow; Settlement; Reserves
Designated Providers, PSPs, acquirers, card networks, banks, and payment processors determine settlement timelines, reserves, holds, account freezes, underwriting, declines, chargebacks, and payout rules.
Settlement disputes are between Merchant and the applicable provider unless a separate written funds-flow schedule states otherwise.
14. Data Processing Terms
14.1 Roles. For Customer Personal Data processed by Lasso to provide the Services to Merchant, Merchant is the controller or business, and Lasso is the processor, service provider, or contractor, as applicable. For Merchant account data, billing data, admin user data, security data, service telemetry, fraud and abuse signals, aggregated or de-identified analytics, and Lasso’s own business operations, Lasso acts as an independent controller or business.
14.2 Scope of Processing. Lasso will process Customer Personal Data only to provide, secure, support, maintain, monitor, troubleshoot, analyze, improve, and operate the Services; comply with Merchant’s documented instructions; comply with applicable law; prevent fraud, abuse, security incidents, and policy violations; and perform other purposes described in these Terms, the Documentation, the Privacy Policy, and the Sub-processor Appendix.
14.3 Merchant Instructions. These Terms, Merchant’s configuration of the Services, Merchant’s use of the dashboard, Merchant’s enablement of integrations or optional features, Merchant’s API calls, and Merchant’s written instructions constitute Merchant’s documented instructions to Lasso. Lasso will promptly inform Merchant if Lasso reasonably believes an instruction violates Applicable Data Protection Laws, unless prohibited by law.
14.4 GDPR and UK GDPR Processor Commitments. Where GDPR, UK GDPR, or similar laws apply, Lasso will:
(a) process Customer Personal Data only on documented instructions from Merchant, including with respect to international transfers;
(b) ensure that persons authorized to process Customer Personal Data are subject to confidentiality obligations;
(c) implement appropriate technical and organizational measures designed to protect Customer Personal Data;
(d) assist Merchant, taking into account the nature of the processing and information available to Lasso, with data subject requests, security obligations, breach notifications, data protection impact assessments, and prior consultations;
(e) delete or return Customer Personal Data after termination of the Services, at Merchant’s choice and subject to legal retention, backup, security, and archival requirements;
(f) make available information reasonably necessary to demonstrate compliance with this Section 14; and
(g) permit and contribute to audits as described in Section 14.10.
14.5 U.S. State Privacy Service Provider Terms. For Customer Personal Data processed by Lasso as a service provider, contractor, or processor under U.S. state privacy laws, Lasso will not sell or share Customer Personal Data, retain, use, or disclose Customer Personal Data outside the direct business relationship with Merchant, or retain, use, or disclose Customer Personal Data for any purpose other than the business purposes specified in these Terms, except as permitted by Applicable Data Protection Laws.
The preceding sentence does not restrict disclosures or processing that Merchant separately authorizes by enabling optional features, including Identity Resolution Services or Offer Network Services, where the applicable third-party provider may act as an independent controller, business, or third party.
14.6 Sub-processors. Merchant grants Lasso general authorization to engage sub-processors to process Customer Personal Data. Lasso will maintain the Sub-processor Appendix identifying sub-processors, service categories, processing purposes, locations, and, where applicable, transfer mechanisms. Lasso will impose data protection obligations on sub-processors materially equivalent to those in this Section 14 and remains responsible for sub-processors’ performance of those obligations to the extent required by Applicable Data Protection Laws.
14.7 Sub-processor Notice and Objection. Lasso will provide at least 30 days’ prior notice of any new or replacement sub-processor by posting an updated Sub-processor Appendix, dashboard notice, email, or other reasonable notice. Merchant may object on reasonable data protection grounds during the notice period. The parties will work in good faith to resolve the objection. If unresolved, Merchant may terminate only the affected Services, and Lasso will provide a pro rata refund of prepaid unused fees for the terminated affected Services.
14.8 International Transfers. Where Customer Personal Data subject to GDPR, UK GDPR, Swiss FADP, or similar cross-border transfer laws is transferred to a country that does not benefit from an applicable adequacy decision, the parties will use appropriate transfer safeguards as required by law. For EEA transfers, the EU Standard Contractual Clauses adopted under Commission Implementing Decision (EU) 2021/914 apply as incorporated into these Terms. For UK transfers, the UK International Data Transfer Addendum to the EU Standard Contractual Clauses or the UK International Data Transfer Agreement applies, as applicable. For Swiss transfers, Swiss adaptations to the EU Standard Contractual Clauses apply as required.
14.9 Security Incident Notice. Lasso will notify Merchant without undue delay and, where required by law, within 72 hours after confirming a Personal Data Breach affecting Customer Personal Data processed by Lasso. The notice will include information reasonably available to Lasso to help Merchant meet its legal obligations.
14.10 Audits. Upon reasonable written request, Lasso will provide security summaries, certifications, audit reports, penetration test summaries, or similar documentation that Lasso makes generally available to customers. Merchant may request an audit no more than once annually, unless required by a regulator or following a confirmed Personal Data Breach. Audits must be conducted during normal business hours, with reasonable notice, under confidentiality obligations, and in a manner that does not disrupt Lasso’s operations or compromise other customers’ data or security.
14.11 Data Subject and Consumer Requests. Merchant is responsible for receiving, verifying, and responding to End-Customer requests. Lasso will provide reasonable assistance, taking into account the nature of the Services and information available to Lasso. If Lasso receives a request directly from an End-Customer about Customer Personal Data processed on Merchant’s behalf, Lasso may direct the End-Customer to Merchant or respond in accordance with Merchant’s instructions.
14.12 Details of Processing. The subject matter, duration, nature, purpose, categories of Personal Data, and categories of data subjects are described in these Terms, the Documentation, the Privacy Policy, and the Sub-processor Appendix.
15. Compliance Reviews; Audit Costs
Lasso may require Merchant to complete compliance questionnaires, provide evidence of consent flows, provide privacy notices, provide screenshots of consent banners, provide transaction documentation, provide product documentation, or otherwise support Lasso’s compliance, provider, card-network, fraud, privacy, or risk reviews.
If Merchant requests an audit under the data processing terms, Merchant will bear its own audit costs and reimburse Lasso for reasonable out-of-pocket costs and internal time at Lasso’s then-current professional services rates if the audit exceeds four hours in a calendar year, unless the audit is required due to Lasso’s confirmed material breach of the data processing terms.
16. PCI DSS; Payment Data; Security
Provider-hosted fields and components capture card data. Depending on implementation, Merchant’s PCI scope may be SAQ A, SAQ A-EP, or another applicable scope.
Merchant must not log, store, transmit, or expose raw PAN, CVV, sensitive authentication data, or payment credentials through Lasso except through approved provider-hosted components.
Lasso stores token references, aliases, and transaction metadata only, not raw card PAN or sensitive authentication data.
Each party will maintain administrative, technical, and organizational measures designed to protect the confidentiality, integrity, and availability of data it processes under these Terms.
17. Confidentiality
The receiving party will use Confidential Information only to perform under these Terms and will protect it using at least reasonable care.
The receiving party may disclose Confidential Information to its employees, contractors, affiliates, advisors, providers, and representatives who need to know it and are bound by confidentiality obligations.
Confidential Information does not include information that is independently developed without use of Confidential Information, becomes public without breach, is received lawfully from a third party without confidentiality obligations, or was already known without restriction.
The receiving party may disclose Confidential Information if required by law, subpoena, court order, or regulator, provided it gives notice where legally permitted and uses reasonable efforts to limit disclosure.
Unauthorized disclosure or use of Confidential Information may cause irreparable harm. The disclosing party may seek injunctive relief without posting bond.
18. Service Levels; Maintenance; Support
Lasso’s service level commitments are described in the SLA. In the event of inconsistency, the SLA governs availability remedies, and these Terms govern all other matters.
Support response targets are shown in-product or in the SLA. Lasso may perform scheduled or emergency maintenance as described in the SLA.
19. Acceptable Use
Merchant must comply with the AUP, which is incorporated into these Terms. Violations may result in warnings, feature limits, suspension, termination, removal of content, blocking of transactions, reporting to providers, or other enforcement actions.
20. Proprietary Rights; Feedback; Branding
The Services, Documentation, APIs, SDKs, software, workflows, models, interfaces, templates, designs, analytics, know-how, and related technology are owned by Lasso or its licensors.
Merchant grants Lasso a limited license to use Merchant Data as needed to provide, secure, support, maintain, monitor, troubleshoot, analyze, improve, and operate the Services.
Merchant grants Lasso a limited, revocable license to use Merchant’s name and marks in checkout pages, customer lists, case studies, sales materials, and marketing materials unless Merchant opts out by notice.
Feedback may be used by Lasso without restriction or obligation.
21. Beta and Experimental Features
Lasso may make beta, pilot, experimental, preview, or early-access features available from time to time. Beta features are optional, provided “AS IS,” may be modified or discontinued at any time, and may be subject to additional terms.
Merchant uses beta features at its own risk. Lasso makes no commitment to release beta features generally or maintain beta features in any particular form.
Beta features are excluded from SLA commitments, service credits, warranties, indemnities, and support commitments unless expressly stated otherwise in writing.
22. Warranties; Disclaimers
Each party represents that it has authority to enter into these Terms.
Except as expressly stated, the Services are provided “AS IS” and “AS AVAILABLE” without warranties of any kind, whether express, implied, statutory, or otherwise, including warranties of merchantability, fitness for a particular purpose, title, non-infringement, uninterrupted operation, error-free operation, identity match accuracy, offer performance, revenue performance, payment approval, chargeback outcomes, or settlement timing.
Beta, pilot, experimental, or pre-release features are provided “AS IS” and may be changed, suspended, or discontinued at any time.
23. Indemnification
Merchant will defend, indemnify, and hold harmless Lasso, its affiliates, officers, directors, employees, contractors, agents, providers, licensors, and partners from and against any claims, demands, investigations, proceedings, damages, fines, penalties, losses, liabilities, settlements, costs, and expenses, including reasonable attorneys’ fees, arising from or relating to:
(a) Merchant products, services, offers, content, claims, pricing, subscriptions, fulfillment, refunds, taxes, customer communications, or customer support;
(b) Merchant Data, Merchant instructions, Merchant systems, Merchant websites, Merchant code, Merchant integrations, or Merchant configurations;
(c) Merchant’s breach of these Terms, the AUP, an Order, Documentation, Pass-Through Terms, or applicable law;
(d) Merchant’s use of Identity Resolution Services, Offer Network Services, payment services, advertising services, analytics services, or third-party integrations;
(e) Merchant’s failure to provide required notices, obtain required consents, honor opt-outs, honor privacy rights, honor opt-out preference signals, or maintain lawful bases;
(f) allegations that Merchant’s use of the Services violates privacy, data protection, consumer protection, advertising, marketing, ePrivacy, sanctions, payment, tax, intellectual property, or other laws;
(g) chargebacks, refunds, reversals, fraud, disputes, payment holds, reserves, or provider actions involving Merchant; or
(h) Merchant’s gross negligence, willful misconduct, fraud, or unlawful activity.
Lasso will defend Merchant against a third-party claim alleging that the Lasso-owned core platform, as provided by Lasso and used in accordance with these Terms, directly infringes a U.S. patent, copyright, or trademark.
Lasso’s obligations do not apply to claims arising from Merchant Data, Merchant instructions, third-party services, provider materials, open-source software, modifications not made by Lasso, combinations not provided by Lasso, use outside the Documentation, beta features, Identity Resolution Services, Offer Network Services, or continued use after Lasso provides a modification or workaround.
Lasso may resolve an infringement claim by procuring rights, modifying the affected Service, replacing the affected Service, disabling the affected feature, or terminating the affected Service with a pro rata refund of prepaid unused fees for that Service.
24. Limitation of Liability
To the maximum extent permitted by law, neither party will be liable for indirect, incidental, special, consequential, exemplary, punitive, or enhanced damages, or for lost profits, lost revenue, lost goodwill, lost data, business interruption, cost of substitute services, loss of use, loss of opportunity, or lost savings, even if advised of the possibility of such damages.
Except for the Merchant carve-outs below and the Lasso supercap below, each party’s total aggregate liability arising out of or relating to these Terms is capped at the amounts actually paid by Merchant to Lasso for the affected Services during the six months before the event giving rise to liability.
For Lasso’s obligations arising from its IP indemnity or a confirmed Personal Data Breach caused by Lasso’s breach of Section 14, Lasso’s total aggregate liability is capped at the greater of: (a) amounts actually paid by Merchant to Lasso for the affected Services during the 12 months before the event giving rise to liability; or (b) $25,000.
The liability caps do not apply to Merchant’s payment obligations, Merchant’s indemnification obligations, Merchant’s breach of the AUP, Merchant’s violation of law, Merchant’s misuse of the Services, Merchant’s infringement or misappropriation, Merchant’s confidentiality obligations, Merchant’s fraud, or Merchant’s willful misconduct.
Multiple claims will not expand the caps. The limitations apply regardless of the theory of liability, including contract, tort, negligence, strict liability, statute, or otherwise.
25. Suspension; Restrictions; Termination
Lasso may suspend, restrict, disable, throttle, block, or terminate any Service, feature, integration, account, transaction, offer, script, API, SDK, or data flow immediately if Lasso reasonably believes:
(a) Merchant has breached these Terms, the AUP, an Order, Documentation, Pass-Through Terms, or applicable law;
(b) Merchant’s use creates legal, privacy, security, fraud, payment, chargeback, provider, card-network, reputational, operational, or platform risk;
(c) Merchant is past due;
(d) Merchant has failed onboarding, sanctions screening, underwriting, provider review, risk review, or compliance review;
(e) Merchant’s products, services, traffic, transactions, offers, customers, consent practices, privacy practices, or data flows create risk to Lasso or a provider;
(f) suspension is required by law, provider requirement, card-network rule, regulator, court order, or law enforcement request; or
(g) immediate action is needed to protect the Services, Lasso, other merchants, End-Customers, providers, or third parties.
Lasso is not liable for suspension, restriction, termination, lost revenue, lost profits, or business interruption arising from actions taken under this section.
Either party may terminate for uncured material breach after 30 days’ written notice. Either party may terminate immediately for insolvency, legal prohibition, sanctions risk, or conduct that creates material legal, security, fraud, payment, or platform risk.
Merchant may terminate for convenience unless an Order states otherwise. Fees incurred before termination remain due.
Upon termination, Merchant will stop using the Services, remove Lasso code, SDKs, tags, scripts, and integrations, and pay all outstanding amounts.
Upon Merchant’s reasonable request during the 30 days after termination, and provided Merchant’s account is in good standing, Lasso will use commercially reasonable efforts to make available an export of Customer Personal Data then reasonably available through Lasso’s operational systems. After that period, Lasso may delete, de-identify, archive, or retain Customer Personal Data subject to legal retention, backup, security, operational, and archival requirements.
26. Export Controls; Sanctions
Merchant will comply with all applicable export control, sanctions, anti-boycott, and trade compliance laws. Merchant represents that it is not a Sanctioned Party, is not located in or organized under the laws of a comprehensively sanctioned jurisdiction, and will not use the Services for the benefit of a Sanctioned Party or in a sanctioned jurisdiction.
Merchant will not export, re-export, transfer, or use the Services in violation of applicable trade laws. Lasso may suspend or terminate access immediately if Lasso reasonably believes Merchant has violated this section or creates sanctions or trade compliance risk.
27. Government Use
The Services and Documentation are commercial computer software and commercial computer software documentation. U.S. Government use is subject to restricted rights under applicable FAR and DFARS provisions.
28. Disputes; Governing Law; Arbitration
The parties will first attempt to resolve disputes in good faith for 30 days after written notice.
After that period, disputes will be resolved by binding JAMS arbitration under the JAMS Commercial Arbitration Rules. For claims of $250,000 or less, the JAMS Streamlined Arbitration Rules apply. The arbitration will be conducted by one arbitrator, seated in Wilmington, Delaware, with remote hearings permitted.
Either party may seek injunctive or equitable relief in court for intellectual property, confidentiality, data security, unauthorized access, or misuse issues. Small-claims actions may be brought in small-claims court.
Class actions, class arbitrations, representative actions, and jury trials are waived to the maximum extent permitted by law.
Delaware law governs these Terms without regard to conflict-of-law rules. If JAMS is unavailable, the AAA Commercial Arbitration Rules apply.
29. Changes to These Terms
Lasso may update these Terms from time to time. Updates are effective when posted in the dashboard or on Lasso’s site, except Material Adverse Changes take effect no earlier than 30 days after notice unless the change is required for legal, pass-through, security, fraud, abuse, provider, or operational reasons.
“Material Adverse Change” means a material reduction in Merchant’s rights or a material fee increase for the same usage. If a Material Adverse Change not driven by law, provider requirements, or security applies to Merchant, Merchant may terminate the affected Services during the notice period. Fees already incurred remain due.
Continued use after the effective date constitutes acceptance.
30. Assignment; Notices; Entire Agreement; Precedence
Either party may assign these Terms to an Affiliate or in connection with a merger, acquisition, reorganization, financing, or sale of substantially all assets, with notice. Other assignments require consent not to be unreasonably withheld.
Notices to Merchant may be sent to the dashboard contact, account email, or other contact information in Merchant’s account. Notices to Lasso must be sent to admin@lassocart.com.
These Terms, Orders, the AUP, SLA, Privacy Policy, Documentation, Sub-processor Appendix, and applicable Pass-Through Terms are the entire agreement for their subject matter and supersede prior agreements.
In case of conflict, the order of precedence is: (1) Order, (2) these Terms, (3) Pass-Through Terms for the applicable third-party feature only, (4) SLA for availability remedies only, (5) AUP, (6) Documentation.
31. References and Links
Privacy Policy: https://www.lassocart.com/privacy-policy
Acceptable Use Policy: https://www.lassocart.com/legal-pages/acceptable-use-policy
Service Level Agreement: https://www.lassocart.com/legal-pages/service-level-agreement
Pricing Page: https://www.lassocart.com/
Sub-processor Appendix: https://www.lassocart.com/subprocessor-appendix
32. Contact
Lasso Inc.
Legal: admin@lassocart.com
Address: 24A Trolley Square #1339, Wilmington, DE 19806
