Brex Access Agreement | Legal | Brex
Open an account
Platform Agreement

Brex Access Agreement

Revised June 6, 2021

The Brex Access Agreement (the “Agreement”) describes the terms and conditions governing your use of Brex’s User Data access application programming interfaces (the “Brex APIs”), and is a supplement to the Brex Platform Agreement, the Brex Privacy Policy, the Brex User Terms and any Additional Terms (collectively the “Brex Agreements”). By using or accessing the Brex APIs, you agree to comply with the terms of this Agreement. “We,” “our” or “us” means Brex Inc. “You,” “your,” or “Customer” means the person or entity accepting or signing this Agreement.  Together, you and we may be collectively referred to as “Party” or “Parties.” If you use or access the Brex APIs on behalf of an entity, then you represent and warrant that you have authority to bind that entity to this Agreement, that you are doing so on behalf of that entity, and that all references to “You” in the Agreement refer to that entity.

1. Definitions and Rules of Construction. Exhibit A contains the definitions of capitalized terms not separately defined in the context of this Agreement and rules governing construction and interpretation of certain terms and phrases used commonly in this Agreement.

2. Accessing the Brex APIs.

2.1. Limited Right to Use the Brex APIs. Conditioned upon your continued compliance with the terms of this Agreement and any applicable Brex Agreements to which you are a party, we grant you a limited, revocable, non-exclusive, non-sublicensable, non-transferrable, non-assignable license, solely while this Agreement is in effect, to use the Brex APIs set forth on Schedule 2.1 to this Agreement. Further, we will make commercially reasonable efforts to: (a) make available to you via the Brex APIs all User Data that is accessible to Users of the Services in read-only format; and (b) ensure that the quality of User Data we make available to you is equal to the quality of User Data we provide to other Brex API users. Additional terms and conditions applicable to specific Brex APIs are set forth on Schedule 2.1. We may make additional Brex APIs available to you from time to time, and your use of any such Brex API constitutes your consent to the terms of this Agreement and any additional terms set forth on Schedule 2.1. We may modify the terms of Schedule 2.1 in our sole discretion upon Notice to you.

2.2. Accessing the Brex APIs.  You will only access the Brex APIs in conformance with the terms of the Agreement and the Brex APIs documentation. We will assign you with keys or other credentials (“Brex API Keys”) to enable your access to and use of the Brex APIs. We may issue, activate, suspend, re-activate, or deactivate your Brex API Keys to ensure usage of the Brex APIs consistent with the Agreement and as set forth in Section 6. You will cause all API calls from your Brex API Client to include the appropriate API Key, and you agree not to mask or misrepresent your identity or your Brex API Client’s identity when using, accessing, or attempting to access the Brex APIs. You agree to keep any information you provide to Brex regarding or related to your use of the Brex APIs accurate and up to date, and you agree not to hide, misrepresent or obscure any of the features, content, services, or functionality of your Brex API usage or any Brex API Client during your use of the Brex API.

2.3. API Usage Limitations. If at any time we determine in our sole discretion that the volume of API calls from your Brex API Client or your usage of the Brex APIs is reasonably likely to threaten the stability of the Services or result in a Security Incident, we reserve the right to temporarily set and enforce limits on your Brex API Client’s access to the Brex APIs until such time as the threat has been eliminated or contained. These limits may include restrictions on the volume and frequency of API usage, or any other limits necessary to prevent excessive, abusive, or otherwise prohibited use of the Brex APIs. You agree not to exceed, circumvent, or attempt to circumvent any such limits, including by aggregating accounts or creating multiple Brex API Keys or Brex API Clients. You also agree to provide us with API access request estimates on an annual basis upon request, and you will immediately notify us if your actual usage materially exceeds or is likely to exceed your estimated usage at any time during each calendar year.

2.4. Non-interference.  You will not, and you will not permit or enable any API Client, any Third-Party Partner, or any other third party to interfere with the proper workings of the Brex APIs, or create or distribute any service or application that adversely affects the functionality or performance of the Brex APIs, the Services, or the services of any of Brex’s Affiliates, Third-Party Partners or Users.

2.5. Prohibited Uses.  You will not use the Brex APIs to encourage or promote any activity that is illegal, offensive, or otherwise violates the rights of another party. Your use of the Brex APIs will comply with all Applicable Law and any  third-party rights, including laws and regulations related to accessibility and data protection that apply to financial institutions.

2.6. Restrictions. Except as otherwise expressly permitted by this Agreement, you will not, and you will not permit or enable any API Client or any third party to: (a) use the Brex APIs for any purpose or in any manner other than expressly permitted in this Agreement; (b) rent, sell, lease, lend, convey, redistribute or otherwise provide any third party with use of any aspect of the Brex APIs or any associated User Data; (c) modify, decompile, reverse engineer, alter, tamper with or create derivative works of the Brex APIs; (d) falsify or alter any API Key or otherwise obscure or alter the sources of calls coming from your Brex API Client; or (e) access internal application programming interfaces or data feeds that are not externally available or intended by Brex to be available. You agree not to store or use the Brex APIs or User Data outside of the United States.

2.7. API Modifications; Obligation to Maintain Your Brex API Client. When we modify the Brex APIs to expand access to any additional User Data elements or to otherwise make improvements, we will: (a) make reasonable efforts to avoid making changes that would disrupt your access to the Brex APIs; and (b) provide you with reasonable advance notice of planned enhancements to the Brex APIs; in which event you agree to make the necessary changes in timely manner to ensure continuity of service to Users; except that we may, in our sole discretion provide short notice or no notice to you in the event API modifications are required to prevent User Data loss or other harm to Users.  You may request access to additional User Data elements not supported by the Brex APIs, and we will evaluate your request for inclusion in our API development roadmap; except that we do not guarantee that the additional User Data elements you requested will be made available to you.

2.8. Fees.  Brex reserves the right; upon 30 day’s prior notice, to implement fees and payment terms with respect to any use of the Brex APIs beyond the Brex APIs limitations specified in this Agreement.  Brex may also propose premium API offerings that provide for additional access as well as enhanced service and support terms.

3. Your Brex API Client.

3.1. Brex API Client and Ownership. Your Brex API Client is designed to help you enhance a User’s use of the Customer Services. Brex does not acquire ownership in your Brex API Client, and by using the Brex APIs you do not acquire ownership of any rights in the Brex APIs or any content that you access through the Brex APIs.

3.2. Monitoring. You agree that we may monitor or analyze your access and use of the Brex APIs to verify your compliance with the Agreement, to ensure the quality and reliability of the Brex APIs, to improve the Brex APIs and the Services, and for any other business purpose.  You agree not to interfere with any such monitoring, and you understand that we may use any technical means to overcome such interference. You agree to provide us with any information or materials we request to verify your compliance with the Agreement, including, free of charge, access to any test accounts or applications.

3.3. API Client Security. You agree to maintain comprehensive, industry-standard information security and data privacy compliance policies and procedures to protect Users and their User Data, and you will provide the results of any security audits (including any SOC-2 audit) you undertake to us upon our request. You will ensure that your Brex API Client receives and transmits data with a protocol at least as secure as those accepted by the Brex APIs, and that your Brex API Client contains protections that are adequate to keep secure and prevent the interception of any User Data. You agree to periodically assess the security of your Brex API Client to ensure it is maintained free of defects and security vulnerabilities; and you will share the results of such assessment with us upon request. We may require that such an assessment be conducted prior to granting you access to the Brex APIs or at any other time that we deem reasonably necessary to ensure the security of your Brex API Client or the Brex APIs. You will not attempt to circumvent any security measures or technical limitations imposed by us or by the Brex APIs.

3.4. Security Incidents and Notification. You will use best efforts to protect User Data and any Brex Data collected by your Brex API Client, including Personal Data, from any unauthorized access, use, or disclosure (“Security Incident”). You and your Brex API Client will comply with laws that protect Personal Data, and all other applicable privacy laws and regulations. You will notify us within 48 hours of becoming aware, or have reason to suspect the occurrence of any Security Incident or other security breach (including any actual, or suspected theft, loss or misuse of User Data) that you discover or suspect in connection with: (a) your use of the Brex APIs, or (b) your Brex API Client. You agree to collaborate with Brex on creating a notification and remediation strategy for Users. You also agree to promptly notify any Users whose information may have been affected to the extent required by Applicable Law.

3.5. Harmful Code. You will not include, or enable or permit to be included, in or in connection with any API Client, any spyware, malware, virus, worm, Trojan horse or other malicious or harmful code, or any software application not expressly and knowingly authorized by each applicable User prior to being downloaded, installed or used.

3.6. Development.  You will be solely responsible for all development and distribution of your Brex API Client, and for all related costs, expenses, losses and liabilities.

3.7. Service and Support.  You are solely responsible for all aspects of your Brex API Client, and we will not be required to provide any technical or other support services to you or any User in connection with the integration of the Brex APIs with your Brex API Client or any related User Data.  You will provide primary User support to resolve any errors, bugs or issues with the Brex APIs Client and the Customer Services. You agree to acknowledge receipt of inquiries from Users within 48 hours, and you will develop and utilize appropriate escalation procedures for Users related to resolution of inquiries regarding your Brex API Client. We will designate a Customer manager and a technical resource to assist in identifying and resolving API errors, and to answer questions related to operational use of the Brex APIs. We reserve the right to approve in advance all communications with Users related to your use of the Brex APIs; however, we are not responsible for monitoring or policing any dispute that may arise between or among you, any Third-Party Partner, any User, or any other third party related to your Brex API Client. Your use of the Brex APIs and any related User Data is at your own risk, and you are solely responsible for any damage to any computer systems, networks, or databases belonging to you, a Third-Party Partner, or any User, all losses suffered by you, any Third-Party Partner, or any User, and for any other liability of any type related to your use of the Brex APIs and User Data.

4. User Data Privacy and Security.

4.1. User Consent and Privacy.  You will ensure that neither you, your Third-Party Partners , nor your Brex API Client collects or discloses User Data from or concerning any User through the Brex APIs unless you first (a) inform such User in a Privacy Policy of types of User Data you collect or disclose and how such User Data will be used or disclosed; and (b) obtain affirmative consent from such User to such collection, use, and disclosure in accordance with Applicable Law. Any such Privacy Policy must be made available to Users prior to the collection, use, or disclosure of any User Data, and prominently displayed to the User through the Customer Services. Under no circumstances will the Privacy Policies permit the sale or disclosure of Personal Data that is not De-Identified Data without the User’s or Person’s express written consent. In addition, the Privacy Policies will be consistent with your obligations under this Agreement and with Brex’s rights and obligations under the Brex Privacy Policy, currently available at www.brex.com/privacy. Your collection, use and disclosure of User Data must not conflict with either your Privacy Policy, any Third-Party Partner’s Privacy Policy, or the Brex Privacy Policy.

4.2. User Authentication. You and each of your Third-Party Partners will ensure that each User has been authenticated with us by using available OAuth protocols and any other authentication mechanisms made available to you by us prior to accessing any of an authenticated User’s User Data. As part of the authentication process, Brex may also require the User to consent to the types of data to be shared and what parties they may be shared with, and to any other aspects of the proposed API connection. You agree to comply with any preferences that the User expresses during the authentication process.

4.3.User Account Un-Linking. Once a User’s Brex Account has been authenticated with your Brex API Client, then your Brex API Client must provide a method for the User to disconnect or “un-link” its Brex Account from your Brex API Client and any related systems or software. If a User disconnects its Brex Account or otherwise revokes their permission for your Brex API Client to access its User Data using a method you provide, then your access to any User Data related to that User will be terminated and you will delete all User Data in your possession for such User; except that you will not be required to delete User Data to the extent you are required to retain such User Data to comply with Applicable Law.

4.4. Limitations on Use of User Data and Disclosures.

4.4.1. Except as otherwise permitted by Brex, you will not use or disclose any User Data except for purposes of: (a) providing User Data directly to a User; (b) complying with Applicable Law or mandatory requests of a government or regulatory body; (c) providing User Data to a Third-Party Partner or other third party for the sole purpose of providing such User Data directly to a User; except any such Third-Party Partner or other third party: (i) may not use such User Data for any other purpose; and (ii) will comply with any required use and disclosure obligations regarding User Data applicable to each User, and to us that are at least as protective as those in this Agreement; and (d) as contemplated by your privacy policy.

4.4.2. Without limiting the limitations set forth in Section 4.4.1, and regardless of whether the applicable User has consented, absent Brex’s prior written consent, you and your Third-Party Partners will not: (i) market, sell, lease, license, or otherwise commercialize any User Data or any data aggregated or derived from User Data for any purpose other than the explicit purpose for which the User has granted consent;  (ii) use or disclose for marketing purposes any User Data received or collected by you or your Brex API Client from or through Brex or the Brex APIs; or (iii) analyze, aggregate, or otherwise use User Data or Brex Data to reverse engineer or otherwise ascertain or derive Brex’s Confidential Information.

4.5. Responsibility for Collected User Data.  As between you and Brex, you are solely responsible for (a) any User Data and any other data and information collected by you, including the transmission of any User Data to or from the Brex APIs or otherwise using the Brex APIs, and (b) the completeness and accuracy of User Data and the legality of its collection, processing, use and disclosure. You understand that we and our Third-Party Partners will rely on the User Data you submit to us, and you will make best efforts to ensure that all User Data you submit is accurate and complete.

4.6. User Data Access Restrictions.

4.6.1. API Client and Third Parties.  You will not, and you will not permit or enable any API Client, Third-Party Partner, or any other third party or service provider to: (a) use any automated means (e.g., scraping, crawling, spidering or robots) to access, query or obtain any User Data from any Brex websites, data systems, or other Brex APIs; or (b) except as expressly permitted by the Agreement or any applicable Brex Agreements, archive, store, modify or replace any User Data received from Brex or the Brex APIs (including by changing the order in which such User Data was originally made available by Brex or intermixing such User Data with data from sources other than Brex). Upon our request, you will delete any and all User Data you possess that does not comply with this Section 4.6.1.

4.6.2. Personnel.  You will ensure that any of your personnel who are granted access to User Data are screened, to the extent permitted by Applicable Law, in accordance with best practices in the financial services industry. You will exclude from access to User Data any personnel that have been convicted of a crime involving theft, fraud, money laundering, breach of fiduciary duty, or similar financial crime that suggests that, after an individualized assessment of facts and circumstances of the conviction, the personnel pose a more than marginally greater level of risk (than someone without a conviction) of mis-using User Data.

4.7. Deletion of User Data. Except where retention of User Data is required under Applicable Law, your contractual requirements to maintain a copy of such User Data by request of a User, or your reasonable need to retain such User Data for recordkeeping purposes for the benefit of that User, upon termination of this Agreement (or any Wind-Down Period, if applicable), you and your Third-Party Partners will delete all User Data, as well as any De-Identified Data derived from such User Data. You must also delete all User Data at the request of a User in the event that a User revokes your right to access such data via your Brex API Client as set forth in Section 4.3. For the avoidance of doubt, the Parties acknowledge that each Party may possess identical information collected independently by each Party, and such identical information shall: (a) remain the Confidential Information of the respective Parties, and (b) shall not be subject to this Section 4.7.

5. Use of Marks.

5.1. Brex Marks. Upon our prior written approval, you may use and display the Brex Marks solely for the limited purposes of facilitating connection of a User’s Brex Account to your Brex API Client, and to identify Brex in the Brex User data consent portals. You may not attempt to register any names, trade names, trademarks, service marks, slogans, logos, domain names or other indicia that are confusingly similar in any way to the Brex Marks. Nothing in this Agreement will convey any right, title, license or other interest in or to the Brex Marks to you or to any Third-Party Partner.

5.2. Customer Marks. You hereby grant to Brex a limited, fully paid-up, worldwide, royalty-free, non-exclusive, non-transferable license (but Brex has no obligation) to use your name and logo (“Customer Marks”) in connection with the Brex APIs on the Brex User data consent portal, so long as any usage complies with your trademark guidelines. Nothing in this Agreement will convey any right, title, license or other interest in or to the Customer Marks to us or to any Brex Entity.

6. Termination; Suspension; and Wind-Down Period.

6.1. Termination. This Agreement will remain effective until terminated in accordance with its terms.

6.1.1. Either Party may terminate this Agreement: (a) at any time without cause upon 90  days’ written notice to the other Party; or (b) if the other Party breaches the terms of this Agreement and such breach remains uncured for 30 days after receipt of a notice of the breach and intent to terminate from the non-breaching Party, except that such termination may occur immediately if the breach cannot be cured.

6.1.2. We may terminate the Agreement immediately: (a) if you experience a Security Incident affecting User Data; or (b) in the event of fraud or intentional misconduct by you or any of your or their respective personnel.

6.2. Suspension. In addition, we reserve the right, in its sole discretion, to suspend (temporarily or permanently) your use of the Brex APIs, Brex API Keys, any Brex Marks, or any User Data (whether by you, a Third-Party, or a User), in whole or in part upon reasonable notice to you: (a) if a User requests to disconnect their Brex Account from the Customer Services (provided however that in such case, only User Data for that specific User shall be suspended); (b) if we reasonably believe that there is a material risk of a Security Incident with respect to your or any Third-Party Partner’s systems; or (c) to perform reasonable maintenance or to provide updates to the Brex APIs, the Services, or our systems or networks.

6.3. Liability for Losses. We bear no responsibility or liability to you for any such termination or suspension. Upon any such termination or suspension, all rights or licenses that you may have with respect to the Brex APIs, Brex Marks, and User Data will immediately be terminated or suspended, as applicable, and you will immediately cease using the Brex APIs, Brex Marks and User Data, and delete any data or materials related to the Brex APIs, Brex Marks, and User Data in your possession or control in accordance with Section 4.8.

7. Confidential Information.

7.1. Each party (the “Disclosing Party”) may from time to time during the term of this Agreement disclose to the other party (the “Receiving Party”) the Disclosing Party’s Confidential Information. The Receiving Party will: (a) hold the Confidential Information in trust and confidence; (b) use the Confidential Information only as expressly permitted in this Agreement (and not for the benefit of any third party), and not in any manner or for any purpose other than as expressly permitted in this Agreement; (c) not reproduce Confidential Information except as necessary to fulfill your obligations hereunder; and (d) not make available to any third party, directly or indirectly, any Confidential Information without the Disclosing Party’s express prior written consent; provided, however, that the Receiving Party may disclose Confidential Information of the Disclosing Party to the Receiving Party's employees, and to any of the Receiving Party's contractors who are bound to the Receiving Party by confidentiality obligations substantially equivalent to those set forth in this Section 7, solely as required in order for the Receiving Party to perform under this Agreement, and the Receiving Party may disclose the Disclosing Party’s Confidential Information to, as applicable, its professional advisors, and to the employees and contractors of its parent, subsidiaries and Affiliates. The Receiving Party will protect the Disclosing Party’s Confidential Information with at least the same degree of care as the Receiving Party uses to protect its own Confidential Information of a similar nature, but in no case with less than a reasonable degree of care. The Receiving Party will be solely responsible and liable for all use and disclosure of Confidential Information by or through the Receiving Party, any Third-Party Partner, any Brex User or any other third party who receives Confidential Information from the Receiving Party.

7.2. Upon any termination of this agreement, the Receiving Party will immediately cease using and delete all copies of Confidential Information in its possession, custody or control, and certify such deletion in writing to the Disclosing Party. The Receiving Part acknowledges and agrees that breach or threatened breach of this Section 7 may cause the Disclosing Party irreparable harm and significant injury, the amount of which may be difficult to estimate and ascertain, thus making inadequate any remedy at law or in damages. The Receiving Party therefore agrees that, in the event of such breach or threatened breach, the Disclosing Party will be entitled to injunctive relief from any court of competent jurisdiction enjoining any threatened or actual breach of this Section 7 and for any other relief that such court deems appropriate, in addition to any other remedy or remedies available at law or in equity.


7.3. The Receiving Party may disclose Confidential Information of the Disclosing Party if required to do so under Applicable Law, provided that the Receiving Party, where reasonably practicable and to the extent legally permissible, provides the Disclosing Party with prior written notice of the required disclosure so that the Disclosing Party may seek a protective order or other appropriate remedy, and provided further that the Receiving Party discloses no more Confidential Information of the Disclosing Party than is reasonably necessary in order to respond to the required disclosure.


8. Brex Property; Customer Property; Feedback.

8.1. Brex Property. All intellectual property rights and all other right, title and interest in and to the Brex APIs, Brex Marks, and all other Confidential Information are the sole property of and reserved to Brex or its Affiliates, licensors or suppliers, as applicable, and no right, title or interest therein are transferred to you as a result of your use thereof or this Agreement. You will not contest or assist others in contesting the validity of any such rights. All rights not expressly set forth herein are reserved by Brex or its Affiliates , licensors or suppliers, as applicable, and no implied rights or licenses are granted to you pursuant to this Agreement. You acknowledge and agree that you receive no rights, licenses or interests in or to any patents, patent applications, copyrights, trademarks, trade names or service marks of Brex or its Affiliates, licensors, suppliers or other third parties pursuant to this Agreement.

8.2 Customer Property. All intellectual property rights and all other right, title and interest in and to Customer’s technology and all other Customer Confidential Information are the sole property of and reserved to Customer or its Affiliates, licensors or suppliers, as applicable, and no right, title or interest therein are transferred to Brex as a result of its use thereof or this Agreement. Brex will not contest or assist others in contesting the validity of any such rights. Except as otherwise set forth herein, including in Section 5, Brex acknowledges and agrees that it receive no rights, licenses or interests in or to any patents, patent applications, copyrights, trademarks, trade names or service marks of Customer or its Affiliates, licensors, suppliers or other third parties pursuant to this Agreement.

8.2. Feedback. You hereby irrevocably assign and agree to irrevocably assign to us, without charge, all intellectual property rights relating to oral and written Feedback that you provide relating to the Brex APIs or any associated services or documentation. At our expense, you will take all actions deemed necessary by us in order for us to record, perfect and maintain its rights in and to all Feedback. Without limiting the foregoing, we will have an unlimited, worldwide, royalty-free right to use and modify all Feedback, and we will have no confidentiality obligations with respect to any Feedback.

9. Disclaimer of Warranties; Limitation of Liability; Indemnification.

9.1 Disclaimer of Warranties by Brex. THE BREX APIS, USER DATA, AND BREX PROPERTY PROVIDED BY OR ON BEHALF OF BREX, ARE PROVIDED “AS IS” AND WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED. TO THE FULLEST EXTENT PERMITTED BY LAW, THE BREX ENTITIES DISCLAIM ALL WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING ANY IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, ACCURACY, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES THAT MAY ARISE FROM COURSE OF DEALING, COURSE OF PERFORMANCE OR USAGE OF TRADE. THE BREX ENTITIES DO NOT WARRANT THAT USE OF THE BREX APIS, USER DATA, OR BREX PROPERTY WILL BE UNINTERRUPTED, ERROR-FREE OR SECURE, OR THAT DEFECTS WILL BE CORRECTED. YOU ACKNOWLEDGE THAT YOU ARE RESPONSIBLE FOR OBTAINING AND MAINTAINING ALL TELEPHONE, COMPUTER HARDWARE, SOFTWARE AND OTHER EQUIPMENT, MATERIALS AND THIRD-PARTY LICENSES AND CONSENTS NEEDED TO USE YOUR API CLIENT WITH THE BREX APIS, AND FOR ALL RELATED COSTS. YOUR USE OF THE BREX APIS, USER DATA, OR BREX PROPERTY IS ENTIRELY AT YOUR OWN RISK.

9.2. Limitation of Liability. NEITHER PARTY, NOR ANY OF THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES, CONSULTANTS, AGENTS OR OTHER REPRESENTATIVES WILL BE RESPONSIBLE OR LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY OR PUNITIVE DAMAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS, LOSS OF DATA OR LOST PROFITS), UNDER ANY CONTRACT, NEGLIGENCE, INDEMNITY, STRICT LIABILITY OR OTHER THEORY, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, ARISING OUT OF OR RELATING IN ANY WAY TO THIS AGREEMENT; OR FROM ANY TERMINATION OR SUSPENSION OF THIS AGREEMENT OR CUSTOMER’S ACCESS TO OR USE OF THE BREX APIS, USER DATA, OR ANY BREX PROPERTY. CUSTOMER’S SOLE REMEDY FOR DISSATISFACTION WITH THE BREX APIS, USER DATA, OR ANY BREX PROPERTY IS TO STOP USING THE API, USER DATA, OR BREX PROPERTY, AS APPLICABLE. EXCEPT FOR EITHER PARTY’S BREACH OF SECTION 7 [CONFIDENTIAL INFORMATION] AND FOR ANY AMOUNTS OWED PURSUANT TO A PARTY’S OBLIGATIONS UNDER SECTION 9.3 [INDEMNIFICATION], EACH PARTY’S SOLE AND EXCLUSIVE MAXIMUM LIABILITY FOR ANY DAMAGES, LOSSES AND CAUSES OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), INDEMNITY OR OTHERWISE, IN CONNECTION WITH THIS AGREEMENT, WILL BE LIMITED TO THE TOTAL AMOUNTS PAID BY CUSTOMER, IF ANY, TO USE THE BREX APIS, OR TEN DOLLARS ($10), WHICHEVER IS GREATER.

9.3. Indemnification.

9.3.1. Customer Indemnification. You will indemnify, defend and hold the Brex Entities and their directors, officers, employees, consultants, agents and other representatives harmless from and against any losses that result from a Third-Party Claim against a Brex Entity arising out of, related to, caused or incurred by, or in connection with: (a) your use of or other activities in connection with the Brex APIs, User Data, or the Brex Property; (b) your Brex API Client, its use (whether by you or a third party) and any transactions conducted through it or User Data transmitted through it (whether by you or a third party); (c) the operation of your business in connection with the Brex APIs, User Data, or Brex Property; (d) any suspension or termination of your Brex API Client’s use of the Brex APIs, User Data, or Brex Property (including any such suspension or termination caused by Brex); (e) any breach by you of any representations, warranties, covenants or obligations under this Agreement; (f) actual or alleged infringement of any third party’s Intellectual Property by you related to your Brex API Client (including any component thereof), or any Feedback or other materials made available to Brex by you; (g) your gross negligence, fraud or intentional misconduct; (h) any Security Incident caused by you or any Third-Party Partner; or (i) your violation of Applicable Law. At our election, you will assume control of the defense and settlement of any Third-Party Claim that is subject to indemnification by you pursuant to this Section 9.3; except that we may at any time thereafter elect to take over control of the defense and settlement of any such Third-Party Claim, and provided that you will not settle any such Third-Party Claim without our express prior written consent.

9.3.2. Brex Indemnification. We will indemnify, defend and hold you and your Affiliates, directors, officers, employees, consultants, agents and other representatives harmless from and against any losses that result from a Third-Party Claim against a you arising out of, related to, caused or incurred by, or in connection with: (a) any breach by us of any representations, warranties, covenants or obligations under this Agreement; (b) actual or alleged infringement of any third party’s Intellectual Property by Brex related to the Brex API (including any component thereof; (c) Brex’s gross negligence, fraud or intentional misconduct; (h) any breach of your Confidential Information caused by us; or (i) our violation of Applicable Law. At our election, we will assume control of the defense and settlement of any Third-Party Claim that is subject to indemnification by us pursuant to this Section 9.3; except that you may at any time thereafter elect to take over control of the defense and settlement of any such Third-Party Claim, and provided that we will not settle any such Third-Party Claim without your express prior written consent.

10. Miscellaneous.

10.1. Notices. The Parties will deliver all notices, demands and other communications via electronic mail and in writing (both of which will constitute notice) to the following addresses:

If to Brex:

Brex Inc.

Attn: General Counsel

405 Howard Street, Suite 200

San Francisco, CA 94015

with a copy to notices@brex.com


10.2. Complaints and Litigation. Each Party will promptly provide the other Party with copies of any civil or investigative demand, subpoena, complaint, lawsuit or similar proceeding or request for information regarding a private litigant’s or regulatory authority’s investigation or enforcement action relating to the Brex APIs, API Client, the Services or this Agreement in which a Brex Entity is named as Party; unless disclosure of such information is expressly prohibited by the regulatory authority issuing the investigation or action.

10.3. Third-Party Beneficiaries. This Agreement does not benefit or create any right or cause of action in or on behalf of any Person other than you and Brex.

10.4. Independent Contractors. Nothing contained in this Agreement will be construed as creating or constituting a partnership, joint venture or agency between the Parties to this Agreement. Each Party will be deemed an independent contractor with respect to the other Party in fulfillment of their respective obligations.

10.5. Assignment. This Agreement and your rights, privileges, duties and obligations in this Agreement may not be assigned or delegated by you without our prior written consent.

10.6. Amendments and Waivers. Neither Party may amend, modify, or waive in any fashion any instrument or provisions in this Agreement except by an instrument in writing signed by the Parties.  A Party’s waiver of any breach of this Agreement by the other Party will not operate or be construed as the waiver of the same or any similar breach on a subsequent occasion, nor will any delay in exercising any right, power or privilege granted by this Agreement constitute such a waiver.

10.7. Counterparts; Delivery. This Agreement may be executed in any number of counterparts, all of which taken together will constitute one document. The Parties may deliver executed counterparts of this Agreement by electronic means.

10.8. Publicity and User Communications.  The Parties will collaborate and mutually agree to the content, timing, and all other terms of any commercial communications regarding integration of your Brex API Client with the Brex APIs, except that we reserve the right to approve the content of any marketing communications to Users regarding your Brex API Client in our sole and absolute discretion.

10.9. Compliance with Laws. You will comply with all laws, regulations and policies related to User Data and the development, marketing, sale, distribution and use of the Brex APIs Client or related applications, and all other Applicable Laws. Upon our request, you will promptly provide us copies of any applicable regulatory approvals or other clearances required of you to provide the Brex APIs Client, or possess and use User Data. Absent our express prior written consent, you will not seek any regulatory permissions or make any determinations that may result in any Brex Entity or the Brex APIs being deemed regulated or that may impose any obligations or limitations on any Brex Entity.

10.10. Governing Law and Venue. This Agreement will be construed, applied, and governed by the laws of the State of California exclusive of its conflict or choice of law rules except to the extent that U.S. federal law controls. Subject to the good faith binding arbitration requirement provisions contained in Section 10.12, all litigation will be brought in the state or federal courts located in San Francisco, California.

10.11. WAIVER OF JURY TRIAL. EACH PARTY HEREBY WAIVES, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, ANY RIGHT IT MAY HAVE TO A TRIAL BY JURY IN ANY LEGAL PROCEEDING DIRECTLY OR INDIRECTLY ARISING OUT OF OR RELATING TO THE BREX APIS, THE BREX APIS CLIENT, USER DATA AND THIS AGREEMENT (WHETHER BASED ON CONTRACT, TORT OR ANY OTHER THEORY).

10.12. Dispute Resolution; Arbitration. The Parties will attempt to resolve any dispute, claim, or controversy arising from or relating to this Agreement (“Disputes”) in good faith and in a timely manner by mutual consultation among the designated representatives of each Party. If a Dispute remains unresolved for more than 60 days, either Party may escalate the Dispute for resolution by senior executives from each Party; except that that such 60-day consultation period does not apply to cases where a Party is seeking injunctive or declaratory relief to avoid imminent or immediate harm or Losses. Except for any Dispute principally related to or arising out of either Party’s rights and obligations under Section 4 [User Data Privacy and Security]; Section 7 [Confidential Information]; Section 8 [Brex Property; Customer Property; Feedback] and Section 9.3 [Indemnification], which the Parties will resolve in litigation in accordance with Section 10.10, each Dispute not resolved by the Parties by mutual consultation will be determined by arbitration in San Francisco, California before a single arbitrator. The arbitration will be administered by JAMS. For claims greater than $250,000, the JAMS Comprehensive Arbitration Rules and Procedures in effect at the time the arbitration is commenced will apply. For claims less than or equal to $250,000, the JAMS Streamlined Arbitration Rules in effect at the time the arbitration is commenced will apply. The arbitrator will apply the substantive law of the State of California, exclusive of its conflict or choice of law rules. If JAMS is no longer in business or refuses or declines to administer any Dispute between the Parties brought before it, either Party may petition the United States District Court for the Northern District of California to appoint the arbitrator. Nothing in this Section 10.12 will preclude the Parties from seeking provisional remedies in aid of arbitration from a court of appropriate jurisdiction. The Parties acknowledge that this Agreement evidences a transaction involving interstate commerce. Notwithstanding the provisions in this paragraph referencing applicable substantive law, the Federal Arbitration Act (9 U.S.C. §§ 1-16) will govern any arbitration conducted pursuant to the terms of this Agreement. Either Party may commence arbitration by providing to JAMS and the other Party to the Dispute a written demand for arbitration, setting forth the subject of the Dispute and the relief requested. The existence of a Dispute and the observance by the Parties of the Dispute resolution procedures in this Section 10.12 will not: (a) excuse any Party from continuing to perform its obligations under this Agreement; or (b) suspend any obligation to pay any amount otherwise due and payable under this Agreement unless that obligation or the amount (to the extent in Dispute) is itself the subject of the Dispute. Nothing in this Agreement affects the right of a Party to institute proceedings to seek urgent injunctive or declaratory relief in respect of a Dispute or any matter arising under this Agreement. If any Dispute leads to an arbitration or other legal proceeding to resolve such Dispute, the prevailing Party in such proceeding will be entitled to receive its reasonable attorneys’ fees, expert witness fees and out-of-pocket costs incurred in connection with such proceeding, in addition to any other relief it may be awarded. To the extent permitted by applicable law, all arbitration proceedings will be subject to Section 7 [Confidential Information].

10.13. Force Majeure. Neither Party will be liable for delay or failure to perform, in whole or in part, any of its duties under this Agreement due to factors beyond its control, including lack or failure of raw materials, strike, lockout or other labor disturbance, health emergency, sabotage, terrorism, acts of war or other armed conflict, pandemics or epidemics, acts of nature, earthquake, storm, fire, electrical supply or telecommunications failure.

10.14. Remedies Cumulative. The Parties do not intend the rights conferred upon both Parties to this Agreement to be exclusive of each other or of any other rights and remedies of both Parties under this Agreement, under Applicable Law, or in equity. Rather, each and every right of both Parties to this Agreement, under Applicable Law, or in equity is cumulative and concurrent and in addition to all other rights of the Parties.

10.15. Severability. If any provision of this Agreement, or the application of any such provision to any person or circumstance, is invalid or unenforceable, the remainder of this Agreement, or the application of such provision to persons or circumstances other than those as to which it is invalid or unenforceable, will not be affected by such invalidity or unenforceability, and the Parties expressly authorize any court of competent jurisdiction to modify any such provision in order that such provision will be enforced by such court to the fullest extent permitted by Applicable Law. In the event of any conflict between the terms of this Agreement and any other Brex Agreement to which you are a party, the terms of this Agreement will govern and prevail.

10.16. Entire Agreement. This Agreement embodies the entire understanding of the Parties with respect to the subject matter hereof and supersedes in their entirety all prior communication, correspondence, and instruments, and there are no further or other agreements or understandings, written or oral, in effect between the Parties relating to the subject matter of this Agreement.

10.17. Survival. The provisions of Sections 4, 5, 6, 7, 8, 9, and this Section 10  will survive termination of this Agreement.

EXHIBIT A

DEFINITIONS AND RULES OF CONSTRUCTION

Additional Terms” means additional terms or policies to which we may require you to agree in the event that we release new products, features, integrations, promotions, or rewards, or otherwise to enhance and improve the scope and quality of the Services.


“Affiliate” means, with regards to each Party, (a) any person or entity controlling, controlled by, or under common control with such Party; or (b) any partner of or joint venturer with such Party. For purposes of this definition, control means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of such person or entity, whether through ownership of voting securities or otherwise.


API” means an application programming interface and related software, code, services, keys, endpoints, documentation and all information provided by Brex related to the foregoing.

Applicable Law” means any: (a) statute, ordinance, permit, treaty, rule, regulation, law, or common law interpretation of any law applicable to a Party; (b) bulletin, judgment, order, decree, injunction, request, recommendation, direction, guidance, examination, or determination of any regulatory authority with jurisdiction or authority over a Party; or (c) any negotiated settlement, order, or agreement by a Party with an arbitrator or a regulatory authority.

Brex Account” means a Brex Card Account or Brex Cash Account that is used in connection with the Services.

Brex API Client” means any application, website, or other online experience you develop that connects to, or is enabled by the Brex APIs.

Brex Data” means any data, content, materials, or other information (including accompanying metadata), that at any time is transmitted to or from, stored on, or accessible through the Brex APIs, or otherwise made available to you by Brex in connection with the Brex APIs. Brex Data includes User Data, but does not include Personal Data.

Brex Marks” means the names, trade names, trademarks, service marks, and logos of Brex.

“Brex Property” means the Services and related technology; Brex Data; and copyrights, patents, trade secrets, trade or service marks, brands, logos, and other intellectual property incorporated into each of the foregoing.

Card” means a physical or virtual payment card issued by an Issuer and managed through a User’s Brex Card Account.

Card Networks” means the payment card networks including Visa or Mastercard.

Confidential Information” means a Party’s non-public, commercially proprietary or sensitive information, whether or not designated as “confidential”  or “proprietary” or similar designation, that relates to the business activities of a Party or its Affiliates, or to their respective Users, employees, customers or Third-Party Partners, including technical, marketing, financial, employee, planning, and other confidential and proprietary information. Information shall not be considered “Confidential Information” to the extent, but only to the extent, that such information (a) was already known to the Receiving Party free of any restriction at the time it is obtained from the Disclosing Party; (b) is subsequently learned from an independent third party free of any restrictions and without breach of this Agreement or any other agreements; (c) is or becomes publicly available through no wrongful act of the Receiving Party; or is independently developed by the Receiving Party without reference to any Confidential Information.

De-Identified Data” means data derived from User Data that has been anonymized or aggregated with other data and that can no longer be used to identify a specific company or individual.

Feedback” refers to any suggestion or idea for improving or otherwise modifying any of Brex’s products or services. Feedback does not include any suggestion or idea to the extent that it solely addresses your products or services.”

Financial Data” means a User’s Brex Account balance, transaction history, and all other Brex Account information, and a User’s bank account balance, transaction history, and all other bank account information accessible to Brex through Linked Accounts.

“Intellectual Property” means a Party’s services and related technology; Confidential Information; and copyrights, patents, trade secrets, trade or service marks, brands, logos, and other intellectual property incorporated into each of the foregoing.

Issuer” means the bank that is a member of the Card Network indicated on Cards that is responsible for issuing the Cards to Users.

Linked Accounts” means any account that is held with a financial institution (including Brex Treasury) that is linked to or authorized for use or payment through a Brex Account by a User.

Marks” means the names, trade names, trademarks, service marks, and logos of each Party.

Customer Services” means the websites, applications, and other services provided by Customer to Users.

Personal Data” means data that identifies or could reasonably be used to identify, directly or indirectly, a natural person.

“Customer Property” means the Customer’s technology and all other Customer Confidential Information and related technology; and copyrights, patents, trade secrets, trade or service marks, brands, logos, and other intellectual property incorporated into each of the foregoing.

Services” means the financial products, technology, expense management, cash management, payment services, and all other services provided by Brex to Users.

Third-Party Claim” means any action or threatened action, suit, claim, proceeding or regulatory action, regardless of merit brought against a Party by any person not a party to this Agreement.

Third-Party Partner” means any entity other than a User who may receive User Data from you or your Brex API Client.

User” means any user of the Services, or any entity that is otherwise a Brex customer.

“User Data” means any data or other information relating to a User or collected from or at the direction of a User (whether collected by Customer, Brex, or any third party), including any Financial Data and any Personal Data.

Rules of Construction

As used in this Agreement: (a) all references to a plural form will include the singular form (and vice versa); (b) the terms “include” and “including” are meant to be illustrative and not exclusive, and will be deemed to mean “include without limitation” “including, but not limited to”, or “including without limitation;” (c) the word “or” is both conjunctive and disjunctive; (d) the word “and” is conjunctive only; (e) references to “days” mean calendar days unless otherwise indicated through the use of the phrase “Business Day”; and (f) any reference made in this Agreement to a statute or statutory provision means such statute or statutory provision as it has been amended through the date as of which the particular portion of this Agreement is to take effect, or to any successor statute or statutory provision relating to the same subject as the statutory provision referred to in this Agreement, and to any then applicable rules or regulations, unless otherwise provided.

SCHEDULE 2.1

BREX APIs and Additional Terms

1. Brex APIs

1.1. Brex Onboarding API. This endpoint is used to submit User referrals to Brex. Brex will present the referred User with a Brex Account application form with the User information pre-filled that you provide.

1.2. Brex Onboarding API Terms.

1.2.1. User Data. You understand that Brex will rely on the User Data you submit to us to evaluate each User’s Brex Account application, and you will make best efforts to ensure that all User Data you submit is accurate and complete.

1.2.2. Disclosures and Consent. You will include a notice to Users on your Brex Account referral page that (i) you will disclose User Data with us when the User applies for a Brex Account, and (ii) submitting a Brex Account application constitutes the User’s consent to such disclosure to us.

1.2.3. No Assurances or Conditions. You will not provide assurances to a User that we will approve a User’s Brex Account application, and you will not condition the submission of a Brex Account application on any criteria not expressly approved by us.

1.2.4. No Disparate Treatment. Brex will evaluate each User’s Brex Account application no less favorably than it would had the application been submitted through any other service comparable to Customer’s services.

1.3. Brex Accounting API. This endpoint is used for permissioned access to Brex Customer transactions and balances.

Open an account
Platform Agreement

Brex Access Agreement

Revised June 6, 2021

The Brex Access Agreement (the “Agreement”) describes the terms and conditions governing your use of Brex’s User Data access application programming interfaces (the “Brex APIs”), and is a supplement to the Brex Platform Agreement, the Brex Privacy Policy, the Brex User Terms and any Additional Terms (collectively the “Brex Agreements”). By using or accessing the Brex APIs, you agree to comply with the terms of this Agreement. “We,” “our” or “us” means Brex Inc. “You,” “your,” or “Customer” means the person or entity accepting or signing this Agreement.  Together, you and we may be collectively referred to as “Party” or “Parties.” If you use or access the Brex APIs on behalf of an entity, then you represent and warrant that you have authority to bind that entity to this Agreement, that you are doing so on behalf of that entity, and that all references to “You” in the Agreement refer to that entity.

1. Definitions and Rules of Construction. Exhibit A contains the definitions of capitalized terms not separately defined in the context of this Agreement and rules governing construction and interpretation of certain terms and phrases used commonly in this Agreement.

2. Accessing the Brex APIs.

2.1. Limited Right to Use the Brex APIs. Conditioned upon your continued compliance with the terms of this Agreement and any applicable Brex Agreements to which you are a party, we grant you a limited, revocable, non-exclusive, non-sublicensable, non-transferrable, non-assignable license, solely while this Agreement is in effect, to use the Brex APIs set forth on Schedule 2.1 to this Agreement. Further, we will make commercially reasonable efforts to: (a) make available to you via the Brex APIs all User Data that is accessible to Users of the Services in read-only format; and (b) ensure that the quality of User Data we make available to you is equal to the quality of User Data we provide to other Brex API users. Additional terms and conditions applicable to specific Brex APIs are set forth on Schedule 2.1. We may make additional Brex APIs available to you from time to time, and your use of any such Brex API constitutes your consent to the terms of this Agreement and any additional terms set forth on Schedule 2.1. We may modify the terms of Schedule 2.1 in our sole discretion upon Notice to you.

2.2. Accessing the Brex APIs.  You will only access the Brex APIs in conformance with the terms of the Agreement and the Brex APIs documentation. We will assign you with keys or other credentials (“Brex API Keys”) to enable your access to and use of the Brex APIs. We may issue, activate, suspend, re-activate, or deactivate your Brex API Keys to ensure usage of the Brex APIs consistent with the Agreement and as set forth in Section 6. You will cause all API calls from your Brex API Client to include the appropriate API Key, and you agree not to mask or misrepresent your identity or your Brex API Client’s identity when using, accessing, or attempting to access the Brex APIs. You agree to keep any information you provide to Brex regarding or related to your use of the Brex APIs accurate and up to date, and you agree not to hide, misrepresent or obscure any of the features, content, services, or functionality of your Brex API usage or any Brex API Client during your use of the Brex API.

2.3. API Usage Limitations. If at any time we determine in our sole discretion that the volume of API calls from your Brex API Client or your usage of the Brex APIs is reasonably likely to threaten the stability of the Services or result in a Security Incident, we reserve the right to temporarily set and enforce limits on your Brex API Client’s access to the Brex APIs until such time as the threat has been eliminated or contained. These limits may include restrictions on the volume and frequency of API usage, or any other limits necessary to prevent excessive, abusive, or otherwise prohibited use of the Brex APIs. You agree not to exceed, circumvent, or attempt to circumvent any such limits, including by aggregating accounts or creating multiple Brex API Keys or Brex API Clients. You also agree to provide us with API access request estimates on an annual basis upon request, and you will immediately notify us if your actual usage materially exceeds or is likely to exceed your estimated usage at any time during each calendar year.

2.4. Non-interference.  You will not, and you will not permit or enable any API Client, any Third-Party Partner, or any other third party to interfere with the proper workings of the Brex APIs, or create or distribute any service or application that adversely affects the functionality or performance of the Brex APIs, the Services, or the services of any of Brex’s Affiliates, Third-Party Partners or Users.

2.5. Prohibited Uses.  You will not use the Brex APIs to encourage or promote any activity that is illegal, offensive, or otherwise violates the rights of another party. Your use of the Brex APIs will comply with all Applicable Law and any  third-party rights, including laws and regulations related to accessibility and data protection that apply to financial institutions.

2.6. Restrictions. Except as otherwise expressly permitted by this Agreement, you will not, and you will not permit or enable any API Client or any third party to: (a) use the Brex APIs for any purpose or in any manner other than expressly permitted in this Agreement; (b) rent, sell, lease, lend, convey, redistribute or otherwise provide any third party with use of any aspect of the Brex APIs or any associated User Data; (c) modify, decompile, reverse engineer, alter, tamper with or create derivative works of the Brex APIs; (d) falsify or alter any API Key or otherwise obscure or alter the sources of calls coming from your Brex API Client; or (e) access internal application programming interfaces or data feeds that are not externally available or intended by Brex to be available. You agree not to store or use the Brex APIs or User Data outside of the United States.

2.7. API Modifications; Obligation to Maintain Your Brex API Client. When we modify the Brex APIs to expand access to any additional User Data elements or to otherwise make improvements, we will: (a) make reasonable efforts to avoid making changes that would disrupt your access to the Brex APIs; and (b) provide you with reasonable advance notice of planned enhancements to the Brex APIs; in which event you agree to make the necessary changes in timely manner to ensure continuity of service to Users; except that we may, in our sole discretion provide short notice or no notice to you in the event API modifications are required to prevent User Data loss or other harm to Users.  You may request access to additional User Data elements not supported by the Brex APIs, and we will evaluate your request for inclusion in our API development roadmap; except that we do not guarantee that the additional User Data elements you requested will be made available to you.

2.8. Fees.  Brex reserves the right; upon 30 day’s prior notice, to implement fees and payment terms with respect to any use of the Brex APIs beyond the Brex APIs limitations specified in this Agreement.  Brex may also propose premium API offerings that provide for additional access as well as enhanced service and support terms.

3. Your Brex API Client.

3.1. Brex API Client and Ownership. Your Brex API Client is designed to help you enhance a User’s use of the Customer Services. Brex does not acquire ownership in your Brex API Client, and by using the Brex APIs you do not acquire ownership of any rights in the Brex APIs or any content that you access through the Brex APIs.

3.2. Monitoring. You agree that we may monitor or analyze your access and use of the Brex APIs to verify your compliance with the Agreement, to ensure the quality and reliability of the Brex APIs, to improve the Brex APIs and the Services, and for any other business purpose.  You agree not to interfere with any such monitoring, and you understand that we may use any technical means to overcome such interference. You agree to provide us with any information or materials we request to verify your compliance with the Agreement, including, free of charge, access to any test accounts or applications.

3.3. API Client Security. You agree to maintain comprehensive, industry-standard information security and data privacy compliance policies and procedures to protect Users and their User Data, and you will provide the results of any security audits (including any SOC-2 audit) you undertake to us upon our request. You will ensure that your Brex API Client receives and transmits data with a protocol at least as secure as those accepted by the Brex APIs, and that your Brex API Client contains protections that are adequate to keep secure and prevent the interception of any User Data. You agree to periodically assess the security of your Brex API Client to ensure it is maintained free of defects and security vulnerabilities; and you will share the results of such assessment with us upon request. We may require that such an assessment be conducted prior to granting you access to the Brex APIs or at any other time that we deem reasonably necessary to ensure the security of your Brex API Client or the Brex APIs. You will not attempt to circumvent any security measures or technical limitations imposed by us or by the Brex APIs.

3.4. Security Incidents and Notification. You will use best efforts to protect User Data and any Brex Data collected by your Brex API Client, including Personal Data, from any unauthorized access, use, or disclosure (“Security Incident”). You and your Brex API Client will comply with laws that protect Personal Data, and all other applicable privacy laws and regulations. You will notify us within 48 hours of becoming aware, or have reason to suspect the occurrence of any Security Incident or other security breach (including any actual, or suspected theft, loss or misuse of User Data) that you discover or suspect in connection with: (a) your use of the Brex APIs, or (b) your Brex API Client. You agree to collaborate with Brex on creating a notification and remediation strategy for Users. You also agree to promptly notify any Users whose information may have been affected to the extent required by Applicable Law.

3.5. Harmful Code. You will not include, or enable or permit to be included, in or in connection with any API Client, any spyware, malware, virus, worm, Trojan horse or other malicious or harmful code, or any software application not expressly and knowingly authorized by each applicable User prior to being downloaded, installed or used.

3.6. Development.  You will be solely responsible for all development and distribution of your Brex API Client, and for all related costs, expenses, losses and liabilities.

3.7. Service and Support.  You are solely responsible for all aspects of your Brex API Client, and we will not be required to provide any technical or other support services to you or any User in connection with the integration of the Brex APIs with your Brex API Client or any related User Data.  You will provide primary User support to resolve any errors, bugs or issues with the Brex APIs Client and the Customer Services. You agree to acknowledge receipt of inquiries from Users within 48 hours, and you will develop and utilize appropriate escalation procedures for Users related to resolution of inquiries regarding your Brex API Client. We will designate a Customer manager and a technical resource to assist in identifying and resolving API errors, and to answer questions related to operational use of the Brex APIs. We reserve the right to approve in advance all communications with Users related to your use of the Brex APIs; however, we are not responsible for monitoring or policing any dispute that may arise between or among you, any Third-Party Partner, any User, or any other third party related to your Brex API Client. Your use of the Brex APIs and any related User Data is at your own risk, and you are solely responsible for any damage to any computer systems, networks, or databases belonging to you, a Third-Party Partner, or any User, all losses suffered by you, any Third-Party Partner, or any User, and for any other liability of any type related to your use of the Brex APIs and User Data.

4. User Data Privacy and Security.

4.1. User Consent and Privacy.  You will ensure that neither you, your Third-Party Partners , nor your Brex API Client collects or discloses User Data from or concerning any User through the Brex APIs unless you first (a) inform such User in a Privacy Policy of types of User Data you collect or disclose and how such User Data will be used or disclosed; and (b) obtain affirmative consent from such User to such collection, use, and disclosure in accordance with Applicable Law. Any such Privacy Policy must be made available to Users prior to the collection, use, or disclosure of any User Data, and prominently displayed to the User through the Customer Services. Under no circumstances will the Privacy Policies permit the sale or disclosure of Personal Data that is not De-Identified Data without the User’s or Person’s express written consent. In addition, the Privacy Policies will be consistent with your obligations under this Agreement and with Brex’s rights and obligations under the Brex Privacy Policy, currently available at www.brex.com/privacy. Your collection, use and disclosure of User Data must not conflict with either your Privacy Policy, any Third-Party Partner’s Privacy Policy, or the Brex Privacy Policy.

4.2. User Authentication. You and each of your Third-Party Partners will ensure that each User has been authenticated with us by using available OAuth protocols and any other authentication mechanisms made available to you by us prior to accessing any of an authenticated User’s User Data. As part of the authentication process, Brex may also require the User to consent to the types of data to be shared and what parties they may be shared with, and to any other aspects of the proposed API connection. You agree to comply with any preferences that the User expresses during the authentication process.

4.3.User Account Un-Linking. Once a User’s Brex Account has been authenticated with your Brex API Client, then your Brex API Client must provide a method for the User to disconnect or “un-link” its Brex Account from your Brex API Client and any related systems or software. If a User disconnects its Brex Account or otherwise revokes their permission for your Brex API Client to access its User Data using a method you provide, then your access to any User Data related to that User will be terminated and you will delete all User Data in your possession for such User; except that you will not be required to delete User Data to the extent you are required to retain such User Data to comply with Applicable Law.

4.4. Limitations on Use of User Data and Disclosures.

4.4.1. Except as otherwise permitted by Brex, you will not use or disclose any User Data except for purposes of: (a) providing User Data directly to a User; (b) complying with Applicable Law or mandatory requests of a government or regulatory body; (c) providing User Data to a Third-Party Partner or other third party for the sole purpose of providing such User Data directly to a User; except any such Third-Party Partner or other third party: (i) may not use such User Data for any other purpose; and (ii) will comply with any required use and disclosure obligations regarding User Data applicable to each User, and to us that are at least as protective as those in this Agreement; and (d) as contemplated by your privacy policy.

4.4.2. Without limiting the limitations set forth in Section 4.4.1, and regardless of whether the applicable User has consented, absent Brex’s prior written consent, you and your Third-Party Partners will not: (i) market, sell, lease, license, or otherwise commercialize any User Data or any data aggregated or derived from User Data for any purpose other than the explicit purpose for which the User has granted consent;  (ii) use or disclose for marketing purposes any User Data received or collected by you or your Brex API Client from or through Brex or the Brex APIs; or (iii) analyze, aggregate, or otherwise use User Data or Brex Data to reverse engineer or otherwise ascertain or derive Brex’s Confidential Information.

4.5. Responsibility for Collected User Data.  As between you and Brex, you are solely responsible for (a) any User Data and any other data and information collected by you, including the transmission of any User Data to or from the Brex APIs or otherwise using the Brex APIs, and (b) the completeness and accuracy of User Data and the legality of its collection, processing, use and disclosure. You understand that we and our Third-Party Partners will rely on the User Data you submit to us, and you will make best efforts to ensure that all User Data you submit is accurate and complete.

4.6. User Data Access Restrictions.

4.6.1. API Client and Third Parties.  You will not, and you will not permit or enable any API Client, Third-Party Partner, or any other third party or service provider to: (a) use any automated means (e.g., scraping, crawling, spidering or robots) to access, query or obtain any User Data from any Brex websites, data systems, or other Brex APIs; or (b) except as expressly permitted by the Agreement or any applicable Brex Agreements, archive, store, modify or replace any User Data received from Brex or the Brex APIs (including by changing the order in which such User Data was originally made available by Brex or intermixing such User Data with data from sources other than Brex). Upon our request, you will delete any and all User Data you possess that does not comply with this Section 4.6.1.

4.6.2. Personnel.  You will ensure that any of your personnel who are granted access to User Data are screened, to the extent permitted by Applicable Law, in accordance with best practices in the financial services industry. You will exclude from access to User Data any personnel that have been convicted of a crime involving theft, fraud, money laundering, breach of fiduciary duty, or similar financial crime that suggests that, after an individualized assessment of facts and circumstances of the conviction, the personnel pose a more than marginally greater level of risk (than someone without a conviction) of mis-using User Data.

4.7. Deletion of User Data. Except where retention of User Data is required under Applicable Law, your contractual requirements to maintain a copy of such User Data by request of a User, or your reasonable need to retain such User Data for recordkeeping purposes for the benefit of that User, upon termination of this Agreement (or any Wind-Down Period, if applicable), you and your Third-Party Partners will delete all User Data, as well as any De-Identified Data derived from such User Data. You must also delete all User Data at the request of a User in the event that a User revokes your right to access such data via your Brex API Client as set forth in Section 4.3. For the avoidance of doubt, the Parties acknowledge that each Party may possess identical information collected independently by each Party, and such identical information shall: (a) remain the Confidential Information of the respective Parties, and (b) shall not be subject to this Section 4.7.

5. Use of Marks.

5.1. Brex Marks. Upon our prior written approval, you may use and display the Brex Marks solely for the limited purposes of facilitating connection of a User’s Brex Account to your Brex API Client, and to identify Brex in the Brex User data consent portals. You may not attempt to register any names, trade names, trademarks, service marks, slogans, logos, domain names or other indicia that are confusingly similar in any way to the Brex Marks. Nothing in this Agreement will convey any right, title, license or other interest in or to the Brex Marks to you or to any Third-Party Partner.

5.2. Customer Marks. You hereby grant to Brex a limited, fully paid-up, worldwide, royalty-free, non-exclusive, non-transferable license (but Brex has no obligation) to use your name and logo (“Customer Marks”) in connection with the Brex APIs on the Brex User data consent portal, so long as any usage complies with your trademark guidelines. Nothing in this Agreement will convey any right, title, license or other interest in or to the Customer Marks to us or to any Brex Entity.

6. Termination; Suspension; and Wind-Down Period.

6.1. Termination. This Agreement will remain effective until terminated in accordance with its terms.

6.1.1. Either Party may terminate this Agreement: (a) at any time without cause upon 90  days’ written notice to the other Party; or (b) if the other Party breaches the terms of this Agreement and such breach remains uncured for 30 days after receipt of a notice of the breach and intent to terminate from the non-breaching Party, except that such termination may occur immediately if the breach cannot be cured.

6.1.2. We may terminate the Agreement immediately: (a) if you experience a Security Incident affecting User Data; or (b) in the event of fraud or intentional misconduct by you or any of your or their respective personnel.

6.2. Suspension. In addition, we reserve the right, in its sole discretion, to suspend (temporarily or permanently) your use of the Brex APIs, Brex API Keys, any Brex Marks, or any User Data (whether by you, a Third-Party, or a User), in whole or in part upon reasonable notice to you: (a) if a User requests to disconnect their Brex Account from the Customer Services (provided however that in such case, only User Data for that specific User shall be suspended); (b) if we reasonably believe that there is a material risk of a Security Incident with respect to your or any Third-Party Partner’s systems; or (c) to perform reasonable maintenance or to provide updates to the Brex APIs, the Services, or our systems or networks.

6.3. Liability for Losses. We bear no responsibility or liability to you for any such termination or suspension. Upon any such termination or suspension, all rights or licenses that you may have with respect to the Brex APIs, Brex Marks, and User Data will immediately be terminated or suspended, as applicable, and you will immediately cease using the Brex APIs, Brex Marks and User Data, and delete any data or materials related to the Brex APIs, Brex Marks, and User Data in your possession or control in accordance with Section 4.8.

7. Confidential Information.

7.1. Each party (the “Disclosing Party”) may from time to time during the term of this Agreement disclose to the other party (the “Receiving Party”) the Disclosing Party’s Confidential Information. The Receiving Party will: (a) hold the Confidential Information in trust and confidence; (b) use the Confidential Information only as expressly permitted in this Agreement (and not for the benefit of any third party), and not in any manner or for any purpose other than as expressly permitted in this Agreement; (c) not reproduce Confidential Information except as necessary to fulfill your obligations hereunder; and (d) not make available to any third party, directly or indirectly, any Confidential Information without the Disclosing Party’s express prior written consent; provided, however, that the Receiving Party may disclose Confidential Information of the Disclosing Party to the Receiving Party's employees, and to any of the Receiving Party's contractors who are bound to the Receiving Party by confidentiality obligations substantially equivalent to those set forth in this Section 7, solely as required in order for the Receiving Party to perform under this Agreement, and the Receiving Party may disclose the Disclosing Party’s Confidential Information to, as applicable, its professional advisors, and to the employees and contractors of its parent, subsidiaries and Affiliates. The Receiving Party will protect the Disclosing Party’s Confidential Information with at least the same degree of care as the Receiving Party uses to protect its own Confidential Information of a similar nature, but in no case with less than a reasonable degree of care. The Receiving Party will be solely responsible and liable for all use and disclosure of Confidential Information by or through the Receiving Party, any Third-Party Partner, any Brex User or any other third party who receives Confidential Information from the Receiving Party.

7.2. Upon any termination of this agreement, the Receiving Party will immediately cease using and delete all copies of Confidential Information in its possession, custody or control, and certify such deletion in writing to the Disclosing Party. The Receiving Part acknowledges and agrees that breach or threatened breach of this Section 7 may cause the Disclosing Party irreparable harm and significant injury, the amount of which may be difficult to estimate and ascertain, thus making inadequate any remedy at law or in damages. The Receiving Party therefore agrees that, in the event of such breach or threatened breach, the Disclosing Party will be entitled to injunctive relief from any court of competent jurisdiction enjoining any threatened or actual breach of this Section 7 and for any other relief that such court deems appropriate, in addition to any other remedy or remedies available at law or in equity.


7.3. The Receiving Party may disclose Confidential Information of the Disclosing Party if required to do so under Applicable Law, provided that the Receiving Party, where reasonably practicable and to the extent legally permissible, provides the Disclosing Party with prior written notice of the required disclosure so that the Disclosing Party may seek a protective order or other appropriate remedy, and provided further that the Receiving Party discloses no more Confidential Information of the Disclosing Party than is reasonably necessary in order to respond to the required disclosure.


8. Brex Property; Customer Property; Feedback.

8.1. Brex Property. All intellectual property rights and all other right, title and interest in and to the Brex APIs, Brex Marks, and all other Confidential Information are the sole property of and reserved to Brex or its Affiliates, licensors or suppliers, as applicable, and no right, title or interest therein are transferred to you as a result of your use thereof or this Agreement. You will not contest or assist others in contesting the validity of any such rights. All rights not expressly set forth herein are reserved by Brex or its Affiliates , licensors or suppliers, as applicable, and no implied rights or licenses are granted to you pursuant to this Agreement. You acknowledge and agree that you receive no rights, licenses or interests in or to any patents, patent applications, copyrights, trademarks, trade names or service marks of Brex or its Affiliates, licensors, suppliers or other third parties pursuant to this Agreement.

8.2 Customer Property. All intellectual property rights and all other right, title and interest in and to Customer’s technology and all other Customer Confidential Information are the sole property of and reserved to Customer or its Affiliates, licensors or suppliers, as applicable, and no right, title or interest therein are transferred to Brex as a result of its use thereof or this Agreement. Brex will not contest or assist others in contesting the validity of any such rights. Except as otherwise set forth herein, including in Section 5, Brex acknowledges and agrees that it receive no rights, licenses or interests in or to any patents, patent applications, copyrights, trademarks, trade names or service marks of Customer or its Affiliates, licensors, suppliers or other third parties pursuant to this Agreement.

8.2. Feedback. You hereby irrevocably assign and agree to irrevocably assign to us, without charge, all intellectual property rights relating to oral and written Feedback that you provide relating to the Brex APIs or any associated services or documentation. At our expense, you will take all actions deemed necessary by us in order for us to record, perfect and maintain its rights in and to all Feedback. Without limiting the foregoing, we will have an unlimited, worldwide, royalty-free right to use and modify all Feedback, and we will have no confidentiality obligations with respect to any Feedback.

9. Disclaimer of Warranties; Limitation of Liability; Indemnification.

9.1 Disclaimer of Warranties by Brex. THE BREX APIS, USER DATA, AND BREX PROPERTY PROVIDED BY OR ON BEHALF OF BREX, ARE PROVIDED “AS IS” AND WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED. TO THE FULLEST EXTENT PERMITTED BY LAW, THE BREX ENTITIES DISCLAIM ALL WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING ANY IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, ACCURACY, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES THAT MAY ARISE FROM COURSE OF DEALING, COURSE OF PERFORMANCE OR USAGE OF TRADE. THE BREX ENTITIES DO NOT WARRANT THAT USE OF THE BREX APIS, USER DATA, OR BREX PROPERTY WILL BE UNINTERRUPTED, ERROR-FREE OR SECURE, OR THAT DEFECTS WILL BE CORRECTED. YOU ACKNOWLEDGE THAT YOU ARE RESPONSIBLE FOR OBTAINING AND MAINTAINING ALL TELEPHONE, COMPUTER HARDWARE, SOFTWARE AND OTHER EQUIPMENT, MATERIALS AND THIRD-PARTY LICENSES AND CONSENTS NEEDED TO USE YOUR API CLIENT WITH THE BREX APIS, AND FOR ALL RELATED COSTS. YOUR USE OF THE BREX APIS, USER DATA, OR BREX PROPERTY IS ENTIRELY AT YOUR OWN RISK.

9.2. Limitation of Liability. NEITHER PARTY, NOR ANY OF THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES, CONSULTANTS, AGENTS OR OTHER REPRESENTATIVES WILL BE RESPONSIBLE OR LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY OR PUNITIVE DAMAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS, LOSS OF DATA OR LOST PROFITS), UNDER ANY CONTRACT, NEGLIGENCE, INDEMNITY, STRICT LIABILITY OR OTHER THEORY, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, ARISING OUT OF OR RELATING IN ANY WAY TO THIS AGREEMENT; OR FROM ANY TERMINATION OR SUSPENSION OF THIS AGREEMENT OR CUSTOMER’S ACCESS TO OR USE OF THE BREX APIS, USER DATA, OR ANY BREX PROPERTY. CUSTOMER’S SOLE REMEDY FOR DISSATISFACTION WITH THE BREX APIS, USER DATA, OR ANY BREX PROPERTY IS TO STOP USING THE API, USER DATA, OR BREX PROPERTY, AS APPLICABLE. EXCEPT FOR EITHER PARTY’S BREACH OF SECTION 7 [CONFIDENTIAL INFORMATION] AND FOR ANY AMOUNTS OWED PURSUANT TO A PARTY’S OBLIGATIONS UNDER SECTION 9.3 [INDEMNIFICATION], EACH PARTY’S SOLE AND EXCLUSIVE MAXIMUM LIABILITY FOR ANY DAMAGES, LOSSES AND CAUSES OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), INDEMNITY OR OTHERWISE, IN CONNECTION WITH THIS AGREEMENT, WILL BE LIMITED TO THE TOTAL AMOUNTS PAID BY CUSTOMER, IF ANY, TO USE THE BREX APIS, OR TEN DOLLARS ($10), WHICHEVER IS GREATER.

9.3. Indemnification.

9.3.1. Customer Indemnification. You will indemnify, defend and hold the Brex Entities and their directors, officers, employees, consultants, agents and other representatives harmless from and against any losses that result from a Third-Party Claim against a Brex Entity arising out of, related to, caused or incurred by, or in connection with: (a) your use of or other activities in connection with the Brex APIs, User Data, or the Brex Property; (b) your Brex API Client, its use (whether by you or a third party) and any transactions conducted through it or User Data transmitted through it (whether by you or a third party); (c) the operation of your business in connection with the Brex APIs, User Data, or Brex Property; (d) any suspension or termination of your Brex API Client’s use of the Brex APIs, User Data, or Brex Property (including any such suspension or termination caused by Brex); (e) any breach by you of any representations, warranties, covenants or obligations under this Agreement; (f) actual or alleged infringement of any third party’s Intellectual Property by you related to your Brex API Client (including any component thereof), or any Feedback or other materials made available to Brex by you; (g) your gross negligence, fraud or intentional misconduct; (h) any Security Incident caused by you or any Third-Party Partner; or (i) your violation of Applicable Law. At our election, you will assume control of the defense and settlement of any Third-Party Claim that is subject to indemnification by you pursuant to this Section 9.3; except that we may at any time thereafter elect to take over control of the defense and settlement of any such Third-Party Claim, and provided that you will not settle any such Third-Party Claim without our express prior written consent.

9.3.2. Brex Indemnification. We will indemnify, defend and hold you and your Affiliates, directors, officers, employees, consultants, agents and other representatives harmless from and against any losses that result from a Third-Party Claim against a you arising out of, related to, caused or incurred by, or in connection with: (a) any breach by us of any representations, warranties, covenants or obligations under this Agreement; (b) actual or alleged infringement of any third party’s Intellectual Property by Brex related to the Brex API (including any component thereof; (c) Brex’s gross negligence, fraud or intentional misconduct; (h) any breach of your Confidential Information caused by us; or (i) our violation of Applicable Law. At our election, we will assume control of the defense and settlement of any Third-Party Claim that is subject to indemnification by us pursuant to this Section 9.3; except that you may at any time thereafter elect to take over control of the defense and settlement of any such Third-Party Claim, and provided that we will not settle any such Third-Party Claim without your express prior written consent.

10. Miscellaneous.

10.1. Notices. The Parties will deliver all notices, demands and other communications via electronic mail and in writing (both of which will constitute notice) to the following addresses:

If to Brex:

Brex Inc.

Attn: General Counsel

405 Howard Street, Suite 200

San Francisco, CA 94015

with a copy to notices@brex.com


10.2. Complaints and Litigation. Each Party will promptly provide the other Party with copies of any civil or investigative demand, subpoena, complaint, lawsuit or similar proceeding or request for information regarding a private litigant’s or regulatory authority’s investigation or enforcement action relating to the Brex APIs, API Client, the Services or this Agreement in which a Brex Entity is named as Party; unless disclosure of such information is expressly prohibited by the regulatory authority issuing the investigation or action.

10.3. Third-Party Beneficiaries. This Agreement does not benefit or create any right or cause of action in or on behalf of any Person other than you and Brex.

10.4. Independent Contractors. Nothing contained in this Agreement will be construed as creating or constituting a partnership, joint venture or agency between the Parties to this Agreement. Each Party will be deemed an independent contractor with respect to the other Party in fulfillment of their respective obligations.

10.5. Assignment. This Agreement and your rights, privileges, duties and obligations in this Agreement may not be assigned or delegated by you without our prior written consent.

10.6. Amendments and Waivers. Neither Party may amend, modify, or waive in any fashion any instrument or provisions in this Agreement except by an instrument in writing signed by the Parties.  A Party’s waiver of any breach of this Agreement by the other Party will not operate or be construed as the waiver of the same or any similar breach on a subsequent occasion, nor will any delay in exercising any right, power or privilege granted by this Agreement constitute such a waiver.

10.7. Counterparts; Delivery. This Agreement may be executed in any number of counterparts, all of which taken together will constitute one document. The Parties may deliver executed counterparts of this Agreement by electronic means.

10.8. Publicity and User Communications.  The Parties will collaborate and mutually agree to the content, timing, and all other terms of any commercial communications regarding integration of your Brex API Client with the Brex APIs, except that we reserve the right to approve the content of any marketing communications to Users regarding your Brex API Client in our sole and absolute discretion.

10.9. Compliance with Laws. You will comply with all laws, regulations and policies related to User Data and the development, marketing, sale, distribution and use of the Brex APIs Client or related applications, and all other Applicable Laws. Upon our request, you will promptly provide us copies of any applicable regulatory approvals or other clearances required of you to provide the Brex APIs Client, or possess and use User Data. Absent our express prior written consent, you will not seek any regulatory permissions or make any determinations that may result in any Brex Entity or the Brex APIs being deemed regulated or that may impose any obligations or limitations on any Brex Entity.

10.10. Governing Law and Venue. This Agreement will be construed, applied, and governed by the laws of the State of California exclusive of its conflict or choice of law rules except to the extent that U.S. federal law controls. Subject to the good faith binding arbitration requirement provisions contained in Section 10.12, all litigation will be brought in the state or federal courts located in San Francisco, California.

10.11. WAIVER OF JURY TRIAL. EACH PARTY HEREBY WAIVES, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, ANY RIGHT IT MAY HAVE TO A TRIAL BY JURY IN ANY LEGAL PROCEEDING DIRECTLY OR INDIRECTLY ARISING OUT OF OR RELATING TO THE BREX APIS, THE BREX APIS CLIENT, USER DATA AND THIS AGREEMENT (WHETHER BASED ON CONTRACT, TORT OR ANY OTHER THEORY).

10.12. Dispute Resolution; Arbitration. The Parties will attempt to resolve any dispute, claim, or controversy arising from or relating to this Agreement (“Disputes”) in good faith and in a timely manner by mutual consultation among the designated representatives of each Party. If a Dispute remains unresolved for more than 60 days, either Party may escalate the Dispute for resolution by senior executives from each Party; except that that such 60-day consultation period does not apply to cases where a Party is seeking injunctive or declaratory relief to avoid imminent or immediate harm or Losses. Except for any Dispute principally related to or arising out of either Party’s rights and obligations under Section 4 [User Data Privacy and Security]; Section 7 [Confidential Information]; Section 8 [Brex Property; Customer Property; Feedback] and Section 9.3 [Indemnification], which the Parties will resolve in litigation in accordance with Section 10.10, each Dispute not resolved by the Parties by mutual consultation will be determined by arbitration in San Francisco, California before a single arbitrator. The arbitration will be administered by JAMS. For claims greater than $250,000, the JAMS Comprehensive Arbitration Rules and Procedures in effect at the time the arbitration is commenced will apply. For claims less than or equal to $250,000, the JAMS Streamlined Arbitration Rules in effect at the time the arbitration is commenced will apply. The arbitrator will apply the substantive law of the State of California, exclusive of its conflict or choice of law rules. If JAMS is no longer in business or refuses or declines to administer any Dispute between the Parties brought before it, either Party may petition the United States District Court for the Northern District of California to appoint the arbitrator. Nothing in this Section 10.12 will preclude the Parties from seeking provisional remedies in aid of arbitration from a court of appropriate jurisdiction. The Parties acknowledge that this Agreement evidences a transaction involving interstate commerce. Notwithstanding the provisions in this paragraph referencing applicable substantive law, the Federal Arbitration Act (9 U.S.C. §§ 1-16) will govern any arbitration conducted pursuant to the terms of this Agreement. Either Party may commence arbitration by providing to JAMS and the other Party to the Dispute a written demand for arbitration, setting forth the subject of the Dispute and the relief requested. The existence of a Dispute and the observance by the Parties of the Dispute resolution procedures in this Section 10.12 will not: (a) excuse any Party from continuing to perform its obligations under this Agreement; or (b) suspend any obligation to pay any amount otherwise due and payable under this Agreement unless that obligation or the amount (to the extent in Dispute) is itself the subject of the Dispute. Nothing in this Agreement affects the right of a Party to institute proceedings to seek urgent injunctive or declaratory relief in respect of a Dispute or any matter arising under this Agreement. If any Dispute leads to an arbitration or other legal proceeding to resolve such Dispute, the prevailing Party in such proceeding will be entitled to receive its reasonable attorneys’ fees, expert witness fees and out-of-pocket costs incurred in connection with such proceeding, in addition to any other relief it may be awarded. To the extent permitted by applicable law, all arbitration proceedings will be subject to Section 7 [Confidential Information].

10.13. Force Majeure. Neither Party will be liable for delay or failure to perform, in whole or in part, any of its duties under this Agreement due to factors beyond its control, including lack or failure of raw materials, strike, lockout or other labor disturbance, health emergency, sabotage, terrorism, acts of war or other armed conflict, pandemics or epidemics, acts of nature, earthquake, storm, fire, electrical supply or telecommunications failure.

10.14. Remedies Cumulative. The Parties do not intend the rights conferred upon both Parties to this Agreement to be exclusive of each other or of any other rights and remedies of both Parties under this Agreement, under Applicable Law, or in equity. Rather, each and every right of both Parties to this Agreement, under Applicable Law, or in equity is cumulative and concurrent and in addition to all other rights of the Parties.

10.15. Severability. If any provision of this Agreement, or the application of any such provision to any person or circumstance, is invalid or unenforceable, the remainder of this Agreement, or the application of such provision to persons or circumstances other than those as to which it is invalid or unenforceable, will not be affected by such invalidity or unenforceability, and the Parties expressly authorize any court of competent jurisdiction to modify any such provision in order that such provision will be enforced by such court to the fullest extent permitted by Applicable Law. In the event of any conflict between the terms of this Agreement and any other Brex Agreement to which you are a party, the terms of this Agreement will govern and prevail.

10.16. Entire Agreement. This Agreement embodies the entire understanding of the Parties with respect to the subject matter hereof and supersedes in their entirety all prior communication, correspondence, and instruments, and there are no further or other agreements or understandings, written or oral, in effect between the Parties relating to the subject matter of this Agreement.

10.17. Survival. The provisions of Sections 4, 5, 6, 7, 8, 9, and this Section 10  will survive termination of this Agreement.

EXHIBIT A

DEFINITIONS AND RULES OF CONSTRUCTION

Additional Terms” means additional terms or policies to which we may require you to agree in the event that we release new products, features, integrations, promotions, or rewards, or otherwise to enhance and improve the scope and quality of the Services.


“Affiliate” means, with regards to each Party, (a) any person or entity controlling, controlled by, or under common control with such Party; or (b) any partner of or joint venturer with such Party. For purposes of this definition, control means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of such person or entity, whether through ownership of voting securities or otherwise.


API” means an application programming interface and related software, code, services, keys, endpoints, documentation and all information provided by Brex related to the foregoing.

Applicable Law” means any: (a) statute, ordinance, permit, treaty, rule, regulation, law, or common law interpretation of any law applicable to a Party; (b) bulletin, judgment, order, decree, injunction, request, recommendation, direction, guidance, examination, or determination of any regulatory authority with jurisdiction or authority over a Party; or (c) any negotiated settlement, order, or agreement by a Party with an arbitrator or a regulatory authority.

Brex Account” means a Brex Card Account or Brex Cash Account that is used in connection with the Services.

Brex API Client” means any application, website, or other online experience you develop that connects to, or is enabled by the Brex APIs.

Brex Data” means any data, content, materials, or other information (including accompanying metadata), that at any time is transmitted to or from, stored on, or accessible through the Brex APIs, or otherwise made available to you by Brex in connection with the Brex APIs. Brex Data includes User Data, but does not include Personal Data.

Brex Marks” means the names, trade names, trademarks, service marks, and logos of Brex.

“Brex Property” means the Services and related technology; Brex Data; and copyrights, patents, trade secrets, trade or service marks, brands, logos, and other intellectual property incorporated into each of the foregoing.

Card” means a physical or virtual payment card issued by an Issuer and managed through a User’s Brex Card Account.

Card Networks” means the payment card networks including Visa or Mastercard.

Confidential Information” means a Party’s non-public, commercially proprietary or sensitive information, whether or not designated as “confidential”  or “proprietary” or similar designation, that relates to the business activities of a Party or its Affiliates, or to their respective Users, employees, customers or Third-Party Partners, including technical, marketing, financial, employee, planning, and other confidential and proprietary information. Information shall not be considered “Confidential Information” to the extent, but only to the extent, that such information (a) was already known to the Receiving Party free of any restriction at the time it is obtained from the Disclosing Party; (b) is subsequently learned from an independent third party free of any restrictions and without breach of this Agreement or any other agreements; (c) is or becomes publicly available through no wrongful act of the Receiving Party; or is independently developed by the Receiving Party without reference to any Confidential Information.

De-Identified Data” means data derived from User Data that has been anonymized or aggregated with other data and that can no longer be used to identify a specific company or individual.

Feedback” refers to any suggestion or idea for improving or otherwise modifying any of Brex’s products or services. Feedback does not include any suggestion or idea to the extent that it solely addresses your products or services.”

Financial Data” means a User’s Brex Account balance, transaction history, and all other Brex Account information, and a User’s bank account balance, transaction history, and all other bank account information accessible to Brex through Linked Accounts.

“Intellectual Property” means a Party’s services and related technology; Confidential Information; and copyrights, patents, trade secrets, trade or service marks, brands, logos, and other intellectual property incorporated into each of the foregoing.

Issuer” means the bank that is a member of the Card Network indicated on Cards that is responsible for issuing the Cards to Users.

Linked Accounts” means any account that is held with a financial institution (including Brex Treasury) that is linked to or authorized for use or payment through a Brex Account by a User.

Marks” means the names, trade names, trademarks, service marks, and logos of each Party.

Customer Services” means the websites, applications, and other services provided by Customer to Users.

Personal Data” means data that identifies or could reasonably be used to identify, directly or indirectly, a natural person.

“Customer Property” means the Customer’s technology and all other Customer Confidential Information and related technology; and copyrights, patents, trade secrets, trade or service marks, brands, logos, and other intellectual property incorporated into each of the foregoing.

Services” means the financial products, technology, expense management, cash management, payment services, and all other services provided by Brex to Users.

Third-Party Claim” means any action or threatened action, suit, claim, proceeding or regulatory action, regardless of merit brought against a Party by any person not a party to this Agreement.

Third-Party Partner” means any entity other than a User who may receive User Data from you or your Brex API Client.

User” means any user of the Services, or any entity that is otherwise a Brex customer.

“User Data” means any data or other information relating to a User or collected from or at the direction of a User (whether collected by Customer, Brex, or any third party), including any Financial Data and any Personal Data.

Rules of Construction

As used in this Agreement: (a) all references to a plural form will include the singular form (and vice versa); (b) the terms “include” and “including” are meant to be illustrative and not exclusive, and will be deemed to mean “include without limitation” “including, but not limited to”, or “including without limitation;” (c) the word “or” is both conjunctive and disjunctive; (d) the word “and” is conjunctive only; (e) references to “days” mean calendar days unless otherwise indicated through the use of the phrase “Business Day”; and (f) any reference made in this Agreement to a statute or statutory provision means such statute or statutory provision as it has been amended through the date as of which the particular portion of this Agreement is to take effect, or to any successor statute or statutory provision relating to the same subject as the statutory provision referred to in this Agreement, and to any then applicable rules or regulations, unless otherwise provided.

SCHEDULE 2.1

BREX APIs and Additional Terms

1. Brex APIs

1.1. Brex Onboarding API. This endpoint is used to submit User referrals to Brex. Brex will present the referred User with a Brex Account application form with the User information pre-filled that you provide.

1.2. Brex Onboarding API Terms.

1.2.1. User Data. You understand that Brex will rely on the User Data you submit to us to evaluate each User’s Brex Account application, and you will make best efforts to ensure that all User Data you submit is accurate and complete.

1.2.2. Disclosures and Consent. You will include a notice to Users on your Brex Account referral page that (i) you will disclose User Data with us when the User applies for a Brex Account, and (ii) submitting a Brex Account application constitutes the User’s consent to such disclosure to us.

1.2.3. No Assurances or Conditions. You will not provide assurances to a User that we will approve a User’s Brex Account application, and you will not condition the submission of a Brex Account application on any criteria not expressly approved by us.

1.2.4. No Disparate Treatment. Brex will evaluate each User’s Brex Account application no less favorably than it would had the application been submitted through any other service comparable to Customer’s services.

1.3. Brex Accounting API. This endpoint is used for permissioned access to Brex Customer transactions and balances.

Brex Access Agreement

Revised June 6, 2021

The Brex Access Agreement (the “Agreement”) describes the terms and conditions governing your use of Brex’s User Data access application programming interfaces (the “Brex APIs”), and is a supplement to the Brex Platform Agreement, the Brex Privacy Policy, the Brex User Terms and any Additional Terms (collectively the “Brex Agreements”). By using or accessing the Brex APIs, you agree to comply with the terms of this Agreement. “We,” “our” or “us” means Brex Inc. “You,” “your,” or “Customer” means the person or entity accepting or signing this Agreement.  Together, you and we may be collectively referred to as “Party” or “Parties.” If you use or access the Brex APIs on behalf of an entity, then you represent and warrant that you have authority to bind that entity to this Agreement, that you are doing so on behalf of that entity, and that all references to “You” in the Agreement refer to that entity.

1. Definitions and Rules of Construction. Exhibit A contains the definitions of capitalized terms not separately defined in the context of this Agreement and rules governing construction and interpretation of certain terms and phrases used commonly in this Agreement.

2. Accessing the Brex APIs.

2.1. Limited Right to Use the Brex APIs. Conditioned upon your continued compliance with the terms of this Agreement and any applicable Brex Agreements to which you are a party, we grant you a limited, revocable, non-exclusive, non-sublicensable, non-transferrable, non-assignable license, solely while this Agreement is in effect, to use the Brex APIs set forth on Schedule 2.1 to this Agreement. Further, we will make commercially reasonable efforts to: (a) make available to you via the Brex APIs all User Data that is accessible to Users of the Services in read-only format; and (b) ensure that the quality of User Data we make available to you is equal to the quality of User Data we provide to other Brex API users. Additional terms and conditions applicable to specific Brex APIs are set forth on Schedule 2.1. We may make additional Brex APIs available to you from time to time, and your use of any such Brex API constitutes your consent to the terms of this Agreement and any additional terms set forth on Schedule 2.1. We may modify the terms of Schedule 2.1 in our sole discretion upon Notice to you.

2.2. Accessing the Brex APIs.  You will only access the Brex APIs in conformance with the terms of the Agreement and the Brex APIs documentation. We will assign you with keys or other credentials (“Brex API Keys”) to enable your access to and use of the Brex APIs. We may issue, activate, suspend, re-activate, or deactivate your Brex API Keys to ensure usage of the Brex APIs consistent with the Agreement and as set forth in Section 6. You will cause all API calls from your Brex API Client to include the appropriate API Key, and you agree not to mask or misrepresent your identity or your Brex API Client’s identity when using, accessing, or attempting to access the Brex APIs. You agree to keep any information you provide to Brex regarding or related to your use of the Brex APIs accurate and up to date, and you agree not to hide, misrepresent or obscure any of the features, content, services, or functionality of your Brex API usage or any Brex API Client during your use of the Brex API.

2.3. API Usage Limitations. If at any time we determine in our sole discretion that the volume of API calls from your Brex API Client or your usage of the Brex APIs is reasonably likely to threaten the stability of the Services or result in a Security Incident, we reserve the right to temporarily set and enforce limits on your Brex API Client’s access to the Brex APIs until such time as the threat has been eliminated or contained. These limits may include restrictions on the volume and frequency of API usage, or any other limits necessary to prevent excessive, abusive, or otherwise prohibited use of the Brex APIs. You agree not to exceed, circumvent, or attempt to circumvent any such limits, including by aggregating accounts or creating multiple Brex API Keys or Brex API Clients. You also agree to provide us with API access request estimates on an annual basis upon request, and you will immediately notify us if your actual usage materially exceeds or is likely to exceed your estimated usage at any time during each calendar year.

2.4. Non-interference.  You will not, and you will not permit or enable any API Client, any Third-Party Partner, or any other third party to interfere with the proper workings of the Brex APIs, or create or distribute any service or application that adversely affects the functionality or performance of the Brex APIs, the Services, or the services of any of Brex’s Affiliates, Third-Party Partners or Users.

2.5. Prohibited Uses.  You will not use the Brex APIs to encourage or promote any activity that is illegal, offensive, or otherwise violates the rights of another party. Your use of the Brex APIs will comply with all Applicable Law and any  third-party rights, including laws and regulations related to accessibility and data protection that apply to financial institutions.

2.6. Restrictions. Except as otherwise expressly permitted by this Agreement, you will not, and you will not permit or enable any API Client or any third party to: (a) use the Brex APIs for any purpose or in any manner other than expressly permitted in this Agreement; (b) rent, sell, lease, lend, convey, redistribute or otherwise provide any third party with use of any aspect of the Brex APIs or any associated User Data; (c) modify, decompile, reverse engineer, alter, tamper with or create derivative works of the Brex APIs; (d) falsify or alter any API Key or otherwise obscure or alter the sources of calls coming from your Brex API Client; or (e) access internal application programming interfaces or data feeds that are not externally available or intended by Brex to be available. You agree not to store or use the Brex APIs or User Data outside of the United States.

2.7. API Modifications; Obligation to Maintain Your Brex API Client. When we modify the Brex APIs to expand access to any additional User Data elements or to otherwise make improvements, we will: (a) make reasonable efforts to avoid making changes that would disrupt your access to the Brex APIs; and (b) provide you with reasonable advance notice of planned enhancements to the Brex APIs; in which event you agree to make the necessary changes in timely manner to ensure continuity of service to Users; except that we may, in our sole discretion provide short notice or no notice to you in the event API modifications are required to prevent User Data loss or other harm to Users.  You may request access to additional User Data elements not supported by the Brex APIs, and we will evaluate your request for inclusion in our API development roadmap; except that we do not guarantee that the additional User Data elements you requested will be made available to you.

2.8. Fees.  Brex reserves the right; upon 30 day’s prior notice, to implement fees and payment terms with respect to any use of the Brex APIs beyond the Brex APIs limitations specified in this Agreement.  Brex may also propose premium API offerings that provide for additional access as well as enhanced service and support terms.

3. Your Brex API Client.

3.1. Brex API Client and Ownership. Your Brex API Client is designed to help you enhance a User’s use of the Customer Services. Brex does not acquire ownership in your Brex API Client, and by using the Brex APIs you do not acquire ownership of any rights in the Brex APIs or any content that you access through the Brex APIs.

3.2. Monitoring. You agree that we may monitor or analyze your access and use of the Brex APIs to verify your compliance with the Agreement, to ensure the quality and reliability of the Brex APIs, to improve the Brex APIs and the Services, and for any other business purpose.  You agree not to interfere with any such monitoring, and you understand that we may use any technical means to overcome such interference. You agree to provide us with any information or materials we request to verify your compliance with the Agreement, including, free of charge, access to any test accounts or applications.

3.3. API Client Security. You agree to maintain comprehensive, industry-standard information security and data privacy compliance policies and procedures to protect Users and their User Data, and you will provide the results of any security audits (including any SOC-2 audit) you undertake to us upon our request. You will ensure that your Brex API Client receives and transmits data with a protocol at least as secure as those accepted by the Brex APIs, and that your Brex API Client contains protections that are adequate to keep secure and prevent the interception of any User Data. You agree to periodically assess the security of your Brex API Client to ensure it is maintained free of defects and security vulnerabilities; and you will share the results of such assessment with us upon request. We may require that such an assessment be conducted prior to granting you access to the Brex APIs or at any other time that we deem reasonably necessary to ensure the security of your Brex API Client or the Brex APIs. You will not attempt to circumvent any security measures or technical limitations imposed by us or by the Brex APIs.

3.4. Security Incidents and Notification. You will use best efforts to protect User Data and any Brex Data collected by your Brex API Client, including Personal Data, from any unauthorized access, use, or disclosure (“Security Incident”). You and your Brex API Client will comply with laws that protect Personal Data, and all other applicable privacy laws and regulations. You will notify us within 48 hours of becoming aware, or have reason to suspect the occurrence of any Security Incident or other security breach (including any actual, or suspected theft, loss or misuse of User Data) that you discover or suspect in connection with: (a) your use of the Brex APIs, or (b) your Brex API Client. You agree to collaborate with Brex on creating a notification and remediation strategy for Users. You also agree to promptly notify any Users whose information may have been affected to the extent required by Applicable Law.

3.5. Harmful Code. You will not include, or enable or permit to be included, in or in connection with any API Client, any spyware, malware, virus, worm, Trojan horse or other malicious or harmful code, or any software application not expressly and knowingly authorized by each applicable User prior to being downloaded, installed or used.

3.6. Development.  You will be solely responsible for all development and distribution of your Brex API Client, and for all related costs, expenses, losses and liabilities.

3.7. Service and Support.  You are solely responsible for all aspects of your Brex API Client, and we will not be required to provide any technical or other support services to you or any User in connection with the integration of the Brex APIs with your Brex API Client or any related User Data.  You will provide primary User support to resolve any errors, bugs or issues with the Brex APIs Client and the Customer Services. You agree to acknowledge receipt of inquiries from Users within 48 hours, and you will develop and utilize appropriate escalation procedures for Users related to resolution of inquiries regarding your Brex API Client. We will designate a Customer manager and a technical resource to assist in identifying and resolving API errors, and to answer questions related to operational use of the Brex APIs. We reserve the right to approve in advance all communications with Users related to your use of the Brex APIs; however, we are not responsible for monitoring or policing any dispute that may arise between or among you, any Third-Party Partner, any User, or any other third party related to your Brex API Client. Your use of the Brex APIs and any related User Data is at your own risk, and you are solely responsible for any damage to any computer systems, networks, or databases belonging to you, a Third-Party Partner, or any User, all losses suffered by you, any Third-Party Partner, or any User, and for any other liability of any type related to your use of the Brex APIs and User Data.

4. User Data Privacy and Security.

4.1. User Consent and Privacy.  You will ensure that neither you, your Third-Party Partners , nor your Brex API Client collects or discloses User Data from or concerning any User through the Brex APIs unless you first (a) inform such User in a Privacy Policy of types of User Data you collect or disclose and how such User Data will be used or disclosed; and (b) obtain affirmative consent from such User to such collection, use, and disclosure in accordance with Applicable Law. Any such Privacy Policy must be made available to Users prior to the collection, use, or disclosure of any User Data, and prominently displayed to the User through the Customer Services. Under no circumstances will the Privacy Policies permit the sale or disclosure of Personal Data that is not De-Identified Data without the User’s or Person’s express written consent. In addition, the Privacy Policies will be consistent with your obligations under this Agreement and with Brex’s rights and obligations under the Brex Privacy Policy, currently available at www.brex.com/privacy. Your collection, use and disclosure of User Data must not conflict with either your Privacy Policy, any Third-Party Partner’s Privacy Policy, or the Brex Privacy Policy.

4.2. User Authentication. You and each of your Third-Party Partners will ensure that each User has been authenticated with us by using available OAuth protocols and any other authentication mechanisms made available to you by us prior to accessing any of an authenticated User’s User Data. As part of the authentication process, Brex may also require the User to consent to the types of data to be shared and what parties they may be shared with, and to any other aspects of the proposed API connection. You agree to comply with any preferences that the User expresses during the authentication process.

4.3.User Account Un-Linking. Once a User’s Brex Account has been authenticated with your Brex API Client, then your Brex API Client must provide a method for the User to disconnect or “un-link” its Brex Account from your Brex API Client and any related systems or software. If a User disconnects its Brex Account or otherwise revokes their permission for your Brex API Client to access its User Data using a method you provide, then your access to any User Data related to that User will be terminated and you will delete all User Data in your possession for such User; except that you will not be required to delete User Data to the extent you are required to retain such User Data to comply with Applicable Law.

4.4. Limitations on Use of User Data and Disclosures.

4.4.1. Except as otherwise permitted by Brex, you will not use or disclose any User Data except for purposes of: (a) providing User Data directly to a User; (b) complying with Applicable Law or mandatory requests of a government or regulatory body; (c) providing User Data to a Third-Party Partner or other third party for the sole purpose of providing such User Data directly to a User; except any such Third-Party Partner or other third party: (i) may not use such User Data for any other purpose; and (ii) will comply with any required use and disclosure obligations regarding User Data applicable to each User, and to us that are at least as protective as those in this Agreement; and (d) as contemplated by your privacy policy.

4.4.2. Without limiting the limitations set forth in Section 4.4.1, and regardless of whether the applicable User has consented, absent Brex’s prior written consent, you and your Third-Party Partners will not: (i) market, sell, lease, license, or otherwise commercialize any User Data or any data aggregated or derived from User Data for any purpose other than the explicit purpose for which the User has granted consent;  (ii) use or disclose for marketing purposes any User Data received or collected by you or your Brex API Client from or through Brex or the Brex APIs; or (iii) analyze, aggregate, or otherwise use User Data or Brex Data to reverse engineer or otherwise ascertain or derive Brex’s Confidential Information.

4.5. Responsibility for Collected User Data.  As between you and Brex, you are solely responsible for (a) any User Data and any other data and information collected by you, including the transmission of any User Data to or from the Brex APIs or otherwise using the Brex APIs, and (b) the completeness and accuracy of User Data and the legality of its collection, processing, use and disclosure. You understand that we and our Third-Party Partners will rely on the User Data you submit to us, and you will make best efforts to ensure that all User Data you submit is accurate and complete.

4.6. User Data Access Restrictions.

4.6.1. API Client and Third Parties.  You will not, and you will not permit or enable any API Client, Third-Party Partner, or any other third party or service provider to: (a) use any automated means (e.g., scraping, crawling, spidering or robots) to access, query or obtain any User Data from any Brex websites, data systems, or other Brex APIs; or (b) except as expressly permitted by the Agreement or any applicable Brex Agreements, archive, store, modify or replace any User Data received from Brex or the Brex APIs (including by changing the order in which such User Data was originally made available by Brex or intermixing such User Data with data from sources other than Brex). Upon our request, you will delete any and all User Data you possess that does not comply with this Section 4.6.1.

4.6.2. Personnel.  You will ensure that any of your personnel who are granted access to User Data are screened, to the extent permitted by Applicable Law, in accordance with best practices in the financial services industry. You will exclude from access to User Data any personnel that have been convicted of a crime involving theft, fraud, money laundering, breach of fiduciary duty, or similar financial crime that suggests that, after an individualized assessment of facts and circumstances of the conviction, the personnel pose a more than marginally greater level of risk (than someone without a conviction) of mis-using User Data.

4.7. Deletion of User Data. Except where retention of User Data is required under Applicable Law, your contractual requirements to maintain a copy of such User Data by request of a User, or your reasonable need to retain such User Data for recordkeeping purposes for the benefit of that User, upon termination of this Agreement (or any Wind-Down Period, if applicable), you and your Third-Party Partners will delete all User Data, as well as any De-Identified Data derived from such User Data. You must also delete all User Data at the request of a User in the event that a User revokes your right to access such data via your Brex API Client as set forth in Section 4.3. For the avoidance of doubt, the Parties acknowledge that each Party may possess identical information collected independently by each Party, and such identical information shall: (a) remain the Confidential Information of the respective Parties, and (b) shall not be subject to this Section 4.7.

5. Use of Marks.

5.1. Brex Marks. Upon our prior written approval, you may use and display the Brex Marks solely for the limited purposes of facilitating connection of a User’s Brex Account to your Brex API Client, and to identify Brex in the Brex User data consent portals. You may not attempt to register any names, trade names, trademarks, service marks, slogans, logos, domain names or other indicia that are confusingly similar in any way to the Brex Marks. Nothing in this Agreement will convey any right, title, license or other interest in or to the Brex Marks to you or to any Third-Party Partner.

5.2. Customer Marks. You hereby grant to Brex a limited, fully paid-up, worldwide, royalty-free, non-exclusive, non-transferable license (but Brex has no obligation) to use your name and logo (“Customer Marks”) in connection with the Brex APIs on the Brex User data consent portal, so long as any usage complies with your trademark guidelines. Nothing in this Agreement will convey any right, title, license or other interest in or to the Customer Marks to us or to any Brex Entity.

6. Termination; Suspension; and Wind-Down Period.

6.1. Termination. This Agreement will remain effective until terminated in accordance with its terms.

6.1.1. Either Party may terminate this Agreement: (a) at any time without cause upon 90  days’ written notice to the other Party; or (b) if the other Party breaches the terms of this Agreement and such breach remains uncured for 30 days after receipt of a notice of the breach and intent to terminate from the non-breaching Party, except that such termination may occur immediately if the breach cannot be cured.

6.1.2. We may terminate the Agreement immediately: (a) if you experience a Security Incident affecting User Data; or (b) in the event of fraud or intentional misconduct by you or any of your or their respective personnel.

6.2. Suspension. In addition, we reserve the right, in its sole discretion, to suspend (temporarily or permanently) your use of the Brex APIs, Brex API Keys, any Brex Marks, or any User Data (whether by you, a Third-Party, or a User), in whole or in part upon reasonable notice to you: (a) if a User requests to disconnect their Brex Account from the Customer Services (provided however that in such case, only User Data for that specific User shall be suspended); (b) if we reasonably believe that there is a material risk of a Security Incident with respect to your or any Third-Party Partner’s systems; or (c) to perform reasonable maintenance or to provide updates to the Brex APIs, the Services, or our systems or networks.

6.3. Liability for Losses. We bear no responsibility or liability to you for any such termination or suspension. Upon any such termination or suspension, all rights or licenses that you may have with respect to the Brex APIs, Brex Marks, and User Data will immediately be terminated or suspended, as applicable, and you will immediately cease using the Brex APIs, Brex Marks and User Data, and delete any data or materials related to the Brex APIs, Brex Marks, and User Data in your possession or control in accordance with Section 4.8.

7. Confidential Information.

7.1. Each party (the “Disclosing Party”) may from time to time during the term of this Agreement disclose to the other party (the “Receiving Party”) the Disclosing Party’s Confidential Information. The Receiving Party will: (a) hold the Confidential Information in trust and confidence; (b) use the Confidential Information only as expressly permitted in this Agreement (and not for the benefit of any third party), and not in any manner or for any purpose other than as expressly permitted in this Agreement; (c) not reproduce Confidential Information except as necessary to fulfill your obligations hereunder; and (d) not make available to any third party, directly or indirectly, any Confidential Information without the Disclosing Party’s express prior written consent; provided, however, that the Receiving Party may disclose Confidential Information of the Disclosing Party to the Receiving Party's employees, and to any of the Receiving Party's contractors who are bound to the Receiving Party by confidentiality obligations substantially equivalent to those set forth in this Section 7, solely as required in order for the Receiving Party to perform under this Agreement, and the Receiving Party may disclose the Disclosing Party’s Confidential Information to, as applicable, its professional advisors, and to the employees and contractors of its parent, subsidiaries and Affiliates. The Receiving Party will protect the Disclosing Party’s Confidential Information with at least the same degree of care as the Receiving Party uses to protect its own Confidential Information of a similar nature, but in no case with less than a reasonable degree of care. The Receiving Party will be solely responsible and liable for all use and disclosure of Confidential Information by or through the Receiving Party, any Third-Party Partner, any Brex User or any other third party who receives Confidential Information from the Receiving Party.

7.2. Upon any termination of this agreement, the Receiving Party will immediately cease using and delete all copies of Confidential Information in its possession, custody or control, and certify such deletion in writing to the Disclosing Party. The Receiving Part acknowledges and agrees that breach or threatened breach of this Section 7 may cause the Disclosing Party irreparable harm and significant injury, the amount of which may be difficult to estimate and ascertain, thus making inadequate any remedy at law or in damages. The Receiving Party therefore agrees that, in the event of such breach or threatened breach, the Disclosing Party will be entitled to injunctive relief from any court of competent jurisdiction enjoining any threatened or actual breach of this Section 7 and for any other relief that such court deems appropriate, in addition to any other remedy or remedies available at law or in equity.


7.3. The Receiving Party may disclose Confidential Information of the Disclosing Party if required to do so under Applicable Law, provided that the Receiving Party, where reasonably practicable and to the extent legally permissible, provides the Disclosing Party with prior written notice of the required disclosure so that the Disclosing Party may seek a protective order or other appropriate remedy, and provided further that the Receiving Party discloses no more Confidential Information of the Disclosing Party than is reasonably necessary in order to respond to the required disclosure.


8. Brex Property; Customer Property; Feedback.

8.1. Brex Property. All intellectual property rights and all other right, title and interest in and to the Brex APIs, Brex Marks, and all other Confidential Information are the sole property of and reserved to Brex or its Affiliates, licensors or suppliers, as applicable, and no right, title or interest therein are transferred to you as a result of your use thereof or this Agreement. You will not contest or assist others in contesting the validity of any such rights. All rights not expressly set forth herein are reserved by Brex or its Affiliates , licensors or suppliers, as applicable, and no implied rights or licenses are granted to you pursuant to this Agreement. You acknowledge and agree that you receive no rights, licenses or interests in or to any patents, patent applications, copyrights, trademarks, trade names or service marks of Brex or its Affiliates, licensors, suppliers or other third parties pursuant to this Agreement.

8.2 Customer Property. All intellectual property rights and all other right, title and interest in and to Customer’s technology and all other Customer Confidential Information are the sole property of and reserved to Customer or its Affiliates, licensors or suppliers, as applicable, and no right, title or interest therein are transferred to Brex as a result of its use thereof or this Agreement. Brex will not contest or assist others in contesting the validity of any such rights. Except as otherwise set forth herein, including in Section 5, Brex acknowledges and agrees that it receive no rights, licenses or interests in or to any patents, patent applications, copyrights, trademarks, trade names or service marks of Customer or its Affiliates, licensors, suppliers or other third parties pursuant to this Agreement.

8.2. Feedback. You hereby irrevocably assign and agree to irrevocably assign to us, without charge, all intellectual property rights relating to oral and written Feedback that you provide relating to the Brex APIs or any associated services or documentation. At our expense, you will take all actions deemed necessary by us in order for us to record, perfect and maintain its rights in and to all Feedback. Without limiting the foregoing, we will have an unlimited, worldwide, royalty-free right to use and modify all Feedback, and we will have no confidentiality obligations with respect to any Feedback.

9. Disclaimer of Warranties; Limitation of Liability; Indemnification.

9.1 Disclaimer of Warranties by Brex. THE BREX APIS, USER DATA, AND BREX PROPERTY PROVIDED BY OR ON BEHALF OF BREX, ARE PROVIDED “AS IS” AND WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED. TO THE FULLEST EXTENT PERMITTED BY LAW, THE BREX ENTITIES DISCLAIM ALL WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING ANY IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, ACCURACY, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES THAT MAY ARISE FROM COURSE OF DEALING, COURSE OF PERFORMANCE OR USAGE OF TRADE. THE BREX ENTITIES DO NOT WARRANT THAT USE OF THE BREX APIS, USER DATA, OR BREX PROPERTY WILL BE UNINTERRUPTED, ERROR-FREE OR SECURE, OR THAT DEFECTS WILL BE CORRECTED. YOU ACKNOWLEDGE THAT YOU ARE RESPONSIBLE FOR OBTAINING AND MAINTAINING ALL TELEPHONE, COMPUTER HARDWARE, SOFTWARE AND OTHER EQUIPMENT, MATERIALS AND THIRD-PARTY LICENSES AND CONSENTS NEEDED TO USE YOUR API CLIENT WITH THE BREX APIS, AND FOR ALL RELATED COSTS. YOUR USE OF THE BREX APIS, USER DATA, OR BREX PROPERTY IS ENTIRELY AT YOUR OWN RISK.

9.2. Limitation of Liability. NEITHER PARTY, NOR ANY OF THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES, CONSULTANTS, AGENTS OR OTHER REPRESENTATIVES WILL BE RESPONSIBLE OR LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY OR PUNITIVE DAMAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS, LOSS OF DATA OR LOST PROFITS), UNDER ANY CONTRACT, NEGLIGENCE, INDEMNITY, STRICT LIABILITY OR OTHER THEORY, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, ARISING OUT OF OR RELATING IN ANY WAY TO THIS AGREEMENT; OR FROM ANY TERMINATION OR SUSPENSION OF THIS AGREEMENT OR CUSTOMER’S ACCESS TO OR USE OF THE BREX APIS, USER DATA, OR ANY BREX PROPERTY. CUSTOMER’S SOLE REMEDY FOR DISSATISFACTION WITH THE BREX APIS, USER DATA, OR ANY BREX PROPERTY IS TO STOP USING THE API, USER DATA, OR BREX PROPERTY, AS APPLICABLE. EXCEPT FOR EITHER PARTY’S BREACH OF SECTION 7 [CONFIDENTIAL INFORMATION] AND FOR ANY AMOUNTS OWED PURSUANT TO A PARTY’S OBLIGATIONS UNDER SECTION 9.3 [INDEMNIFICATION], EACH PARTY’S SOLE AND EXCLUSIVE MAXIMUM LIABILITY FOR ANY DAMAGES, LOSSES AND CAUSES OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), INDEMNITY OR OTHERWISE, IN CONNECTION WITH THIS AGREEMENT, WILL BE LIMITED TO THE TOTAL AMOUNTS PAID BY CUSTOMER, IF ANY, TO USE THE BREX APIS, OR TEN DOLLARS ($10), WHICHEVER IS GREATER.

9.3. Indemnification.

9.3.1. Customer Indemnification. You will indemnify, defend and hold the Brex Entities and their directors, officers, employees, consultants, agents and other representatives harmless from and against any losses that result from a Third-Party Claim against a Brex Entity arising out of, related to, caused or incurred by, or in connection with: (a) your use of or other activities in connection with the Brex APIs, User Data, or the Brex Property; (b) your Brex API Client, its use (whether by you or a third party) and any transactions conducted through it or User Data transmitted through it (whether by you or a third party); (c) the operation of your business in connection with the Brex APIs, User Data, or Brex Property; (d) any suspension or termination of your Brex API Client’s use of the Brex APIs, User Data, or Brex Property (including any such suspension or termination caused by Brex); (e) any breach by you of any representations, warranties, covenants or obligations under this Agreement; (f) actual or alleged infringement of any third party’s Intellectual Property by you related to your Brex API Client (including any component thereof), or any Feedback or other materials made available to Brex by you; (g) your gross negligence, fraud or intentional misconduct; (h) any Security Incident caused by you or any Third-Party Partner; or (i) your violation of Applicable Law. At our election, you will assume control of the defense and settlement of any Third-Party Claim that is subject to indemnification by you pursuant to this Section 9.3; except that we may at any time thereafter elect to take over control of the defense and settlement of any such Third-Party Claim, and provided that you will not settle any such Third-Party Claim without our express prior written consent.

9.3.2. Brex Indemnification. We will indemnify, defend and hold you and your Affiliates, directors, officers, employees, consultants, agents and other representatives harmless from and against any losses that result from a Third-Party Claim against a you arising out of, related to, caused or incurred by, or in connection with: (a) any breach by us of any representations, warranties, covenants or obligations under this Agreement; (b) actual or alleged infringement of any third party’s Intellectual Property by Brex related to the Brex API (including any component thereof; (c) Brex’s gross negligence, fraud or intentional misconduct; (h) any breach of your Confidential Information caused by us; or (i) our violation of Applicable Law. At our election, we will assume control of the defense and settlement of any Third-Party Claim that is subject to indemnification by us pursuant to this Section 9.3; except that you may at any time thereafter elect to take over control of the defense and settlement of any such Third-Party Claim, and provided that we will not settle any such Third-Party Claim without your express prior written consent.

10. Miscellaneous.

10.1. Notices. The Parties will deliver all notices, demands and other communications via electronic mail and in writing (both of which will constitute notice) to the following addresses:

If to Brex:

Brex Inc.

Attn: General Counsel

405 Howard Street, Suite 200

San Francisco, CA 94015

with a copy to notices@brex.com


10.2. Complaints and Litigation. Each Party will promptly provide the other Party with copies of any civil or investigative demand, subpoena, complaint, lawsuit or similar proceeding or request for information regarding a private litigant’s or regulatory authority’s investigation or enforcement action relating to the Brex APIs, API Client, the Services or this Agreement in which a Brex Entity is named as Party; unless disclosure of such information is expressly prohibited by the regulatory authority issuing the investigation or action.

10.3. Third-Party Beneficiaries. This Agreement does not benefit or create any right or cause of action in or on behalf of any Person other than you and Brex.

10.4. Independent Contractors. Nothing contained in this Agreement will be construed as creating or constituting a partnership, joint venture or agency between the Parties to this Agreement. Each Party will be deemed an independent contractor with respect to the other Party in fulfillment of their respective obligations.

10.5. Assignment. This Agreement and your rights, privileges, duties and obligations in this Agreement may not be assigned or delegated by you without our prior written consent.

10.6. Amendments and Waivers. Neither Party may amend, modify, or waive in any fashion any instrument or provisions in this Agreement except by an instrument in writing signed by the Parties.  A Party’s waiver of any breach of this Agreement by the other Party will not operate or be construed as the waiver of the same or any similar breach on a subsequent occasion, nor will any delay in exercising any right, power or privilege granted by this Agreement constitute such a waiver.

10.7. Counterparts; Delivery. This Agreement may be executed in any number of counterparts, all of which taken together will constitute one document. The Parties may deliver executed counterparts of this Agreement by electronic means.

10.8. Publicity and User Communications.  The Parties will collaborate and mutually agree to the content, timing, and all other terms of any commercial communications regarding integration of your Brex API Client with the Brex APIs, except that we reserve the right to approve the content of any marketing communications to Users regarding your Brex API Client in our sole and absolute discretion.

10.9. Compliance with Laws. You will comply with all laws, regulations and policies related to User Data and the development, marketing, sale, distribution and use of the Brex APIs Client or related applications, and all other Applicable Laws. Upon our request, you will promptly provide us copies of any applicable regulatory approvals or other clearances required of you to provide the Brex APIs Client, or possess and use User Data. Absent our express prior written consent, you will not seek any regulatory permissions or make any determinations that may result in any Brex Entity or the Brex APIs being deemed regulated or that may impose any obligations or limitations on any Brex Entity.

10.10. Governing Law and Venue. This Agreement will be construed, applied, and governed by the laws of the State of California exclusive of its conflict or choice of law rules except to the extent that U.S. federal law controls. Subject to the good faith binding arbitration requirement provisions contained in Section 10.12, all litigation will be brought in the state or federal courts located in San Francisco, California.

10.11. WAIVER OF JURY TRIAL. EACH PARTY HEREBY WAIVES, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, ANY RIGHT IT MAY HAVE TO A TRIAL BY JURY IN ANY LEGAL PROCEEDING DIRECTLY OR INDIRECTLY ARISING OUT OF OR RELATING TO THE BREX APIS, THE BREX APIS CLIENT, USER DATA AND THIS AGREEMENT (WHETHER BASED ON CONTRACT, TORT OR ANY OTHER THEORY).

10.12. Dispute Resolution; Arbitration. The Parties will attempt to resolve any dispute, claim, or controversy arising from or relating to this Agreement (“Disputes”) in good faith and in a timely manner by mutual consultation among the designated representatives of each Party. If a Dispute remains unresolved for more than 60 days, either Party may escalate the Dispute for resolution by senior executives from each Party; except that that such 60-day consultation period does not apply to cases where a Party is seeking injunctive or declaratory relief to avoid imminent or immediate harm or Losses. Except for any Dispute principally related to or arising out of either Party’s rights and obligations under Section 4 [User Data Privacy and Security]; Section 7 [Confidential Information]; Section 8 [Brex Property; Customer Property; Feedback] and Section 9.3 [Indemnification], which the Parties will resolve in litigation in accordance with Section 10.10, each Dispute not resolved by the Parties by mutual consultation will be determined by arbitration in San Francisco, California before a single arbitrator. The arbitration will be administered by JAMS. For claims greater than $250,000, the JAMS Comprehensive Arbitration Rules and Procedures in effect at the time the arbitration is commenced will apply. For claims less than or equal to $250,000, the JAMS Streamlined Arbitration Rules in effect at the time the arbitration is commenced will apply. The arbitrator will apply the substantive law of the State of California, exclusive of its conflict or choice of law rules. If JAMS is no longer in business or refuses or declines to administer any Dispute between the Parties brought before it, either Party may petition the United States District Court for the Northern District of California to appoint the arbitrator. Nothing in this Section 10.12 will preclude the Parties from seeking provisional remedies in aid of arbitration from a court of appropriate jurisdiction. The Parties acknowledge that this Agreement evidences a transaction involving interstate commerce. Notwithstanding the provisions in this paragraph referencing applicable substantive law, the Federal Arbitration Act (9 U.S.C. §§ 1-16) will govern any arbitration conducted pursuant to the terms of this Agreement. Either Party may commence arbitration by providing to JAMS and the other Party to the Dispute a written demand for arbitration, setting forth the subject of the Dispute and the relief requested. The existence of a Dispute and the observance by the Parties of the Dispute resolution procedures in this Section 10.12 will not: (a) excuse any Party from continuing to perform its obligations under this Agreement; or (b) suspend any obligation to pay any amount otherwise due and payable under this Agreement unless that obligation or the amount (to the extent in Dispute) is itself the subject of the Dispute. Nothing in this Agreement affects the right of a Party to institute proceedings to seek urgent injunctive or declaratory relief in respect of a Dispute or any matter arising under this Agreement. If any Dispute leads to an arbitration or other legal proceeding to resolve such Dispute, the prevailing Party in such proceeding will be entitled to receive its reasonable attorneys’ fees, expert witness fees and out-of-pocket costs incurred in connection with such proceeding, in addition to any other relief it may be awarded. To the extent permitted by applicable law, all arbitration proceedings will be subject to Section 7 [Confidential Information].

10.13. Force Majeure. Neither Party will be liable for delay or failure to perform, in whole or in part, any of its duties under this Agreement due to factors beyond its control, including lack or failure of raw materials, strike, lockout or other labor disturbance, health emergency, sabotage, terrorism, acts of war or other armed conflict, pandemics or epidemics, acts of nature, earthquake, storm, fire, electrical supply or telecommunications failure.

10.14. Remedies Cumulative. The Parties do not intend the rights conferred upon both Parties to this Agreement to be exclusive of each other or of any other rights and remedies of both Parties under this Agreement, under Applicable Law, or in equity. Rather, each and every right of both Parties to this Agreement, under Applicable Law, or in equity is cumulative and concurrent and in addition to all other rights of the Parties.

10.15. Severability. If any provision of this Agreement, or the application of any such provision to any person or circumstance, is invalid or unenforceable, the remainder of this Agreement, or the application of such provision to persons or circumstances other than those as to which it is invalid or unenforceable, will not be affected by such invalidity or unenforceability, and the Parties expressly authorize any court of competent jurisdiction to modify any such provision in order that such provision will be enforced by such court to the fullest extent permitted by Applicable Law. In the event of any conflict between the terms of this Agreement and any other Brex Agreement to which you are a party, the terms of this Agreement will govern and prevail.

10.16. Entire Agreement. This Agreement embodies the entire understanding of the Parties with respect to the subject matter hereof and supersedes in their entirety all prior communication, correspondence, and instruments, and there are no further or other agreements or understandings, written or oral, in effect between the Parties relating to the subject matter of this Agreement.

10.17. Survival. The provisions of Sections 4, 5, 6, 7, 8, 9, and this Section 10  will survive termination of this Agreement.

EXHIBIT A

DEFINITIONS AND RULES OF CONSTRUCTION

Additional Terms” means additional terms or policies to which we may require you to agree in the event that we release new products, features, integrations, promotions, or rewards, or otherwise to enhance and improve the scope and quality of the Services.


“Affiliate” means, with regards to each Party, (a) any person or entity controlling, controlled by, or under common control with such Party; or (b) any partner of or joint venturer with such Party. For purposes of this definition, control means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of such person or entity, whether through ownership of voting securities or otherwise.


API” means an application programming interface and related software, code, services, keys, endpoints, documentation and all information provided by Brex related to the foregoing.

Applicable Law” means any: (a) statute, ordinance, permit, treaty, rule, regulation, law, or common law interpretation of any law applicable to a Party; (b) bulletin, judgment, order, decree, injunction, request, recommendation, direction, guidance, examination, or determination of any regulatory authority with jurisdiction or authority over a Party; or (c) any negotiated settlement, order, or agreement by a Party with an arbitrator or a regulatory authority.

Brex Account” means a Brex Card Account or Brex Cash Account that is used in connection with the Services.

Brex API Client” means any application, website, or other online experience you develop that connects to, or is enabled by the Brex APIs.

Brex Data” means any data, content, materials, or other information (including accompanying metadata), that at any time is transmitted to or from, stored on, or accessible through the Brex APIs, or otherwise made available to you by Brex in connection with the Brex APIs. Brex Data includes User Data, but does not include Personal Data.

Brex Marks” means the names, trade names, trademarks, service marks, and logos of Brex.

“Brex Property” means the Services and related technology; Brex Data; and copyrights, patents, trade secrets, trade or service marks, brands, logos, and other intellectual property incorporated into each of the foregoing.

Card” means a physical or virtual payment card issued by an Issuer and managed through a User’s Brex Card Account.

Card Networks” means the payment card networks including Visa or Mastercard.

Confidential Information” means a Party’s non-public, commercially proprietary or sensitive information, whether or not designated as “confidential”  or “proprietary” or similar designation, that relates to the business activities of a Party or its Affiliates, or to their respective Users, employees, customers or Third-Party Partners, including technical, marketing, financial, employee, planning, and other confidential and proprietary information. Information shall not be considered “Confidential Information” to the extent, but only to the extent, that such information (a) was already known to the Receiving Party free of any restriction at the time it is obtained from the Disclosing Party; (b) is subsequently learned from an independent third party free of any restrictions and without breach of this Agreement or any other agreements; (c) is or becomes publicly available through no wrongful act of the Receiving Party; or is independently developed by the Receiving Party without reference to any Confidential Information.

De-Identified Data” means data derived from User Data that has been anonymized or aggregated with other data and that can no longer be used to identify a specific company or individual.

Feedback” refers to any suggestion or idea for improving or otherwise modifying any of Brex’s products or services. Feedback does not include any suggestion or idea to the extent that it solely addresses your products or services.”

Financial Data” means a User’s Brex Account balance, transaction history, and all other Brex Account information, and a User’s bank account balance, transaction history, and all other bank account information accessible to Brex through Linked Accounts.

“Intellectual Property” means a Party’s services and related technology; Confidential Information; and copyrights, patents, trade secrets, trade or service marks, brands, logos, and other intellectual property incorporated into each of the foregoing.

Issuer” means the bank that is a member of the Card Network indicated on Cards that is responsible for issuing the Cards to Users.

Linked Accounts” means any account that is held with a financial institution (including Brex Treasury) that is linked to or authorized for use or payment through a Brex Account by a User.

Marks” means the names, trade names, trademarks, service marks, and logos of each Party.

Customer Services” means the websites, applications, and other services provided by Customer to Users.

Personal Data” means data that identifies or could reasonably be used to identify, directly or indirectly, a natural person.

“Customer Property” means the Customer’s technology and all other Customer Confidential Information and related technology; and copyrights, patents, trade secrets, trade or service marks, brands, logos, and other intellectual property incorporated into each of the foregoing.

Services” means the financial products, technology, expense management, cash management, payment services, and all other services provided by Brex to Users.

Third-Party Claim” means any action or threatened action, suit, claim, proceeding or regulatory action, regardless of merit brought against a Party by any person not a party to this Agreement.

Third-Party Partner” means any entity other than a User who may receive User Data from you or your Brex API Client.

User” means any user of the Services, or any entity that is otherwise a Brex customer.

“User Data” means any data or other information relating to a User or collected from or at the direction of a User (whether collected by Customer, Brex, or any third party), including any Financial Data and any Personal Data.

Rules of Construction

As used in this Agreement: (a) all references to a plural form will include the singular form (and vice versa); (b) the terms “include” and “including” are meant to be illustrative and not exclusive, and will be deemed to mean “include without limitation” “including, but not limited to”, or “including without limitation;” (c) the word “or” is both conjunctive and disjunctive; (d) the word “and” is conjunctive only; (e) references to “days” mean calendar days unless otherwise indicated through the use of the phrase “Business Day”; and (f) any reference made in this Agreement to a statute or statutory provision means such statute or statutory provision as it has been amended through the date as of which the particular portion of this Agreement is to take effect, or to any successor statute or statutory provision relating to the same subject as the statutory provision referred to in this Agreement, and to any then applicable rules or regulations, unless otherwise provided.

SCHEDULE 2.1

BREX APIs and Additional Terms

1. Brex APIs

1.1. Brex Onboarding API. This endpoint is used to submit User referrals to Brex. Brex will present the referred User with a Brex Account application form with the User information pre-filled that you provide.

1.2. Brex Onboarding API Terms.

1.2.1. User Data. You understand that Brex will rely on the User Data you submit to us to evaluate each User’s Brex Account application, and you will make best efforts to ensure that all User Data you submit is accurate and complete.

1.2.2. Disclosures and Consent. You will include a notice to Users on your Brex Account referral page that (i) you will disclose User Data with us when the User applies for a Brex Account, and (ii) submitting a Brex Account application constitutes the User’s consent to such disclosure to us.

1.2.3. No Assurances or Conditions. You will not provide assurances to a User that we will approve a User’s Brex Account application, and you will not condition the submission of a Brex Account application on any criteria not expressly approved by us.

1.2.4. No Disparate Treatment. Brex will evaluate each User’s Brex Account application no less favorably than it would had the application been submitted through any other service comparable to Customer’s services.

1.3. Brex Accounting API. This endpoint is used for permissioned access to Brex Customer transactions and balances.