Our legal bits

Trilo Group Limited End-User Agreement

Version 1: October 2020

The Trilo Agreement is an agreement between Trilo Group Limited (“Trilo”, “we”, “us”, “our”) and a client of our Customer (“End-User”, “you”) that uses Trilo’s services through an application. Please read these terms carefully.

How to read this Agreement

This Agreement has been laid out in different sections and you may go to the relevant section of interest directly. Please note, the headings are for reference only, and while the Agreement has been formatted for ease of reading, please do ensure that you read all sections of the Agreement.


Section 1: Introduction

Section 2: About Trilo

Section 3: Trilo services

Section 4: How we protect your Credentials for Payment Initiation and Account Information Services

Section 5: What we need from you

Section 6: What happens when you use the Service

Section 7: Liability

Section 8: Our ownership of the website and the Service

Section 9: Disclaimer of Representations and Warranties

Section 10: What if things go wrong?

Section 11: About this agreement

Section 12: Changes to these Terms 

Section 13: Who Decides Disputes?

Section 14: Entire Agreement

Annex 1 – Account Information

Annex 2 – Security


There are a few other relevant policies that are linked here, which may be read in conjunction with the Agreement, or as stand alone documents. These include:

  • Trilo’s Privacy Policy
  • Trilo’s PIS Customer Agreement 

Should you have any queries on the agreement, please email us at legal@trilo.io

Section 1: Introduction


1.1 Set out below are the terms of service (“Terms”) which apply when you (the “End-User”) use the Service as defined below, and which set out the legally binding conditions which govern our provision of the Service to you.

1.2 Your use of the Service is conditional on your acceptance of these Terms. You should read these Terms carefully and make sure you understand them before agreeing to them. These Terms are available for you to download. You may also request a copy of these Terms from us at any time after your use of the Service by emailing us at legal@trilo.io. The Terms are only available in English.

Section 2: Who we are

2.1 Trilo Group Limited is a company registered in England and Wales (company number 11684530) and our registered office is at Bath House Bath Street, Redcliffe, Bristol, England, BS1 6HL. We are authorised by the Financial Conduct Authority under the Payment Services Regulations 2017 (SI 2017/752) (Firm Reference Number: 919295) with permission to carry on account information services and payment initiation services.  (“Trilo”, “we”, “us”, “our”).

Section 3: Our services

3.1 Our services to you include the following (together, the “Service”):

3.1.1 We will provide you with a software tool (the “Tool”) which you can use to transmit information relating to payment accounts (“Account Information”) that you hold with an Account Servicing Payment Service, such as any payment service provider (for example, a bank or credit card issuer) that maintains a payment account on your behalf that is accessible online, (“ASPSP”) to Trilo, according to these Terms.

3.1.2 The Tool will also allow End-Users to initiate payment orders with respect to a Payment Account held by them with Payment Service Providers other than Trilo

3.1.3 To use the Tool you will need to provide the same identifying information that you use to access the relevant payment accounts when you log in yourself (the “Credentials”).

3.1.4 The Tool will allow you to use your Credentials to retrieve such Account Information as you choose to transmit them to Trilo. Annex 1 lists the information that you can elect to retrieve and transfer using the Tool.

3.1.5 We may use internet providers, web browsers or other third parties to access your Data to provide you with the Service.


3.2 The Account Information collected from your ASPSP is not checked for accuracy so we cannot check that the aggregated information provided to Trilo is accurate, although we will of course use all reasonable efforts to ensure that our aggregation of that Account Information is accurate.

3.3 The services provided by Trilo and the ASPSP are dealt with by the agreements that you have with each of them. As a result, we have no responsibility for the products and services provided to you by any ASPSP, or any other third party and are not liable to you for any harm, damage or loss arising from your use of those products and services. In particular, you should check your ASPSP’s rules on data privacy. 

3.4 We are not authorised to provide financial or investment advice under the Financial Services and Markets Act 2000, and our provision of the Service does not amount to financial or investment advice. If you require financial or investment advice you should contact an appropriately authorised adviser.

3.5 Trilo End-User Trilo Boost is a reward the Customer invests in the End-User, and is provided in the form of a discount at the point of payment. The Trilo Boost amount at the time of drafting these Terms is 1% but may change in the future, and we will notify you if this does change. 

3.6 At the time of writing these Terms we will not charge you for your use of the Service, however this may change in the future and we will notify you in advance if this changes. 

3.7 In an effort to protect consumer rights, We monitor our merchants’ compliance with the Consumer Rights Act 2015, and if We find a particular merchant to have breached the requirements of the Act, we reserve the right to suspend their use of Our Services, and/or terminate Our relationship with them. We will work with you and our merchants to try and remedy any situation which arises. 

Section 4: How we protect your Credentials for Payment Initiation and Account Information Services

4.1 All data including Trilo account credentials, Account Information, and bank account details are encrypted in transit using SSL.

4.2 A User’s Trilo account credentials consist of a unique identifier and a secret which are encrypted, stored, and managed by AWS using SOC 3 compliant services.

4.3 A User’s unencrypted secret is never stored.  Neither the encrypted nor the raw secret is accessible by Trilo staff. However, as explained in the Privacy Policy, metadata (e.g. unique identifier, name, email address, affiliations with other users) is accessible to us. 

4.4 The User’s Account Information and Bank Account details are encrypted at rest in storage on SOC3 compliant AWS services.

4.5 We will not provide your Trilo account credentials in raw or encrypted format to any third party.

4.6 We may provide a User’s bank account details or Account Information to third parties, e.g. through Open Banking for the purposes of arranging payments to the User during a refund.

4.7 Any Account Information that we access will only be accessed where you have explicitly given us permission to do so. Please refer to Annex 2 for more details on how we protect your Credentials and Account Information.

Section 5: What we need from you

5.1 You are only permitted to use the Service if you are aged 18 or older and resident in the UK. By agreeing to these Terms you warrant this to be the case.

5.2 We are providing the Service to you only so you should not share your access to the Service or your Credentials with anyone else.

5.3 You are only entitled to access and use the Service in accordance with these Terms.

5.4 We need to know we are transmitting Account Information relating to the right person. You must provide us with information which is accurate, and must not misrepresent your identity or any other information about you.

5.5 You agree not to share your payment initiation or account information Credentials with anyone.

Section 6: What happens when you use the Service

6.1 By using the Service, you:

6.1.1 warrant that you are allowed to use the Credentials for this purpose, without any obligation by us to pay any fees or subject to any other limitations including any agreements with third parties.

6.1.2 give us your explicit consent to retrieve and display  your Account Information for you using the Tool and transmit it to the Trilo dashboard for the purpose of providing the Service;

6.1.3 give us explicit consent to provide the service which allows End-Users to consent to the initiation of payment orders with respect to a Payment Account held by them with other Payment Service Providers 

6.1.3 agree that you will not:

6.1.3a use any robot, spider, scraper, deep link or other similar automated data gathering or extraction tools, program, algorithm or methodology to access, acquire, copy or monitor our website at https://trilo.io or any other Trilo domain (the “Site”) or the Service or any portion of them without our express written consent, which may be withheld at our sole discretion;

6.1.3b use or attempt to use any engine, software, tool, agent, or other device or mechanism (including without limitation browsers, spiders, robots, avatars or intelligent agents) to navigate or search the Service, other than the search engines and search agents available through the Service;

6.1.3c post or transmit any file which contains viruses, worms, Trojan horses or any other contaminating or destructive features, or that otherwise interfere with the proper working of the Site or the Service; or

6.1.3d attempt to decipher, decompile, disassemble, or reverse-engineer any of the software comprising or in any way making up a part of the Service for any purpose other than those provided for by us and in conjunction with the operation of the Service.

6.2 We take your privacy seriously and we use your personal data in line with our Privacy Policy which can be found above. You agree to us controlling and processing your personal data in accordance with the Privacy Policy and these Terms for the purpose of providing the Service to you. If you are not comfortable with how we handle your personal data as explained in the Privacy Policy, you should not use our Service.

Section 7: Liability

7.1 You agree that you will be liable for any losses sustained by Trilo as a result of your breach of these Terms and will compensate Trilo in full for any such losses.

7.2 As under The Payment Services Regulations 2017 section 76(5) “Payment service provider’s liability for unauthorised payment transactions” You agree that unless Trilo is found to be responsible for an unauthorised payment transaction, the account servicing payment service provider must refund the amount of the unauthorised payment transaction to You. 

Section 8: Our ownership of the Site and the Service

8.1 We are the owner or the licensee of all intellectual property rights in the Service, the Site and in the material published on the Site. All of those works are protected by copyright and other intellectual property laws and treaties around the world. All rights are reserved to the relevant owner or licensee of those works.

Section 9: Disclaimer of Representations and Warranties

9.1 While we will provide the Service with reasonable care and skill, the content and all services and products associated with the Service or provided through the Site or the Service are provided to you on an “as-is” and “as available” basis.

9.2 Subject to the section below, under ‘service interruptions’, we make no express representations or warranties of any kind as to the content or operation of the Service;

9.2.1 as to the accuracy, reliability or completeness of the content of the Service (except for our aggregation methods); or

9.2.2 that the content that may be available through the Service is free of infection from any viruses or other code or computer programming routines that contain contaminating or destructive properties or that are intended to damage, surreptitiously intercept or expropriate any system, data or personal information.

9.2.3 and expressly disclaim any warranties of non-infringement or fitness for a particular purpose.

Section 10: Service interruptions 

10.1 We are only responsible to you for reasonable and foreseeable loss and damage caused by us, and are not responsible for damage due to failures by any third party we rely on, including ASPSPs. If we fail to comply with these terms, we are responsible for loss or damage you suffer that is a foreseeable result of our breaking these Terms or our failing to use reasonable care and skill. We are not responsible for any losses that you suffer as a result of our failure to comply with these Terms except those losses which are a foreseeable consequence of the breach. Loss or damage is foreseeable either if it is obvious that it will happen or if, at the time you agreed to these Terms, both we and you knew it might happen.

10.2 We will not be liable nor responsible for any harm, damage or loss to you arising from or relating to hacking, tampering or any unauthorised access to your Account Information, Credentials or other data outside of the Service that we provide. You warrant that you have undertaken all reasonable efforts to ensure and secure your Credentials and Account Information outside of the Service that we provide. Subject to the section below, our liability to you for any cause whatever and regardless of the form of the action, if proven, will at all times be limited. You can read more about our security measures in Annex 2.

10.3 We are not liable to you for any harm, damage or loss to you arising from the acts or omissions of any third parties, including in particular ASPSPs.

10.4 We do not exclude or limit in any way our liability to you where it would be unlawful to do so. This includes liability for death or personal injury caused by our negligence or the negligence of our employees, agents or subcontractors; for fraud or fraudulent misrepresentation; or for breach of your legal rights in relation to the Service.

10.5 We are registered with the Information Commissioner’s Office (“ICO”), the regulator in charge of data protection and privacy under registration number ZA742740.

10.6 Where we become aware of any personal data breaches in relation to the Service and your Credentials where such a breach is likely to result in high risk of adversely affecting your rights and freedoms we will, where feasible report such a breach to the ICO and to you within 72 hours of becoming aware of the breach.

10.7 If you suspect that somebody else has access to your Credentials and is fraudulently using them to access the Service, you must contact us immediately by email to the following address: security@trilo.io

Section 11: About this agreement

11.1 These Terms will apply each time you use our Service.

11.2 We may at any time terminate or withhold your access to all or any part of our Service at any time, effective immediately:

11.2.1 if you have breached any provision of these Terms (or have acted in a manner which clearly shows that you do not intend to, or are unable to comply with the provisions of these Terms); or

11.2.2 if we, in our sole discretion, believe we are required to do so by law (for example, where the provision of the Service to you is, or becomes, unlawful).

Section 12: Changes to these Terms

12.1 Each time you use our Service you will be bound by the Terms in force at that time.

12.2 From time to time, we may change these Terms. If we do this then we will publish those changes on our website and you will be bound by those new terms the next time you use our Service. If you do not agree to those changes you should not use our Service. You can always ask us for the terms of service which were in force when you used the Tool.

Section 13: Who Decides Disputes?

13.1 The courts of England and Wales will have exclusive jurisdiction to settle any disputes arising under or in connection with these Terms.

13.2 These Terms and any dispute or claim arising out of or in connection with them or their subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of England and Wales.

13.3 Should you wish to raise a complaint with us, please review our complaints policy and follow the procedure contained therein. You have the right to raise complaints with the Financial Ombudsman Service, where relevant.

Section 14: Entire Agreement

14.1 These Terms constitute the entire agreement and understanding between the parties in respect of the Service and supersede any previous agreement between the parties relating to such matter. Each of the parties represents and undertakes that in entering these Terms it does not rely on, and shall have no remedy in respect of, any statement, representation, warranty or undertaking (whether negligently or innocently made) of any person (whether party to these Terms or not) other than as expressly set out in these Terms.

14.2 If any provision or part-provision of these Terms is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of these Terms.

14.3 A waiver of any right or remedy under these Terms or by law is only effective if given in writing.

14.4 A failure or delay by either party to exercise any right or remedy provided under these Terms or by law shall not constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict any further exercise of that or any other right or remedy. No single or partial exercise of any right or remedy provided under these Terms or by law shall prevent or restrict the further exercise of that or any other right or remedy.

14.5 All covenants, agreements, representations and warranties made in these Terms shall survive your acceptance of these Terms and the termination of these Terms.

Annex 1 – Account Information

Your Account Information includes, but is not limited to, the following types of financial and personal information:

  • Personal information (also referred to as ‘metadata’): 
  • Full name, 
  • date of birth, 
  • full address(es), 
  • email address,
  • phone number
  • Payment bank account information:
  • Account type (e.g. current, saving, investment, credit card);
  • Account name;
  • IBAN/Account number/Sort code/SWIFT;
  • Currency;
  • Account balance information:
  • Current balance;
  • Available balance (credit cards);
  • Overdraft balance;
  • Interest rate;
  • Payment due date (credit cards);
  • Next closing date (credit cards);
  • Minimum payment due (credit cards);
  • Information on transactions:
  • Time;
  • Description;
  • Amount; and
  • Payment Metadata (arbitrary data that banks associate with a transaction e.g. category).

If you have any questions about your Account Information or how it is used, please see our Privacy Policy at the following link https:/trilo.io/privacy or contact us by email at support@trilo.io

Annex 2 – Security

  • Data encrypted in transit using SSL encryption with certificates issued by Amazon
  • Data encrypted at rest using AWS KMS or equivalent
  • All services provided by AWS used by Trilo are SOC3 compliant
  • Shared Responsibility model - AWS is responsible for security of hardware, infrastructure, etc. Trilo  is responsible for service configuration
  • We comply with ‘best practices’ as recommended by AWS within the ‘Well-Architected’ framework, such as:
  • Trilo staff use MFA security for logging into their AWS console accounts
  • Staff access permissions are based on the least access principle
  • Tracing and logs audit staff’s actions in the Trilo AWS system 
  • Developer access keys are rotated regularly


Last updated: 26 April 2022 

1. Introduction 

We understand that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our customers, users, contractors and contacts and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.

In this privacy notice, we explain how Trilo processes the personal data of individuals and organisations who have registered for an account with us and/or use our services. This privacy notice explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.

Trilo Limited (Trilo, we, our) is registered as a controller with the Information Commissioner’s Office (ICO) under registration number: ZA742740. Furthermore, Trilo is also authorised by the Financial Conduct Authority under the Payment Services Regulations 2017 (SI 2017/752) (Firm Reference Number: 919295) with permission to carry on account information services and payment initiation services.

2. Information About Us

Company: Trilo Group Limited

Address: Bath House Bath Street, Redcliffe, Bristol, England, BS1 6HL

Data Protection Officer: Hamish Blythe

Email address: privacy@trilo.io

Telephone number: +44 7360 540159

3. What is Personal Data?

Personal data refers to information about an individual or, alternatively, information from which an individual can be identified. 

Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

The personal data that we use is set out in section 5, below.

4. What Are My Rights?

Under data protection legislation, you have the following rights, which we will always work to uphold:

  1. The right to be informed about our collection and use of your personal data. This privacy notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in section 2 of this privacy notice. 
  1. The right to access the personal data we hold about you. You are entitled to receive confirmation that we process your personal data and for a copy of such personal data to be sent to you. Section 10 of this privacy notice tells you how to request this information.
  1. The right to have any of the personal data which we hold about you rectified if any of it is inaccurate or incomplete. Please contact us using the details in section 2 of this privacy notice to find out more.
  1. The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have if there is no valid legal basis for processing to continue. Please contact us using the details in section 2 of this privacy notice to find out more.
  1. The right to restrict the processing of your personal data. You have this right if any of the following apply: (i) the accuracy of the personal data is contested (this applies until such time as we have verified its accuracy); (ii) the processing is unlawful and you would rather restrict processing than have your personal data erased; (iii) we no longer need to process your personal data but you require us to retain it for the establishment, exercise or defence of a legal claim; or (iv) we are processing your personal data on the basis of legitimate interests, you have objected to processing and a decision on whether our or others’ legitimate interests override your interests is pending..
  1. The right to object to us using your personal data if our processing is carried out on the basis of legitimate interests. Please note, however, that should we determine that our or others’ interests are so compelling as to override your objection we may continue to process your personal data. You also may object to receiving direct marketing at any time.
  1. The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data in a structured, commonly used and machine-readable format to re-use with another service or business in many cases. This right extends to you being able to request that such data is sent to a third-party controller. 
  1. Rights relating to automated decision-making and profiling. We do not use your personal data in this way.

For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in section 2 of this privacy notice.

Further information about your rights can also be obtained from the ICO or your local Citizens Advice Bureau.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with a supervisory authority – in the UK, this is the ICO (https://ico.org.uk).

5. What Personal Data Do You Collect and How?

We collect your personal data directly from you, including when you use our website and website-application, and application when you create and use an account with us and when you contact us. 

In the future, we may also collect your personal data from third parties, for example, our business customers who might provide us with your contact details so that we can email you and ask you to create an account with us and/or information about any products or services you are receiving from them. We may also collect your personal data from other third parties, such as those listed in section 8 of this privacy notice.  

We may collect some or all of the personal data set out below:

  • Contact details, for example, name, email address, telephone number
  • Information relating to your Trilo account, for example, username, password, geographic location, authentication codes, and links to reset your password.
  • Any other information you voluntarily provide to Trilo during your use of the product, for example, account number, sort-code, personal data included in any correspondence you have with Trilo.
  • Trilo does not normally collect any special category personal data. In the event that special category personal data is provided to Trilo, this will have been provided by you.

If you have an account with Trilo, you should regularly check your details in your account to ensure that any personal data provided remains up to date.

6. How Do You Use My Personal Data?

We set out below the purposes for which Trilo processes your personal data and the lawful bases for processing your personal data: 

Other reasons we may process your personal data for include:

  • To comply with any legal obligation, we are under.
  • For additional purposes in the future, but only if such purposes are compatible with those listed above and if we believe that the same lawful basis applies.

In certain circumstances, failure to provide us with personal data about your or another person may prevent us from performing any legal obligations to you or another person. For example, if you make a data subject access request, we may need to verify who you are before providing personal data to you; if you do not provide the information we reasonably need to verify your identity, we may not be able to comply with the subject access request.

7. How Long Will You Keep My Personal Data?

We will not keep your personal data for any longer than is necessary to process the personal data for the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):

  • If you make an enquiry but do not engage our services, we will keep your personal data for 3 months from the date of last communication.
  • If you engage our services, we will keep your personal data for 7 years from the date of last communication.
  • If you unsubscribe from our marketing communications, we will maintain a record of your unsubscribe request and associate it with your email address to ensure you do not receive future communications.    

8. Do You Share My Personal Data?

We set out below the circumstances in which your personal data might be shared with third parties:

  • Service providers: We share the personal data collected by Trilo with service providers we use to help us operate our business, including organisations that provide us with technology related services, such as AWS and Intercom. We may also need to share your personal data with contractors we engage.
  • HMRC and law enforcement agencies: We may also disclose your personal data to HMRC and/or law enforcement agencies in order to assist with any investigations, when we bring a claim or defend ourselves against a claim that requires the disclosure of the personal data, and when we engage professional advisors.
  • Sale/restructuring: We may also transfer your personal data to third parties in the context of a sale or possible sale of the whole of or part of our business or the restructuring of our business.
  • Other data sharing: There are other circumstances in which we may need to share your data with third parties. For example, in connection with legal proceedings or if we need to protect or defend our legal rights. We will always only share your data in other circumstances where it is lawful to do so.

9. International transfers

When your data is transferred internationally, we are required to ensure you are afforded equivalent protection in respect of your personal data to that provided in the UK.

Generally, we will put in place appropriate safeguards when making international transfers, for example, by using specific contractual clauses which have been approved by the European Commission and/or the UK Government together with supplementary measures if we deem it necessary in the circumstances, for example, further contractual commitments or enhanced security. 

We are following the developments in this area of law and will be putting in place any necessary new, different and/or additional measures for any such transfers.

10. How Can I Access My Personal Data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.

All subject access requests should be made in writing and sent to the email or postal addresses shown in section 2 of this privacy notice. To make this as easy as possible for you, a Subject Access Request Form is available for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.

There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will aim to respond to your subject access request within one month of receiving it or as otherwise provided for in data protection legislation. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

11. How Do I Contact You?

To contact us regarding your personal data and data protection, including to make a subject access request, please use the contact details in section 2 of this privacy notice.

12. Changes to this Privacy Notice

We may change this privacy notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.

Any changes will be made available in the latest version of this document, which is always available from our website.

Trilo's merchant agreement

Version 2: Dec 2022

Section 1: Definitions 

  • "Agreement" means this agreement and includes the schedules to it (and the schedules shall be treated for all purposes as forming part of this agreement).
  • "API" means the application programming interface provided by Trilo for the purposes of enabling the Service to be integrated into and accessed by End Users via the Customer Technology.
  • "Applicable Law" means any and all:
  • ~~(i) legislation 
  • ~~(ii) regulatory rules, guidance and licence conditions relating to either party or otherwise as issued by an Authority;
  • ~~(iii) judgments, resolutions, decisions, orders, notices or demands of a competent court, tribunal, regulatory body or governmental authority in each case having the force of binding law or by which either party is bound; and
  • ~~(iv) industry guidelines or codes of conduct which are mandatory
  • "Applicable Anti-Bribery Laws" means, in relation to a party, any applicable law, rule, regulation or other legally binding measure relating to the prevention of bribery, corruption, fraud or similar or related activities, including the Bribery Act 2010 of the United Kingdom.
  • "Business Day" means any day (other than a Saturday or Sunday) on which banks are open for general business in London.
  • “Confidential Information” means all information which by its very nature may fairly be considered confidential and is disclosed or obtained prior to or in connection with or as a result of performing the Agreement.
  • “Customer” means the party receiving the Services from Trilo under this Agreement
  • "Customer Technology" means the Customer’s website, mobile application, or other such tool(s) used to engage with End Users.
  • "Data Protection Legislation" means all Applicable Laws relating to the processing of personal data and privacy.
  • "End User" means an individual who wishes to obtain services from the Customer and who has agreed to the End User Agreement with Trilo.
  • "End User Trilo Boost" means the reward amount which the End User has accumulated by using Trilo.
  • "End User Agreement" means the terms of service which End Users are required to agree to between the End User and Trilo before using the Service and which set out the terms on which the End User may use the Service, as updated from time to time.
  • “Insolvency Event” means in respect of either party:
  • ~~other than for the purposes of a bona fide reconstruction or amalgamation, such party passing a resolution for its winding up, or a court of competent jurisdiction making an order for it to be wound up or dissolved, or that party being otherwise dissolved; or
  • ~~the appointment of an administrator of, or the making of an administration order in relation to either party, or the appointment of a receiver or administrative receiver of, or an encumbrancer taking possession of or selling the whole or any part of that party’s undertaking, assets, rights or revenue; or
  • ~~that party entering into an arrangement, compromise or composition in satisfaction of its debts with its credits or any class of them, or taking steps to obtain a moratorium, or making an application to a court of competent jurisdiction for protection from its creditors; or
  • ~~that party being unable to pay its debts, or being capable of being deemed unable to pay its debts, within the meaning of section 123 of the Insolvency Act 1986; or
  • ~~that party entering into any arrangement, compromise, or composition in satisfaction of its debts with its creditors; or
  • ~~anything analogous thereto in any other jurisdiction.
  • "Intellectual Property Rights" means all patents, rights to inventions, utility models, copyright and related rights, trademarks, service marks, trade, business and domain names, rights in trade dress or get-up, rights in goodwill or to sue for passing off, unfair competition rights, rights in designs, rights in computer software, database rights, topography rights, moral rights, rights in confidential information (including know-how and trade secrets) and any other intellectual property rights, in each case whether registered or unregistered and including all applications for and renewals or extensions of such rights, and all similar or equivalent rights or forms of protection in any part of the world.
  • “Payment Initiation Services” has the meaning given to it in regulation 2(1) of the Payment Services Regulations;
  • “Payment Service Provider” has the meaning given to it in regulation 2(1) of the Payment Services Regulations;
  • “Payment Services Regulations” means the Payment Services Regulations 2017 (SI 2017/752);
  • "Personal Data" has the meaning given in Data Protection Legislation.
  • “Trilo Brand Wording” means the following text ‘Pay with Trilo, get a Boost’, or any wording as agreed from time to time between the Parties..
  • "Trilo Mark" means the mark of Trilo set out in Schedule 1.

Section 2: Trilo Group Limited

2.1 Trilo Group Limited is a company registered in England and Wales (company number 11684530) and our registered office is at Bath House Bath Street, Redcliffe, Bristol, England, BS1 6HL. We are authorised by the Financial Conduct Authority under the Payment Services Regulations 2017 (SI 2017/752) (Firm Reference Number: 919295) with permission to carry on account information services and payment initiation services.  (“Trilo”, “we”, “us”, “our”).

2.2 Services we provide

  • Trilo provides a service which allows End Users to make payments directly to the Customer via Payment Initiation Services (the "Service");
  • The Customer wishes to make the Service accessible to End Users through the Customer Technology.
  • This Agreement shall govern Trilo’s provision to the Customer of the Service.

Section 3: Trilo’s Obligations

3.1 Subject to the Customer’s compliance at all times with the terms of this Agreement, Trilo hereby grants to the Customer a limited licence (the “Licence”) for the Term:

      3.1.1 To use the Service; and

      3.1.2 To, with Trilo’s prior written consent and subject to clause 8, include the Trilo Mark on the Customer Technology.

3.2 Trilo shall use all reasonable endeavours to make the Service available to End Users. 

3.3 Subject to clauses 3.1 and 3.2, Trilo does not give any warranties, conditions, guarantees or other commitments to the Customer in respect of the Service.

Section 4: Customer Obligations

4.1 The Customer shall:

      4.1.1 provide Trilo with all necessary cooperation in relation to this Agreement and the performance of Trilo Obligations;

      4.1.2 comply with all Applicable Laws with respect to its activities under this Agreement;

      4.1.3 Provide a professional brand logo in the Customer’s branding, to display on the Trilo platform, with the permission of the Customer.

4.2 The Customer shall not, and shall not permit any person to:

      4.2.1 do anything with the Service or API which is not allowed for in this Agreement;

      4.2.2 remove any Trilo IP from the Service or the API;

      4.2.3 except as expressly permitted in this Agreement, use the Service and/or API to provide services to third parties; 

      4.2.4 do anything which may tarnish the reputation of Trilo.

4.3 The Customer agrees to cooperate with Trilo in the investigation of any alleged breach of the Consumer Rights Act 2015. 

Section 5: Conditions of Use

5.1 The Customer acknowledges that each End User’s use of the Service is subject to the End User’s agreement to the End User Agreement, and the End User providing correct credentials.

 5.2 Trilo reserves the right to suspend the Customer’s access to the Services, and/or to terminate this Agreement.

Section 6: Access and Security

6.1 The Customer:

     6.1.1 shall not access or attempt to access any part or parts of the Service and/or API to which it has not been granted access to by Trilo;

      6.1.2 shall not share with any third party the Customer's credentials.

Section 7: Pricing

7.1 The Customer shall pay to Trilo a subscription fee according to the tier of their subscription per month, payable every calendar month. Any add-ons that the customer has enabled shall also be charged at the same time.

7.2 The fees shall be payable in Pounds Sterling (GBP). 

7.3 Trilo may withhold or suspend the Service if the Customer has not paid its fees by the due date. 

7.4 The Customer agrees to settle its accounts within 30 days of any payment being due.

7.5 If the Customer enables Card, Apple Pay or Google Pay payments using with an Acquiring Partner of Trilo, transaction fees may be charged.

Section 8: End User Trilo Boost

8.1 The Trilo Boost can be found in schedule 2, and the Customer may only vary this with the prior approval of Trilo.

8.2 The Customer shall always display the Trilo Brand Wording to their customers whilst they accept Trilo as a payment method. 

Section 9: Refunds

9.1 Trilo supports refunds through Open Banking using the Trilo APIs. Please note, not all business accounts are currently supported. Please get in touch at support@trilo.io for an updated list of the business accounts which we support.

9.2 Trilo offers two methods of refunds:

      9.2.1 Singular refund settlement whereby the Customer may refund an End-User on a single per transaction basis without incurring a charge; and

      9.2.2 Batch refund settlement whereby the Customer may refund multiple End-Users in one settlement whilst incurring a £0.20 charge per refund.

9.3 Trilo is not responsible for refunds made outside the Open Banking system and its APIs.

Section 10: Intellectual Property Rights

10.1 All Intellectual Property Rights belonging to a Party prior to execution of this Agreement shall remain vested in that Party and neither Party shall acquire by reason of this Agreement or otherwise any rights in the other’s Intellectual Property Rights.

10.2 Either Party may not use any of the other party’s Intellectual Property or Marks unless it has received prior written consent from the other Party.

10.3 Neither Party shall be entitled to sub-license the rights granted under this clause without the prior written consent of the other Party.

10.4 Should the Parties decide to jointly develop any product, document, service, function, concept or any other item in connection with this Agreement which shall give rise to new Intellectual Property Rights, the Parties shall enter into a separate written agreement, or amendment to this Agreement, in order to set out the ownership of such Intellectual Property Rights as between the Parties.

Section 11: Warranties

11.1 Each party warrants at the date of this Agreement that:

      11.1.1 it has full capacity and authority to enter into and perform its obligations under this Agreement;

      11.1.2 this Agreement is executed by a duly authorised representative;

      11.1.3 it is not subject to an Insolvency Event; and

      11.1.4 it has the necessary regulatory consents to enter into this Agreement.

Section 12: Confidential Information 

12.1 Both Parties shall, unless required by law, keep confidential all Confidential Information and only allow employees access to the extent necessary for them to perform their duties in relation to the performance of this Agreement and where employees have an agreement or duty to prohibit disclosure of Confidential Information.

12.2 This clause 12 shall survive termination of this agreement for any reason.

Section 13: Data Protection

13.1 Each party shall comply with its obligations under the Data Protection Legislation.

13.2 The parties acknowledge and agree that in relation to the Personal Data to be shared and processed by the parties pursuant to this Agreement ("Shared End User’s Personal Data") each party acts as a Controller in its own right.

13.3 Trilo confirms all data is processed by it in the United Kingdom.

Section 14: Liability

14.1 Neither party shall be liable to the other (whether in contract, tort (including negligence), misrepresentation, breach of statutory duty (including strict liability) or otherwise arising out of, or in relation to, this Agreement ) for any:

      14.1.1 loss of profits or revenue (whether direct or indirect);

      14.1.2 loss of opportunity or anticipated savings (whether direct or indirect);

      14.1.3 loss of goodwill or reputation (whether direct or indirect);

      14.1.4 loss or corruption of data (whether direct or indirect); or

      14.1.5 special, indirect or consequential loss or damage,

     14.1.6 suffered by that other party.

14.2 Trilo's maximum aggregate liability to the Customer under or in connection with this Agreement shall not exceed in any Year the greater of: (i) £50,000 (fifty thousand pounds); or (ii) the total Fees paid or payable by the Customer to Trilo in that Year.

14.3 The Customer shall indemnify Trilo against all losses, liabilities, costs, claims, and damages suffered and/or incurred by Trilo arising out of or in connection with any breach by the Customer of this Agreement.

14.4 As under The Payment Services Regulations 2017 section 76(5) “Payment service provider’s liability for unauthorised payment transactions” the Customer agrees that unless Trilo is found to be responsible for an unauthorised payment transaction, the account servicing payment service provider must refund the amount of the unauthorised payment transaction to the End User. 

Section 15: Anti Bribery

15.1 Each party shall during the Term comply with all Applicable Anti-Bribery Laws.

Section 16: Notices

16.1 Any notice required to be given under this Agreement shall be in writing via email to either signatory of the parties and shall be deemed to have been delivered 24 hours after being sent, excluding weekends. 

Section 17: Term and Termination

17.1 The Agreement shall remain in force until terminated.

17.2 Either Party may terminate this Agreement by giving the other Party 30 days Notice of termination.

17.3 Either party may terminate this Agreement with immediate effect by giving notice to the other party if the other party:

      17.3.1 materially breaches this Agreement if such breach is not capable of remedy or, where such breach is capable of remedy, where that party fails to remedy the breach within fourteen (14) Business Days of being notified of the breach in writing; or

      17.3.2 is subject to an Insolvency Event.

Section 18: Force Majure

18.1 Neither party shall be liable for any failure to perform or delay in performance of any of its obligations under this Agreement caused by circumstances beyond the reasonable control of that party, including but not limited to adverse weather conditions, natural disasters, fires, floods, explosions, earthquakes, nuclear disasters, insurrection, riots, acts of terrorism, war, and acts of Government  (a “Force Majeure Event”).

18.2 In the event of a Force Majeure Event, the affected party's performance under this Agreement shall be suspended for the period that the Force Majeure Event continues and the party will have a reasonable extension of time for performance of its obligations in the circumstances.

18.3 If the Force Majeure Event continues for more than thirty (30) consecutive days, the unaffected party may terminate this Agreement with immediate effect.

Section 19: Waivers

19.1 No failure by a Party to exercise, nor any delay by a Party in exercising, any right or remedy under this Agreement shall operate as a waiver, nor shall any single or partial exercise of any right or remedy prevent any other or further exercise of any other right. The rights and remedies provided in this Agreement are cumulative and not exclusive of any remedies provided by law.


Section 20: Severance

20.1 If any provision or part-provision of this Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of this Agreement.

Section 21: Transfers of Rights and Obligations

21.1 The Customer may not assign, novate, dispose or otherwise transfer this Agreement or any rights or obligations under this Agreement to any third party or otherwise deal with this Agreement without the prior written consent of Trilo.

Section 22: Entire Agreement

22.1 This Agreement (including all schedules and any other documents referred to herein) constitutes the entire agreement between the Parties with respect to the subject matter hereof and supersedes any prior understandings, agreements, or representations by or between the parties, written or oral, to the extent they relate in any way to the subject matter hereof.

Section 23: Third Party Rights

23.1 The parties to this agreement do not intend that any term of this agreement should be enforceable, by virtue of the Contracts (Rights of Third Parties) Act 1999, by any person who is not a party to this agreement.


Section 24: No Partnership

24.1 Nothing in this Agreement and no action taken by Customer or Trilo under this Agreement shall constitute a partnership, association, joint venture or other co-operative entity between Customer and Trilo.


Section 25: Governing Law and Jurisdiction

25.1 This Agreement shall be governed by and construed in accordance with English law. The parties irrevocably agree that the English courts shall have exclusive jurisdiction to settle any dispute arising out of or in connection with this Agreement.

Schedule 1: Trilo Marks

Trilo’s Logo and Brand Assets can be found here: https://bit.ly/TriloBranding

Schedule 2: Trilo Boost

The Trilo Boost amount is what you specified when creating your account. You can find out what this is by checking your account, or getting in touch with the team.


Last updated: 26 April 2022

We, Trilo Group Limited (Trilo), use cookies  and similar technologies (cookies) on both our website and web-application. 

A cookie is a small text file that is downloaded onto your device when you access a website. It allows the website to recognise your device and store some information about your preferences or actions. 

We will obtain your consent to use these cookies except when the cookie is strictly necessary for the operation of both our website and web-application. 

The cookies used on our website and web-application are either set by us or by our third-party service providers, and fall into the following categories:

  • Necessary: those that are necessary for the operation of the website, including cookies which allow you to interact with our website, recall selections you make as you move between pages, or which enable core functionality such as security, credentials authentication, network management and accessibility and to identify changes in information you provide to the website.
  • Functional: those that are used to provide services or to remember choices you make so we can personalise our content for you. We use this information to customise your experience of our website to meet your preferences – for example, to allow you access to recently viewed pages, to allow you to dismiss notices and suggestions etc. 
  • Performance (analytics): those that analyse the use of our website, for example, provide us with information about how you use our website and your journey to our website. 

Information collected by the cookies we use may include: 

  • the Internet protocol (IP) address used to connect your device or computer to the Internet;
  • the location of your device or computer;
  • information about your activity on our website, for example, information on items you have clicked on/searched for;
  • device and browser settings and metrics, for example, event errors and time zone settings;
  • content use history; and
  • Uniform Resource Locators (URLs) used to gain access to, through and from our website (and relevant information regarding your visits).


Some of the cookies set on our website may be set by third party service providers. These providers have access to personal data about you, obtained when you use our website. We set out below the third party cookie providers that set cookies on our website and web-application.

  • Google Analytics
  • HotJar
  • Intercom
  • PostHog 

We use a combination of session and persistent cookies. Session cookies keep track of your current visit and how you navigate both our website and web-application and persistent cookies enable both of these to recognise you as a repeat visitor when you return. The session cookies will be deleted from your device when you close your browser. Persistent cookies remain on your device after you have left the website or web-application. All cookies used by Trilo are persistent and expire only if cleared by the user.

In addition to being able to refuse non-necessary cookies through the respective functionalities on our website and web-application, you can also manage cookies through your browser settings. Most browsers have cookies enabled by default, but you are able to change your cookie settings, which are usually found in the 'options' or 'preferences' menu of your internet browser. You can block any cookies from any website by activating the setting on your browser that allows you to refuse the setting of some or all cookies. However, if you block all cookies you may not be able to access all or part of our website or use some features of our website. You can also use your browser settings to delete cookies. For more information about cookies please visit https://ico.org.uk/your-data-matters/online/cookies/

For more detailed information on the cookies we use on both our  website and web-application, please see the tables below:

For anything else, contact us at: legal@trilo.io