Our legal bits

Trilo Group Limited End-User Agreement

Version 1: October 2020

The Trilo Agreement is an agreement between Trilo Group Limited (“Trilo”, “we”, “us”, “our”) and a client of our Customer (“End-User”, “you”) that uses Trilo’s services through an application. Please read these terms carefully.

How to read this Agreement

This Agreement has been laid out in different sections and you may go to the relevant section of interest directly. Please note, the headings are for reference only, and while the Agreement has been formatted for ease of reading, please do ensure that you read all sections of the Agreement.


Section 1: Introduction

Section 2: About Trilo

Section 3: Trilo services

Section 4: How we protect your Credentials for Payment Initiation and Account Information Services

Section 5: What we need from you

Section 6: What happens when you use the Service

Section 7: Liability

Section 8: Our ownership of the website and the Service

Section 9: Disclaimer of Representations and Warranties

Section 10: What if things go wrong?

Section 11: About this agreement

Section 12: Changes to these Terms 

Section 13: Who Decides Disputes?

Section 14: Entire Agreement

Annex 1 – Account Information

Annex 2 – Security


There are a few other relevant policies that are linked here, which may be read in conjunction with the Agreement, or as stand alone documents. These include:

  • Trilo’s Privacy Policy
  • Trilo’s PIS Customer Agreement 

Should you have any queries on the agreement, please email us at legal@trilo.io

Section 1: Introduction


1.1 Set out below are the terms of service (“Terms”) which apply when you (the “End-User”) use the Service as defined below, and which set out the legally binding conditions which govern our provision of the Service to you.

1.2 Your use of the Service is conditional on your acceptance of these Terms. You should read these Terms carefully and make sure you understand them before agreeing to them. These Terms are available for you to download. You may also request a copy of these Terms from us at any time after your use of the Service by emailing us at legal@trilo.io. The Terms are only available in English.

Section 2: Who we are

2.1 Trilo Group Limited is a company registered in England and Wales (company number 11684530) and our registered office is at Bath House Bath Street, Redcliffe, Bristol, England, BS1 6HL. We are authorised by the Financial Conduct Authority under the Payment Services Regulations 2017 (SI 2017/752) (Firm Reference Number: 919295) with permission to carry on account information services and payment initiation services.  (“Trilo”, “we”, “us”, “our”).

Section 3: Our services

3.1 Our services to you include the following (together, the “Service”):

3.1.1 We will provide you with a software tool (the “Tool”) which you can use to transmit information relating to payment accounts (“Account Information”) that you hold with an Account Servicing Payment Service, such as any payment service provider (for example, a bank or credit card issuer) that maintains a payment account on your behalf that is accessible online, (“ASPSP”) to Trilo, according to these Terms.

3.1.2 The Tool will also allow End-Users to initiate payment orders with respect to a Payment Account held by them with Payment Service Providers other than Trilo

3.1.3 To use the Tool you will need to provide the same identifying information that you use to access the relevant payment accounts when you log in yourself (the “Credentials”).

3.1.4 The Tool will allow you to use your Credentials to retrieve such Account Information as you choose to transmit them to Trilo. Annex 1 lists the information that you can elect to retrieve and transfer using the Tool.

3.1.5 We may use internet providers, web browsers or other third parties to access your Data to provide you with the Service.


3.2 The Account Information collected from your ASPSP is not checked for accuracy so we cannot check that the aggregated information provided to Trilo is accurate, although we will of course use all reasonable efforts to ensure that our aggregation of that Account Information is accurate.

3.3 The services provided by Trilo and the ASPSP are dealt with by the agreements that you have with each of them. As a result, we have no responsibility for the products and services provided to you by any ASPSP, or any other third party and are not liable to you for any harm, damage or loss arising from your use of those products and services. In particular, you should check your ASPSP’s rules on data privacy. 

3.4 We are not authorised to provide financial or investment advice under the Financial Services and Markets Act 2000, and our provision of the Service does not amount to financial or investment advice. If you require financial or investment advice you should contact an appropriately authorised adviser.

3.5 Trilo End-User Trilo Boost is a reward the Customer invests in the End-User, and is provided in the form of a discount at the point of payment. The Trilo Boost amount at the time of drafting these Terms is 1% but may change in the future, and we will notify you if this does change. 

3.6 At the time of writing these Terms we will not charge you for your use of the Service, however this may change in the future and we will notify you in advance if this changes. 

3.7 In an effort to protect consumer rights, We monitor our merchants’ compliance with the Consumer Rights Act 2015, and if We find a particular merchant to have breached the requirements of the Act, we reserve the right to suspend their use of Our Services, and/or terminate Our relationship with them. We will work with you and our merchants to try and remedy any situation which arises. 

Section 4: How we protect your Credentials for Payment Initiation and Account Information Services

4.1 All data including Trilo account credentials, Account Information, and bank account details are encrypted in transit using SSL.

4.2 A User’s Trilo account credentials consist of a unique identifier and a secret which are encrypted, stored, and managed by AWS using SOC 3 compliant services.

4.3 A User’s unencrypted secret is never stored.  Neither the encrypted nor the raw secret is accessible by Trilo staff. However, as explained in the Privacy Policy, metadata (e.g. unique identifier, name, email address, affiliations with other users) is accessible to us. 

4.4 The User’s Account Information and Bank Account details are encrypted at rest in storage on SOC3 compliant AWS services.

4.5 We will not provide your Trilo account credentials in raw or encrypted format to any third party.

4.6 We may provide a User’s bank account details or Account Information to third parties, e.g. through Open Banking for the purposes of arranging payments to the User during a refund.

4.7 Any Account Information that we access will only be accessed where you have explicitly given us permission to do so. Please refer to Annex 2 for more details on how we protect your Credentials and Account Information.

Section 5: What we need from you

5.1 You are only permitted to use the Service if you are aged 18 or older and resident in the UK. By agreeing to these Terms you warrant this to be the case.

5.2 We are providing the Service to you only so you should not share your access to the Service or your Credentials with anyone else.

5.3 You are only entitled to access and use the Service in accordance with these Terms.

5.4 We need to know we are transmitting Account Information relating to the right person. You must provide us with information which is accurate, and must not misrepresent your identity or any other information about you.

5.5 You agree not to share your payment initiation or account information Credentials with anyone.

Section 6: What happens when you use the Service

6.1 By using the Service, you:

6.1.1 warrant that you are allowed to use the Credentials for this purpose, without any obligation by us to pay any fees or subject to any other limitations including any agreements with third parties.

6.1.2 give us your explicit consent to retrieve and display  your Account Information for you using the Tool and transmit it to the Trilo dashboard for the purpose of providing the Service;

6.1.3 give us explicit consent to provide the service which allows End-Users to consent to the initiation of payment orders with respect to a Payment Account held by them with other Payment Service Providers 

6.1.3 agree that you will not:

6.1.3a use any robot, spider, scraper, deep link or other similar automated data gathering or extraction tools, program, algorithm or methodology to access, acquire, copy or monitor our website at https://trilo.io or any other Trilo domain (the “Site”) or the Service or any portion of them without our express written consent, which may be withheld at our sole discretion;

6.1.3b use or attempt to use any engine, software, tool, agent, or other device or mechanism (including without limitation browsers, spiders, robots, avatars or intelligent agents) to navigate or search the Service, other than the search engines and search agents available through the Service;

6.1.3c post or transmit any file which contains viruses, worms, Trojan horses or any other contaminating or destructive features, or that otherwise interfere with the proper working of the Site or the Service; or

6.1.3d attempt to decipher, decompile, disassemble, or reverse-engineer any of the software comprising or in any way making up a part of the Service for any purpose other than those provided for by us and in conjunction with the operation of the Service.

6.2 We take your privacy seriously and we use your personal data in line with our Privacy Policy which can be found above. You agree to us controlling and processing your personal data in accordance with the Privacy Policy and these Terms for the purpose of providing the Service to you. If you are not comfortable with how we handle your personal data as explained in the Privacy Policy, you should not use our Service.

Section 7: Liability

7.1 You agree that you will be liable for any losses sustained by Trilo as a result of your breach of these Terms and will compensate Trilo in full for any such losses.

7.2 As under The Payment Services Regulations 2017 section 76(5) “Payment service provider’s liability for unauthorised payment transactions” You agree that unless Trilo is found to be responsible for an unauthorised payment transaction, the account servicing payment service provider must refund the amount of the unauthorised payment transaction to You. 

Section 8: Our ownership of the Site and the Service

8.1 We are the owner or the licensee of all intellectual property rights in the Service, the Site and in the material published on the Site. All of those works are protected by copyright and other intellectual property laws and treaties around the world. All rights are reserved to the relevant owner or licensee of those works.

Section 9: Disclaimer of Representations and Warranties

9.1 While we will provide the Service with reasonable care and skill, the content and all services and products associated with the Service or provided through the Site or the Service are provided to you on an “as-is” and “as available” basis.

9.2 Subject to the section below, under ‘service interruptions’, we make no express representations or warranties of any kind as to the content or operation of the Service;

9.2.1 as to the accuracy, reliability or completeness of the content of the Service (except for our aggregation methods); or

9.2.2 that the content that may be available through the Service is free of infection from any viruses or other code or computer programming routines that contain contaminating or destructive properties or that are intended to damage, surreptitiously intercept or expropriate any system, data or personal information.

9.2.3 and expressly disclaim any warranties of non-infringement or fitness for a particular purpose.

Section 10: Service interruptions 

10.1 We are only responsible to you for reasonable and foreseeable loss and damage caused by us, and are not responsible for damage due to failures by any third party we rely on, including ASPSPs. If we fail to comply with these terms, we are responsible for loss or damage you suffer that is a foreseeable result of our breaking these Terms or our failing to use reasonable care and skill. We are not responsible for any losses that you suffer as a result of our failure to comply with these Terms except those losses which are a foreseeable consequence of the breach. Loss or damage is foreseeable either if it is obvious that it will happen or if, at the time you agreed to these Terms, both we and you knew it might happen.

10.2 We will not be liable nor responsible for any harm, damage or loss to you arising from or relating to hacking, tampering or any unauthorised access to your Account Information, Credentials or other data outside of the Service that we provide. You warrant that you have undertaken all reasonable efforts to ensure and secure your Credentials and Account Information outside of the Service that we provide. Subject to the section below, our liability to you for any cause whatever and regardless of the form of the action, if proven, will at all times be limited. You can read more about our security measures in Annex 2.

10.3 We are not liable to you for any harm, damage or loss to you arising from the acts or omissions of any third parties, including in particular ASPSPs.

10.4 We do not exclude or limit in any way our liability to you where it would be unlawful to do so. This includes liability for death or personal injury caused by our negligence or the negligence of our employees, agents or subcontractors; for fraud or fraudulent misrepresentation; or for breach of your legal rights in relation to the Service.

10.5 We are registered with the Information Commissioner’s Office (“ICO”), the regulator in charge of data protection and privacy under registration number ZA742740.

10.6 Where we become aware of any personal data breaches in relation to the Service and your Credentials where such a breach is likely to result in high risk of adversely affecting your rights and freedoms we will, where feasible report such a breach to the ICO and to you within 72 hours of becoming aware of the breach.

10.7 If you suspect that somebody else has access to your Credentials and is fraudulently using them to access the Service, you must contact us immediately by email to the following address: security@trilo.io

Section 11: About this agreement

11.1 These Terms will apply each time you use our Service.

11.2 We may at any time terminate or withhold your access to all or any part of our Service at any time, effective immediately:

11.2.1 if you have breached any provision of these Terms (or have acted in a manner which clearly shows that you do not intend to, or are unable to comply with the provisions of these Terms); or

11.2.2 if we, in our sole discretion, believe we are required to do so by law (for example, where the provision of the Service to you is, or becomes, unlawful).

Section 12: Changes to these Terms

12.1 Each time you use our Service you will be bound by the Terms in force at that time.

12.2 From time to time, we may change these Terms. If we do this then we will publish those changes on our website and you will be bound by those new terms the next time you use our Service. If you do not agree to those changes you should not use our Service. You can always ask us for the terms of service which were in force when you used the Tool.

Section 13: Who Decides Disputes?

13.1 The courts of England and Wales will have exclusive jurisdiction to settle any disputes arising under or in connection with these Terms.

13.2 These Terms and any dispute or claim arising out of or in connection with them or their subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of England and Wales.

13.3 Should you wish to raise a complaint with us, please review our complaints policy and follow the procedure contained therein. You have the right to raise complaints with the Financial Ombudsman Service, where relevant.

Section 14: Entire Agreement

14.1 These Terms constitute the entire agreement and understanding between the parties in respect of the Service and supersede any previous agreement between the parties relating to such matter. Each of the parties represents and undertakes that in entering these Terms it does not rely on, and shall have no remedy in respect of, any statement, representation, warranty or undertaking (whether negligently or innocently made) of any person (whether party to these Terms or not) other than as expressly set out in these Terms.

14.2 If any provision or part-provision of these Terms is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of these Terms.

14.3 A waiver of any right or remedy under these Terms or by law is only effective if given in writing.

14.4 A failure or delay by either party to exercise any right or remedy provided under these Terms or by law shall not constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict any further exercise of that or any other right or remedy. No single or partial exercise of any right or remedy provided under these Terms or by law shall prevent or restrict the further exercise of that or any other right or remedy.

14.5 All covenants, agreements, representations and warranties made in these Terms shall survive your acceptance of these Terms and the termination of these Terms.

Annex 1 – Account Information

Your Account Information includes, but is not limited to, the following types of financial and personal information:

  • Personal information (also referred to as ‘metadata’): 
  • Full name, 
  • date of birth, 
  • full address(es), 
  • email address,
  • phone number
  • Payment bank account information:
  • Account type (e.g. current, saving, investment, credit card);
  • Account name;
  • IBAN/Account number/Sort code/SWIFT;
  • Currency;
  • Account balance information:
  • Current balance;
  • Available balance (credit cards);
  • Overdraft balance;
  • Interest rate;
  • Payment due date (credit cards);
  • Next closing date (credit cards);
  • Minimum payment due (credit cards);
  • Information on transactions:
  • Time;
  • Description;
  • Amount; and
  • Payment Metadata (arbitrary data that banks associate with a transaction e.g. category).

If you have any questions about your Account Information or how it is used, please see our Privacy Policy at the following link https:/trilo.io/privacy or contact us by email at support@trilo.io

Annex 2 – Security

  • Data encrypted in transit using SSL encryption with certificates issued by Amazon
  • Data encrypted at rest using AWS KMS or equivalent
  • All services provided by AWS used by Trilo are SOC3 compliant
  • Shared Responsibility model - AWS is responsible for security of hardware, infrastructure, etc. Trilo  is responsible for service configuration
  • We comply with ‘best practices’ as recommended by AWS within the ‘Well-Architected’ framework, such as:
  • Trilo staff use MFA security for logging into their AWS console accounts
  • Staff access permissions are based on the least access principle
  • Tracing and logs audit staff’s actions in the Trilo AWS system 
  • Developer access keys are rotated regularly


Trilo’s Privacy Policy

Version 1: October 2020

1. Our Privacy Policy

1.1. At Trilo, we are committed to respecting and protecting your privacy. This Privacy Policy sets out the type of information we collect from you and what we do with that information. The terms set out should be read together with our Terms.

1.2. By using the service offered by Trilo you confirm that you accept the terms of this Privacy Policy and that you agree to be bound by them in your use of the service. If you do not agree, please do not use the service.

2. Data Controller (Or Owner)

2.1. For the purposes of this Privacy Policy, the Data Controller is Trilo Group Ltd (“Trilo”, the “service” or “us”) of Bath House Bath Street, Redcliffe, Bristol, England, BS1 6HL (company number 11684530), authorised by the Financial Conduct Authority under the Payment Services Regulations 2017 (SI 2017/752) (Firm Reference Number: 919295) with permission to carry on account information services and payment initiation services.  

2.2. We are also registered with the Information Commissioner under registration number: ZA742740.

2.3. You may contact us at: privacy@trilo.io


3. 1. Data Processor

3.1. Amazon Web Services (AWS). AWS is an appointed Data Processor by Trilo. AWS provides the processing service of the Data collected through the use of the service. The processing of Data is carried out in respect of AWS Security Standards at all times. If personal data is transferred outside of the EEA, we always require that appropriate safeguards are in place to protect the information when it is processed.

3.2. Additionally, the Data may be accessible to certain types of persons in charge, involved with the operation of the service (administration, sales, marketing, legal, system administration) or external parties (such as third party technical service providers if we decide to use any in the future, mail carriers, hosting providers, IT companies, communications agencies). The updated list of these parties may be requested from the Data Controller at any time.


4. Personal Data You Give Us

4.1. Trilo collects the information you provide when you: correspond with us; fill in any forms;  register to use the Trilo service; take part in online promotions; open an account or use any of our services; enter a competition; speak with a member of our customer support team; or contact us for other reasons.

4.2. Trilo will, by itself or through third parties, collect the following information: your name, address, and date of birth; your username, password and other registration information; your email address, phone number and details of the device you use (for example, your phone, computer or tablet); details of your bank account, including the account number, sort code and IBAN; records of our discussions, if you contact us or we contact you; and identification documents should they be needed (such as your passport or driving licence number), copies of any documents you have provided for identification purposes if required, and any other information you provide to prove you are eligible to use our services.

4.3 Other types of Personal Data collected may be described in other sections of this Privacy Policy.

4.4 Failure to provide Personal Data may make it impossible for Trilo to provide its Service.


5. Information We Collect From Other Sources

5.1. If you have location services in the Trilo service switched on, we track your location using GPS technology and your IP address. This information may be used to improve and personalise our service.

5.2. Whenever you use our website or the Trilo service, we collect the following information: information about your visit, including the links you have clicked on, through and from our site (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling and clicks), and methods used to browse away from the page; technical information, including the internet protocol (IP) address used to connect your computer to the internet, your log-in information, the browser type and version, the time-zone setting, the operating system and platform, the type of device you use, a unique device identifier (for example, your device identifier, number, or the mobile phone number used by the device), mobile network information, your mobile operating system, the type of mobile browser you use and so on. The Trilo service will regularly collect this information in order to stay up to date. 

5.3. We may collect information from third parties, such as credit reference agencies, fraud-prevention agencies and partners who help us to provide our services. This includes your credit record, information to help us check your identity, and information relating to your transactions.

5.4. In cases where, in order to provide our service, personal data is to be collected from third parties who can be considered as autonomous data controllers, such as, for instance, likes on Facebook, Instagram or Twitter put by the Users, we guarantee to process this data exclusively for the fulfilment of contractual obligations related to our service.

6. Bank Account and Financial Details

6.1. The Service requires the processing in read only mode of your bank account details and financial data such as your transaction history and balance by Trilo. 


7. Fraud Monitoring, Account Monitoring, and Transaction Monitoring

7.1. Depending on your use of the service, we may also use your data to make certain automated decisions; this is called automated decision-making. We may use your personal data, including financial transaction data, to make automated decisions on the likelihood of you committing fraud on our platform. As a result of this automated decision making we may suspend your use of the services, either temporarily or permanently. You agree and acknowledge that you have understood this, and by accepting this Privacy Policy you agree and confirm that you give your explicit consent  for this automated decision making to happen. 

7.2. If you have been affected by the automated decision making, you may request human intervention or challenge the decision of the algorithm which results in the automated decision making by sending an email to privacy@trilo.io  with the words ‘automated decision making’ in the subject. 

7.3. In addition to this we will use your personal information to help prevent fraud in a more general manner, by: trying to stop you from becoming a victim of fraud; confirming you are eligible to use our services; and complying with financial crime laws. The data we will use for these purposes comes from the information you have provided us, the information from your device, and/or the information from third parties. Our legal basis for this activity is in complying with our legal obligations, complying with agreements between you and us, and/or legitimate interests (to develop and improve how we deal with financial crime and meet our legal responsibilities). 

8. Other Uses of The Data Collected 

8.1 The Data we collect from Users are also used for the following purposes:


Analytics. The services described in this section allow the Data Controller to control and analyse traffic data. The services also allow the tracking of the User’s behavior.

Amplitude is an analytics service provided by Amplitude, Inc.

Data collected: different types of Personal Data, such as Usage Data, as specified in the Privacy Policy of Google.

Privacy Policy


Advertising. This type of services allows User Data to be utilised for advertising communication purposes displayed in the form of banners and other advertisements on this service, possibly based on User interests.

AdWords is a remarketing and behavioral targeting tool to advertise across websites provided by Google, Inc. 

Collected Data: Usage Data and various types of Data, as specified in AdWords’ Privacy Policy


Facebook Conversion is a tracking tool for ads on the social network Facebook provided by Facebook, Inc. 

Collected Data: Usage Data and various types of Data as specified in Facebook’s Privacy Policy

9. Mode and Place Of Processing Data

9.1. Security Measures

9.1.1 Trilo processes Users’ Personal Data in a proper manner and shall adopt appropriate security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of the Data. Even where all precautions are adopted we cannot guarantee complete security in all events.

9.1.2. The Data processing is carried out using computers and/or IT enabled tools, following organisational procedures and modes strictly related to the purposes indicated.

9.2. Place of processing

9.2.1. The Data is processed at the Data Controller's operating offices and where the Data Processor’s operating offices or other parties involved with the processing are located. If we transfer personal data outside of the EEA, we always require that appropriate safeguards are in place to protect the information when it is processed. 

9.3. Retention time

9.3.1. The Data is kept strictly for the time necessary to provide the service requested by the User, or stated by the purposes outlined in this Privacy Policy.

9.3.2 The User may always request that the Data Controller suspend or remove the Data.

10. Data Transfer

10.1. The User consents to the transfer of the collected Data through the Service in the event of rearrangement, merger, sale, joint venture, transfer or any other arrangement method of the whole or part of the Company, of its goods and shares, according to the purpose and the limits of this document.

11. Legal Action

11.1. Your Personal Data may be used for legal purposes by the Data Controller, in Court or in the stages leading to possible legal action arising from improper use of this service or related services.

11.2. You acknowledge to be aware that the Data Controller may be required to reveal personal data upon request of public authorities.

12. Rights of Users

You have the right, at any time, to:

12.1. Know whether your Personal Data has been stored and may consult the Data Controller to learn about their contents and origin (right of access);

12.2. Verify your Personal Data accuracy or ask for them to be supplemented, updated or corrected (right to rectification);

12.3. Request the erasure of your Personal Data or their transformation into anonymous format (right to erasure);

12.4. Request the restriction of processing of your Personal Data for any and all legitimate reasons (right to restriction of processing);

12.5. Receive your Personal Data in a structured, commonly used and machine-readable format and to transmit those data to another controller (right to data portability);

12.6. Withdraw the consent to the processing of your Personal Data at any time, without prejudice to the lawfulness of the processing based on consent before its withdrawal;

12.7. Object to the direct marketing activities carried out by Trilo, including any segmentation for marketing purposes.

Requests should be sent to the Data Controller at: privacy@trilo.io

13. Changes To The Privacy Policy 

13.1 The Data Controller reserves the right to change this Privacy Policy at any time by giving notice to its Users through this page. It is recommended, therefore, to check this page often and refer to the latest update date at the bottom of the page. If a User objects to all or any of the changes to the Policy, you must cease using the service and may request that the Data Controller remove your Personal Data. Unless stated otherwise, the then-current Privacy Policy applies to all your Personal Data processed by the Data Controller at the time.



Any information regarding a natural person, which is, or may be, identified or identifiable, even indirectly, by reference to any other information, including a personal identification number.


Information collected automatically from this service (or Third Party services employed in this service), which may include: IP addresses or domain names of the computers used by the Users, URI addresses (Uniform Resource Identifier), time of the request, method of request submission to the server, size of the file received in response, numerical code indicating the status of the server's answer (successful outcome, error, etc.), Country of origin, features of the browser and the operating system utilised by the User, various time details per visit (e.g., time spent on each page within the service) and details about the process followed within the service, specifically the visited pages sequence and other parameters about the device operating system and/or the User's IT environment.


The natural person, legal person, public administration or any other body, association or organisation, also jointly with another Data Controller, having the right to make decisions regarding the purposes and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of this service. The Data Controller, unless otherwise specified, is the Owner of this service.


The individual using this service, which must coincide with or be authorised by the Data Subject, to whom the Personal Data refers.


The natural person, legal person, public administration or any other body, association or organisation authorised by the Data Controller to process the Personal Data in compliance with this Privacy Policy.

Trilo's merchant agreement

Version 1: May 2021

Here is a simple summary of the agreement below. For regulatory reasons please read the full agreement, but for ease we’re summarising it here.


We charge 20p per active user per month. Billed monthly. Invoices are settled through a Trilo payment using Open Banking.

When your customer pays, their money moves directly from their bank account to yours with Faster Payments.

Trilo is Authorised and Regulated by the FCA as a PISP and AISP.

Trilo Boost

Every time your customer pays you with Trilo you agree to give them a Boost.

The Boost that you give your customers is what you specified when creating your account. You can find out what this is by checking your account, or getting in touch with the team.


We currently do not support refunds on Trilo but we’re working hard to launch these in the coming months!

Some banks may charge us for sending refunds. Once refunds are available, we’ll simply pass on any of these costs to you. We anticipate this will be 20p per refund and we’ll try to reduce this in the future.

Our promise

You’ll be able to reach us via slack or email at any time during standard business hours. Outside these hours you’ll be able to reach us via slack and email, although we may take a little longer to respond.

If something isn’t right with the network, let us know straight away, and we can fix it as soon as possible.

Below you can find the full agreement

Section 1: Definitions 

  • "Agreement" means this agreement and includes the schedules to it (and the schedules shall be treated for all purposes as forming part of this agreement).
  • "API" means the application programming interface provided by Trilo for the purposes of enabling the Service to be integrated into and accessed by End Users via the Customer Technology.
  • "Applicable Law" means any and all:
  • ~~(i) legislation 
  • ~~(ii) regulatory rules, guidance and licence conditions relating to either party or otherwise as issued by an Authority;
  • ~~(iii) judgments, resolutions, decisions, orders, notices or demands of a competent court, tribunal, regulatory body or governmental authority in each case having the force of binding law or by which either party is bound; and
  • ~~(iv) industry guidelines or codes of conduct which are mandatory
  • "Applicable Anti-Bribery Laws" means, in relation to a party, any applicable law, rule, regulation or other legally binding measure relating to the prevention of bribery, corruption, fraud or similar or related activities, including the Bribery Act 2010 of the United Kingdom.
  • "Business Day" means any day (other than a Saturday or Sunday) on which banks are open for general business in London.
  • “Confidential Information” means all information which by its very nature may fairly be considered confidential and is disclosed or obtained prior to or in connection with or as a result of performing the Agreement.
  • “Customer” means the party receiving the Services from Trilo under this Agreement
  • "Customer Technology" means the Customer’s website, mobile application, or other such tool(s) used to engage with End Users.
  • "Data Protection Legislation" means all Applicable Laws relating to the processing of personal data and privacy.
  • "End User" means an individual who wishes to obtain services from the Customer and who has agreed to the End User Agreement with Trilo.
  • "End User Trilo Boost" means the reward amount which the End User has accumulated by using Trilo.
  • "End User Agreement" means the terms of service which End Users are required to agree to between the End User and Trilo before using the Service and which set out the terms on which the End User may use the Service, as updated from time to time.
  • “Insolvency Event” means in respect of either party:
  • ~~other than for the purposes of a bona fide reconstruction or amalgamation, such party passing a resolution for its winding up, or a court of competent jurisdiction making an order for it to be wound up or dissolved, or that party being otherwise dissolved; or
  • ~~the appointment of an administrator of, or the making of an administration order in relation to either party, or the appointment of a receiver or administrative receiver of, or an encumbrancer taking possession of or selling the whole or any part of that party’s undertaking, assets, rights or revenue; or
  • ~~that party entering into an arrangement, compromise or composition in satisfaction of its debts with its credits or any class of them, or taking steps to obtain a moratorium, or making an application to a court of competent jurisdiction for protection from its creditors; or
  • ~~that party being unable to pay its debts, or being capable of being deemed unable to pay its debts, within the meaning of section 123 of the Insolvency Act 1986; or
  • ~~that party entering into any arrangement, compromise, or composition in satisfaction of its debts with its creditors; or
  • ~~anything analogous thereto in any other jurisdiction.
  • "Intellectual Property Rights" means all patents, rights to inventions, utility models, copyright and related rights, trademarks, service marks, trade, business and domain names, rights in trade dress or get-up, rights in goodwill or to sue for passing off, unfair competition rights, rights in designs, rights in computer software, database rights, topography rights, moral rights, rights in confidential information (including know-how and trade secrets) and any other intellectual property rights, in each case whether registered or unregistered and including all applications for and renewals or extensions of such rights, and all similar or equivalent rights or forms of protection in any part of the world.
  • “Payment Initiation Services” has the meaning given to it in regulation 2(1) of the Payment Services Regulations;
  • “Payment Service Provider” has the meaning given to it in regulation 2(1) of the Payment Services Regulations;
  • “Payment Services Regulations” means the Payment Services Regulations 2017 (SI 2017/752);
  • "Personal Data" has the meaning given in Data Protection Legislation.
  • “Trilo Brand Wording” means the following text ‘Pay with Trilo, get a Boost’, or any wording as agreed from time to time between the Parties..
  • "Trilo Mark" means the mark of Trilo set out in Schedule 1.

Section 2: Trilo Group Limited

2.1 Trilo Group Limited is a company registered in England and Wales (company number 11684530) and our registered office is at Bath House Bath Street, Redcliffe, Bristol, England, BS1 6HL. We are authorised by the Financial Conduct Authority under the Payment Services Regulations 2017 (SI 2017/752) (Firm Reference Number: 919295) with permission to carry on account information services and payment initiation services.  (“Trilo”, “we”, “us”, “our”).

2.2 Services we provide

  • Trilo provides a service which allows End Users to make payments directly to the Customer via Payment Initiation Services (the "Service");
  • The Customer wishes to make the Service accessible to End Users through the Customer Technology.
  • This Agreement shall govern Trilo’s provision to the Customer of the Service.

Section 3: Trilo’s Obligations

3.1 Subject to the Customer’s compliance at all times with the terms of this Agreement, Trilo hereby grants to the Customer a limited licence (the “Licence”) for the Term:

      3.1.1 To use the Service; and

      3.1.2 To, with Trilo’s prior written consent and subject to clause 8, include the Trilo Mark on the Customer Technology.

3.2 Trilo shall use all reasonable endeavours to make the Service available to End Users. 

3.3 Subject to clauses 3.1 and 3.2, Trilo does not give any warranties, conditions, guarantees or other commitments to the Customer in respect of the Service.

Section 4: Customer Obligations

4.1 The Customer shall:

      4.1.1 provide Trilo with all necessary cooperation in relation to this Agreement and the performance of Trilo Obligations;

      4.1.2 comply with all Applicable Laws with respect to its activities under this Agreement;

      4.1.3 Provide a professional brand logo in the Customer’s branding, to display on the Trilo platform, with the permission of the Customer.

4.2 The Customer shall not, and shall not permit any person to:

      4.2.1 do anything with the Service or API which is not allowed for in this Agreement;

      4.2.2 remove any Trilo IP from the Service or the API;

      4.2.3 except as expressly permitted in this Agreement, use the Service and/or API to provide services to third parties; 

      4.2.4 do anything which may tarnish the reputation of Trilo.

4.3 The Customer agrees to cooperate with Trilo in the investigation of any alleged breach of the Consumer Rights Act 2015. 

Section 5: Conditions of Use

5.1 The Customer acknowledges that each End User’s use of the Service is subject to the End User’s agreement to the End User Agreement, and the End User providing correct credentials.

 5.2 Trilo reserves the right to suspend the Customer’s access to the Services, and/or to terminate this Agreement.

Section 6: Access and Security

6.1 The Customer:

     6.1.1 shall not access or attempt to access any part or parts of the Service and/or API to which it has not been granted access to by Trilo;

      6.1.2 shall not share with any third party the Customer's credentials.

Section 7: Pricing

7.1 The Customer shall pay to Trilo a fixed fee of £0.20 per active end user per month, payable every calendar month.

7.2 The fees shall be payable in Pounds Sterling (GBP). 

7.3 Trilo may withhold or suspend the Service if the Customer has not paid its fees by the due date. 

7.4 The Customer agrees to settle its accounts within 30 days of any payment being due.

Section 8: End User Trilo Boost

8.1 The Trilo Boost can be found in schedule 2, and the Customer may only vary this with the prior approval of Trilo.

8.2 The Customer shall always display the Trilo Brand Wording to their customers whilst they accept Trilo as a payment method. 

Section 9: Refunds

9.1 Trilo supports refunds through Open Banking using the Trilo APIs. Please note, not all business accounts are currently supported. Please get in touch at support@trilo.io for an updated list of the business accounts which we support.

9.2 Trilo offers two methods of refunds:

      9.2.1 Singular refund settlement whereby the Customer may refund an End-User on a single per transaction basis without incurring a charge; and

      9.2.2 Batch refund settlement whereby the Customer may refund multiple End-Users in one settlement whilst incurring a £0.20 charge per refund.

9.3 Trilo is not responsible for refunds made outside the Open Banking system and its APIs.

Section 10: Intellectual Property Rights

10.1 All Intellectual Property Rights belonging to a Party prior to execution of this Agreement shall remain vested in that Party and neither Party shall acquire by reason of this Agreement or otherwise any rights in the other’s Intellectual Property Rights.

10.2 Either Party may not use any of the other party’s Intellectual Property or Marks unless it has received prior written consent from the other Party.

10.3 Neither Party shall be entitled to sub-license the rights granted under this clause without the prior written consent of the other Party.

10.4 Should the Parties decide to jointly develop any product, document, service, function, concept or any other item in connection with this Agreement which shall give rise to new Intellectual Property Rights, the Parties shall enter into a separate written agreement, or amendment to this Agreement, in order to set out the ownership of such Intellectual Property Rights as between the Parties.

Section 11: Warranties

11.1 Each party warrants at the date of this Agreement that:

      11.1.1 it has full capacity and authority to enter into and perform its obligations under this Agreement;

      11.1.2 this Agreement is executed by a duly authorised representative;

      11.1.3 it is not subject to an Insolvency Event; and

      11.1.4 it has the necessary regulatory consents to enter into this Agreement.

Section 12: Confidential Information 

12.1 Both Parties shall, unless required by law, keep confidential all Confidential Information and only allow employees access to the extent necessary for them to perform their duties in relation to the performance of this Agreement and where employees have an agreement or duty to prohibit disclosure of Confidential Information.

12.2 This clause 12 shall survive termination of this agreement for any reason.

Section 13: Data Protection

13.1 Each party shall comply with its obligations under the Data Protection Legislation.

13.2 The parties acknowledge and agree that in relation to the Personal Data to be shared and processed by the parties pursuant to this Agreement ("Shared End User’s Personal Data") each party acts as a Controller in its own right.

13.3 Trilo confirms all data is processed by it in the United Kingdom.

Section 14: Liability

14.1 Neither party shall be liable to the other (whether in contract, tort (including negligence), misrepresentation, breach of statutory duty (including strict liability) or otherwise arising out of, or in relation to, this Agreement ) for any:

      14.1.1 loss of profits or revenue (whether direct or indirect);

      14.1.2 loss of opportunity or anticipated savings (whether direct or indirect);

      14.1.3 loss of goodwill or reputation (whether direct or indirect);

      14.1.4 loss or corruption of data (whether direct or indirect); or

      14.1.5 special, indirect or consequential loss or damage,

     14.1.6 suffered by that other party.

14.2 Trilo's maximum aggregate liability to the Customer under or in connection with this Agreement shall not exceed in any Year the greater of: (i) £50,000 (fifty thousand pounds); or (ii) the total Fees paid or payable by the Customer to Trilo in that Year.

14.3 The Customer shall indemnify Trilo against all losses, liabilities, costs, claims, and damages suffered and/or incurred by Trilo arising out of or in connection with any breach by the Customer of this Agreement.

14.4 As under The Payment Services Regulations 2017 section 76(5) “Payment service provider’s liability for unauthorised payment transactions” the Customer agrees that unless Trilo is found to be responsible for an unauthorised payment transaction, the account servicing payment service provider must refund the amount of the unauthorised payment transaction to the End User. 

Section 15: Anti Bribery

15.1 Each party shall during the Term comply with all Applicable Anti-Bribery Laws.

Section 16: Notices

16.1 Any notice required to be given under this Agreement shall be in writing via email to either signatory of the parties and shall be deemed to have been delivered 24 hours after being sent, excluding weekends. 

Section 17: Term and Termination

17.1 The Agreement shall remain in force until terminated.

17.2 Either Party may terminate this Agreement by giving the other Party 30 days Notice of termination.

17.3 Either party may terminate this Agreement with immediate effect by giving notice to the other party if the other party:

      17.3.1 materially breaches this Agreement if such breach is not capable of remedy or, where such breach is capable of remedy, where that party fails to remedy the breach within fourteen (14) Business Days of being notified of the breach in writing; or

      17.3.2 is subject to an Insolvency Event.

Section 18: Force Majure

18.1 Neither party shall be liable for any failure to perform or delay in performance of any of its obligations under this Agreement caused by circumstances beyond the reasonable control of that party, including but not limited to adverse weather conditions, natural disasters, fires, floods, explosions, earthquakes, nuclear disasters, insurrection, riots, acts of terrorism, war, and acts of Government  (a “Force Majeure Event”).

18.2 In the event of a Force Majeure Event, the affected party's performance under this Agreement shall be suspended for the period that the Force Majeure Event continues and the party will have a reasonable extension of time for performance of its obligations in the circumstances.

18.3 If the Force Majeure Event continues for more than thirty (30) consecutive days, the unaffected party may terminate this Agreement with immediate effect.

Section 19: Waivers

19.1 No failure by a Party to exercise, nor any delay by a Party in exercising, any right or remedy under this Agreement shall operate as a waiver, nor shall any single or partial exercise of any right or remedy prevent any other or further exercise of any other right. The rights and remedies provided in this Agreement are cumulative and not exclusive of any remedies provided by law.


Section 20: Severance

20.1 If any provision or part-provision of this Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of this Agreement.

Section 21: Transfers of Rights and Obligations

21.1 The Customer may not assign, novate, dispose or otherwise transfer this Agreement or any rights or obligations under this Agreement to any third party or otherwise deal with this Agreement without the prior written consent of Trilo.

Section 22: Entire Agreement

22.1 This Agreement (including all schedules and any other documents referred to herein) constitutes the entire agreement between the Parties with respect to the subject matter hereof and supersedes any prior understandings, agreements, or representations by or between the parties, written or oral, to the extent they relate in any way to the subject matter hereof.

Section 23: Third Party Rights

23.1 The parties to this agreement do not intend that any term of this agreement should be enforceable, by virtue of the Contracts (Rights of Third Parties) Act 1999, by any person who is not a party to this agreement.


Section 24: No Partnership

24.1 Nothing in this Agreement and no action taken by Customer or Trilo under this Agreement shall constitute a partnership, association, joint venture or other co-operative entity between Customer and Trilo.


Section 25: Governing Law and Jurisdiction

25.1 This Agreement shall be governed by and construed in accordance with English law. The parties irrevocably agree that the English courts shall have exclusive jurisdiction to settle any dispute arising out of or in connection with this Agreement.

Schedule 1: Trilo Marks

Trilo’s Logo and Brand Assets can be found here: https://bit.ly/TriloBranding

Schedule 2: Trilo Boost

The Trilo Boost amount is what you specified when creating your account. You can find out what this is by checking your account, or getting in touch with the team.


For anything else, contact us at: legal@trilo.io