Last Updated August 16, 2022
The Services made available on or through this Platform have been made available to You for the specific purpose of Your financial services aggregation. It is not intended to provide You with any nature of certification, guarantee, or warranty. By accessing, browsing, and using this Platform, You agree and acknowledge that You understand this limited and restricted use, and agree that You will not rely on the information and materials contained in this Platform for any purposes except as is intended. You further agree that in all actual matters, You are ultimately responsible for determining Your specific requirements.
You are strictly prohibited from unauthorized use of our systems or this Platform, including but not limited to unauthorized entry into our systems, misuse of passwords, or misuse of any information posted to this Platform.
You acknowledge that we may disclose and transfer any information that You provide through this Platform if we are legally bound to disclose any information due to compulsions under law.
You expressly agree and acknowledge that usage of this Platform may be monitored, tracked, and recorded. As such, You expressly consent to such monitoring, tracking, and recording.
DESCRIPTION OF SERVICE
The Platform provides financial services aggregation and disbursement routing services to You. We provide online self-services that allow You to view and manage your accounts provided by financial institutions and other services including payment initiations, reconciliations, disbursements, the information provided in our Customer Service unit, and other services or features provided in the Platform (“Service”).
However, this Service is not and should not be construed or does not imply the provision of any professional service or advice relating to the legal, financial, or tax implications or any other related matters. This Service is designed to help You easily view your accounts, initiate and arrange payments, and reconcile transactions. Any professional advice or implication should be sought from Your personal advisors, and the Company or Platform shall not be held liable or responsible for the same.
Please note owing to constant business developments, the Company endeavors to improve, upgrade or revise the Services it provides. This is done to provide better and more efficient Services to You. Any such changes, upgrade or revision shall be done at such times and such frequency as determined by the Company in its sole discretion. All such changes shall be updated on this Platform with which You are responsible for being familiar.
Overview of Brankas Direct
Brankas Direct is a fund transfer service that allows You to initiate fund transfers instantly and digitally through our web and mobile applications. Brankas Direct serves as a single point of integration for our Partners through which You can execute fund transfers via various banks with which Brankas is integrated. Brankas Direct allows You to transfer directly using your bank. Brankas Direct likewise does not impose any fees on Your transaction.
The transaction is processed directly from Your source bank account to the beneficiary bank account and at no point does Brankas hold funds. No extra transaction fees are charged for using our Service.
Before accessing Brankas Direct, You will directly interact with Brankas Tap, our front-end interface that allows You to log in with Your bank credentials with Your source bank account. We secure Your credentials through the enforcement of consent-driven authorization backed by strong customer authentication and authorization mechanisms, such as requesting Your OTP and TFA as a part of our flow. At no point are the security measures of your bank circumvented.
Service Fees Charged by Using Brankas Direct
Your use of Brankas Direct may come with the payment of a minimal service fee. Brankas does not set a price for the integration and use of Brankas Direct in our Client’s platform. The fees are negotiated with our Client, and the breakdown of the fees and the amount you will need to pay to the Client’s destination bank account are transparently disclosed before You complete the transaction with our Client.
|Transaction Fee||₱10 per transaction||According to the agreement with our Client|
|Guarantee||No minimum guarantee||According to the agreement with our Client|
3. INFORMATION REQUIRED FROM YOU
In some of our products, upon Your acceptance to be an End-User and avail of services from our Platform, we may request certain basic information for registration. Once You provide us with the details, we may request additional information to provide You with the services. All information You provided will be treated as private and confidential. For further details, section 13 discusses Security and Privacy below.
Personal data relating to credentials, including but not limited to username, passwords, and PINs stored on the Company’s servers or third-party provider’s servers contracted by the Company will only be processed based on Your consent. The Company will request Your consent whenever we use them beyond the stated purposes. We uphold the confidentiality and privacy of Your data.
LINKS TO THIRD-PARTY SITES
As part of availing of the Service, You will provide us with Your personal information to retrieve or collect data or information from third-party websites. Such third-party websites may be maintained by such financial institutions with whom You have an account, bank with, or have created certain liabilities. The Platform does not and cannot assume any responsibility or accuracy for such information or data maintained by such third parties either in terms of accuracy, deletion, non-delivery, or failure to store data, communications, etc. We have made the Service available to You to empower your choice as a financial consumer. For the avoidance of doubt, each agreement entered into by You with such third-party websites maintained by such financial institutions shall be an agreement entered into solely and directly between You and such financial institution/s, with no participation whatsoever by the Company other than by making the Service available to You. By making available and providing the Service to You via the Platform, the Company shall not be construed as being affiliated, connected, or associated with such financial institutions or third parties, nor is the Company claiming that it is an agent or representative of the Company.
The Platform or third parties may provide or contain links to other World Wide Web sites or resources. The responsibility for the operation and content of those websites shall rest solely with the organization identified as controlling the third-party website and will be governed by their separate terms and conditions. Links may be provided for convenience and inclusion thereof does not imply endorsement by the Company in any way of the site to which it links.
Because the Company has no control over such sites and resources, You acknowledge and agree that the Company is not responsible for the availability of such external sites or resources, and does not endorse and is not responsible or liable for any content, advertising, products, or other materials on or available from such sites or resources.
You further acknowledge and agree that the Company shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any such content, goods, or services available on or through any such site or resource.
REGISTRATION AND USE
The Company will send all correspondences, notices, and any other communication to the e-mail address You have furnished. In case You change Your email address, it is Your duty to update or change the same.
The Company shall maintain utmost secrecy and use all the security measures to ensure that the information is not misused by any third party. In the event You become aware of any unauthorized or misuse of Your information You have provided the Company, You are requested to forthwith contact the Company at firstname.lastname@example.org. The Company cannot and will not be liable for any loss or damage arising from Your failure to comply with this clause.
Further, You agree and understand that Your right to access and use the Services offered on this Platform is personal and is not transferable by You to any other person or entity, except to the extent specifically provided below in section 8.
You understand that You are authorized to access and use the Services only for legal and lawful purposes.
You further undertake and state that by using the Service, You are in no way impersonating or misrepresenting any person or entity. All Services availed are for Yourself only. In the event You are representing individual/s, company/ies, third parties, or any entities, You undertake and state that You are authorized to represent such individual/s, company/ies, third parties, or any entities. You shall be solely responsible for the consequences arising out of such acts and the Company shall not be held responsible or liable in any way to any person or entity.
You must duly update any changes in Your registration information.
You further agree that irrespective of whether Your use of our Service and if You propose to use it for commercial purposes, You shall forthwith contact the Company at email@example.com for the pricing structure for commercial usage. Any violation of this clause or unauthorized usage of the solutions will be deemed as a material breach and the Company reserves the right to forthwith terminate your access and use of the Services.
The Company shall provide support to You with regard to the software application and the Services. Brankas has a designated Customer Support Unit to directly receive and address Your feedback, concerns, and complaints.
All support services shall be provided through email wherein You may send an email to the Company detailing the issue to firstname.lastname@example.org. Alternatively, you may submit a ticket with our Support Team at https://brankas.com/ embedded in the lower right corner. After You submit a ticket/concern to the Company, please rest assured that we will evaluate and provide feedback to You within 7-14 working days.
STORAGE, DELETION, OR TRANSPORT OF DATA
The Company states that Your data belongs solely and exclusively to You. As such, You may remove or delete the data so provided, either in full or any portion, at any point in time by notifying the Company of such intent to remove or delete Your data. Said intent to delete Your data, must be in writing addressed to the Company by sending an email to email@example.com or by submitting a ticket in the lower right corner of https://brankas.com.
Upon receipt of Your written request, the Company will promptly address the concern and notify You of the same in compliance with our Customer Compliance Policy. The Company will not retain any copies of such data on our server.
After deletion, the Company warrants that it will no longer be able to access Your deleted material. Any contact, information, or access that the Company had towards such data or material or accounts will cease forthwith. However, certain portions of Your data, which the Company had maintained on its servers, may remain either in backups or in transaction logs. These are maintained only for the specific purpose of backup or to provide the Service to You in the event of any malfunction or damage to our server to ensure continuity of our Service.
The Company may send You communication, notices, or alerts from time to time. These alerts and communication will be automatically sent to You by the Company. In case You have suppressed the receipt, or disabled, or marked alerts or communication, in general, the Company recommends You to revise the same and activate the receipt of alerts to their proper destination. Any communication from our end will be related to the Services and will not involve any marketing or spam mails. Our communication will be sent to the email address You have provided to us.
Any email which is sent by the Platform, its contents, and attachments, if any, are intended solely for the attention of the addressee/s and may also be privileged. If You are not the addressee, You may not copy, forward, or disclose any part of any message received or its attachments and if You receive a message in error, please delete the said message from Your system and notify us immediately.
You agree and acknowledge that internet communications cannot be guaranteed to be secure or error-free. Any information sent via the internet could be intercepted, corrupted, lost, or contain viruses. The Company, therefore, does not accept responsibility for any errors or omissions in messages received by You which may arise as a result of internet transmission.
RIGHTS GRANTED BY YOU
In using our Service, You will provide us with information, data, credential, authorization codes, and other materials and contents, suggestions, ideas, feedback, etc. You are hereby expressly granting us the license and right to utilize the same for and on Your behalf in order to provide the Service.
The Company may or will use such information with the sole purpose of providing You the required Service and not for any other purpose. As such, You also warrant and represent that You are duly authorized to submit or represent the third party on behalf of whom You are providing this information to the Company. Further, You acknowledge and agree that these materials, suggestions, feedback, and information may be utilized without any obligation or restriction on the Company in terms of payment of a fee or any other limitations for marketing, promoting, advertising, or other purposes.
By using the Service, You expressly authorize the Company to access Your accounts maintained by identified third parties on Your behalf. When You use the specified feature of another additional account of the Service, You will be directly connected to the website or application of the third party You have identified. The Company will submit information including usernames and passwords that You provide to access the Platform. You hereby authorize and permit the Company to use information submitted by You for the Service (such as account passwords and usernames) to accomplish the foregoing and to configure the Service so that it is compatible with the third-party sites for which You submit Your information.
The Company also collates information about the use of the Services by You including the banks or financial institutions with whom You transact and use the same for statistical data.
You acknowledge and agree that this Platform and any necessary software used in connection with the Platform contain proprietary and confidential information that is protected by applicable intellectual property and other laws. You further acknowledge and agree that any content or software on this Platform, including its “look and feel” (e.g., text, graphics, images, logos, and button icons), photographs, editorial content, notices, software (including HTML-based computer programs) and other material is protected by national and international laws relating to copyrights, trademarks, service marks, patents or other proprietary rights. Except as expressly authorized by the Company, You agree not to modify, rent, lease, loan, sell, distribute or create derivative works based on this Platform, the Services offered thereto, or any software thereto, in whole or in part.
You acknowledge that the entire Platform and its contents including the software are owned by or duly licensed to the Company and are protected by the intellectual property laws in the country where Brankas operates and under international treaty provisions. All trademarks, service marks, and logos used and displayed on this Platform are registered to and/or owned by their respective owners. Nothing on this Platform should be construed as granting, by implication, estoppel, or otherwise, any license or right to use any of the trademarks, service marks, and logos displayed on the Platform, without the prior written consent and permission of the Company or the respective owners.
You may download or print a copy of information provided on this Platform for Your personal, internal, and non-commercial use only. Any distribution, reprint, or electronic reproduction of any content from this Platform in whole or in part for any other purpose is expressly and explicitly prohibited without our prior written consent.
You agree NOT to do the following:
- upload, post, email, transmit or otherwise make available any content that is unlawful, harmful, threatening, abusive, harassing, tortuous, defamatory, vulgar, obscene, libelous, invasive of another’s privacy, hateful, or racially, ethnically or otherwise objectionable;
- impersonate any person or entity, including, but not limited to, officials, directors, employees, agents, authorized representatives, forum leaders, guides or hosts, or falsely state or otherwise misrepresent any information or accounts;
- forge headers or otherwise manipulate identifiers in order to disguise the origin of any content or material transmitted or provided through the Platform;
- collect or store personal data about other users;
- interfere with or disrupt the Platform or servers or networks connected to the Platform, or disobey any requirements, procedures, policies or regulations of networks connected to the Platform;
- intentionally or unintentionally violate any applicable local, state, national or international law;
- upload, post, email, transmit or otherwise make available any material that contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment;
- upload, post, email, transmit or otherwise make available any unsolicited or unauthorized advertising, promotional materials, “junk mail,” “spam,” “chain letters,” “pyramid schemes,” or any other form of solicitation, except in those specific areas that may be designated for such purpose of posting such mails or messages either by the Platform or the Company;
- use any robot, spider, scraper, deep link or other similar automated data gathering or extraction tools, program, algorithm or methodology to access, acquire, copy or monitor this Platform, either in whole or part;
- use or attempt to use any engine, software, tool, agent, or other device or mechanism (including without limitation browsers, spiders, robots, avatars or intelligent agents) to navigate or search this Platform, other than the search engines and search agents available through the Service and other than generally available third-party web browsers;
- attempt to decipher, decompile, disassemble, or reverse-engineer any of the software comprising or in any way making up a part of this Platform or the Service;
- post or transmit any message, data, image or program that would violate the property rights of others, including unauthorized copyrighted text, images or programs, trade secrets or other confidential proprietary information, and trademarks or service marks used in an infringing fashion; and
- interfere with other users’ use of the Service, including, without limitation, disrupting the normal flow of dialogue in an interactive area of this Platform, deleting or revising any content posted by another person or entity, or taking any action that imposes a disproportionate burden on the Service infrastructure or that negatively affects the availability of the Service to others.
SECURITY AND PRIVACY
We set out below the risks of using Brankas Direct and the relevant security measures applied.
Risks of using Brankas Direct
We outline the risks of your use of Brankas Direct, as well as provide a brief overview of how we address such risks:
- When You provide your log-in credentials, Brankas Direct may, in the absence of bank-managed APIs made available to the Company, automate Your log-in process through its use of robotic processing automation (RPA) in connecting with Your source bank account to the beneficiary bank account. Your credentials are safe since we employ data encryption to secure all communications between Your source bank account and our internal services across all Brankas systems. Likewise, we enforce a strict policy not to store Your Personal Data our systems. If storing sensitive end-user information is required by our Client to enable a certain function, Brankas hashes (using SHA256 with salts) the information to enable the functionality and only cache the information until the relevant process is completed. Further, we mask sensitive data on both persistence and presentation layers.
- Brankas provides a system that can be used by our Partner, in completing its transaction with You, to receive and forward funds transfer transactions from your source bank account to the destination bank account registered by our Client. In this regard, if there are problems in the process of transferring funds, which problems are not within the control of Brankas, but are on the side of the bank, then such problems are to be addressed by the bank. This is because all of the transactions You conduct using Brankas Direct remain to be between the bank and You, and we do not have access to your bank account or the bank’s internal systems For instance, the bank is in control in the event of a pending fund transfer transaction, either because the funds in your source bank account are insufficient or the bank system is under maintenance. If the fund transfer transaction is pending due to Brankas’ internal systems or operations, the transaction cannot be executed and the funds will not be deducted from your source bank account.
- You are obliged to ensure the security of your source bank account from unwanted factors, including but not limited to access by unauthorized parties. Brankas is not responsible in the event of a hack on your source bank account not connected to the transaction unless it is legally proved to be caused by Brankas. Brankas always implements the necessary steps to maintain the security of Brankas Services and Systems.
- Brankas can take actions required on the accounts and/or transactions, including but not limited to reviewing, blocking, and rejecting, in accordance with applicable laws and regulations.
- If the bank identifies a transaction as a high-risk or suspicious transaction, the bank and/or Brankas take the necessary actions in accordance with the provisions of the legislation, particularly in the provisions of Anti-Money Laundering and Counter-Terrorism Financing (AML and CFT).
Security Measures Applied to Brankas Direct
Apart from the ways by which we manage the risks for your use of Brankas Direct, we also implement the following security measures to ensure your safety and protection:
HTTPS / TLS
All unencrypted connections from third parties are rejected by Brankas. All external connections to our internal systems are encrypted and authenticated using TLS 1.2, ECDHE_RSA with X25519, and AES_256_GCM.
Our product development processes always pay attention to our code quality and the security of our product. In the same way, our external-facing services built for Clients have full support for authentication and strong password requirement, audit logging, and role-based access control. Our entire product delivery process and security aspects are constantly implemented and reviewed to ensure that Clients and End-User can trust using our Services.
All external-facing Brankas Services enforce Client authentication and authorization processes as part of our API specifications. Clients need to properly include their Brankas assigned authorization credentials as part of their request so that Brankas can ensure the authenticity of the caller for every transaction.
Containerization refers to the packaging of software code with just the operating system (OS) libraries and dependencies required to run the code to create a single lightweight executable—called a container—that runs consistently on any infrastructure.
Containerization provides not only operational benefits but eventually leads to improved security. Containerization offers a smaller surface to protect. The service can be more easily isolated when it is being compromised.
Brankas servers are containerized using and deployed to Google Cloud Platform (GCP). Your sensitive information, such as OAuth2 tokens, will be likewise stored and encrypted using AES256-GCM in GCP’s encrypted database.
No User-identifiable Logging & Storing policy
Once Your sensitive information is received, such as Your log-in credentials or bank account details, Brankas enforces a strict policy not to store them in our systems. If storing sensitive information is required to enable a certain function (such as the detection of concurrent logins to a bank’s online banking system), Brankas hashes (using SHA256 with salts) Your information to enable the functionality and only caches Your information until the relevant process is completed.
If sensitive information needs to be shown to You, such as bank account numbers, these are masked both on persistence and presentation layers.
Secure End-User Authentication and Authorization Environment
Brankas applies cutting-edge technology to ensure that no one else, including our Partners via which You are accessing the Brankas service, will not be able to view your banking information, including payment-related data.
This technology includes the following security features:
- Direct to Bank Integrations
The Brankas Tap facilitates Your interactions with Your source select bank account with the digital services of Your choice. Brankas Tap prevents any intervention from third parties by avoiding any touchpoints for potential data compromise or abuse.
- CSRF Tokens
Brankas Tap employs CSRF tokens to ensure that third parties cannot insert themselves into the Brankas Direct authentication and authorization flow, protecting the direct data exchange between You and Your bank.
- Secure Session Cookies
Brankas Tap additionally uses session cookies to ensure the uniqueness of Your access securing the session against potential attacks such as session hijacking.
- Scoped Permissions
All access to Brankas services are scoped, limiting access to Your bank account and digital banking services based on the approved scopes assigned to third party applications, ensuring that only the relevant data and operations required by Your approved processes are accessed and used by Brankas services.
- Direct to Bank Integrations
SECURITY OF INFORMATION
We work to protect the security of Your information during transmission by using Secure Sockets Layer/Transport Layer Security (SSL/TLS) software, which encrypts information You input and we encrypt data at rest under the 256-bit Advanced Encryption Standard. We constantly re-evaluate our privacy and security policies and adapt them as necessary to deal with new challenges. We do not and will not sell or rent Your personal information to anyone, for any reason, at any time, unless it is in (i) in response to a valid legal request by a law enforcement officer or government agency; (ii) when You have explicitly given Your consent; or (iii) utilize the same for some statistical or other representation without disclosing personal data.
We only reveal those numbers of Your account as required to enable us to access and provide You the required Services relating to Your accounts.
We make every effort to allow You to retain the anonymity of Your personal identity and You are free to choose an email address and password that will keep Your personal identity anonymous. Access to Your registration information and Your personal financial data is strictly restricted to those of our Company employees and contractors, strictly on a need-to-know basis, to operate, develop or improve the Service. These employees or contractors may be subject to discipline, including termination and criminal prosecution if they fail to meet these obligations.
It is important for You to protect against unauthorized access to Your password and Your computer. Be sure to sign off when finished, especially when using a shared computer.
The content and all Service associated with this Platform or provided through the Service are provided to You on an “as-is” and “as available” basis. The Company makes no representations or warranties of any kind, express or implied, as to the content or operation of this Platform or of the Service. You expressly agree that Your use of the Service is at Your sole risk.
The Company makes no representations, warranties, or guarantees, express or implied, regarding (i) the accuracy, reliability, or completeness of the content on this Platform; or (ii) of the Service. The Company expressly disclaims any warranties of non-infringement or fitness for a particular purpose. The Company engages and employs the best methods to safeguard and protect against viruses, infection, etc. However, despite such best efforts, the Company makes no representation, warranty, or guarantee that the content that may be available through the Service is free of infection from any viruses or other code or computer programming routines that contain contaminating or destructive properties or that are intended to damage, surreptitiously intercept or expropriate any system, data or personal information.
LIMITATION OF LIABILITY
All of the information provided by the Company is for informational purposes only and the Company will not be liable for its availability, accuracy, and usefulness. Thus, the Company shall in no event be responsible or liable to You or to any third party, whether in contract, warranty, tort (including negligence) or otherwise, for any indirect, special, incidental, consequential, exemplary, liquidated, or punitive damages, including but not limited to loss of profit, revenue or business, business interruption, loss of programs or information, loss of savings, or any other damages arising, in any way, shape or form, out of the availability, use, reliance on, or inability to utilize the Service arising in whole or in part from Your access to this Platform or Your use of the Service, even if the Company has been advised of the possibility of such damages.