Version 1.0 · Effective from the date first accessed · Last updated today

Acceptable Use & Legal Notice

This document is the binding agreement between you and LINK4TECH governing your use of the Kykeon API documentation portal (the "Portal") and, where applicable, the underlying Kykeon Payment Processing API (the "API"). By clicking Accept & continue, or by otherwise accessing the Portal or API, you confirm that you have read, understood, and agree to be bound by every clause below. If you do not agree, do not use the Portal or API.

1 Acceptance & Scope

This Portal documents a production-grade payment processing API used by LINK4TECH merchants, acquirers, issuers, processors, and authorised partners across the European Economic Area (EEA), the United Kingdom, and other jurisdictions where LINK4TECH operates. Accessing this Portal creates a binding legal relationship under the laws described in Section 14.

2 Eligibility

You may use this Portal only if all of the following are true:

• You are at least 18 years old and have the full legal capacity to enter into binding contracts.
• You are an authorised representative of a LINK4TECH customer, partner, acquirer, or candidate for onboarding, or you are an end developer of such an entity.
• You are not resident in, nationally of, or operating from any jurisdiction subject to sanctions administered by the U.S. Office of Foreign Assets Control (OFAC), HM Treasury (UK), the European Union, or the United Nations.
• Your use of the Portal and API complies with all applicable laws, including those listed in Section 5.

3 Acceptable Use

You may use the Portal solely for the following purposes:

• Reading the published API documentation.
• Executing Try it out requests only with LINK4TECH-provisioned sandbox credentials and officially published test card numbers.
• Developing, testing, and operating a bona-fide integration with the Kykeon API under a signed merchant or partner agreement.
• Training authorised engineers, operations personnel, and compliance staff of your organisation.

4 Prohibited Activities

You will not, and you will not permit any third party (including automated agents) to:

• Submit, transmit, or test any real cardholder data (including PAN, CVV, CVC, track data, cryptogram, expiry, or any derivative) that has not been expressly provisioned to you by LINK4TECH for testing.
• Engage in card testing, BIN attacks, enumeration, credential stuffing, or any other form of payment fraud.
• Scrape, crawl, mirror, cache, or otherwise programmatically harvest the Portal beyond what is expressly permitted by /robots.txt.
• Reverse engineer, decompile, disassemble, or attempt to derive source code, trade secrets, or the underlying architecture of the Portal or API.
• Evade, attempt to evade, or assist another party in evading rate limits, IP blocks, device fingerprinting, or any other security control.
• Use the API or Portal to process payments on behalf of a third party without explicit written authorisation from LINK4TECH (i.e., aggregation, payment facilitation, or MOR activity outside of a signed agreement).
• Probe, scan, or test the vulnerability of any LINK4TECH system, or breach or attempt to breach any security or authentication measure, without a signed and valid Rules of Engagement.
• Use the Portal or API in any manner that could damage, disable, overburden, or impair LINK4TECH infrastructure, including denial-of-service attacks.
• Transmit unsolicited commercial communications, malware, or any content infringing intellectual-property, publicity, or privacy rights.
• Use the API to launder money, finance terrorism, evade taxes or sanctions, or facilitate any activity prohibited by applicable anti-money-laundering (AML), counter-terrorist-financing (CTF), or sanctions regime.
• Share, sell, or otherwise transfer your access credentials (API key, OAuth client, session cookie, MFA seed) to any other person or system.
• Misrepresent your identity, affiliation, or authority to LINK4TECH or any of its customers.

5 Applicable Regulations

You are responsible for ensuring your use of the Portal and API complies with every law applicable to you, including, where relevant:

6 Monitoring & Enforcement

All Portal and API activity is logged in near-real-time and retained for a minimum of 24 months, or for such longer period as is required by applicable law (including, without limitation, the retention obligations under PSD2, AML regulations, and scheme rules). Logs include at minimum: IP address, user agent, request URL, request body hash, response code, timestamp, and where relevant a device-and-behaviour fingerprint. Activity is subjected to automated fraud, abuse, and sanctions scoring. LINK4TECH reserves the right, without prior notice and at its sole discretion, to:

• Suspend, throttle, or terminate your access.
• Invalidate or rotate credentials, tokens, and client secrets.
• Block IP ranges, ASNs, device fingerprints, TLS fingerprints, or user agents.
• Preserve and disclose relevant records to card schemes, acquirers, financial-crime units, data-protection regulators (including the European Data Protection Board, EU member-state DPAs, and the UK ICO), and law enforcement.
• Seek civil damages, injunctive relief, and criminal prosecution.

7 Data Protection (GDPR & UK GDPR)

In connection with your access to the Portal, LINK4TECH processes personal data as a controller. In connection with transactions submitted through the API, LINK4TECH acts as a processor under a separate Data Processing Agreement executed with each merchant.

Lawful bases (Portal)

• Legitimate interests (Art. 6(1)(f) GDPR) — securing the Portal, preventing fraud, providing documentation and support.
• Contract (Art. 6(1)(b)) — where your access is governed by a signed agreement.
• Legal obligation (Art. 6(1)(c)) — where retention or disclosure is required by law.

Categories of data

• Identifiers: IP address, user-agent string, device characteristics, sign-in identifier where provided.
• Usage: request URLs, timestamps, locale, theme choice, sidebar preference, consent response.
• Metadata: referrer, approximate geolocation derived from IP (city-level or coarser).

Retention

24 months from last interaction, or longer where mandated by law. Aggregated, non-identifying analytics may be retained indefinitely.

International transfers

Where personal data is transferred outside the EEA or the UK, LINK4TECH relies on Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or an adequacy decision, as applicable.

Your rights

Under GDPR and UK GDPR you may request: access, rectification, erasure, restriction, portability, objection, and (where applicable) withdrawal of consent. To exercise any right, email privacy@link4.tech. You may also lodge a complaint with your local supervisory authority — in the UK, the Information Commissioner's Office.

8 Cookies & Local Storage

This Portal does not place any advertising, analytics, profiling, or third-party cookies. The following strictly necessary items are stored in your browser's localStorage:

• kk-theme — your chosen colour scheme (dark or light).
• kk-sidenav-collapsed — which sidebar groups you have collapsed.
• kk-consent-v1 — your response to this notice (so you are not re-prompted on every visit).

No information from these keys is transmitted to LINK4TECH servers. You can clear them at any time using your browser's site-data tools.

9 Intellectual Property

All content of the Portal — including text, code samples, schemas, diagrams, trademarks, logos, and the compiled and source JavaScript, HTML, and CSS — is the property of LINK4TECH Ltd or its licensors, and is protected by copyright, trade-mark, and database-right laws. You are granted a limited, revocable, non-transferable licence to view the Portal for the purposes set out in Section 3; no other rights are granted.

10 Warranty Disclaimer

The Portal and, unless separately agreed in writing, the API are provided on an "AS IS" and "AS AVAILABLE" basis, without warranties of any kind, whether express, implied, or statutory, including without limitation warranties of merchantability, fitness for a particular purpose, non-infringement, uninterrupted availability, or freedom from viruses or malicious code. LINK4TECH does not warrant that the documentation is error-free or that responses described will match those returned by production systems at any given moment.

11 Limitation of Liability

To the maximum extent permitted by law, LINK4TECH, its affiliates, officers, employees, and agents shall not be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages; loss of profits, revenue, data, or goodwill; or business interruption, arising from or in connection with your use of or inability to use the Portal or API, even if LINK4TECH has been advised of the possibility of such damages. In all cases LINK4TECH's aggregate liability shall not exceed the greater of (a) one hundred pounds sterling (£100) or (b) the fees paid by you to LINK4TECH in the twelve (12) months preceding the claim. Nothing in this Agreement excludes or limits liability that cannot lawfully be excluded (including death or personal injury caused by negligence, fraud, or fraudulent misrepresentation).

12 Indemnification

You will defend, indemnify, and hold harmless LINK4TECH, its affiliates, and their respective directors, officers, employees, contractors, and agents from and against any and all claims, liabilities, damages, losses, costs, and expenses (including reasonable legal fees) arising out of or related to your breach of this Agreement, your misuse of the Portal or API, any content you submit, or your violation of any third-party right or applicable law.

13 Suspension & Termination

LINK4TECH may suspend, restrict, or terminate your access to the Portal and API at any time, for any reason or for no reason, with or without notice. All provisions that by their nature should survive termination — including Sections 4, 6, 7, 9, 10, 11, 12, and 14 — shall survive.

14 Governing Law & Jurisdiction

• Users in the UK: this Agreement is governed by the laws of England and Wales, and the courts of London shall have exclusive jurisdiction, save that LINK4TECH may bring proceedings in any jurisdiction where you or your assets are located.
• Users in the EEA: this Agreement is governed by the laws of the country in which LINK4TECH is established, subject to applicable EU regulations. The courts of that country shall have exclusive jurisdiction, save as above.
• Consumers retain any non-waivable rights and protections afforded by the mandatory laws of their country of habitual residence.

15 Changes

LINK4TECH may update this Agreement at any time by publishing a revised version in the Portal with a new Last updated date. Material changes will, where reasonably practicable, be highlighted on first sign-in after the change. Your continued use of the Portal after an update constitutes acceptance of the revised Agreement.

16 Severability & Entire Agreement

If any provision of this Agreement is found to be unenforceable, the remaining provisions shall continue in full force. This Agreement, together with any separate merchant, partner, or processing agreement you have with LINK4TECH, constitutes the entire agreement between you and LINK4TECH with respect to the Portal and supersedes all prior understandings.

17 Contact

• General / support: support@link4.tech
• Privacy & data-subject requests: privacy@link4.tech
• Security, abuse, and responsible disclosure: security@link4.tech
• Compliance, AML, and sanctions: compliance@link4.tech