Terms of Service

Last updated: May 17, 2026

1. Agreement to Terms

By accessing or using MutoPay ("Service", "we", "us", "our"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree, do not use the Service.

MutoPay is a self-custody crypto payment gateway. A customer pays in any supported token on any supported chain. We route the payment through third-party swap and bridge protocols. The resulting stablecoin (or other configured token) settles directly into the merchant's wallet. We never hold or control funds at any step.

These Terms apply to both merchants who create payment links through our API or dashboard, and to payers who pay through a hosted /pay/:id page.

2. Eligibility

You must be at least 18 years old and legally capable of entering into binding agreements in your jurisdiction.

You may not use the Service if you are:

  • Located in, organised under the laws of, or resident in any country subject to comprehensive sanctions, including the Crimea, Donetsk, Luhansk, and Zaporizhzhia regions of Ukraine, Cuba, Iran, North Korea, Syria, or any other jurisdiction subject to comprehensive OFAC, EU, UK, or UN sanctions
  • Named on any sanctions list, including the OFAC Specially Designated Nationals and Blocked Persons List, the OFAC Foreign Sanctions Evaders List, the EU consolidated list, the UK HM Treasury list, or the UN Security Council list
  • Acting for or on behalf of any sanctioned person or entity

You are responsible for checking that your use of the Service is lawful wherever you operate. That includes any local crypto licensing, tax, and money transmission requirements.

3. Account, API Keys, and Authentication

To use MutoPay as a merchant you sign in with Google. Your account is identified by your Google email.

You can access the Service in three ways:

  • Browser session via Google Sign-In, which returns a JWT
  • Channel API key, scoped to a single channel (for example a website, a store, or a Telegram bot)
  • Master API key, prefixed msk_, scoped to your entire merchant account

You are responsible for the security of all credentials. In particular:

  • Treat channel and master keys like passwords. Never embed them in client-side code, public repositories, or screenshots.
  • Rotate any key that may have been exposed, using the dashboard.
  • Use channel keys for narrow integrations and the master key only where you genuinely need account-level access.
  • A master key cannot rotate or revoke itself. That operation requires a browser session for safety.

You are responsible for every action taken with your credentials. That includes anyone you share them with. We are not liable for unauthorised use of credentials you failed to secure.

4. Self-Custody and Non-Custodial Routing

MutoPay is non-custodial. We never take custody of, hold, freeze, reverse, or otherwise control any digital asset belonging to you, your customers, or any third party.

When a payment is made:

  1. The customer signs the swap or transfer in their own wallet.
  2. Funds move from the customer's wallet through one or more third-party protocol smart contracts (for example Li.Fi or ParaSwap/Velora).
  3. The resulting token settles directly to the wallet address you configured for the relevant channel or merchant account.

MutoPay is not a counterparty to any swap, bridge, or transfer. We are not a money transmitter, broker-dealer, exchange, or financial institution in any jurisdiction. Our 0.5% fee (or such other fee as we may publish) is a software and orchestration fee for the routing service, not consideration for any financial activity.

You are solely responsible for providing a correct and valid wallet address. We will deliver funds to the address on file at the moment of settlement, and bear no responsibility for any of the following:

  • Addresses entered incorrectly
  • Addresses controlled by lost, compromised, or inaccessible keys
  • Addresses pointing to contracts that cannot receive or release funds
  • Addresses configured for the wrong network (for example an EVM address used for a TON, Solana, or Tron settlement)
  • Addresses subsequently sanctioned, blacklisted, or frozen by a token issuer, validator set, or court order

5. Fees

We charge 0.5% per completed payment, deducted during routing. There are no monthly fees, setup costs, or minimum volume requirements.

Customers pay network gas fees as part of their on-chain transaction. We do not collect them.

Third-party protocols may apply their own fees, slippage, or price impact during routing. These show up in the quote at signing time. MutoPay does not collect them.

Fee rates may change. We announce material changes in the changelog and the merchant dashboard before they take effect.

6. Third-Party Protocols and Routing

To deliver each payment, the Service routes through independent third-party protocols, including:

  • Li.Fi, for cross-chain bridges and intent-based routing
  • ParaSwap / Velora, for same-chain swap aggregation
  • WalletConnect (Reown), for wallet connectivity
  • Any successor or additional protocols we add to the routing registry

These protocols are governed by their own terms, fee schedules, and risk disclosures. We have no direct or indirect control over their smart contracts, solver networks, off-chain infrastructure, or operational continuity. We do not warrant the accuracy of any quote, the availability of any route, the solvency of any solver, or the absence of malicious tokens in any routed swap.

You and your customers expressly assume all risk arising from interaction with these protocols, and waive any claim against us arising from third-party protocol failure, including but not limited to smart contract exploits, governance attacks, paused contracts, solver downtime, and stuck funds.

7. Payment Processing and Settlement

Payments created through MutoPay carry a configurable expiry (default 60 minutes). After expiry, a payment cannot be completed.

We monitor payment status via two mechanisms:

  • Inline scans triggered by the /status endpoint
  • A cron job that runs every minute and reconciles in-flight payments

For manual-send direct transfers, we match incoming on-chain transfers by exact dust_amount (a randomised low-order digit pattern). If a customer sends an amount that does not match the expected dust value, we cannot reliably attribute the transfer and you may need to investigate manually.

A payment is complete only when our monitor sees a confirmed inbound transfer to your settlement wallet. The final dest_amount recorded against the payment is the authoritative figure. Any earlier quote, expected amount, or display value is a non-binding estimate.

8. Blockchain and On-Chain Risk

Blockchain settlement carries risks outside our control. By using the Service you acknowledge and accept the following:

  • Chain reorganisations, where confirmed blocks are later replaced, causing apparent settlements to disappear
  • Hard and soft forks, where the underlying chain splits or changes consensus rules. We have no obligation to support forked assets.
  • Network congestion, leading to slow confirmation, replacement transactions, or stuck nonces
  • Wrong-chain sends, where funds sent on an unsupported chain or to an address on a different network are unrecoverable
  • Smart contract risk in any third-party protocol used during routing, including paused contracts, upgrade bugs, and exploits
  • Maximal Extractable Value (MEV), including front-running, back-running, and sandwich attacks against your routing transaction
  • Slippage and price impact between quote generation and execution
  • Cross-chain finality differences, where source and destination chains achieve finality at different rates and confirmations may reverse
  • Bridge and messaging-layer failures, where funds become stuck in intermediate contracts requiring manual recovery by the protocol operator

We cannot recover, unstick, or refund funds delayed or lost in any of these situations. Recovery, where possible at all, sits with the protocol operator, the validator set, or the underlying chain. Not with us.

9. Stablecoin and Token Risk

Settlement tokens (including USDC, USDT, and any other stablecoin or ERC-20, SPL, TRC-20, or Jetton token you configure as a preferred_token) carry token-issuer and protocol-level risks outside our control:

  • Loss of peg against the US dollar or any other reference asset
  • Freezing or blacklisting of your settlement wallet by the token issuer (for example Circle's Stablecoin Access Denial Policy, or Tether's freeze authority), by an OFAC designation, or by a court order
  • Re-minting, migration, or deprecation of the token contract
  • Fee-on-transfer or deflationary behaviour causing you to receive less than the displayed dest_amount
  • Total loss of value

We do not endorse, guarantee, or insure any token. Your selection of a preferred_token is your independent assessment of these risks.

10. Prohibited Uses and Businesses

You may not use MutoPay, any MutoPay-issued API key, the WooCommerce plugin, or any MutoPay-facilitated payment link, in connection with any of the following.

Illegal goods and services

  • Controlled substances, illegal drugs, drug paraphernalia, or substances marketed to mimic controlled substances
  • Firearms, ammunition, explosives, regulated weapons, military goods, or weapons of historical significance
  • Stolen goods, including digital goods
  • Goods or services that infringe intellectual property rights, including counterfeit physical goods and unlicensed digital content
  • Child sexual abuse material, non-consensual intimate imagery, human trafficking, or any sexually-oriented content involving minors
  • Bribery, corruption, or payments intended to procure unlawful action

Financial and regulatory abuse

  • Pyramid schemes, Ponzi schemes, matrix programmes, multi-level marketing primarily compensating recruitment, or "get rich quick" schemes
  • Gambling, sports betting, lottery, sweepstakes, or fantasy-sports prize pools where you lack all licences required in the payer's jurisdiction
  • Unregistered securities offerings, ICOs, token sales, or NFT primary sales that require but lack regulatory authorisation
  • Money services businesses, bureaux de change, third-party money transmission, or unlicensed financial services
  • Tumblers, mixers, or chain-hopping services whose primary purpose is to obscure the on-chain origin of funds
  • Ransomware payments or services that facilitate them
  • Any activity that requires regulatory pre-approval which you have not obtained

Reputational and platform abuse

  • Promotion or glorification of terrorism, hate, violence, or financial exploitation of crime
  • Doxxing, harassment, or selling personal information about third parties in violation of applicable law
  • Channel laundering: accepting funds on behalf of a third party whose business has not been independently onboarded with MutoPay
  • Factoring: processing payments on behalf of a business that does not itself qualify for a MutoPay account
  • Any activity that we determine, at our sole discretion, exposes MutoPay or its users to legal, regulatory, reputational, or operational risk disproportionate to the value we receive

This list is representative, not exhaustive. We reserve the right to refuse service to any merchant whose activity exceeds our risk tolerance, and to suspend an account immediately, without prior notice, on the same basis.

11. Fraud and Abuse

You may not use the Service to commit, facilitate, or conceal fraud. Prohibited conduct includes:

  • Identity fraud, including using a false name, photograph, or business identity at onboarding
  • Channel laundering, as defined above
  • Refund-address poisoning, supplying a refund address controlled by a party other than the original payer
  • Approval scraping, exploiting outstanding ERC-20 approvals granted to routing protocols
  • Card-testing equivalents, generating large numbers of small payment links to probe settlement logic or wallet derivation
  • Webhook replay abuse, replaying signed webhook payloads to manipulate downstream order state on third-party platforms
  • API abuse, including bypassing rate limits, creating multiple accounts to circumvent restrictions, or scraping non-public data
  • Reverse engineering the Service, or attempting to discover its source code, secrets, or non-public infrastructure
  • Interference, including denial-of-service attempts, probing for vulnerabilities outside a formal disclosure programme, or any action that degrades the Service for other users

If you discover an account takeover, key compromise, or any of the above patterns affecting your account, report it to security@mutopay.com within 72 hours.

12. Anti-Money Laundering, Sanctions, and Transaction Monitoring

We screen merchant accounts and on-chain activity against sanctions and risk databases. We may, at any time and without prior notice:

  • Request additional KYC or KYB documentation, beneficial-ownership disclosures, source-of-funds attestations, or business activity descriptions
  • Decline to construct new routing orders for a payment whose source or destination address matches a sanctions, mixer, or known-scam list
  • Refuse to process payments to or from any address we reasonably believe is associated with sanctioned persons, stolen funds, terrorist financing, or any other prohibited activity
  • Suspend or terminate your account
  • Cooperate with any lawful order from a court, regulator, or law enforcement authority, including disclosure of merchant data and on-chain settlement records

Because we are non-custodial, we cannot freeze funds in your wallet. Our enforcement tools are limited to revoking API keys, suspending dashboard access, refusing to build new routing orders, and ceasing webhook delivery.

13. Refunds, Disputes, and Irreversibility

On-chain transactions are final. We cannot reverse, cancel, or claw back any payment that has confirmed on a supported chain.

You are solely responsible for refunds. If a customer is entitled to one, you must send it from your own wallet. We do not process, mediate, or facilitate refunds, disputes, or chargebacks of any kind.

We are not a party to any underlying commercial dispute between you and a customer. Disputes about delivery, quality, misdescription, or unauthorised payment must be resolved between you and the customer directly. You agree not to involve MutoPay in any such dispute beyond providing transactional records on request.

If a customer overpays, underpays, or sends the wrong token or chain, recovery depends on the specific situation and is not guaranteed. The status values underpaid, needs_manual_check, and failed flag cases that may need manual investigation by you, the customer, or both.

14. Webhooks, Data, and Reconciliation

We deliver webhook notifications for payment events (payment.completed, payment.failed, payment.expired, payment.underpaid, payment.kyc_required, payment.needs_manual_check). Each delivery is signed with HMAC-SHA256 in the X-MutoPay-Signature header.

Failed deliveries are retried up to 5 times with exponential backoff (1 minute, 5 minutes, 30 minutes, 2 hours, 12 hours). After the fifth attempt we stop. You are responsible for verifying signatures, deduplicating by payment ID, and reconciling against the /api/payments/:id/status endpoint where webhooks may have been missed.

Treat webhook delivery as a best-effort notification, not a guaranteed transport. The /status endpoint is always the authoritative source of payment state.

15. Suspension and Termination

You may stop using MutoPay at any time. Closing your account does not entitle you to a refund of any fee already deducted.

We may suspend or terminate your access for any of the following, with or without prior notice:

  • Violation of these Terms or any associated policy
  • Suspected fraud, abuse, or sanctions exposure
  • Non-response to a documentation or KYC request within a reasonable period
  • A pattern of payments that exceeds our risk tolerance
  • A court or regulatory order
  • Non-payment of fees owing under a separate commercial agreement, if applicable

On suspension we may, at our discretion: set your merchant status to suspended (so protected API routes return 403), revoke any or all channel and master API keys, decline to construct new routing orders, and stop sending webhooks. Where possible, payments already broadcast on-chain will be allowed to settle to your configured wallet.

16. Plugins, SDKs, and Third-Party Integrations

We publish or distribute software intended to integrate the Service with third-party platforms, including the official MutoPay for WooCommerce plugin (github.com/mutopay/mutopay-for-woocommerce) and any future SDKs or plugins.

All such software is provided "as is", under the open-source licence stated in its repository. We make no warranty as to fitness for purpose, compatibility with any specific platform version, or freedom from defects. Bugs in a plugin (for example webhook misverification, gateway timeout misclassification, or display issues at checkout) do not create liability for MutoPay beyond reasonable efforts to release a fix.

If you build your own integration against our API, you are responsible for the security, correctness, and ongoing maintenance of that integration.

17. Disclaimer of Warranties

The Service is provided "as is" and "as available", without warranty of any kind, express or implied, including any warranty of merchantability, fitness for a particular purpose, non-infringement, or freedom from defects, errors, or interruption.

We do not warrant that the Service will be uninterrupted, timely, secure, error-free, or that any data, quote, route, or status it returns will be accurate, complete, or current.

You use the Service at your own risk.

18. Limitation of Liability

To the maximum extent permitted by law, in no event shall MutoPay or its affiliates, officers, directors, employees, contractors, or agents be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, including but not limited to loss of funds, profits, revenue, data, business opportunity, goodwill, frozen tokens, slippage losses, MEV losses, or losses arising from third-party protocol failure, regardless of the theory of liability and even if we have been advised of the possibility of such damages.

Our aggregate liability arising out of or related to these Terms, under any theory of liability (contract, tort, negligence, strict liability, or otherwise), shall not exceed the greater of (a) the total fees you paid to MutoPay in the three months preceding the event giving rise to the claim, or (b) USD 100.

Some jurisdictions do not allow the exclusion of certain warranties or the limitation of liability for consequential damages. In those jurisdictions, the above limitations apply to the maximum extent permitted by applicable law.

19. Indemnification

You agree to defend, indemnify, and hold harmless MutoPay, its affiliates, employees, contractors, and agents from any claim, loss, liability, damage, or expense (including reasonable attorney fees) arising out of or related to:

  • Your breach of these Terms or any policy referenced in them
  • Your products, services, or business operations
  • Any dispute between you and a payer, including allegations of non-delivery, misdescription, or unauthorised payment
  • Your misconfiguration of a settlement wallet, channel, or webhook endpoint
  • Any third-party claim that funds routed through MutoPay on your behalf originated from or were destined for sanctioned, blacklisted, or stolen sources
  • Any tax, regulatory, or licensing obligation applicable to your acceptance of crypto payments in any jurisdiction

This obligation survives termination of your account.

20. Force Majeure

We are not liable for any failure or delay in performance caused by events outside our reasonable control, including: acts of god; war; terrorism; civil unrest; epidemic; governmental action including sanctions designation and regulatory injunction; failure or unavailability of public internet infrastructure, Cloudflare, or other upstream providers; failure, exploit, governance attack, hard fork, chain reorganisation, validator-set censorship, or extended congestion of any blockchain network we support; failure, exploit, pause, or shutdown of any third-party routing protocol; or freezing, blacklisting, or de-pegging of any stablecoin used for settlement.

21. Modifications

We may update these Terms at any time. We announce material changes in the changelog, in the merchant dashboard, or by email to your account address. Continued use of the Service after a change takes effect counts as acceptance.

If a change is material and you do not accept it, your remedy is to stop using the Service and close your account. Closure does not retroactively undo payments already routed.

22. Governing Law and Dispute Resolution

These Terms are governed by the laws of the jurisdiction in which MutoPay's operating entity is established, without regard to conflict-of-law rules. Where the operating entity has not been disclosed in writing, the governing law is the law of the place from which the Service is principally operated.

Any dispute arising out of or relating to these Terms or your use of MutoPay shall be resolved by binding arbitration before a single arbitrator under the rules of a recognised international arbitration body, with proceedings conducted in English. You waive the right to a jury trial and the right to participate in any class action, class arbitration, or representative proceeding.

This section will be revised once MutoPay's operating entity and arbitration forum are finalised. Until then, any dispute that cannot be resolved informally will be referred to mediation in good faith before any formal proceeding.

23. Contact

For questions about these Terms, contact legal@mutopay.com.

For security issues, contact security@mutopay.com.