Become a Paddle partner
Join the Paddle partner program to read this content. You'll also get access to our partner API and agent tooling. Let us know a few details about your business to get started. Already a partner? Log in to view this page.
Sellers using Paddle as merchant of record must have three legal documents in place: terms and conditions, a refund policy, and a privacy notice. Each must cover the minimum requirements below. Sellers can vary or elaborate further, as long as the base requirements are met.
Some commercial mechanics (payments, billing, tax, cancellations, refunds) can refer to Paddle's buyer terms instead of being restated.
Terms and conditions
Terms and conditions outline how legal responsibilities apply to the seller and their users.
Must have
These are the minimum terms that a seller must include in their terms and conditions:
- Seller name - clearly identify the seller legal entity (legal name, trading name if different) and state that the user is contracting with the seller.
- Acceptance - by continued use of the service the user agrees to the terms.
- Misuse - the user must not misuse the service, including at least:
- unlawful use,
- fraud/spam,
- IP infringement,
- security interference (malware, probing, scraping).
- IP ownership - state that the seller retains ownership of the service and its IP (software, documentation, branding).
- Service level - make clear that there is no guarantee of uninterrupted or error-free performance.
- Payment and subscription terms - we encourage sellers to refer the user to Paddle's buyer terms for these clauses. Alternatively, the seller must include clauses on term and renewal, cancellations, fees, payment terms, taxes, and billing frequency.
- Suspension/termination of access - allow suspension or termination of access for:
- material breach of the terms,
- non-payment,
- security/fraud risk, or
- repeated or serious policy violations.
- Contact information - the seller must provide a way to contact them, such as an email address or form submission.
Additional category-specific must have
Generative AI
Generative AI products use AI models to create new content, including text, images, audio, code, and video, based on user prompts or context.
- Prohibited and acceptable use - the seller's terms must prohibit the user generating harmful content, e.g.:
- Illegal content and instructions to commit wrongdoing
- Non-consensual sexual content, including intimate imagery and deepfakes
- Hate, harassment, threats, and incitement to violence
- Malware, hacking instructions, credential theft, or attempts to bypass safeguards
- Doxxing and privacy violations, including publishing personal data without a lawful basis
- Deceptive or manipulative uses, including impersonation and misrepresentation of provenance
- Attempts to evade safety controls (e.g. jailbreaking)
- Responsibility for content - the seller's terms should make clear that users are responsible for:
- The prompts and content they submit
- How they use or rely on outputs
- Verifying accuracy before acting on outputs
- Ensuring they have rights/permissions for any input content they upload
- IP rights - the seller's terms should address:
- Ownership or licensing for user inputs and outputs (as applicable)
- A commitment that users will not use the product to infringe third-party rights
- A takedown pathway for rights-holder complaints
- Consequences for repeated infringement
- Content moderation - the seller must reserve the right to:
- Remove or restrict content
- Refuse or filter outputs
- Suspend or terminate accounts
- Restrict product features or access where risk requires
- These rights should be usable for both policy violations and suspected abuse.
- Accuracy - if the product generates content that could reasonably be mistaken as factual, professional, or official, supplier terms (and/or product UX) should:
- Disclose that outputs may be inaccurate or incomplete
- Prohibit use for regulated professional advice without qualified oversight
- Require appropriate user review before publication or reliance
Editing software (images, videos, audio)
Editing software includes tools that let users create, modify, and refine digital media such as images, video, and audio. These products typically include features like trimming, cropping, retouching, filters and effects, color correction, layering and compositing, timeline editing, and exporting in multiple formats and resolutions.
- IP rights - the seller's terms should address:
- Ownership or licensing for user inputs and outputs (as applicable)
- A commitment that users will not use the product to infringe third-party rights
- A takedown pathway for rights-holder complaints
- Consequences for repeated infringement
Crypto trading/signals or investment data/analysis
This category covers software that provides cryptocurrency and/or investment market information, research, and analytics to help users understand market conditions and track assets. These products may include price charts, market data dashboards, portfolio monitoring, on-chain metrics, alerts, news aggregation, and educational content.
This excludes products that execute, facilitate, or broker trades, including order placement, account connectivity for execution, automated trading bots, copy trading, or any functionality that directly enables buying, selling, or transferring crypto assets through the product, which is outside our acceptable use policy.
- No advice - a term making it clear that any information provided is for general informational and educational purposes only and does not constitute financial, investment, legal, or tax advice. It is not a recommendation, offer, or solicitation to buy, sell, or hold any asset, and it does not take into account any individual's objectives, financial situation, or needs. Any decisions made based on this information are the user's responsibility, and independent professional advice should be obtained where appropriate.
Good to have
These are some additional terms which we recommend, but do not mandate, are included in the seller's terms and conditions.
- Authority - require that the user:
- has authority to bind the customer (if acting for a business), and
- is at least the age of majority and has capacity (if an individual).
- Product description - a core definition of the product or service that is being provided.
- Credentials - if an account is provided to the user, the user must maintain the confidentiality of credentials and be responsible for activity under the account.
- Accuracy - the user must provide accurate information and keep it updated.
- Warranties - disclaim all implied warranties (e.g. merchantability, fitness for a particular purpose) to the fullest extent permitted by law.
- License - grant the user a limited right to access/use the service:
- non-exclusive,
- non-transferable,
- sub-licensable,
- only for the intended purpose and within the selected plan.
- Restrictions - include restrictions that protect enforceability:
- no reverse engineering,
- no resale/redistribution,
- no circumvention of technical limits.
- User content - grant the seller a limited license to host/process content solely to provide the service.
- Liability cap - a clear aggregate liability cap (common approach: fees paid in the prior 6 to 12 months).
- Exclusions - exclude liability for indirect, consequential, or special damages (e.g. loss of profits, data, goodwill).
- Carve-outs - carve out liability for fraud, death, or personal injury where required by law.
- User indemnity - the user to indemnify the seller for claims arising from user or customer content or data, unlawful use, or violations of the terms.
- Consequences of termination - state the effects of termination:
- when access ends,
- what happens to user content/data (export window or deletion approach, ideally aligned to the privacy notice).
- Governing law - typically the jurisdiction of the seller.
- Dispute resolution - courts/venue (or arbitration, if they choose, but it must be specified).
- Assignment - restrict user assignment without consent and allow seller assignment in connection with a merger, acquisition, or reorganization.
- Force majeure - if included, it should define force-majeure events (e.g. natural disaster, war, pandemics) and excuse performance during such events where they are beyond reasonable control.
Refund policy
Sellers need a clear refund policy to set expectations upfront about when refunds are available, how they are requested, and how long they take. This reduces disputes and improves customer trust.
It also helps the seller manage legal and financial risk by applying a consistent process, documenting decisions, and addressing common scenarios like cancellations, failed deliveries, or suspected fraud.
Must have
Either refer to Paddle's refund policy, or create a refund policy that includes:
- Refund period - how long the user has to request a refund (for change of mind) - this must be between 14 and 90 days.
- How to request a refund - sellers should refer users to Paddle (Paddle.net) to request a refund (before Paddle is implemented, there should at least be a way to request a refund).
- Qualifiers - no unreasonable qualifiers (e.g. "All sales are final").
Privacy notice
A privacy notice explains in plain language how the seller handles personal data. Data protection laws are now in effect in 144 countries and counting, many of which follow the GDPR standard.
This notice is legally required for sellers processing personal data from buyers, building trust and enabling data sharing with Paddle. It discloses data practices transparently, fulfilling "fair processing" under global laws.
Must have
These are the minimum terms that a seller must include in their privacy notice:
- Seller name - clearly identify the seller legal entity (legal name, trading name if different) and state that the user is contracting with the seller.
- Seller address - and registered address (or principal place of business).
- Privacy contact - provide a contact email for privacy queries (and/or postal contact).
- Status as controller - explain the seller's role: "We are the controller for the personal data we collect about users of our product/site."
- Categories of personal data collected (examples: name, email, login credentials, support messages, usage/telemetry, device identifiers, IP address).
- Purposes for each category (examples: account creation, providing the service, security/fraud prevention, product improvement, customer support, marketing). Note that this does not need to contain payment-related data, as this is also being collected by Paddle independently as a controller of the user data.
- Legal basis for processing - specify the legal basis used (as appropriate), typically:
- performance of a contract
- legitimate interests (with a short explanation of what those interests are)
- consent (especially for marketing/certain cookies)
- legal obligation
- Who data will be shared with - categories of recipients, e.g.:
- service providers / subprocessors (hosting, analytics, support tooling)
- merchant of record (Paddle) for:
- sale of the product/service
- subscription management and payments
- tax compliance and invoicing (as applicable)
- professional advisers (legal, accounting, auditors)
- authorities where required by law or to protect rights/safety
- Data retention - explain how long data is kept (either specific time periods or clear criteria) and state that data will be deleted or anonymized when it is no longer needed.
- User rights - reflective of the rights that the seller provides to the user, as required by the law in their country.
- Security - commit to appropriate technical and organizational measures, including encryption and access controls.
- Cookies - if cookies are being used, there should be a cookie notice specifying the cookies being used based on essential, analytics, and marketing purposes. It should state how users manage preferences.
Additional requirements for UK and EEA sellers
Sellers subject to UK or EU GDPR must also state:
- International transfers - must state if data leaves the UK or EEA (e.g. "US-based servers/processors"). Describe safeguards, such as standard contractual clauses, an international data transfer agreement, or an adequacy decision.
- User rights - the user's rights and how they will be exercised. For those subject to the EU or UK GDPR, this would include:
- Access, rectification, erasure, restriction, portability, objection.
- Consent withdrawal
- Complaints to the Information Commissioner's Office (UK) or local data protection authority
- Response within 1 month, extendible as allowed by law