Frequently asked questions for legal and procurement
The following FAQs are for information purposes only and do not form part of your contract with Codat.
What is Codat and what does it do?
Codat is a SaaS company that provides specialized API-based products for lending and accounting automation using data from your customers' business software.
Founded in 2017, Codat is trusted by over 300 clients globally and is backed by leading investors, including Index Ventures, J.P. Morgan, Canapi Ventures, Tiger Global, PayPal Ventures, American Express, Shopify, and Plaid.
Definitions in Codat’s Master Services Agreement (MSA)
What is a “Company”?
A Company is your customer who makes their company’s accounting, banking, or commerce data available to you by using an integration you have built with Codat.
What is “Company Data”?
Company Data is the data uploaded with the Company’s permission to the Codat Product containing information relating to the Company’s business.
What is an “active Company”?
An active Company is any one of your customers who has authorized your app to access their data in at least one of the platforms with which you integrate via Codat. A Company is considered active if you have pulled or pushed any data from or to one of its connected platforms in the past 30 days.
What type of data does Codat collect?
Company Data is any data that is uploaded with the Company’s permission to the Codat Product containing information relating to the Company’s business. Depending on your use case, this may also include limited Personal Data (specifically, business contact details and information related to sole traders or payers or payees who are individuals that is contained in the Company Data).
How does Codat use the data my customers provide?
We use your customers' data for the limited purposes set out in the Master Services Agreement. We comply with all data regulations in the jurisdictions that we operate in, including GDPR and APP. Codat agrees that it has no ownership of the data processed.
Who owns the data that Codat collects?
We consider your customers that authorize your access to their data to be the owners of that data. It is your responsibility to ensure that Codat has the right to use that data. You can request this consent from your customer using the authorization flow functionality that Codat provides.
For any personal data processed, you are considered its controller and Codat is considered its processor under the UK and EU privacy legislation.
We include a standard data processing agreement in our Master Services Agreement regardless of the type of data we collect in the event that any personal data is processed.
Is my customers' data secure with Codat?
Codat has a comprehensive data security program that is ISO 27001 and SOC 2 compliant. Visit our Trust Portal to view the detailed information on our security policy.
Is Codat PCI compliant?
Codat does not process card data, and therefore PCI DSS is not in scope of our compliance. However, you can see more information about security standards we comply with on our Trust Portal.
Does Codat sell the data my customers provide?
No, we do not.
Why should I use Codat’s contract over our standard supplier MSA?
In order to keep our pricing low and our contracting process smooth, both now and throughout the life of the agreement, we require all our clients to use Codat’s contracts.
Codat provides bespoke API products, and therefore generic MSAs are not suitable for contracting purposes. Accommodating customer terms requires a large number of amendments, which delays the process for all involved.
Why doesn’t Codat accept amendments?
Our terms are drafted reasonably to ensure the quickest path to signature. We also don't include negotiation into the pricing of our solution as we expect our clients to be able to agree to our terms.
Given the bespoke nature of our business, it's necessary for our SLAs, security documents, and standard clauses to be referenced in the agreement. For example, we need to confirm that it is your responsibility to obtain your customer's consent prior to allowing Codat to process their data.
Can I terminate the contract for convenience?
Codat’s platform fees are priced on an annual basis and account for the upfront investment into our support of your success on the Codat platform.
This impacts our ability to recognize revenue and, as a result, we are not able to agree to termination for convenience.
Our standard agreement has a number of provisions around termination for cause, however, Codat should always have the ability to cure any issues that arise before termination takes place.
Do my contracts auto-renew with Codat?
Unless stated on the Order Form, they do. To ensure efficient execution of contracts, our contracts auto-renew. Once the contract is signed, you will be assigned an Account Manager who will arrange regular touchpoints to set you up for success and engage you in any renewal conversations.
Does Codat offer unlimited liability?
As a finance-backed company that provides SaaS, we do not provide unlimited liability to any customer. Our pricing is predicated on this assumption.
We have hundreds of customers across the world (including some of the world’s biggest banks, payment processors, and software companies), and all of them have capped liabilities. In line with market standard, Codat caps its liability at fees paid in the prior 12 months.
Does Codat have an SLA?
Yes. We provide SLAs around Platform Uptime and Support Response Times that are detailed in our Master Services Agreement.
You can view real-time status of our platform and integrations to third-party providers on our Codat Status page.