_edited.png)
TERMS AND CONDITIONS – WeSpeak Payments
Specific Conditions – Booking Confirmation and Payment Interface
Last updated: 11/1/2025
Precedence: These Conditions supplement the main Service Agreement (WeSpeak Terms and Conditions), its OS/TS and applicable policies. In case of conflict, the precedence rules of the Service Agreement and the applicable OS/TS shall prevail. Capitalized terms not defined herein shall have the meaning given in the Service Agreement.
1. OBJECT AND SCOPE
1.1 WeSpeak provides, as part of the Services, an Interface which, after confirmation through a conversational channel (e.g., WhatsApp), enables the End User to confirm their booking and select a Payment Method.
1.2 WeSpeak does not act as a travel agency, financial institution, money transmitter, proprietary payment gateway, nor as Merchant of Record. The commercial relationship for the booking is strictly between the Hotel (Subscriber/Merchant) and the End User.
2. SPECIFIC DEFINITIONS
Precedence. These definitions supplement the Service Agreement, its OS/TS and applicable policies. Capitalized terms not defined herein shall have the meaning assigned in the Service Agreement.
WeSpeak (Provider). NextGen Conversations Corp, a corporation duly incorporated under the laws of the State of Delaware, United States of America, with registered address at 1007 North Orange ST 4th Floor, Wilmington, USA, ZIP 19801 (hereinafter “WeSpeak”). The company provides communication Services powered by AI, the Platform and the Confirmation Interface. It is NOT, and does NOT act as, a travel agency, financial institution, proprietary payment gateway, money transmitter, nor Merchant of Record; it does not hold funds, nor decides over chargebacks. For data protection, it generally acts as processor with respect to operational data. It does not access or store full card data.
Platform. The set of WeSpeak modules, APIs and tools (including the Interface) used to manage conversations, bookings and operational flows defined in the OS/TS.
Confirmation and Payment Interface (Interface). Embedded module that, after validation through the conversational channel (e.g., WhatsApp), enables the End User to confirm the booking and select a Payment Method.
Conversational Channel. Messaging medium (e.g., WhatsApp) through which communications prior to confirmation and payment are managed.
Hotel (Subscriber / Merchant / Merchant of Record). Establishment that offers the Booking, defines rates and policies (taxes, cancellations, no-show, refunds), processes and confirms the payment, assumes all tax and regulatory obligations, and is solely responsible towards the End User for service delivery, charges, refunds, chargebacks and handling of payment data once displayed.
End User (Guest). Person who completes the Booking and payment. Must provide truthful information, review the Hotel’s policies, and manage cancellations, refunds and chargebacks directly with the Hotel and/or Payment Provider.
Booking. Offer and contracting of lodging services between the Hotel and the End User in accordance with the Hotel’s policies.
OS/TS (Order of Service / Technical Specification). Document(s) describing scope, configurations, integrations, service levels and commercial conditions of the Service for the Hotel.
Payment Methods. Enabled options for collecting payment for the Booking, including but not limited to: Mercado Pago, PayPal, Stripe, PayU, bank transfers, and credit cards (including card-not-present and/or manual charge flows).
Embedded Payment Data Processing Provider (PPD/ZRU/“PROVIDER”). ZRU is an independent third party unrelated to WeSpeak that provides the embedded component within the Interface used to capture and make available payment data according to the flow defined by the Hotel (Subscriber). ZRU is not the Merchant of Record, and its operation is governed exclusively by its own terms (including, as applicable, Terms & Conditions, Privacy Policy and/or DPA), which the Hotel must review, accept and comply with before using the service. WeSpeak is not part of the relationship between the Hotel and ZRU/other PSPs, does not access nor store full card information, and does not guarantee nor is responsible in any way for availability, security, PCI DSS compliance, authorizations, settlements, chargebacks, refunds, errors, interruptions, incidents or any act or omission attributable to ZRU and/or Payment Providers. Any claim, dispute or liability arising from the use of ZRU/PSPs shall be handled exclusively by the Hotel with those third parties; the Hotel shall hold WeSpeak harmless from any damages, penalties, costs or claims arising from such use.
Payment Providers (PSP/Gateways). Independent third parties (e.g., Mercado Pago, PayPal, Stripe, PayU) that process transactions according to their own terms and policies (including T&Cs, privacy, DPA, card-scheme rules, KYC/AML and PCI DSS). All fees, commissions and charges (e.g., MDR, dispute/chargeback fees, cross-border, FX/conversion, taxes, reserves, holds, settlement limits and timelines) depend exclusively on the current agreement between the Hotel (Subscriber) and each PSP and/or on the PSP’s published T&Cs. WeSpeak does not intervene, negotiate, determine nor collect such amounts and assumes no responsibility for their definition or modification. The Hotel must review, accept and comply with each PSP’s T&Cs and fully assume all associated costs and obligations. Any claim regarding charges, settlements or chargebacks must be directed exclusively to the corresponding PSP; the Hotel shall hold WeSpeak harmless from claims arising from its relationship with the PSPs.
Issuer. Entity that issues the End User’s payment card.
Acquirer. Entity that acquires/authorizes Merchant (Hotel) transactions through the card-scheme network or PSP.
PCI DSS. Card-industry security standard. The Hotel represents and warrants compliance for handling payment data in CNP (card-not-present) environments, including technical and organizational controls.
CNP (Card Not Present) / Manual Flow. Modality in which the End User enters card data in the embedded component and the Hotel processes the charge manually as Merchant.
One-Time Display. In the CNP/manual flow, card data is shown to the Hotel once (1) and exclusively for processing the specific Booking charge. The Hotel may not store, copy, photograph, transcribe, export, retain, retransmit or reuse such data (including CVV).
Payment Data. Information required to process a charge (e.g., PAN, expiration date, cardholder name, CVV when applicable, and transaction metadata). WeSpeak does not access nor store full card data.
Personal Data. Any information relating to an identified or identifiable person processed within the Platform and Interface (e.g., identity, contact details, Booking information) in accordance with applicable laws and privacy policies.
Chargeback. Reversal initiated by the Issuer and/or card network at the request of the cardholder. Its management corresponds to the Hotel and/or the Payment Provider under their policies.
Refund. Voluntary return of funds by the Hotel according to its applicable Booking policies.
3. PAYMENT FLOW AND ROLES
3.1 Credit cards (manual/CNP): the End User enters their card data into the embedded ZRU component; such data is then made available to the Hotel so the Hotel may process the manual charge and confirm the booking.
(a) PCI DSS – Selection of the embedded provider by WeSpeak. WeSpeak integrates only embedded providers declared PCI DSS–compatible (e.g., ZRU) at the time of integration. WeSpeak does not access or store PAN/CVV, is not the Merchant of Record, and does not manage authorizations/settlements. WeSpeak’s responsibility is strictly limited to the selection and technical integration of the embedded provider in accordance with PCI DSS, without guaranteeing ongoing compliance by third parties nor assuming any PCI obligations that correspond to the Hotel.
(b) Exclusive responsibility of the Hotel – CNP. In card-not-present/manual flows, the Hotel (Subscriber) is the sole and exclusive party responsible for handling all payment data once it is displayed (one-time view). The Hotel represents and warrants compliance with applicable PCI DSS requirements for CNP, including adequate technical and organizational controls (minimum access, access logging, network segmentation, clean-desk practices, secure destruction, training, and risk assessment), and will keep an updated AOC/SAQ, providing evidence to WeSpeak upon reasonable request.
(c) Exclusive use and prohibitions (sworn declaration). The Hotel, under penalty of perjury (or equivalent applicable legal figure), commits to using the card data exclusively to process the charge for the specific booking. It is expressly forbidden to store, copy, photograph, transcribe, export, retain, retransmit, or reuse such data — including the CVV, which must never be retained — for any other purpose. The Hotel must proceed with secure and immediate destruction/deletion of any sensitive data once the charge is processed or when the data is no longer strictly necessary for that specific charge.
(d) Incidents and cooperation. In the event of any (actual or suspected) incident affecting payment data, the Hotel must notify WeSpeak immediately and no later than within 24 hours, cooperate in the investigation, and assume all costs, penalties, card-scheme fines, chargebacks, damages, and any associated liability.
(e) Indemnity. The Hotel shall hold WeSpeak (and its affiliates, officers, and employees) harmless from any claim, loss, penalty, chargeback, damage, or cost (including reasonable legal fees) arising from the handling of payment data in CNP/manual flows and/or from any breach of PCI DSS or this section by the Hotel.
3.2 Bank transfer: the Hotel provides instructions and confirms the booking once the funds have been verified.
3.3 Other Providers (Mercado Pago / PayPal / Stripe / PayU): authorization flow, settlement, fees, and chargebacks are governed by the provider’s terms and the Hotel’s policies.
3.4 WeSpeak does not manage funds, does not control the operation of ZRU or any Providers, and does not guarantee approval, availability, or performance of third parties.
4. CARD DATA PROCESSING (ONE-TIME VIEW)
4.1 One-time view by the Hotel: in the manual/CNP flow, the Hotel will have the possibility to view the card data once (1) only, exclusively to process the charge for the specific booking.
4.2 Prohibitions: the Hotel may not store, copy, photograph, transcribe, export, retain, retransmit, or reuse the card data (including CVV) outside of processing the payment for that specific booking.
4.3 PCI DSS: the Hotel represents and warrants compliance with PCI DSS and applicable regulations (personal data, cybersecurity, consumer protection, anti-fraud) for handling card-not-present transactions.
4.4 WeSpeak exemption: from the moment the data is displayed to the Hotel, all custody, processing, security, use or misuse of the information is the sole responsibility of the Hotel. WeSpeak does not access or store full card data and is not liable for any actions or omissions of the Hotel or of ZRU/Providers.
5. CONFIRMATION, CANCELLATION, REFUNDS AND CHARGEBACKS
5.1 The booking is considered confirmed once the Hotel expressly notifies it through the defined channel.
5.2 Cancellation, no-show, refund, and chargeback policies: these are established and managed by the Hotel and/or by the corresponding Payment Provider. Any refund must be processed directly with the Hotel/Provider.
5.3 Accrual of WeSpeak Service fees. At the moment the End User enters payment data via the embedded processor (PPD Provider) and such data becomes available to the Hotel/PSP through the Interface, WeSpeak’s service is deemed fully rendered and the fees set forth in the OS/TS (e.g., per transaction/booking/usage) accrue immediately. These fees are due and payable regardless of the Hotel’s policies or any subsequent outcome (approvals or declines, cancellations, no-show, refunds, chargebacks, errors, or third-party unavailability).
5.4 (No participation in payment processing – exemption). WeSpeak does not participate in authorization, capture, settlement or remittance of funds; it is not the Merchant of Record nor a collection agent, and it does not hold funds. Its role is limited to providing the Interface and the data-capture/data-availability flow via ZRU. Therefore, WeSpeak is exempt from any responsibility toward the Hotel and/or End User for authorizations, declines, settlements, payout times, fees, chargebacks, refunds, fraud, or any act or omission attributable to the Hotel, ZRU or PSPs/third parties.
6. OBLIGATIONS OF THE HOTEL (SUBSCRIBER)
6.1 Provide truthful information and clear policies (rates, taxes, cancellation, refunds) and keep them updated on the Platform and/or booking page.
6.2 Comply with PCI DSS, ensure the non-retention of sensitive data, and use the information solely for charging the applicable booking.
6.3 Attend to and resolve inquiries, complaints, refunds, chargebacks, and payment disputes.
6.4 Subscriber’s Privacy Policy. The Subscriber shall maintain an accurate, public and up-to-date privacy policy describing how it collects, uses, and discloses personal data — including collection/use by WeSpeak and/or the Processor (including via cookies or other means) — in connection with the Services.
6.5 Representations and authorizations. The Subscriber represents that it has all rights and consents required by law to allow WeSpeak and/or the Processor to collect, use, retain and disclose personal data and Cardholder Data pursuant to these T&C and WeSpeak’s Privacy Policy, and that such processing does not violate applicable law.
6.6 Confidentiality of third-party data. If the Subscriber receives customer/cardholder data (including Cardholder Data), it agrees to keep such data confidential and use it only for the Services or as permitted by the cardholder; it shall not disclose such data to third parties nor use it for marketing without express consent; it shall not disclose Cardholder Data except as required to process the customer’s requested transaction.
6.7 The Subscriber also agrees to: (i) comply with all applicable laws (financial services, consumer protection, competition, anti-discrimination, advertising); (ii) not submit transactions that do not arise from a legitimate sale of its own goods/services; (iii) not act as a payment intermediary/aggregator; (iv) not submit suspicious or fraudulent authorizations/transactions; (v) not circumvent technical limitations nor perform reverse engineering; (vi) not interfere with operation or impose disproportionate loads; (vii) not sublicense, resell or assign rights without express authorization.
6.8 Indemnity: hold WeSpeak harmless from claims, penalties or costs arising from handling payment data, fraud, chargebacks, security incidents or breaches committed by the Hotel.
7. OBLIGATIONS OF THE END USER
7.1 Provide accurate information and a valid payment method.
7.2 Review and accept the Hotel’s policies before paying.
7.3 Handle any cancellation, refund or chargeback directly with the Hotel/Provider.
8. AVAILABILITY AND THIRD-PARTY SERVICES
8.1 The Interface may depend on third-party channels and services (e.g., WhatsApp, ZRU, gateways). WeSpeak does not guarantee uninterrupted continuity or error-free operation of such third parties. The Interface and the Platform are provided “as is” and “as available,” without warranties of results.
8.2 WeSpeak may modify or discontinue the Interface or the supported Payment Methods, without assuming liability for third-party decisions or failures.
8.3 (No additional warranties) To the maximum extent permitted by law, WeSpeak disclaims all express, implied, or statutory warranties, including merchantability, fitness for a particular purpose, non-infringement, satisfactory quality, accuracy, or availability. No advice or information (oral or written) shall create warranties other than those expressly stated in the Agreement and, where applicable, in the OS/TS. Any SLA or service level shall apply only if expressly agreed in the corresponding OS/TS.
9. PRIVACY AND DATA PROTECTION
9.1 In general, WeSpeak acts as a processor with respect to operational data, in accordance with the Service Agreement and the Subscriber’s/Hotel’s applicable privacy policies.
9.2 For payment data, capture is performed via ZRU and the one-time display to the Hotel occurs under the Hotel’s control and responsibility. WeSpeak does not retain full card data.
10. LIABILITY AND LIMITATIONS
10.1 The disclaimers, exclusions and liability limitations of the Service Agreement apply. Notwithstanding the foregoing, for the manual/CNP flow the Hotel assumes exclusive responsibility for handling card data once displayed.
10.2 WeSpeak shall not be liable for indirect losses, chargebacks, third-party unavailability, provider failures, or Hotel errors regarding amounts/charges/policies.
11. TERM, MODIFICATIONS AND TERMINATION
11.1 These Conditions apply for as long as the Hotel uses the Interface within the scope of its subscription and OS/TS.
11.2 Modifications at WeSpeak’s discretion and duty to review. WeSpeak may, at its sole discretion and at any time, modify or update these Conditions. Unless applicable law requires otherwise, such modifications become effective upon publication on the WeSpeak Terms & Conditions page and/or upon notification as provided in the Service Agreement, without the need for additional express consent. The Subscriber/Hotel is obligated to review them periodically and, in all cases, before using the Interface, to verify any changes. The current version will always be the latest published one, and continued use of the Services constitutes acceptance.
11.3 Automatic suspension/termination for risk, fraud or misuse. Without prejudice to the provisions of the Service Agreement and the OS/TS, WeSpeak may suspend and/or terminate, automatically and with immediate effect, in whole or in part and without liability, the Subscriber’s/Hotel’s access to the Interface when there are reasonable indications of irregularities, fraud, attempted fraud, abuse, misuse, PCI DSS noncompliance or improper handling of Payment Data, violation of law or PSP/third-party terms, or when security, operational or reputational risks exist. WeSpeak may block access, disable features, preserve evidence, and notify PSPs/authorities when appropriate. The Subscriber/Hotel will be informed as soon as possible. Fees already accrued remain due and non-refundable, and the Subscriber/Hotel must cooperate by providing the information necessary for the investigation.
12. VERIFICATION AND SUITABILITY (KYB)
12.1 WeSpeak may request, and the Subscriber shall provide within 5 business days, information reasonably necessary to verify identity, ownership, and regulatory compliance, including: legal name and corporate/tax registration number, legal address, representative and powers, URL of its public privacy policy, privacy/security contact, applicable PCI DSS evidence (e.g., SAQ/AOC for CNP), and anti-fraud policies. WeSpeak may conduct sanctions and compliance list checks through third parties. WeSpeak does not open acquiring accounts, does not perform financial underwriting, and does not hold funds. Failure to comply with this section entitles WeSpeak to suspend and/or terminate access in accordance with clause 11.3. (Data processing governed by the Service Agreement and Privacy Policy.)
12.2 Limited remote audit. With reasonable notice, WeSpeak may request documentary evidence (non-intrusive) to confirm compliance with these Conditions (including PCI DSS for CNP flows). Unjustified refusal enables the measures in section 11.3.
13. GOVERNING LAW AND DISPUTE RESOLUTION
13.1 The governing law, jurisdiction and/or arbitration shall be those established in the Service Agreement in force between the Parties and/or the applicable OS/TS.
13.2 In the absence of an express stipulation in the Service Agreement or OS/TS, any dispute arising out of or related to these Conditions shall be resolved through arbitration administered by the ICC (International Chamber of Commerce) in accordance with its then-current Rules; the tribunal shall consist of one (1) sole arbitrator and the seat of arbitration shall be the City of Buenos Aires, Argentine Republic.
OPERATIONAL ANNEX (CARD-NOT-PRESENT / MANUAL)
A) One-time view: ZRU will display the card data to the Hotel only once; the Hotel must process the charge immediately and shall not retain sensitive data (including CVV).
B) Security: appropriate technical and organizational controls (minimum access, access logs, segmentation, clean-desk policy, secure destruction).
C) Incidents: in the event of any suspected or actual incident affecting payment data, the Hotel shall immediately notify WeSpeak and the applicable card brands/providers, cooperate in the investigation, and assume all related costs/penalties/claims.
D) Indemnity: the Hotel shall indemnify WeSpeak for any claim from cardholders, brands, acquirers, banks, authorities or third parties arising from the manual/CNP flow.