BTCPay Managed Service Agreement

Last Updated: 12 November 2025 Version: 1.0

This BTCPay Managed Service Agreement (“Agreement”) outlines the terms under which GrassRoots Crypto (“Provider”, “we”, “us”) will host, configure, and support a BTCPay Server instance for you (“Client”, “you”).

Important: This Agreement should be read together with our Terms of Service and Disclaimer, both of which apply to this service.

1. Service Description

The Provider will supply the Client with:

A hosted BTCPay Server instance running on enterprise-grade hardware
One or more BTCPay “stores” (as per the Client’s subscription plan)
Bitcoin full node, Lightning Network node, and Electrs backend
A branded storefront and/or Point of Sale (POS) page
Access to the BTCPay dashboard and invoice management tools
Webhook configuration for system integration
Basic accounting integration guidance
Ongoing monitoring, maintenance, software updates, and backups
Technical support

Access: The Client’s BTCPay instance will be accessible via a unique URL provided upon setup completion.

Service Nature: This is a technical infrastructure service only. We provide the technology platform and technical support. This service will not hold client funds or be responsible for client storing their funds.

2. License Grant

The Provider grants the Client a non-exclusive, non-transferable, revocable, and non-sublicensable license to access and use the BTCPay Server instance and associated services during the term of this Agreement, subject to:

Payment of all applicable fees
Compliance with this Agreement and the Terms of Service
Compliance with all applicable laws and regulations

License Restrictions:

This license is personal to the Client and may not be assigned or transferred
The Client may not sublicense, resell, or provide access to third parties for commercial gain
The license terminates immediately upon termination of this Agreement
The Client has no rights to the underlying BTCPay Server software beyond using the hosted service

3. Store & Device Usage

What is a Store? A “Store” represents one business unit, location, or brand within BTCPay Server. Each Store has its own:

Payment settings
Invoices and transaction history
Branding and storefront
Wallet configuration

Pricing:

Monthly fees apply per Store
Unlimited devices may access each Store’s POS or storefront
Additional Stores may be added at any time for an additional monthly fee

Examples:

1 Store needed: A cafe with 5 POS terminals and online ordering (all one business, one brand, one accounting system)
2 Stores needed: A business selling products under two separate brands (e.g., “Premium Coffee Co” and “Budget Beans”) with separate branding and invoicing
3 Stores needed: A franchise group managing 3 independently-owned locations, each requiring separate accounting and transaction tracking

4. Fees and Payment

Setup Fee: $150 (one-time)

Monthly Hosting & Maintenance:

Single store: $39/month
2 stores: $69/month (total)
3 stores: $89/month (total)
4+ stores: Custom quote

Free Trial: First month free for new customers

Payment Terms:

Setup fee is due before service provisioning begins
Monthly fees are billed in advance on the 1st of each month
Payment is due within 7 days of invoice date
Accepted payment methods: Bitcoin (on-chain or Lightning), bank transfer, credit card

Late Payment:

Services may be suspended if payment is more than 14 days overdue
A $50 reactivation fee may apply if service is suspended for non-payment

Annual Billing Option: Pay annually and receive 2 months free (equivalent to 10 monthly payments)

5. Client Responsibilities

The Client is responsible for:

5.1 Security

Securing their own Bitcoin wallets and seed phrases - The Provider never has access to Client funds
Managing staff access permissions within BTCPay
Implementing appropriate device security for POS terminals
Keeping login credentials secure

5.2 Compliance

Ensuring compliance with all applicable laws and regulations in their jurisdiction related to their use of the Service
Tax reporting obligations - including reporting cryptocurrency payments to relevant tax authorities (e.g., ATO for Australian businesses)
The Provider does not provide legal, financial, tax, or compliance advice

5.3 Business Operations

Providing accurate business information for onboarding
Keeping contact details up to date
Monitoring their own transaction volume and reconciling payments
Maintaining adequate internet connectivity for POS devices

5.4 Acknowledgment

The Client acknowledges:

They retain full control and custody of their own funds at all times
The Provider never holds, controls, or has access to private keys, seed phrases, or Client funds
The Provider is a technical infrastructure provider only, not a payment processor or financial intermediary
All Bitcoin and Lightning payments go directly to wallets controlled by the Client

6. Acceptable Use Policy

The Client agrees not to use the Service for any unlawful purpose or in any way that violates this Agreement.

Prohibited Activities:

The Client must not:

Use the Service for any illegal activities or to facilitate violations of law
Attempt to gain unauthorized access to the Service, other accounts, or computer systems
Interfere with or disrupt the Service or servers/networks connected to the Service
Transmit viruses, malware, or any malicious code
Use the Service to send spam, phishing attempts, or fraudulent communications
Impersonate any person or entity or misrepresent affiliation with any person or entity
Overload or attempt to overload the Service infrastructure (e.g., denial of service attacks)
Circumvent any security features or attempt to probe, scan, or test system vulnerabilities
Use automated systems (bots, scrapers) without written permission
Violate any applicable export control laws or regulations

Enforcement:

The Provider reserves the right to investigate suspected violations
Violations may result in immediate service suspension or termination without refund
The Provider may report illegal activities to law enforcement authorities
The Client remains liable for all actions of their authorised users

Reasonable Use:

While the Service offers unlimited devices per Store, the Client agrees to use system resources reasonably. Excessive resource usage that impacts other clients may result in the Provider requesting optimisation or imposing usage limits.

7. Authorised Users

Account Access:

The Client may grant access to multiple authorised users (staff, contractors, accountants) to manage their BTCPay instance
Recommended: 3-5 users per account for typical business operations
Reasonable limit: Up to approximately 20 users is acceptable without additional discussion
Excessive use: If a single-store account exceeds 50+ users, the Provider may contact the Client to discuss usage patterns and potential multi-store setup

User Management:

The Client is responsible for:

Ensuring all authorised users comply with this Agreement
Managing user permissions and access levels within BTCPay
Promptly removing access for former employees or contractors
Maintaining the security and confidentiality of all user credentials
All actions taken by authorised users (Client remains fully liable)

No Additional Fees:

The Provider does not charge per-user fees. Pricing is based on number of Stores, not number of users accessing each Store.

8. Data & Privacy

Client Data Privacy:

The Client’s BTCPay data (invoices, transaction records, customer data) remains private and under Client control
The Provider does not access, store, or have custody of:
- Client funds
- Private keys or seed phrases
- Customer payment information beyond what is visible in BTCPay logs

Provider Access:

The Provider may access BTCPay Server settings and logs solely for:
- Technical maintenance and updates
- Troubleshooting and support requests
- System monitoring and security

Data Storage:

Client data is stored on Provider-managed servers in Australia
Backups are performed daily and retained for 30 days
Upon service termination, Client may export all data before account closure

9. Data Breach Notification

Security Incident Response:

In the event of a data breach or security incident that may affect Client data, the Provider will:

Investigation:

Promptly investigate the nature and scope of the breach
Assess what Client data (if any) was compromised
Determine the cause and prevent further unauthorized access

Notification:

Notify affected Clients within 72 hours of becoming aware of the breach
Provide details of: what data was affected, when the breach occurred, steps taken to address it
Notification will be sent via email to the Client’s registered email address

Remediation:

Take reasonable steps to mitigate the breach and prevent recurrence
Provide guidance to Clients on protective actions they should take
Cooperate with Clients and authorities as required under Australian privacy laws

Client Responsibility:

Clients must also notify the Provider immediately if they become aware of any unauthorized access to their account or suspect a security compromise.

Limitations:

The Provider is not responsible for breaches caused by Client negligence (e.g., sharing passwords, failing to secure devices, social engineering attacks targeting Client staff).

10. Confidentiality

Mutual Confidentiality:

Both parties agree to keep confidential any proprietary or sensitive business information disclosed during the course of this Agreement.

Confidential Information includes:

Business strategies, financial information, and pricing details
Technical specifications and system configurations
Customer lists and business relationships
Any information marked as “confidential” or that would reasonably be considered confidential

Exclusions:

Information is not confidential if it:

Was publicly known at the time of disclosure
Becomes publicly known through no fault of the receiving party
Was independently developed without use of confidential information
Is required to be disclosed by law or court order

Obligations:

Both parties will use confidential information only for purposes of this Agreement
Both parties will protect confidential information with the same care used for their own confidential information
These obligations survive termination of this Agreement for 3 years

BTCPay Data:

For clarity, Client’s BTCPay transaction data and business information accessed by the Provider during maintenance is considered Client confidential information and will not be disclosed to third parties except as required by law.

11. Service Level & Maintenance

11.1 Uptime Commitment

Target uptime: 99.9% (excluding scheduled maintenance)
Monitoring: 24/7 automated system monitoring
Notification: Clients will be notified of any unplanned downtime exceeding 30 minutes

11.2 Maintenance

The Provider will:

Apply security patches and software updates promptly
Perform scheduled maintenance during off-peak hours (typically 2-6am ACST)
Notify Clients at least 48 hours before scheduled maintenance
Maintain adequate storage and system resources

11.3 Support

Included Support:

Email support for BTCPay technical issues (response within 24 business hours)
Configuration assistance for stores, wallets, and integrations
Troubleshooting for payment processing issues
Guidance on BTCPay features and best practices

Not Included:

On-site support
Custom software development
Training for staff (available as separate paid service)
Support for third-party integrations beyond basic guidance

11.4 Provider Is NOT Responsible For

Internet outages on the Client’s side
Device failures, lost/stolen POS devices
Bitcoin price volatility or transaction fee fluctuations
Loss of funds due to mismanagement of private keys or wallets
Customer disputes or chargebacks (Bitcoin transactions are final)
Regulatory compliance (Client’s responsibility)

12. Backups and Data Retention

Backup Policy:

Daily automated backups of BTCPay configuration and invoice data
Backups retained for 30 days
Bitcoin blockchain data maintained via full node (not Client-specific)

Client Export Rights:

Clients may export invoice data, transaction history, and store settings at any time
Export formats: CSV, JSON (via BTCPay’s built-in tools)

Post-Termination:

Client data will be retained for 30 days after service termination
After 30 days, all Client data and stores will be permanently deleted
Client must export all required data before termination

13. Intellectual Property Rights

Provider IP:

The Provider retains all rights, title, and interest in and to:

The BTCPay Server software and platform
All Provider systems, infrastructure, and technology
Provider branding, trademarks, and proprietary materials
Modifications, updates, and improvements to the Service
Documentation, guides, and support materials

Client IP:

The Client retains all rights, title, and interest in and to:

Client’s business name, branding, and trademarks
Client’s product data, pricing, and business information
Client’s customer data and transaction records
Client’s wallet addresses and Bitcoin/Lightning funds

License to Client Data:

By using the Service, the Client grants the Provider a limited, non-exclusive license to:

Store and process Client data solely for providing the Service
Access Client’s BTCPay configuration for maintenance and support purposes
Use aggregated, anonymized data for service improvement and analytics (no personally identifiable information)

This license terminates upon service termination and data deletion.

No Ownership Transfer:

Nothing in this Agreement transfers ownership of intellectual property from one party to the other. Each party retains ownership of its respective IP.

Third-Party Software:

BTCPay Server is open-source software. The Provider’s intellectual property rights relate to the hosting infrastructure, configuration, and support services, not the underlying BTCPay Server software itself (which is licensed under MIT License).

14. Termination and Cancellation

14.1 Client Termination

The Client may terminate service at any time with 7 days’ written notice
Email notice to: info@grassrootscrypto.io
No refunds for partial months

14.2 Provider Termination

The Provider may terminate service immediately for:

Non-payment (after 14 days past due)
Breach of this Agreement or Terms of Service
Illegal use of the service
Abusive or threatening behavior toward Provider staff

14.3 Upon Termination

Client must export all data from BTCPay before termination date
Provider will disable Client access to BTCPay instance
Provider will remove Client stores and configuration after 30-day retention period
Any outstanding fees remain due and payable

15. Provider Warranties

Service Warranty:

The Provider warrants that:

The Service will be supplied with reasonable care and skill in accordance with industry standards
The Service will be substantially free from material defects
The Provider has the legal right and authority to provide the Service
The Service will be performed in a professional and workmanlike manner

Warranty Period:

If the Service fails to meet these warranties, the Client must notify the Provider within 30 days of discovering the defect. The Provider’s sole obligation is to re-perform the defective service or, if unable to remedy, refund the fees paid for that service period.

Warranty Exclusions:

These warranties do not apply to:

Issues caused by Client misuse, modification, or unauthorized changes
Third-party software, services, or Bitcoin/Lightning network performance
Force majeure events or circumstances beyond Provider’s reasonable control
Use of the Service in ways not specified in this Agreement or documentation

16. Australian Consumer Law

Consumer Guarantees:

Nothing in this Agreement excludes, restricts, or modifies any guarantee, right, or remedy conferred on the Client by the Australian Consumer Law (ACL) or other consumer protection legislation that cannot be excluded, restricted, or modified by agreement.

Liability Limitation - Non-Consumer Contracts:

If the Client is acquiring the Service for business purposes (not as a consumer), and to the extent permitted by law, the Provider’s liability for breach of any non-excludable consumer guarantee is limited to, at the Provider’s option:

Re-supplying the Service, or
Paying the cost of having the Service re-supplied

Consumer Contracts:

If the Client is a consumer under the ACL, the Provider’s liability is determined by the ACL and cannot be limited in the manner described above.

17. Indemnification

Client Indemnification:

The Client agrees to indemnify, defend, and hold harmless the Provider, its officers, employees, and contractors from and against any claims, liabilities, damages, losses, costs, and expenses (including reasonable legal fees) arising from:

Client’s breach of this Agreement or violation of any law or regulation
Client’s use or misuse of the Service
Claims that Client’s content or data infringes third-party intellectual property rights
Actions of Client’s authorised users
Client’s violation of the Acceptable Use Policy
Any fraud, negligence, or willful misconduct by the Client

Provider Indemnification:

The Provider agrees to indemnify the Client against claims that the Provider’s provision of the Service infringes a third party’s intellectual property rights, provided that:

The Client promptly notifies the Provider of the claim
The Provider has sole control of the defense and settlement
The Client reasonably cooperates with the Provider’s defense

Indemnification Process:

The indemnified party must:

Provide prompt written notice of any claim
Allow the indemnifying party to control the defense and settlement
Provide reasonable assistance in the defense (at indemnifying party’s expense)

Limitations:

The Provider’s indemnification obligations do not apply if the infringement claim arises from Client’s modification of the Service or combination with third-party products.

18. Limitation of Liability

18.1 Service Nature

This is a technical infrastructure service only.

The Provider is not a financial advisor, payment processor, or financial institution
The Provider does not provide business advice, financial advice, or compliance advice
Success of Client’s business or payment volume is not guaranteed

18.2 Liability Limitations

To the fullest extent permitted by Australian law:

The Provider is NOT liable for:

Loss of funds due to Client error, mismanagement of wallets, or lost seed phrases
Bitcoin price volatility or market conditions
Transaction fees or network congestion (Bitcoin/Lightning network factors)
Business losses, lost profits, or opportunity costs
Downtime beyond Provider’s control (internet outages, DDoS attacks, force majeure)
Data loss if Client failed to export data before termination
Third-party service failures (internet providers, hardware vendors)
Regulatory actions or compliance failures

Maximum Liability: Provider’s total liability under this Agreement shall not exceed the total fees paid by Client in the 12 months preceding the claim.

18.3 Client Wallet Responsibility

CRITICAL:

The Client is solely responsible for securing their Bitcoin wallet and seed phrase
The Provider never has access to Client funds
Loss of seed phrase = permanent loss of funds (Provider cannot recover)
Client should maintain secure backups of all wallet information

19. Force Majeure

The Provider is not liable for delays or failures in performance resulting from acts beyond reasonable control, including:

Natural disasters (floods, fires, earthquakes)
Government actions, war, terrorism
Internet or telecommunications failures
Cyberattacks (DDoS, ransomware)
Bitcoin network disruptions
Power outages affecting data centers

20. Dispute Resolution

20.1 Informal Resolution

Parties agree to attempt informal resolution of disputes before formal proceedings.

20.2 Governing Law

This Agreement is governed by the laws of South Australia, Australia.

20.3 Jurisdiction

Any disputes shall be subject to the exclusive jurisdiction of the courts of South Australia.

21. Goods and Services Tax (GST)

GST Registration Status:

The Provider is not currently registered for Goods and Services Tax (GST) as annual turnover is below the $75,000 registration threshold.

Current Fee Treatment:

All fees stated in this Agreement and on the GrassRoots Crypto website are GST-free (no GST component).

Future GST Registration:

If the Provider’s annual turnover exceeds the GST registration threshold and the Provider becomes GST-registered:

Clients will be notified at least 30 days before GST is applied to fees
GST will be added to all fees from the date of GST registration
Example: A $39/month fee would become $39 + $3.90 GST = $42.90/month total
Existing clients on annual plans will not be charged GST until their next renewal

Tax Invoices:

Once GST-registered, the Provider will issue valid tax invoices showing:

Provider ABN and GST registration details
GST amount (where applicable)
Allowing Australian businesses to claim GST input tax credits

Client Tax Responsibilities:

Clients are responsible for their own tax obligations regarding:

Treatment of BTCPay Server hosting fees for tax purposes
GST implications for their business
Record-keeping and tax reporting requirements

22. Changes to This Agreement

The Provider reserves the right to modify this Agreement with 30 days’ notice to Clients. Notice will be provided via:

Email to the Client’s registered email address
Posted update on grassrootscrypto.io website

Continued use of the service after changes take effect constitutes acceptance of the modified Agreement.

23. Contact Information

GrassRoots Crypto Email: info@grassrootscrypto.io Website: grassrootscrypto.io Location: Adelaide, South Australia

For technical support: Use the contact details above or submit via our contact form.

24. Acceptance

By subscribing to the BTCPay Managed Service, the Client agrees to:

This BTCPay Managed Service Agreement
The GrassRoots Crypto Terms of Service
The GrassRoots Crypto Disclaimer

Effective Date: This Agreement becomes effective upon payment of the setup fee and commencement of service provisioning.

Questions? Contact us at info@grassrootscrypto.io before subscribing to the service.

Legal Framework & Standards

This Agreement has been drafted in accordance with:

Australian Law:

Australian Consumer Law (Schedule 2, Competition and Consumer Act 2010)
A New Tax System (Goods and Services Tax) Act 1999 (GST provisions)
Privacy Act 1988 (Cth) - Australian Privacy Principles (data breach notification)

Industry Standards:

Australian SaaS agreement best practices (Assuredly.co template framework)
Standard hosted services terms (Software as a Service model)
Open-source software licensing (BTCPay Server - MIT License)

Compliance References:

Version History:

Version 1.0 - 12 November 2025 - Initial agreement