The Complete Guide to Affiliate Programme Terms and Conditions

Affiliate programme terms and conditions serve two purposes. The first is legal — protecting your brand, setting expectations, defining the relationship with publishers. The second is operational — giving you the grounds to reject fraudulent commissions, remove bad actors, and enforce your rules when publishers push back.

Most brands write terms that cover the first purpose adequately. The second is where things fall apart. And when you're trying to act on fraud that Marcode or your network has flagged, weak operational terms are often the only thing stopping you.

This guide covers everything your programme terms need — from the standard clauses every agreement should include, to the specific wording that determines whether you can actually enforce them.

How Most Programmes Start: Without the Terms They Need

More than half of the programmes we work with at Marcode haven't had their terms properly reviewed in years. Most don't know exactly what's in them. That's a problem not because the terms are necessarily wrong, but because the affiliate landscape has changed significantly — browser extensions, sub-networks, and attribution manipulation didn't look the same five years ago as they do today — and terms rarely keep pace.

The two gaps we see most consistently:

• Browser extension wording is almost always missing. This is a relatively new category of publisher, and the compliance requirements (standdown, soft click, sub-network accountability) simply didn't exist in most terms templates before the problem became widespread.
• Attribution rules are rarely defined at publisher level. Most terms specify a cookie window. Very few specify what happens when multiple publishers claim credit for the same sale, or what obligations a publisher has not to interfere with another affiliate's tracked session.

Both of these gaps have real financial consequences. Getting them right is the point of this guide.

Part 1: The Standard Sections Every Programme Needs

These are the foundational clauses that belong in every affiliate programme agreement, regardless of your vertical or network.

Commission Structure and Payment Terms

Define precisely how commissions are calculated and when they're paid:

• Rate structure: Percentage of sale value, flat fee per conversion, or tiered by publisher category. Be explicit — vague rate structures create disputes.
• What qualifies for commission: New customers only, or existing customers too? All products, or excluded SKUs? Define this in the terms, not just in your network settings.
• Lock period: State when commissions lock. Standard is 30 days after month-end, though this varies by network. Once locked, reversals become significantly harder — your terms should make clear that disputed commissions should be raised before lock.
• Returns and cancellations: Commissions should be void on returned or cancelled orders. This is standard but must be stated.
• Payment thresholds and schedule: When publishers can expect payment and any minimum thresholds that apply.

One observation on rate design: higher commission rates consistently attract more fraud. That's not a reason to underpay legitimate publishers, but it's a reason to scrutinise high-performing publishers in high-rate categories more carefully, and to ensure your affiliate programme terms give you the tools to act when something looks wrong.

Cookie Window and Attribution Model

Your attribution model is one of the most fraud-relevant decisions in your programme setup, and it should be clearly stated in your terms.

Last-click attribution is the most common model and the most fraud-prone. It's easy to manipulate because the last affiliate to record a click before purchase claims the commission — and fraudsters know this. Manufactured last-minute clicks, coupon codes popped at checkout, and browser extensions that override existing tracking are all strategies designed to exploit last-click rules.

Multi-touch attribution reduces this risk but adds complexity. If you're running it, define precisely how credit is distributed.

Whatever model you use, state it explicitly in your terms. Publishers should understand how attribution works in your programme before they join — and that statement becomes the basis for rejecting transactions where attribution has been manipulated.

Publisher Eligibility and Approval

• Publishers must be approved before generating commissions. This seems obvious but must be stated — it's the foundation for rejecting transactions from unapproved sources.
• Define what makes a publisher eligible: active website, relevant audience, compliance with your vertical's requirements (particularly important for financial services, gambling, healthcare).
• State that approval can be withdrawn at any time and that commissions from a publisher operating after withdrawal are void.

Intellectual Property and Brand Usage

• Define how publishers may and may not use your brand assets — logos, product images, brand name in ad copy.
• Brand bidding must be explicitly prohibited. Bidding on your brand keywords in paid search, or any variation of your brand name, is not permitted. Include this in plain language, not buried in a general "prohibited activities" catch-all.
• Brand hijacking — creating ads or landing pages that impersonate your brand — is so clearly fraudulent that it arguably doesn't require a specific clause to justify action. But include it anyway. Removing ambiguity makes your position unassailable.

Disclosure Requirements

In the UK, the CMA requires affiliate relationships to be disclosed in a way that is unavoidable, understandable, and unambiguous. "Affiliate link" isn't sufficient — publishers must use "ad" or "#ad". The same principle applies across EU and US markets, where the FTC requires disclosure to be "clear and conspicuous."

Your terms should require publishers to comply with disclosure obligations in every market they operate in. The APMA has published clear guidance on disclosure standards for the UK market specifically, and it's worth referencing their standards in your terms.

Prohibited Promotional Methods

List the specific methods that are never permitted, regardless of context:

• Brand bidding and brand hijacking
• Spam or unsolicited email marketing
• Cookie stuffing or false click generation
• False or misleading advertising claims about your products
• Purchasing traffic from ad networks to generate affiliate conversions
• Any method not explicitly approved by your programme

Termination

Termination clauses are not all created equal. There's an important distinction between terminating for cause and terminating for non-performance.

Termination for fraud is straightforward, provided you have documented evidence. Fraud isn't a defensible position for a publisher — but they will still try to defend it, particularly if significant commissions are at stake. What makes fraud termination hold up is having clear evidence: transaction data, click records, and pattern analysis. Publishers who contest a fraud termination without being able to explain the underlying pattern rarely prevail, but the process is significantly faster and cleaner when the evidence is documented and the terms are explicit.

Termination for non-performance is more complex. Removing a publisher for generating low revenue isn't straightforward to defend if they're technically compliant with your terms. If you want the ability to remove publishers who aren't delivering, include performance thresholds in your terms — minimum conversion volumes over a defined period, or similar.

Standard notice periods are 30 days for termination without cause. For fraud, your terms should allow immediate termination upon evidence.

Part 2: Attribution Rules — Soft Click, Standdown, and Why They Matter

This is the section most brands don't have. It's also the one that, in our view, causes the most unnecessary commission disputes.

When multiple publishers claim credit for the same conversion, the outcome depends entirely on what your terms say. Without explicit attribution rules, you're leaving it to the network's default settings — and those defaults don't always protect you or your legitimate publishers.

The Soft Click Requirement

Soft click is a mechanism that allows a publisher (typically a browser extension or cashback tool) to register interest in a conversion without overwriting an existing tracked session. If a user arrived via a voucher site affiliate, and then a browser extension activates at checkout, soft click means the extension doesn't displace the original affiliate's attribution.

Hard clicks, which do overwrite existing attribution, are how extension publishers game last-click systems. Your terms should explicitly require that any publisher operating as a browser extension, or any extension publisher operating via a sub-network, must use soft click only.

The Standdown Requirement

Standdown requires a publisher to remain inactive when a customer is already in a tracked session from another publisher. If a voucher code click is already recorded in the user's session, a cashback extension should stand down and not activate.

Include both requirements in your terms and apply them to any publisher type that could interact with an existing tracked session — not just browser extensions, but also toolbar publishers, cashback operators, and any publisher operating via a sub-network.

The APMA's guidance on attribution and publisher standards provides a useful framework for how these rules should be structured.

Part 3: Channel-Specific and Enforcement Clauses

These are the clauses that give you the operational basis to reject suspicious commissions. Most generic terms templates don't include them. They're the difference between being able to act on fraud and not.

Referral URL and Source Approval

No referral URL on conversion: commission rejected. Every legitimate conversion should have a referral URL showing how the customer arrived. Transactions attributed to an affiliate without a referral URL are not eligible for commission.

Unwanted source in the referral URL: commission rejected. If the referral source isn't one the affiliate is approved to use, the commission doesn't qualify. This closes off manufactured attributions and traffic from sources the publisher hasn't disclosed.

New or unapproved source: commission rejected. Any new traffic source must be submitted for approval before generating commissions. Publishers cannot introduce sub-publishers, new domains, or new promotional methods without prior approval.

Network tracking rules must be respected. This is where network-specific language becomes important. Each major network has its own tracking parameters:

• Partnerize uses a clickref to track publisher activity
• Awin uses a clickID appended to tracking links as well as a Clickref for subnetworks
• Rakuten uses a siteID to identify publisher sessions
• Rakuten uses clickID and SharedID

Your terms should reference your specific network's tracking requirements and state that transactions not generated through approved tracking are ineligible for commission. A lot of the issues we see when trying to reclaim commission would be solved if the tracking had been respected.

When your network updates its tracking standards — which happens periodically — your terms should be updated to reflect this. Outdated terms that reference deprecated tracking methods create grey areas publishers can exploit.

Coupon, Deal Site, and Cashback Rules

Unauthorised coupon codes: commission rejected. If a coupon affiliate attributes a sale using a discount code they shouldn't have — scraped from another channel, pulled from a deal aggregator, or generated outside your programme — those commissions should be rejected. State this explicitly.

Cashback sites: referral domain required. Require cashback publishers to demonstrate they sent the customer to you by providing a referral domain as part of conversion data. If they can't show where the traffic came from, the commission doesn't stand.

Browser Extensions

Extensions operating in your programme — whether directly or via a sub-network — must:

1. Use soft click only; hard clicks that override an existing affiliate session are not permitted
2. Respect standdown when the customer is already in a tracked session from another publisher
3. Disclose their affiliate participation in accordance with platform and regulatory requirements

If you're running extension publishers through a sub-network, add a clause that holds the sub-network accountable for their publishers' compliance. Sub-networks can otherwise become a route for non-compliant extensions to operate in your programme without clear accountability.

Sub-Network Rules

When you approve a sub-network, you're effectively approving their entire publisher pool — including publishers you've never reviewed. At minimum:

• Sub-networks must obtain individual approval for any publisher generating above a defined commission threshold
• Sub-networks are responsible for their publishers' compliance with your programme terms
• You reserve the right to reject commissions from any sub-network publisher who hasn't been individually approved

Sub-networks are also how terminated publishers re-enter programmes. An affiliate you've removed can rejoin as a sub-publisher through another network. The accountability clause prevents this by making the sub-network responsible for vetting.

App Campaigns and CPI

Cost-per-install and other soft conversion campaigns are a significant fraud risk. App install fraud is rampant: publishers generate large install volumes, collect commissions, and none of those installs ever generate revenue.

If your programme relies on revenue, don't run CPI campaigns. If you choose to run them, your terms must include performance KPIs as a condition of payment:

• CPI commissions are only payable if at least X% of installs progress to a purchase within 30 days
• Publishers whose install-to-purchase ratio falls below threshold have commissions suspended pending review

Without this clause, you're paying for installs you can't verify. With it, you have both a fraud detection trigger and grounds for rejection.

Content Placement and Channel Restrictions

Publishers should only promote through channels you've approved. Unauthorised placements are grounds for commission rejection by default.

Include an escalation clause: placements on explicitly restricted channels — competitor pages, adult content, gambling sites, or any category you define — result in programme removal and rejection of all outstanding commissions. The escalation changes the risk calculation. Rejection of a single commission is recoverable. Losing all pending commissions is not.

Contact Information Requirements

Require publishers to maintain functioning contact information as a condition of programme membership. The clause to include: failure to respond to three follow-up contacts within a defined period results in account suspension or termination.

When something suspicious is flagged, the first step is usually requesting documentation — traffic source data, sub-publisher records, conversion logs. Publishers who go silent when questioned are consistently the ones with something to hide. Without a contact information clause, you have no grounds to act on non-responsiveness. With it, silence is itself a compliance failure.

Part 4: Keeping Terms Current

Terms are only useful if they reflect how your programme actually operates. Two practical rules:

Review annually at minimum. Set a calendar reminder. The affiliate landscape changes — new publisher types emerge, networks update their tracking, regulatory requirements shift. Terms that were comprehensive two years ago may have gaps today.

Update when your network updates. Networks periodically revise their tracking parameters, attribution rules, or publisher standards. When they do, your terms should be updated to reference the new requirements. A terms document that references a deprecated clickID format or an old tracking standard creates ambiguity that publishers can exploit.

What We See at Marcode

The pattern we encounter most when onboarding new clients: terms that were reasonable when they were written, that haven't been touched since, and that now have significant gaps relative to how the programme has evolved.

Browser extension wording is missing in almost every case. Attribution rules — soft click obligations, standdown requirements — are absent from the vast majority of terms we review. These aren't obscure edge cases. They're the primary mechanism through which last-click fraud operates today.

The consequence is that when we flag suspicious activity, the brand's first step is often fixing their terms before they can act on the evidence. Commissions continue to lock while that process happens. A fast-growing SaaS we worked with had solid fraud evidence against affiliates bidding on their brand name in paid search — clear last-click manipulation — but their terms didn't explicitly prohibit it. The terms had to be updated and recommunicated before any reversal action could be supported. That delay cost real money.

The fix isn't complicated. It's a review of your existing terms against the checklist below, and targeted additions where gaps exist. Do it before you have a problem, not during one.

Complete Programme Terms Checklist

Use this to audit your current terms or draft new ones.

Foundation‍‍

- Commission rates, payment schedule, and lock period defined
- Returns and cancellations explicitly void commission
- Cookie window and attribution model stated
- Publisher eligibility criteria defined
- Brand bidding and hijacking explicitly prohibited
- Disclosure requirements (CMA/FTC) required of all publishers

Attribution and tracking

- Soft click required for extension and cashback publishers
- Standdown required when customer is already in a tracked affiliate session
- Network-specific tracking parameters referenced (Partnerize clickref / Awin clickID / Rakuten siteID)
- Terms to be updated when network tracking standards change

Conversion validity

- No referral URL on conversion = commission rejected
- Unwanted or unapproved source in referral URL = commission rejected
- New traffic sources require approval before generating commissions
- Network tracking rules must be respected; non-compliant transactions ineligible

Channel-specific rules

- Unauthorised coupon codes = commission rejected. This weeds out sites promoting codes they shouldn't have to get users to buy, which creates a double problem as it also impscts margins.
- Cashback publishers must provide referral domain with conversion data
- Browser extensions must use soft click and respect standdown
- Sub-networks accountable for individual publisher compliance; approval required above threshold
- CPI and soft conversion campaigns require defined KPIs; commissions rejected if thresholds not met
- Unauthorised content placements = commission rejection
- Restricted channel placements = programme removal and all commissions rejected

Compliance and enforcement

- Contact information must be maintained and functioning
- Three unanswered follow-ups = account suspension or termination
- Fraud termination: immediate upon documented evidence
- Non-performance termination: minimum 30 days notice (or as defined)
- Terms reviewed annually and updated when network standards change

Key Takeaways

• More than half of programmes have terms that haven't been reviewed in years — browser extension rules and attribution requirements are the most consistently missing clauses based on our experience, but there are definitely more so be thorough.
• Terms serve two purposes: legal protection and operational enforcement. Most cover the first; the second requires specific clauses around conversion validity, source approval, and publisher conduct.
• Attribution rules matter: last-click is the most fraud-prone model because it's easiest to manipulate at the last point of the customer journey. Soft click and standdown requirements reduce this risk but must be in your terms to be enforceable.
• Referral URLs are essential to judging quality traffic or fraud. Make sure they are passed through.
• Higher commission rates attract more fraud. That's not a reason to cut rates, but it's a reason to ensure your terms give you tools to act when high-value publishers show suspicious patterns.
• Network-specific tracking references make terms more precise and harder to exploit. Partnerize uses a clickref, Awin a clickID, Rakuten a siteID — your terms should state which tracking parameters are required in your programme and how they should be passed through.
• Terminating for fraud is defensible with documented evidence. The programmes that resolve disputes quickly are the ones that have evidence tools in place before the dispute starts.

If you want help reviewing your programme terms against this checklist — or if Marcode has flagged activity that your current terms don't give you grounds to act on — get in touch.