co-mission LLC / shyware

Legal

Effective: 2026-05-15↓ PDF

Terms of Service

These Terms govern access to and use of the shyware SDK, hosted APIs, and related services provided by co-mission LLC ("shyware", "we"). By integrating the SDK or calling any shyware-hosted endpoint you agree to these Terms on behalf of yourself and the entity you represent ("you", "operator").

License

Subject to these Terms, shyware grants you a limited, non-exclusive, non-transferable license to integrate and deploy the SDK to build applications for end users. You may not sublicense the SDK independently of an application, resell hosted API access, or remove or obscure any attribution or protocol-version identifiers embedded in the SDK.

Use Restrictions

You may not use the SDK or hosted services to:

Bypass, disable, or circumvent the two-list structural invariant or any validation predicate enforced at the ABCI layer.
Represent a deployment as CBDC infrastructure without written authorisation from shyware and the applicable central bank.
Process personal data of EU, UK, EEA, or other regulated-jurisdiction data subjects without first executing the Data Processing Agreement and all applicable sub-processor schedules.
Process biometric or health special-category data without completing the applicable DPIA and obtaining lawful basis under Art. 9 GDPR or equivalent.
Operate in any jurisdiction where the deployment would violate applicable law, including financial-services, health-privacy, or sanctions law.

Data Processing

shyware acts as a data processor on your behalf. You are the controller responsible for identifying a lawful basis, providing notices to data subjects, and responding to data-subject rights requests. Before processing any personal data in production you must execute the Data Processing Agreement. Sub-processor schedules are listed there. Our processing practices are described in the Privacy Policy. Compliance obligations specific to your deployment are in the SDK Compliance Guide.

Warranties and Liability

The SDK and hosted services are provided "as is." shyware makes no warranty that the SDK is fit for any particular regulated use — operators are responsible for legal compliance in their jurisdiction. To the maximum extent permitted by law, shyware's aggregate liability arising out of or related to these Terms shall not exceed the greater of (a) fees paid by you to shyware in the twelve months preceding the claim or (b) USD $100. shyware is not liable for indirect, consequential, or punitive damages.

Changes

Material changes to these Terms are published at least 30 days before taking effect and notified directly to operators with an active DPA. Continued use after the effective date constitutes acceptance.

Governing Law

These Terms are governed by the laws of the State of New Jersey, United States, without regard to conflict-of-law rules. Disputes are subject to the exclusive jurisdiction of the courts of Monmouth County, New Jersey.

Documents

Document	Path
Legal index (this page)	`/legal/`
Privacy Policy	`/legal/privacy/`
DPIA Package	`/legal/privacy/dpia/`
Data Processing Agreement	`/legal/privacy/dpia/dpa/`
Sub-processor: Authentication Provider	`/legal/privacy/dpia/dpa/schedule-auth`
Sub-processor: Identity Verification	`/legal/privacy/dpia/dpa/schedule-verification`
Sub-processor: Compute and Signing	`/legal/privacy/dpia/dpa/schedule-compute`
Sub-processor: Off-chain Database	`/legal/privacy/dpia/dpa/schedule-database`
Sub-processor: Device Attestation	`/legal/privacy/dpia/dpa/schedule-attestation`
Sub-processor: Token Issuer (shywire)	`/legal/privacy/dpia/dpa/schedule-token`
Sub-processor: EHR / FHIR Health Records	`/legal/privacy/dpia/dpa/schedule-health`
SDK Compliance Guide	`/legal/compliance/`

Contact

Data protection: privacy@shyware.fyi
Legal: legal@shyware.fyi