Skip to content
Pawns.app | Business

SDK Terms and Conditions

Last updated May 11, 2026.

These PAWNS.APP LTD SDK Terms and Conditions for Pawns.app (the “SDK Terms“) govern the contractual relationship between PAWNS.APP LTD (the “Company“) as the owner of the application Pawns.app, and any natural or legal person using the Pawns.app SDK Functionality for business or professional purposes (as further described below) (the “Partner“) (each a “Party” and collectively, the “Parties“).

The SDK Functionality is intended solely for integration into interactive applications where the End User actively and personally operates the device on which the Hosting Application is installed.

By enabling the SDK Functionality via this link/website (or any successor page), you agree to be bound by these SDK Terms, and the following policies and documents (collectively, the “Policies”): (I) Pawns.app Privacy Policy, (II) Pawns.app Acceptable Use Policy, (III) any SDK documentation and integration requirements published by the Company for the SDK Functionality, and (IV) any other end-user facing policies or terms published by the Company in connection with the SDK Functionality. If you do not agree, you must not install, enable, integrate, or use the SDK Functionality.

If there is any conflict between these SDK Terms and any Policies, these SDK Terms will prevail with respect to the SDK Functionality. 

1. GENERAL PROVISIONS AND DEFINITIONS

    1.1. Definitions. For purposes of these SDK Terms:

    (a) “SDK” means the Company’s software development kit, code, components, libraries, and related documentation provided to the Partner for integration.

    (b) “SDK Functionality” means the traffic sharing functionality made available by the Company via the SDK and/or by enabling access at this link/website, including the routing of internet traffic through IP addresses and/or End User devices as further described in these SDK Terms. For the avoidance of doubt, “End User devices” as referenced in this definition means personal computing devices actively and personally operated by the End User who has provided Valid End User Consent.

    (c) “Hosting Application” means the Partner’s application, software, or service into which the SDK is integrated.

    (d) “End User” means a user of the Hosting Application.

    (e) “Feature” means the optional internet sharing / traffic sharing feature made available to End Users through the SDK in the Hosting Application.

    (f) “Clients” means the Company’s customers that receive routed traffic through the Company’s network.

    (g) “Contributed IPs” means IP addresses made available to the Company’s network for traffic routing purposes, including from End User devices through the Hosting Application with Valid End User Consent, from the Partner’s own infrastructure, or otherwise as agreed between the Parties.

    (h) “Used Traffic” means the volume of traffic that is successfully routed and measured by the Company through Contributed IPs, excluding any Invalid Traffic as described in Section 3.10.

    (i) “Invalid Traffic” means traffic that the Company reasonably determines to be low-quality, non-usable, fraudulent, prohibited, or otherwise not eligible for payment, including as described in Section 3.10.

    (j) “Implementation Requirements” means any technical, operational, and legal implementation requirements for the SDK and the Feature that the Company publishes or provides to the Partner from time to time, including any consent/disclosure requirements.

    (k) “Valid End User Consent” means consent to enable the Feature that (a) is freely given, specific, informed, and unambiguous; (b) is obtained in accordance with all applicable laws; and (c) is given by an individual who is (i) the owner or authorised administrator of the device on which the Feature is enabled, and (ii) authorised to use the internet connection through which traffic will be routed.

    1.2. PAWNS.APP LTD is a legal entity, incorporated in the United Kingdom, company number 16043795, address C/O Tax Partners, 60 Gray’s Inn Road, London, United Kingdom, WC1X 8LU (the “Company”/“us”/“we”, “our”).

    1.3. Any person who accesses or uses the SDK Functionality for business or professional purposes is considered to be a Partner under these SDK Terms (the “Partner“/”You“).

    1.4. You are responsible for verifying Your eligibility before using the SDK Functionality. Eligibility information is available via this link/website. Legal entities must be duly incorporated and in good standing under the laws of their jurisdiction of formation. If You are using the SDK Functionality on behalf of a legal entity, You, as a natural person, are responsible for ensuring You hold all necessary authorisation to do so.  

    1.5. The Partner shall complete the registration process by providing the required information via the designated form accessible via this link/website

    The Company may use a third-party service for identity verification. 

    For additional details concerning the processing of Your personal data, please refer to our Privacy Policy.

    1.6. In all cases, by accessing or using SDK Functionality, the Partner represents, warrants, and agrees that they are legally capable of entering into binding agreements under the applicable laws and are not subject to any legal restrictions or incapacities that would prevent the lawful conclusion of these SDK Terms and access to or use of SDK Functionality. The Partner affirms that they are acting on their own behalf or, where applicable, are duly authorized to act on behalf of and bind a legal entity, organization, or other third party, and possess all necessary rights, consents, and approvals to do so.

    The Partner further confirms that neither the Partner nor any legal entity it represents is subject to any sanctions, embargoes, or similar prohibitions as further described in Section 1.11. 

    1.7. The Company reserves the right, at its sole discretion, to verify the Partner’s eligibility and compliance with this clause at any time, and to deny, suspend, or terminate access to SDK Functionality and/or other functionalities/services of the Company in the event of any breach or misrepresentation.

    1.8. The Parties are independent contractors. Nothing in these SDK Terms creates any partnership, joint venture, agency, employment, or fiduciary relationship between the Parties. The Partner has no authority to bind the Company.

    1.9. The Partner must not access, use, or evaluate the SDK, SDK Functionality, or related documentation for competitive purposes, including monitoring availability, performance, or functionality, benchmarking, or developing or improving a competing product or service.

    1.10. The Partner shall comply with all applicable export control, sanctions, and trade laws and regulations in connection with its use of the SDK Functionality, including restrictions applicable to software, data, and technology transfers.

    1.11. Sanctions and export controls. The Partner represents and warrants that:

    (a) it is not established in, located in, or acting on behalf of any person or entity located in a country or territory subject to comprehensive embargoes or sanctions imposed by the United Nations, the European Union, the United Kingdom, the United States, or equivalent authorities (the “Trade Control Authorities”);

    (b) it is not itself designated on, owned by, or controlled by any person or entity named on a sanctions or restricted-party list issued by the Trade Control Authorities; and

    (c) it will not make the SDK Functionality, any data, or any outputs available to any such sanctioned or restricted person or entity.

    The Partner acknowledges that the SDK Functionality may be subject to export, re-export, and sanctions controls administered by the UK Office of Financial Sanctions Implementation (OFSI), the US Office of Foreign Assets Control (OFAC), and equivalent authorities in the EU and other jurisdictions, and shall comply with all applicable requirements.

    The Company may refuse, suspend, or terminate the Partner’s access to the SDK Functionality with immediate effect where it reasonably determines that the Partner’s jurisdiction, affiliations, or circumstances present an unacceptable sanctions, export control, legal, or reputational risk. In such case: (i) all rights granted to the Partner shall cease immediately; (ii) the Partner shall discontinue all use of the SDK Functionality and cease distribution of new Hosting Application versions that include the SDK; (iii) the Company may withhold any accrued but unpaid amounts where releasing them would expose the Company to sanctions, legal, or regulatory risk, or where the Partner has not provided sufficient information to enable compliant payment, with such payments released only once the Company is satisfied payment can lawfully be made; (iv) the Company shall have no liability for any resulting losses; and (v) the surviving provisions in Section 6.20 shall continue to apply.

    2. VERIFICATION

    2.1. The SDK Functionality and the Feature are intended solely for use by individuals who have reached the legal age of majority in their jurisdiction of residence. The Partner acknowledges that the Company’s platform and services are not directed at minors.

    2.2. The Partner represents and warrants that it will not knowingly allow the Feature to be enabled by or for minors. The Partner bears sole responsibility for compliance with all applicable laws governing the processing of personal data of minors, including UK GDPR Article 8, the ICO’s Age Appropriate Design Code, and any equivalent national legislation. Where applicable, this includes laws governing online services directed at or knowingly used by children under 13, such as the US Children’s Online Privacy Protection Act (COPPA). The Partner shall take prompt remedial action upon becoming aware of any use of the Feature by a minor.

    2.3. The Partner shall implement and maintain reasonable technical and operational measures to ensure that the Feature is not enabled for or used by individuals under the legal age prescribed by applicable law in the relevant jurisdiction. Such measures shall include, at minimum, clear eligibility disclosure at the point of consent, as required under Section 3.6.5(d). Such measures shall also include technical controls to ensure that the Feature is only enabled on device types compatible with the SDK Functionality as described in Section 3.5, and that no device may be enrolled without an affirmative action by the user during the consent process.

    2.4. The Company reserves the right to suspend or terminate the Partner’s access to the SDK Functionality if the Company has reasonable grounds to believe that the Partner has failed to comply with this clause.

    3. SDK FUNCTIONALITY

    3.1. Partners who make Contributed IPs available may apply to access and use the SDK Functionality, subject to the Company’s verification and approval. The SDK Functionality enables the integration of the Partner’s systems with the Company’s network infrastructure through Contributed IPs as defined in Section 1.1(g).

    3.2. The SDK Functionality operates through Contributed IPs as described in Section 1.1(g). Availability, volume, and usage may vary based on demand, network conditions, and other factors.

    3.3. By enabling the SDK Functionality, the Partner will receive payment for the volume of Used Traffic successfully routed and measured by the Company through Contributed IPs. The Partner will not be compensated merely for providing access to IP addresses or network infrastructure, but only for actual Used Traffic.

    3.4. The Company does not guarantee any minimum usage, traffic volume, or payments under the SDK Functionality. Actual usage and any payments may vary over time based on demand, network conditions, quality, compliance, and other factors.

    3.5. The SDK Functionality is currently compatible with Android, iOS, Windows, and macOS operating systems. Additional operating system support may be introduced from time to time. Regardless of device type, Valid End User Consent must be obtained prior to enabling the SDK Functionality on any device.  

    3.6. In addition to any other requirements under these SDK Terms, the Partner shall:

    3.6.1. successfully complete the Company’s verification procedure;

    3.6.2. use only Contributed IPs as defined in Section 1.1(g), including ensuring that any IP addresses from the Partner’s own infrastructure are owned or lawfully controlled by the Partner;

    3.6.3. use applications (including mobile or desktop) that are owned or lawfully controlled by the Partner;

    3.6.4. ensure that the Hosting Application’s terms and conditions expressly permit the routing of internet traffic through End User devices via the SDK Functionality, and that the Partner: 

    (a) clearly informs End Users that, by enabling the Feature, they are sharing their internet traffic and that this may have consequences as further described in Section 3.6.5(b); 

    (b) takes sole responsibility for ensuring that End Users are fully informed of these SDK Terms, the Privacy Policy, the Acceptable Use Policy, and any other applicable policies; 

    (c) clearly sets out in the Hosting Application’s terms and conditions the rules governing any remuneration provided to End Users for allowing the Partner to utilise their internet traffic through the SDK Functionality. 

    The Company shall under no circumstances be responsible for, or obliged to provide, any such remuneration.

    3.6.5. The Partner must ensure that the Feature is disabled by default for End Users, and that the Feature is enabled only after an End User provides explicit, affirmative consent through a clear action (such as clicking a clearly labelled button). Consent must be obtained before any routing of internet traffic through the End User’s device begins. The Partner must present clear, prominent disclosures that, at minimum, describe:

    (a) that the Feature routes internet traffic through the End User device;

    (b) that the Feature may consume device resources (including CPU and battery), may increase device heat, may affect internet performance depending on device, network conditions, and usage, and may use data from the End User’s internet or mobile data plan;

    (c) that, as part of providing the traffic routing service, the End User’s public IP address and related technical connection data will be visible to the Company’s Clients, and that further details about what data is shared and how it is processed are set out in the Company’s Privacy Policy; 

    (d) that the End User must be the primary user of both the device and the internet connection used, must meet the eligibility requirements including the legal age of majority in their jurisdiction, and should review their internet service provider’s terms prior to enabling the Feature, as such terms may prohibit commercial traffic sharing; and

    (e) how to disable the Feature.

    3.6.6. The Partner must ensure that End User consent to enable the Feature is separate from acceptance of the Hosting Application’s general terms (i.e., the Partner must not bundle Feature consent into general application acceptance).

    3.6.7. The Partner must ensure End Users can withdraw consent and disable the Feature easily and at all times through the Hosting Application’s settings or other in-app controls. The Partner must not design the Hosting Application in a way that unreasonably obstructs disabling the Feature. 

    3.6.8. The Partner must provide End Users with access to the Company’s Privacy Policy and any other end-user facing policies or terms published by the Company in connection with the SDK Functionality (e.g., via links) at the time of enablement, and must not prevent End Users from reviewing them before consenting.

    3.6.9. The Partner must not misrepresent the Feature as required to use the Hosting Application (unless expressly approved in writing by the Company), and must not use deceptive, manipulative, or misleading design patterns to obtain consent.

    3.6.10. The Partner must maintain reasonable technical controls to ensure only End Users who have provided consent can enable the Feature, and that End Users who withdraw consent are promptly disabled. The Partner must be able to provide reasonable evidence of its enablement/disablement implementation upon request.

    Where an End User withdraws consent to the Feature, or disables the Feature through the Hosting Application or otherwise, the Partner shall ensure that the routing of internet traffic through that End User’s device ceases immediately upon withdrawal or disablement. 

    The Partner shall ensure that:

    (a) withdrawal of consent is as simple and accessible as the mechanism by which consent was originally given, in accordance with the applicable law;

    (b) an End User’s withdrawal of consent does not result in any detriment, restriction of access to, or degradation of the Hosting Application’s core functionality (i.e., the Partner must not condition core application functionality on the Feature remaining enabled);

    (c) where the Hosting Application is uninstalled or removed from an End User’s device, the Feature is automatically disabled on that device to the fullest extent technically possible;

    (d) the Partner maintains records of consent and withdrawal events for a minimum period of twenty-four (24) months, or such longer period as may be required by applicable law, and provides such records to the Company upon reasonable written request.

    Used Traffic generated from an End User after that End User has withdrawn consent shall constitute Invalid Traffic under Section 3.10 and shall not be eligible for payment.

    3.6.11. The Partner must not present End User disclosures or terms that conflict with the Company’s Policies or Implementation Requirements, including statements that contradict the Company’s described data processing or sharing.

    3.6.12. The Company may provide or require specific disclosure and consent language to satisfy the requirements of Section 3.6.5 and other applicable Implementation Requirements. Where required by the Company, the Partner shall use the provided language without material modification. Any customized consent flow or wording must be submitted to the Company for review and written approval prior to deployment.

    The Partner acknowledges and agrees that any disclosure, consent, or other language provided or required by the Company under this Section is made available as a reference template only, does not constitute legal advice, and has not been tailored to the specific legal requirements of every jurisdiction in which the Hosting Application may be made available to End Users. The Partner remains solely responsible for ensuring that its End User disclosures and consent mechanisms comply with all applicable laws in every relevant jurisdiction, and the use of Company-provided language shall not reduce, limit, or transfer to the Company any of the Partner’s compliance obligations under these SDK Terms or applicable law. Where the Partner reasonably believes that Company-provided language is insufficient or inappropriate to satisfy applicable legal requirements in a given jurisdiction, the Partner shall promptly notify the Company in writing and may propose modifications for the Company’s review and written approval under this Section. Nothing in this Section constitutes a representation or warranty by the Company as to the legal sufficiency of any disclosure or consent language in any jurisdiction.

    3.6.13. The Partner is responsible for ensuring that the Hosting Application, including its integration of the SDK Functionality, complies with the policies, guidelines, and requirements of all third-party distribution platforms on which the Hosting Application is published or made available, including platform policies governing bandwidth-sharing services, data safety and privacy disclosures, and application purpose requirements. The Company recommends that the Partner review applicable platform guidelines before publishing the Hosting Application, and is available to provide technical information about the SDK to support the Partner’s compliance efforts. However, the Company does not review or certify applications for compliance with third-party platform policies. In the event of any enforcement action, removal, suspension, or other measure taken by a third-party platform against the Hosting Application, the Partner, as the party that holds the developer account with the platform, will handle any appeal, fix, or reinstatement request directly with the platform. The Company shall, upon the Partner’s reasonable request, use reasonable efforts to provide technical information about the SDK to support the Partner’s response to such enforcement actions, though final decisions rest with the platform. A platform enforcement action against the Hosting Application does not automatically affect the Partner’s access to the SDK Functionality, unless the circumstances also constitute a breach of these SDK Terms or the Policies.

    3.6.14. The requirements of this Section 3.6 set minimum standards only and do not limit the Partner’s obligation to obtain End User consents in compliance with all applicable laws in the Partner’s jurisdiction and in each jurisdiction in which the Hosting Application is made available to End Users.

    3.7. The Partner shall be solely responsible for ensuring that its End Users are legally permitted to share their internet traffic (including compliance with applicable laws and any contractual obligations, such as those with internet service providers). Any internet traffic routed through End User devices in breach of such obligations shall be the sole responsibility of the Partner. The Partner shall not enable the Feature on devices or connections where the Partner has reasonable grounds to believe that the applicable internet service provider agreement prohibits commercial traffic routing or bandwidth sharing.

    3.8. Integration process. Once integrated, End Users of the Hosting Application may share their internet traffic through the SDK Functionality as described in these SDK Terms.

    The integration process shall follow the sequence outlined below: 

    (i) The Company provides the Partner with access to the SDK, including SDK code and/or integration instructions, as applicable. 

    (ii) The Partner is responsible for integrating the SDK into its systems in accordance with the Implementation Requirements. 

    (iii) The Company may conduct a technical verification of the integration and, upon successful verification, may authorise the Partner to use the SDK Functionality.

    3.9. Measurement and reporting. The Company will measure Used Traffic using its systems and logs, and such measurement will be used for reporting and payment calculations. The Company may make usage and payment-related information available to the Partner via a dashboard, reports, or other reasonable means.

    3.10. Invalid Traffic and exclusions. The Company is not obliged to pay for Invalid Traffic. Invalid Traffic may include, without limitation, traffic that the Company reasonably determines: (a) originates from or uses data center, hosted, server, VPS, VPN, proxy, or similar non-consumer environments (unless expressly approved in writing by the Company); (b) is unstable, unusually slow, or otherwise non-usable; (c) is blocked, spamlisted, or associated with abuse; (d) is generated or amplified through automation, manipulation, or fraud; (e) is generated without Valid End User Consent; (f) violates these SDK Terms, the Acceptable Use Policy, or applicable law; or (g) originates from devices that do not reflect active, personal interactive use by a consenting End User, including devices operating continuously without user engagement, or where the Feature appears to have been enabled without direct user interaction, unless expressly approved in writing by the Company. The Company may withhold or adjust amounts attributable to Invalid Traffic.

    3.10.1. A portion of the internet traffic routed through Contributed IPs may be used by the Company for infrastructure operation and maintenance purposes. Such traffic shall not constitute Used Traffic and shall not be eligible for payment. 

    3.11. Payment terms. Payments to the Partner are subject to the Company’s applicable payment rules, including the payment-related provisions of the Pawns.app Terms of Use available on the Company’s webpage. Payment rules may be updated from time to time, and relevant updates will be communicated via the Company’s dashboard, documentation, or other available means. The Company may withhold payment where the Partner is in breach of these SDK Terms.

    3.12. Taxes and invoicing. The Partner is responsible for all taxes, duties, and governmental charges arising from payments under these SDK Terms. If invoicing is required, the Partner shall issue invoices in accordance with the Company’s reasonable instructions and applicable law.

    3.13. Verification and payment information. To receive payments, the Partner must provide accurate and complete payment and banking information and, if requested, complete verification procedures (including identity, company, or other compliance checks). Failure to provide accurate information or complete verification may result in delayed, withheld, or forfeited payments and/or suspension or termination of access to the SDK Functionality.

    3.14. The Partner acknowledges and agrees that the Company may, at its sole discretion, provide, route, sub-lease, or otherwise make available the Contributed IPs, associated bandwidth, and routed traffic to its Clients (and to Clients’ own affiliates, sub-contractors, and end customers) on such terms as the Company determines, without any obligation to notify, consult with, or obtain the approval of the Partner, or to disclose the identity of any Client or the terms of any Client arrangement. The Partner’s sole entitlement under these SDK Terms is to payment for Used Traffic under Section 3.3, subject to Section 3.10, and the Partner shall have no right to any share of Client revenues or any other rights in respect of the Company’s Clients.

    4. RESTRICTIONS

    4.1. The Partner must ensure that all IP addresses used in connection with the SDK are obtained and provided ethically and in full compliance with applicable laws and regulations, as well as these SDK Terms and the Policies. 

    The Partner is solely responsible for ensuring that the use of the SDK Functionality is lawful in its jurisdiction. Any use of the SDK Functionality that violates applicable law or the Policies is strictly prohibited.

    4.2. The Partner agrees to the following restrictions:

    4.2.1. You shall not sell, license, rent, lease, assign, sub-license, or otherwise transfer the SDK Functionality or any rights granted under these SDK Terms to any third party for any purpose; 

    4.2.2. You shall not distribute, host, transmit, or otherwise make the SDK Functionality available, directly or indirectly, to any other individual, entity, or third party, except as expressly permitted in writing by the Company;

    4.2.3. You shall not modify, reverse-engineer, decompile, disassemble, or attempt to derive the source code or underlying ideas or algorithms of the SDK Functionality, except to the extent expressly permitted by applicable law;

    4.2.4. You agree not to exploit the SDK Functionality in any manner that could reasonably be considered unlawful, unauthorized, or otherwise detrimental to the Company or third parties. 

    4.3. These restrictions are essential to protect the integrity, security, and intellectual property of the SDK Functionality and its associated services. Any unauthorized use or breach of these conditions may result in the immediate termination of Your access to the SDK Functionality and may subject You to legal liability under applicable law. 

    4.4. The Partner must not, and must not permit any third party to, circumvent, disable, or interfere with security, integrity, fraud-prevention, monitoring, or usage controls associated with the SDK Functionality or the Company’s network. The Partner must not remove, obscure, or alter proprietary notices contained in the SDK or related materials.

    5. DATA PROCESSING AND PRIVACY

    5.1. Definitions. “UK Data Protection Law” means the UK GDPR as incorporated by the Data Protection Act 2018, and any amendments or replacements thereof. “Applicable Data Protection Laws” means UK Data Protection Law and any other data protection or privacy laws applicable to a Party’s processing of Personal Data in connection with the SDK Functionality, including where applicable the EU General Data Protection Regulation (2016/679). In this Section, the terms “Controller,” “Processor,” “Personal Data,” “Processing,” and “Personal Data Breach” have the meanings given in UK Data Protection Law.

    5.2. General compliance. Each Party shall comply with Applicable Data Protection Laws to the extent applicable to its Processing of Personal Data in connection with the SDK Functionality.

    5.3. Characterisation. The Parties acknowledge that, depending on how the SDK Functionality is implemented and used and on the circumstances, the Partner may process Personal Data as: (a) an independent Controller for its own purposes; (b) as a joint Controller together with the Company where both Parties jointly determine the purposes and means of processing; or (c) on behalf of the Company as a Processor under Section 5.8, and the Parties agree that the provisions of this Section 5 are intended to apply accordingly. 

    5.4. Independent Controller processing. Where either Party processes Personal Data for its own independent purposes in connection with the SDK Functionality, including account management, billing, security, compliance, and operational communications, each Party acts as an independent Controller in respect of such Processing and is solely responsible for ensuring its Processing complies with Applicable Data Protection Laws. The Company’s processing of Personal Data received through the SDK Functionality is governed by the Company’s Privacy Policy. The Partner shall maintain its own privacy notice covering its data processing activities in connection with the Hosting Application and the Feature, and must make the Company’s Privacy Policy accessible to End Users prior to enablement of the Feature.

    5.5. Joint Controller arrangement. Where the Parties are joint Controllers in respect of any Processing of Personal Data in connection with the SDK Functionality, the following shall apply: (a) Each Party shall be responsible for complying with its own obligations under Applicable Data Protection Laws, including maintaining a lawful basis for its processing activities. 

    (b) Each Party shall be the primary point of contact for data subject requests relating to its own Processing in connection with the SDK Functionality. In particular, the Partner shall handle requests relating to End User enrollment, consent, disablement, and Partner-side Processing in the Hosting Application, and the Company shall handle requests relating to its Processing of traffic through the Company’s network and its Client-facing Processing. Where a Party receives a data subject request that relates to the other Party’s processing, it shall promptly forward such request to the other Party. Each Party shall provide reasonable cooperation to enable the other to respond to data subject requests within the timeframes required by Applicable Data Protection Laws. 

    (c) Each Party shall be responsible for notifying the relevant supervisory authority of a Personal Data Breach originating in, or materially caused by, that Party’s systems, infrastructure, processing activities, consent collection, or Hosting Application. Where the origin of a breach is not reasonably attributable to either Party, the Parties shall promptly consult in good faith to determine the appropriate notifying Party without delaying notification beyond the timeframes required by Applicable Data Protection Laws. The Company shall be responsible for notifying the relevant supervisory authority of a Personal Data Breach in accordance with Applicable Data Protection Laws where required, unless the breach relates solely to Personal Data processed by the Partner in its capacity as independent controller under Section 5.4. The notification obligations in Section 5.9 apply in addition to, and do not derogate from, the obligations in this Section 5.5(c).

    (d) The Partner shall make the essence of this arrangement available to End Users through its privacy notice, including information about the respective roles of the Parties and how data subjects may exercise their rights. 

    (e) Notwithstanding joint and several liability of the Parties toward data subjects and supervisory authorities under Applicable Data Protection Laws, as between the Parties, each Party shall indemnify the other against any fines, penalties, damages, settlements, regulatory costs, remediation costs, and reasonable legal fees arising from that Party’s breach of Applicable Data Protection Laws, failure to obtain or maintain Valid End User Consent, or breach of these SDK Terms in connection with the Processing of Personal Data.

    5.6. Partner’s compliance obligations. The Partner is solely responsible for ensuring that its collection, use, and processing of End User Personal Data, including the obtaining of any required consents, complies with all Applicable Data Protection Laws, including but not limited to UK GDPR Art. 5, Art. 6, and Art. 7, the Privacy and Electronic Communications Regulations 2003 (PECR), and any equivalent legislation in the Partner’s jurisdiction or in any jurisdiction in which the Hosting Application is made available to End Users. The Partner shall process only such Personal Data as is necessary for the purposes of enabling the SDK Functionality and shall not process Personal Data received or derived in connection with the SDK Functionality for any unrelated purposes. The Partner shall ensure that Personal Data processed in connection with the SDK Functionality is accurate and kept up to date where necessary, and shall not retain such Personal Data longer than necessary for the purposes described in these SDK Terms.

    5.7. Security. Each Party shall implement and maintain appropriate technical and organisational measures to protect Personal Data processed in connection with the SDK Functionality against unauthorised or unlawful processing and against accidental loss, destruction, or damage. Such measures shall include, as appropriate: (a) pseudonymisation and encryption of Personal Data; (b) measures to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services; (c) the ability to restore availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and (d) a process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures, in accordance with Applicable Data Protection Laws and taking into account the nature, scope, context, and purposes of the Processing, as well as the risks to the rights and freedoms of natural persons.

    5.8. Processor obligations. To the extent the Partner processes Personal Data on behalf of the Company and solely on the Company’s documented instructions, the Partner shall act as Processor and the Company shall act as Controller. For the purposes of this Section 5.8: 

    (i) the subject matter of the processing is the routing of internet traffic through Contributed IPs in connection with the SDK Functionality;

    (ii) the duration of processing corresponds to the term of these SDK Terms;

    (iii) the nature and purpose of processing is the transmission of internet traffic through End User devices and IP addresses for the purpose of enabling the SDK Functionality;

    (iv) the types of Personal Data processed may include End User IP addresses and approximate location data; and

    (v) the categories of data subjects are End Users of the Hosting Application.

    The following obligations apply where this Section 5.8 is applicable:

    (a) The Partner shall process Personal Data only on the Company’s documented instructions, including with respect to any international transfers, unless required to do so by applicable law, in which case the Partner shall inform the Company to the extent legally permitted.

    (b) The Partner shall ensure that persons authorised to process Personal Data are subject to appropriate confidentiality obligations.

    (c) The Partner shall not engage any sub-processor without the Company’s prior specific written consent, or prior general written authorisation. Where a sub-processor is engaged, the Partner shall ensure that the sub-processor is bound by a written contract imposing data protection obligations no less protective than those set out in this Section 5.8, and the Partner shall remain fully liable for the sub-processor’s acts and omissions. Where the Company provides general written authorisation, the Partner shall inform the Company of any intended changes concerning the addition or replacement of sub-processors, and the Company shall have the right to object to such changes within thirty (30) days of being informed. If the Company objects and the Parties cannot resolve the objection, the Company may terminate the relevant processing arrangement on written notice.

    (d) Taking into account the nature of the Processing, the Partner shall provide reasonable assistance to the Company to respond to data subject requests and to comply with obligations relating to security, breach notifications, and data protection impact assessments where applicable.

    (e) Upon termination or expiry of these SDK Terms, or earlier upon the Company’s written request, the Partner shall, at the Company’s option, return or securely delete Personal Data processed on behalf of the Company, unless retention is required by applicable law.

    (f) The Partner shall make available to the Company information reasonably necessary to demonstrate compliance with this Section 5.8, and shall cooperate with and contribute to audits or inspections conducted by the Company or a mandated auditor, on reasonable prior written notice and subject to appropriate confidentiality obligations.

    (g) The Partner shall maintain a written record of processing activities carried out on behalf of the Company, containing the information required under Article 30(2) of Applicable Data Protection Laws, and shall make such records available to the Company or the relevant supervisory authority on request.

    5.9. Personal data breach notification. Where the Partner is acting as Processor under Section 5.8, the Partner shall notify the Company without undue delay, and in any event within twenty-four (24) hours, upon becoming aware of a Personal Data Breach affecting Personal Data processed on behalf of the Company. In all other cases, each Party shall notify the other without undue delay, and in any event within thirty-six (36) hours, upon becoming aware of a Personal Data Breach affecting Personal Data processed in connection with the SDK Functionality, where such breach is likely to result in a risk to the rights and freedoms of affected individuals. Such notification shall include, to the extent available: (a) a description of the nature of the breach; (b) the categories and approximate number of individuals and personal data records affected; (c) the likely consequences of the breach; and (d) the measures taken or proposed to address the breach and mitigate its possible adverse effects.

    Where a Personal Data Breach is likely to result in a high risk to the rights and freedoms of affected individuals, the relevant Party shall also notify affected data subjects without undue delay in accordance with Applicable Data Protection Laws.

    5.10. International transfers. Where either Party transfers Personal Data processed in connection with the SDK Functionality to a country outside the United Kingdom, or where applicable, outside the European Economic Area, such transfer shall be made only in accordance with Applicable Data Protection Laws, including by implementing appropriate safeguards such as the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, as applicable. Where required by Applicable Data Protection Laws, the transferring Party shall carry out an appropriate transfer risk assessment prior to making such transfer.

    5.11. Special category data. The Parties shall not knowingly exchange special category data as defined under UK Data Protection Law in connection with the SDK Functionality.

    5.12. Conflict. In the event of any conflict between this Section 5 and any other provision of these SDK Terms in relation to the Processing of Personal Data, this Section 5 shall prevail to the extent of the conflict.

    6. OTHER PROVISIONS

    6.1. The Company reserves the right, at its sole discretion, to modify, suspend, or discontinue the SDK Functionality and/or any related services/functionalities, in whole or in part, temporarily or permanently, at any time and without prior notice. The Company shall not be liable to You or any third party for any such modification, suspension, or discontinuation. Nothing in this Section 6.1 affects the notice requirements for amendments to these SDK Terms under Section 6.7.

    6.2. These SDK Terms continue in effect until terminated by either Party in accordance with this Section. The Company may terminate or suspend these SDK Terms, in whole or in part, at any time, with or without cause, and with or without prior notice, at its sole discretion.
    You may terminate these SDK Terms at any time by providing written notice to the Company, permanently discontinuing all use of the SDK Functionality, and ceasing distribution of any new versions of the Hosting Application that include or make use of the SDK. Upon termination of these SDK Terms for any reason, all rights granted to the Partner shall immediately cease. The Partner shall promptly discontinue all use of the SDK Functionality, cease distribution of any new versions of the Hosting Application that include or make use of the SDK, and use commercially reasonable efforts to disable the SDK Functionality in previously distributed versions through available update or remote configuration mechanisms.

    6.2.1. Notwithstanding Section 6.2, and except where termination arises from the circumstances described in Section 6.3 (which shall permit immediate termination without notice or cure), the Company may, where it considers it practicable and appropriate in its reasonable discretion, provide the Partner with written notice of a remediable breach and a reasonable opportunity to cure such breach before exercising its right to terminate. Nothing in this clause limits the Company’s right to suspend access to the SDK Functionality during any cure period, or to terminate without a cure opportunity in circumstances the Company reasonably considers serious, urgent, or non-remediable.

    6.3. Without limiting the Company’s rights, the Company may suspend or terminate the SDK Functionality immediately if it reasonably believes the Partner: (a) failed to obtain Valid End User Consent; (b) made opt-out unreasonably difficult; (c) used deceptive disclosures or practices; (d) generated Invalid Traffic or engaged in fraud/abuse; or (e) created security or legal risk for the Company or its network.

    6.4. The Partner is responsible for the overall integration, operation, and end-user communications of the Hosting Application in connection with the SDK Functionality, including compliance with applicable law and the Policies. For End User consent and enablement requirements, Section 3.6 applies.

    6.5. If any provision of these SDK Terms is found to be invalid, illegal, or unenforceable under applicable law, such provision shall be modified to the minimum extent necessary to become valid and enforceable, while preserving the intent of the original provision. If such modification is not feasible, the provision shall be deemed severed, and the remaining provisions shall continue in full force and effect.

    6.6. To the maximum extent permitted by applicable law, neither Party will be liable to the other for any indirect, incidental, special, consequential, exemplary, or punitive damages, or for any loss of profits, revenue, goodwill, or data, arising out of or related to these SDK Terms or the SDK Functionality, even if the Party has been advised of the possibility of such damages. Nothing in this clause excludes or limits liability for fraud, gross negligence, or any other liability that cannot be excluded or limited under applicable law. To the maximum extent permitted by applicable law, the Company’s total aggregate liability to the Partner for all direct damages arising out of or relating to these SDK Terms or the SDK Functionality shall not exceed the total amounts actually paid by the Company to the Partner under these SDK Terms during the twelve (12) months immediately preceding the event giving rise to the claim. The limitations in this Section 6.6 (including the cap and the exclusion of indirect damages) shall not apply to the Partner’s liability to the Company, including the Partner’s obligations under Section 4 (Restrictions), Section 5 (Data Processing and Privacy), Section 6.9 (Confidential Information), or Section 6.11 (Indemnification). 

    6.7. The Company may amend or update these SDK Terms at any time. The Company shall notify the Partner of material changes at least thirty (30) days before such changes take effect, through an email to the Partner’s registered email address, a notice in the Partner dashboard, or other method designated by the Company. For non-material changes (including updates to documentation, technical specifications, or operational guidance), such changes may take effect immediately upon notice to the Partner. By continuing to use the SDK Functionality after the changes take effect, the Partner agrees to the updated terms. If the Partner does not agree to a material change, the Partner may terminate these SDK Terms by written notice to the Company before the change takes effect, and such termination shall not give rise to any liability of the Partner to the Company other than obligations already accrued. The Company encourages the Partner to review the SDK Terms regularly to stay informed of any updates.

    The Partner shall implement SDK updates and any required changes to End User disclosures or consent flows within a reasonable timeframe specified by the Company. If the Partner does not implement required updates within that timeframe, the Company may suspend or terminate the Partner’s access to the SDK Functionality.

    6.8. The SDK, the SDK Functionality, related documentation, and the Company’s network, systems, and technology are owned by the Company and are protected by applicable intellectual property laws. The Company grants the Partner a limited, non-exclusive, non-transferable, non-sublicensable, revocable right to integrate and use the SDK solely for the purpose of enabling the SDK Functionality in the Hosting Application in accordance with these SDK Terms. No rights are granted by implication.

    6.9. “Confidential Information” means non-public information disclosed by one Party to the other relating to the disclosing Party’s business, technology, customers, pricing, plans, or operations, including SDK code, documentation, dashboards, usage data, and the terms and existence of these SDK Terms. The receiving Party shall protect Confidential Information using reasonable care and shall not disclose it to third parties except to its employees/contractors who need to know and are bound by confidentiality obligations. Notwithstanding the foregoing, the Partner may disclose the existence of these SDK Terms and the nature of the SDK Functionality to End Users to the extent required to fulfil its disclosure and consent obligations under Section 3.6. Confidential Information excludes information that is publicly available without breach, independently developed, lawfully received from a third party, or approved in writing for disclosure. If disclosure is required by law, the receiving Party will (to the extent legally permitted) provide prompt notice and reasonable cooperation.

    6.10. The SDK Functionality is provided on an “AS IS” and “AS AVAILABLE” basis. To the maximum extent permitted by law, the Company disclaims all warranties of any kind, whether express, implied, or statutory, including merchantability, fitness for a particular purpose, non-infringement, and uninterrupted or error-free operation.

    6.11. The Partner will indemnify, defend, and hold harmless the Company, its affiliates, directors, officers, employees, and agents from and against any claims, damages, liabilities, losses, costs, regulatory fines, investigation expenses, and expenses (including reasonable legal fees) arising out of or relating to:

    (a) the Partner’s Hosting Application, content, distribution, permissions, or operation;

    (b) the Partner’s breach of these SDK Terms, the Policies, or applicable law;

    (c) any claim, complaint, investigation, enforcement action, audit, inquiry, or proceeding by an End User, third party, or regulatory or supervisory authority alleging or relating to inadequate disclosure, invalid consent, misleading practices, failure to provide an opt-out mechanism, or any other failure to comply with applicable consent, transparency, or data protection requirements in connection with the Feature, in each case regardless of whether any disclosure, consent, or other language used by the Partner was provided or required by the Company under Section 3.6.12, including any resulting fines, penalties, remedial orders, notification costs, and remediation costs, to the extent permitted by applicable law;

    (d) any remuneration, incentives, or benefits offered by the Partner to End Users; 

    (e) infringement or misappropriation of third-party rights caused by the Partner’s materials or Hosting Application; or

    (f) any enforcement action, removal, suspension, or adverse measure by a third-party distribution platform arising out of or relating to the Partner’s Hosting Application or its integration of the SDK Functionality but only to the extent that such enforcement action results in claims, costs, or liability against the Company, provided that the Company shall, upon the Partner’s reasonable request, use reasonable efforts to provide technical information about the SDK that may assist the Partner in responding to such enforcement action.

    The Company will provide reasonable notice of a claim and allow the Partner to control the defense, provided the Partner may not settle any claim in a way that imposes obligations on the Company without the Company’s prior written consent.

    The indemnification obligations in this Section apply solely to the matters set out in subsections (a)–(f) above. Nothing in this Section requires the Company to indemnify the Partner for claims arising from defects, vulnerabilities, or failures in the Company’s own infrastructure, network, or systems, the liability for which is subject to Section 6.6.

    6.12. The Company may reasonably request information to verify the Partner’s compliance with these SDK Terms and Implementation Requirements, including evidence of the End User consent and opt-out. The Company may require remediation within a timeframe determined by the Company, acting reasonably, and may suspend or terminate access to the SDK Functionality if the Partner fails to comply.

    6.13. Neither Party will be responsible for any failure or delay in performing its obligations to the extent caused by events beyond its reasonable control, including events affecting power, telecommunications, internet, hosting, or other third-party infrastructure. Payment obligations are subject to this clause only as described below. The affected Party will use reasonable efforts to mitigate the impact and resume performance. If a Force Majeure event continues for more than thirty (30) days, either Party may terminate these SDK Terms by written notice.

    Payment obligations may be temporarily suspended only where the failure to pay is directly and solely caused by a Force Majeure event affecting the Company’s payment infrastructure or payment service providers, provided that the Company notifies the Partner in writing within five (5) business days of becoming aware of such event and resumes payment as soon as the Force Majeure event ceases. In all other circumstances, payment obligations remain unaffected by this clause.

    6.14. Notices under these SDK Terms must be in writing. The Company may send notices to the Partner by email to the email address associated with the Partner’s account or registration (or by posting a notice in the Partner dashboard, if available). The Partner must send official notices to the Company (including termination notices) by email to legal@pawns.app or another email address designated by the Company on the SDK website.

    6.15. These SDK Terms and any dispute or claim arising out of or in connection with them (including non-contractual disputes or claims) are governed by the laws of England and Wales, excluding any conflict of law provisions. 

    6.16. The courts of England and Wales will have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with these SDK Terms.

    6.17. Dispute resolution. Before initiating any court proceedings (other than proceedings for urgent injunctive or interim relief), the Parties shall attempt to resolve any dispute arising out of or in connection with these SDK Terms through good faith negotiation. Either Party may initiate the dispute resolution process by sending written notice to the other Party describing the dispute in reasonable detail. The Parties shall use reasonable efforts to resolve the dispute within thirty (30) days of such notice. If the dispute is not resolved within that period, either Party may commence proceedings in accordance with Section 6.16.

    6.18. These SDK Terms and the Policies constitute the entire agreement between the Parties regarding the SDK Functionality and supersede all prior or contemporaneous communications, discussions, representations, or agreements (whether oral or written) relating to the SDK Functionality.

    6.19. The Partner may not assign, transfer, or delegate any of its rights or obligations under these SDK Terms without the Company’s prior written consent. The Company may assign these SDK Terms to an affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets, by notice to the Partner.

    6.20. Sections 4 (Restrictions), 5 (Data Processing and Privacy), 6.6 (Limitation of Liability), 6.9 (Confidential Information), 6.11 (Indemnification), 6.15 (Governing Law), 6.16 (Jurisdiction), 6.17 (Dispute resolution), and any other provisions that by their nature should survive termination, will survive termination.