Terms of Service

Last updated: July 16, 2026

1. Introduction

These Terms of Service ("Terms") are entered into between you and Axiom Analytics, which operates the Shamba platform ("Shamba", "we", "us", or "our"). Axiom Analytics is registered with the Netherlands Chamber of Commerce under number 72367334 and has its business address at Lijndenstraat 26D, 1018 NV Amsterdam, the Netherlands.

These Terms govern access to and use of the Shamba website, mobile applications, platform, and related services (together, the "Services"). They are intended primarily for use by organizations. If you use the Services on behalf of an organization, you represent that you are authorized to accept these Terms on its behalf. If you are not authorized to bind the organization, you may use the Services only as an Authorized User under that organization's agreement with Shamba.

2. Definitions

  • Customer: the organization that subscribes to, pilots, or activates the Services, such as a cooperative, producer group, NGO, company, or government programme.
  • Authorized User: a person the Customer permits to use the Services, such as a coordinator or field agent.
  • Customer Administrator: an Authorized User the Customer designates to configure its workspace and manage users.
  • Customer Data: data submitted to or generated through the Customer's use of the Services, including data about farmers, plots, and programmes.
  • Farmer or Participant: a person whose information is recorded in the Services and who usually has no Shamba account or direct contractual relationship with Shamba.
  • Order Form: an order, pilot agreement, or plan selection that specifies the subscribed Services, fees, and any Customer-specific terms.
  • Data Processing Terms: the data processing terms in Annex 1, which apply where Shamba processes personal data on the Customer's behalf.
  • Agreement: the documents listed in Section 3, together.

3. The Agreement and order of precedence

The Agreement between the Customer and Shamba is made up of the following documents. If they conflict, the earlier in this list prevails for the subject it covers:

  1. any signed Order Form or customer agreement;
  2. the Data Processing Terms in Annex 1, for questions of personal data protection;
  3. any service-specific terms or service level agreement;
  4. these Terms;
  5. the Acceptable Use provisions in Section 7.

Our Privacy Policy is a transparency notice. It is not the contractual basis for processing and does not override negotiated terms. These Terms, including Annex 1, are made available before acceptance. Where an Order Form applies, it is provided or agreed separately.

4. The Services

Shamba provides software and related services that enable organizations to collect, manage, validate, analyze, and exchange agricultural, organizational, geospatial, and programme data. This includes, depending on the plan, farmer and member administration, field data collection (including offline), plot mapping, surveys and training records, input distributions and purchases, data quality tools, and traceability and reporting features.

The exact features made available are set out in the applicable plan or Order Form. We may add, change, or retire individual features as the product evolves, subject to Section 15.

Subject to the Agreement, Shamba grants the Customer a limited, non-exclusive, non-transferable right, during the applicable term, to permit its Authorized Users, and contractors acting on the Customer's behalf, to access and use the Services for the Customer's internal organizational and programme activities. This right may be assigned only as permitted in Section 20.

5. No advice; decision-support disclaimer

The Services provide data-management and decision-support tools. Unless expressly agreed otherwise in writing, outputs produced by the Services do not constitute legal advice, certification, regulatory approval, verification of land ownership or land rights, a cadastral or professional land survey, agronomic, financial, or environmental advice, or a guarantee of compliance with any sustainability, traceability, or due-diligence requirement.

This applies in particular to mapping, deforestation, and traceability indicators, which can be affected by incomplete or third-party data. The Customer remains responsible for reviewing outputs, applying appropriate professional judgment, and determining whether its activities comply with applicable requirements.

6. Accounts, Authorized Users, and administration

  • A Customer Administrator may invite, suspend, and remove Authorized Users, and controls access to the Customer's workspaces, projects, and records.
  • Authorized Users may access only the organizations, projects, and records they are permitted to access, and must not share login codes or accounts.
  • The Customer is responsible for keeping account details accurate, for removing access when staff or contractors leave, and for notifying us of suspected unauthorized access. We may rely on instructions from a configured Customer Administrator.
  • Accounts are intended for people aged 18 or over.

You are responsible for activities carried out through your account, except to the extent they are caused by our breach of the Agreement, our failure to implement agreed security measures, or other circumstances outside your reasonable control. Where a Customer Administrator role or organization ownership is disputed, we will follow a reasonable process to resolve it before acting.

7. Acceptable use

You agree to use the Services lawfully and in accordance with the Agreement. You must not:

  • access data outside your authorized organization, workspace, or project;
  • upload personal data without a proper legal basis and authority, or collect data through coercion or deception;
  • use the Services for unlawful surveillance, discrimination, or in a way that places individuals at a foreseeable risk of harm;
  • circumvent permissions, rate limits, or security controls, or share credentials or one-time codes;
  • introduce malware, or run security tests, scanning, or scraping without our prior written authorization;
  • reverse engineer the Services, except to the extent mandatory law permits;
  • extract data in bulk other than through export functionality or APIs we authorize, or use the Services to build or benchmark a competing product through systematic extraction;
  • make solely automated high-impact decisions about individuals where prohibited by law.

Legitimate use of the APIs, integrations, and automation we make available is permitted.

8. Customer Data

8.1 Ownership and licence

As between the parties, the Customer retains all rights in Customer Data. The Customer grants us a non-exclusive licence to host, copy, transmit, display, and otherwise process Customer Data only as reasonably necessary to provide, secure, maintain, and support the Services, to comply with applicable law, and to perform our obligations under the Agreement.

8.2 Product improvement

We may use service telemetry and anonymized, aggregated statistical information to operate and improve the Services, provided it does not identify the Customer or any individual. We will not use identifiable Customer Data to train general-purpose artificial intelligence models or for unrelated commercial purposes unless expressly agreed in writing.

8.3 Customer responsibilities

The Customer decides what Customer Data is collected and is responsible for ensuring that its collection, use, and disclosure comply with applicable law. The Customer represents that it has provided any required notices, obtained any required permissions, and holds the rights necessary to instruct us to process Customer Data. The Customer is responsible for reviewing and correcting Customer Data. We may offer validation and data-quality features but do not independently verify the accuracy, completeness, or authenticity of Customer Data unless expressly agreed.

9. Data protection

Where we process personal data on behalf of the Customer, we do so as a processor under the Data Processing Terms in Annex 1, which form part of the Agreement and cover instructions, confidentiality, security, subprocessors, international transfers, assistance with individual rights, incident notification, deletion or return of data, and audits. Our own processing as a controller is described in the Privacy Policy.

10. Confidentiality

Each party may receive confidential information of the other, including farmer and programme information, commercial and operational data, security information, unpublished reports, and credentials. The receiving party will use confidential information only to perform the Agreement, protect it with reasonable care, and not disclose it except to those who need it and are bound by similar obligations. These obligations do not apply to information that is or becomes public without breach, is independently developed, is lawfully received from another source, or must be disclosed by law, and they survive termination.

11. Intellectual property and feedback

All intellectual property rights in the Services, including the software, designs, and trademarks, belong to Shamba or its licensors. Except for the rights expressly granted in the Agreement, no rights are transferred to you. If you choose to give us feedback or suggestions, we may use them without restriction and without transferring ownership of your Customer Data.

12. Third-party services and data

The Services may involve different kinds of third-party elements:

  • Optional integrations that the Customer chooses to connect. These are governed by the third party's own terms, and the Customer's use of them is at the Customer's risk.
  • Subprocessors that we select to provide the Services, such as hosting and messaging. We remain responsible for their performance of the contracted service.
  • Third-party datasets, such as maps and satellite imagery, which can be incomplete, delayed, or inaccurate and may be subject to separate licence restrictions.
  • External links that we merely display and do not control.

13. Fees, plans, and free services

Some Services may be offered free of charge and others for a fee. The subscription term, renewal arrangements, fees, currency, billing periods, and cancellation procedure for paid Services are set out in the applicable Order Form. Unless the Order Form states otherwise, fees are exclusive of applicable taxes and invoices are payable within the stated period. Unless the Order Form expressly provides for automatic renewal, a subscription does not automatically renew.

Free Services and free tiers are provided without a commitment to keep them free, and we may introduce usage limits or charges for currently free features on reasonable notice. If a free limit is exceeded, we may ask you to upgrade or may limit further use.

14. Availability, changes, and suspension

We aim to keep the Services available but do not guarantee uninterrupted or error-free operation. We may change the Services to improve them, maintain security, or comply with law. We will not materially reduce the core functionality of a paid Service during a committed subscription term without notice, and we will give reasonable advance notice of a planned discontinuation, with an opportunity to export data.

We may suspend access where reasonably necessary because of a security incident, unauthorized or unlawful use, a credible risk to individuals, non-payment, excessive resource use, a binding legal request, or a serious breach. Where reasonably possible we will notify the Customer, explain the reason, limit suspension to the affected accounts or functionality, preserve Customer Data, and restore access once the issue is resolved.

15. Warranties and disclaimers

We warrant that the Services will materially conform to their documentation, will be provided with reasonable skill and care, and will be supported by appropriate security measures, and that we have the authority to enter into the Agreement. We will address material, reproducible defects that are reported to us.

Except as stated above and to the extent permitted by law, the Services are provided without other warranties. In particular we do not warrant uninterrupted availability, the accuracy of Customer-submitted or third-party data, particular outcomes from sustainability programmes, regulatory approval or certification, suitability for purposes we have not been told about, or decisions made independently by Customers.

16. Limitation of liability

To the extent permitted by law, neither party is liable for indirect or consequential loss, or for loss of profits, revenue, goodwill, or anticipated savings.

Subject to the exclusions below, each party's total aggregate liability arising out of or relating to the Agreement will not exceed the fees paid or payable by the Customer for the Services during the twelve months before the event giving rise to the liability. For Services used free of charge, that aggregate liability will not exceed 100 euros.

These limits do not apply to liability that cannot be excluded or limited under applicable law, including liability for intent or willful misconduct.

17. Indemnification

The Customer will defend Shamba against third-party claims to the extent they arise from Customer Data infringing a third party's rights, the Customer's unlawful collection or use of personal data, or the Customer's use of the Services in material breach of the Agreement, and will pay resulting damages finally awarded or agreed in settlement.

We will defend the Customer against third-party claims that the Shamba software, as provided by us, infringes a third party's intellectual property rights. If such a claim arises, we may, at our option, obtain the right for the Customer to keep using the Services, modify or replace the affected functionality, or terminate it and refund prepaid, unused fees for it. This indemnity does not cover claims arising from Customer modifications, Customer Data, a combination with items we did not supply, or continued use after we have given notice to stop. In each case the indemnified party will give prompt notice, allow the indemnifying party to control the defence, cooperate reasonably, and not settle in a way that admits fault or imposes obligations without consent. Each party will take reasonable steps to mitigate.

18. Term and termination

The Customer may terminate at the end of the agreed subscription, for an uncured material breach by us, if we materially discontinue paid functionality, or as provided in an Order Form. We may terminate for an uncured material breach, for non-payment after notice, immediately for serious security or unlawful use, or if continuing to provide the Services becomes unlawful. We may discontinue a generally available free plan on at least 30 days' notice, with an opportunity to export data, except where immediate action is reasonably required for security, unlawful use, or legal compliance.

On termination, access is deactivated, outstanding fees remain due, and the Customer may export its data during a retrieval period as described in Section 19, after which we delete it subject to backups expiring. Provisions that by their nature survive, including confidentiality, intellectual property, liability, and dispute resolution, continue after termination.

19. Data export and switching

Consistent with the EU Data Act, the Customer may switch to another service or to its own infrastructure. On request we will provide the Customer's exportable data and digital assets in a commonly used, machine-readable format, describe any known technical restrictions, and provide reasonable migration assistance. Any notice period to start switching will not exceed two months, the switching transition will be completed within 30 calendar days unless technically unfeasible, and the Customer will have at least 30 calendar days after the transition to retrieve its data, after which we erase it. Any switching charges will not exceed the costs directly related to switching, and from 12 January 2027 we will not impose switching charges. The categories of exportable data and the formats we can provide are set out in Annex 2. Some obligations under the EU Data Act may not apply to a strictly limited-duration, non-production test service.

20. Assignment and business succession

You may not assign or transfer your rights or obligations under the Agreement without our prior written consent.

We may assign or transfer the Agreement to an entity that acquires or succeeds to the business operating the Services, including a newly incorporated affiliated company, provided that the transfer does not materially reduce your rights under the Agreement. You agree in advance to cooperate with such a transfer to the extent permitted by applicable law. We will notify you of the identity and contact details of the new contracting entity before or promptly following the transfer.

21. General

  • Beta features may be offered with limited commitments and are clearly labelled.
  • Support is provided through the channels and within the expectations we publish or agree.
  • Subcontracting. We may use subprocessors and subcontractors while remaining responsible for the contracted performance.
  • Force majeure. Neither party is liable for delay or failure caused by events outside its reasonable control.
  • Notices are given in writing, including by email to the address associated with the account or the contact address in Section 24.
  • Severability and waiver. If a provision is unenforceable, the rest remains in effect, and a failure to enforce a right is not a waiver of it.
  • Independent contractors. The Agreement creates no agency, partnership, or employment relationship.
  • Export controls and sanctions. Each party will comply with applicable export control and sanctions laws.
  • Anti-bribery. Each party will comply with applicable anti-bribery and anti-corruption laws.
  • Publicity. We will not publish a Customer's name or logo without its permission.
  • No third-party beneficiaries, except as expressly stated.
  • Language. If we provide a translation, the English version prevails in the event of a conflict, unless mandatory law requires otherwise.

22. Changes to these Terms

We may update these Terms to reflect changes in the Services, our practices, or the law. For material changes we will give reasonable advance notice, normally at least 30 days, and we will not apply changes retroactively. For active paid Customers we will not rely on website posting alone as notice, and a Customer may terminate before a materially adverse change takes effect. We may make immediate changes only where required by law or urgently needed for security.

23. Governing law and jurisdiction

Dutch law applies to the Agreement. The courts of Amsterdam, the Netherlands, have exclusive jurisdiction over disputes arising from it. This does not affect any mandatory rights or jurisdiction available to a consumer under applicable law, and a choice of Dutch law does not deprive a qualifying consumer of the mandatory protections of their country of habitual residence.

24. Contact

Shamba is currently operated by:

Axiom Analytics

Lijndenstraat 26D

1018 NV Amsterdam, the Netherlands

Chamber of Commerce (KvK): 72367334

Email: legal@shamba.com

Annex 1: Data Processing Terms

These Data Processing Terms apply where Shamba processes personal data on behalf of the Customer in providing the Services. For that processing the Customer is the controller and Shamba is the processor, and these terms are the parties' agreement under Article 28 GDPR. They form part of the Agreement.

1. Subject matter, nature, and purpose

We process personal data only to provide, secure, maintain, and support the Services and to perform our obligations under the Agreement, on the Customer's instructions.

2. Duration

Processing continues for the term of the Agreement and any period needed to return or delete the data as set out below.

3. Personal data and data subjects

The personal data may include account and identity data, and the farmer, participant, geospatial, and field-collected data described in our Privacy Policy. The data subjects may include the Customer's Authorized Users and the farmers, members, and participants whose information the Customer records.

4. Our instructions

We process personal data only on the Customer's documented instructions, including those in the Agreement, unless required by law, in which case we will inform the Customer unless the law prohibits it. We will tell the Customer if we consider that an instruction infringes data protection law.

5. Confidentiality

The people we authorize to process personal data are bound by a duty of confidentiality.

6. Security

We implement appropriate technical and organizational measures to protect personal data, taking into account the risks. The measures are summarized in Section 13 of this Annex.

7. Subprocessors

The Customer gives general authorization for us to engage subprocessors to provide the Services. We impose data protection obligations on them equivalent to these terms, remain responsible for their performance, and give advance notice of any new or replacement subprocessor so the Customer can object on reasonable data protection grounds.

8. Data subject rights

Taking into account the nature of the processing, we assist the Customer with appropriate measures to respond to requests from individuals exercising their rights.

9. Assistance

We assist the Customer, taking into account the information available to us, with security, personal data breach notification, data protection impact assessments, and prior consultation with a supervisory authority.

10. Personal data breach

We notify the Customer without undue delay after becoming aware of a personal data breach affecting Customer personal data, with the information the Customer reasonably needs to meet its own obligations.

11. Return or deletion

At the Customer's choice, we delete or return Customer personal data at the end of the Services and delete existing copies, unless we are required by law to keep them. Data in routine backups is deleted as those backups expire.

12. Audits

We make available the information reasonably necessary to demonstrate compliance with these terms and allow for and contribute to audits, subject to reasonable notice, confidentiality, and frequency.

13. International transfers and security measures

We process personal data primarily within the EEA. Where a transfer outside the EEA occurs, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, as described in our Privacy Policy. Our security measures include encryption of data in transit and at rest, access controls and authentication, least-privilege access, logging and monitoring, backups, vendor due diligence, and incident-response procedures.

Annex 2: Data Portability

This Annex describes the Customer data we can export under Section 19. We provide only the categories and formats we can genuinely export; some derived or internal operational data may not be exportable.

Exportable data

  • Organization, workspace, and user records
  • Farmer and participant records
  • Farm and plot attributes
  • Plot geometries and coordinates
  • Survey responses
  • Training and activity records
  • Distribution and purchase records
  • Uploaded files and photographs, where technically exportable
  • Identifiers and metadata needed to interpret the above

Formats

  • CSV for tabular records
  • GeoJSON for geometries
  • ZIP archives for files and images
  • JSON for structured metadata where needed