Refund Policy

Effective 2018-08-20 Unused products in their original and unopened packaging can be returned for a refund within ten (10) days of delivery. The full price minus the original shipping fees and return shipping fees will be refunded. Order's will NOT be refunded if the customer refuses to pay for customs clearance fees or provides an incorrect delivery address. Refunds will also be granted for orders that are canceled before your item was confirmed as shipped. Replacement of defective products are governed by the Limited Lifetime Warranty agreement. REFUND PROCESS To begin, submit a refund request along with a proof of purchase to within ten (10) days of receiving the product. We will reply with a refund request acknowledgment and a return mailing address. Mail the product to us within five (5) days following receipt of this email. Once we receive and inspect the product, we will send you an email to notify you of the approval or rejection of your refund. Refunds will be transmitted within four (4) weeks of approval. BITCOIN PAYMENT REFUNDS Refunds for orders paid with bitcoin will be issued at the USD value of the order and will use the exchange rate value at the time the refund is transmitted. SHIPPING We will email you the shipping address to return the product. Shipping times will vary depending on your location. Please use a trackable shipping service and/or purchase shipping insurance. We cannot guarantee that we will receive your returned item, and you assume all risks of loss or damage during shipment.

Terms of Service

Effective 2016-01-01 OVERVIEW This website is operated by Shift Devices AG. Throughout the site, the terms “we”, “us” and “our” refer to Shift Devices AG. Shift Devices AG offers this website, including all information, tools and services available from this site to you, the user, conditioned upon your acceptance of all terms, conditions, policies and notices stated here. By visiting our site and/or purchasing something from us, you engage in our “Service” and agree to be bound by the following terms and conditions (“Terms of Service”, “Terms”), including those additional terms and conditions and policies referenced herein and/or available by hyperlink. These Terms of Service apply to all users of the site, including without limitation users who are browsers, vendors, customers, merchants, and/ or contributors of content. Please read these Terms of Service carefully before accessing or using our website. By accessing or using any part of the site, you agree to be bound by these Terms of Service. If you do not agree to all the terms and conditions of this agreement, then you may not access the website or use any services. If these Terms of Service are considered an offer, acceptance is expressly limited to these Terms of Service. Any new features or tools which are added to the current store shall also be subject to the Terms of Service. You can review the most current version of the Terms of Service at any time on this page. We reserve the right to update, change or replace any part of these Terms of Service by posting updates and/or changes to our website. It is your responsibility to check this page periodically for changes. Your continued use of or access to the website following the posting of any changes constitutes acceptance of those changes. ONLINE STORE TERMS By agreeing to these Terms of Service, you represent that you are at least the age of majority in your state or province or country of residence, or that you are the age of majority in your state or province or country of residence and you have given us your consent to allow any of your minor dependents to use this site. You may not use our products for any illegal or unauthorized purpose nor may you, in the use of the Service, violate any laws in your jurisdiction (including but not limited to copyright laws). A breach or violation of any of the Terms will result in an immediate termination of your Services. GENERAL CONDITIONS We reserve the right to refuse service to anyone for any reason at any time. You understand that your content (not including credit card information), may be transferred unencrypted and involve (a) transmissions over various networks; and (b) changes to conform and adapt to technical requirements of connecting networks or devices. Credit card information is always encrypted during transfer over networks. You agree not to reproduce, duplicate, copy, sell, resell or exploit any portion of the Service, use of the Service, or access to the Service or any contact on the website through which the service is provided, without express written permission by us. The headings used in this agreement are included for convenience only and will not limit or otherwise affect these Terms. ACCURACY, COMPLETENESS AND TIMELINESS OF INFORMATION We are not responsible if information made available on this site is not accurate, complete or current. The material on this site is provided for general information only and should not be relied upon or used as the sole basis for making decisions without consulting primary, more accurate, more complete or more timely sources of information. Any reliance on the material on this site is at your own risk. This site may contain certain historical information. Historical information, necessarily, is not current and is provided for your reference only. We reserve the right to modify the contents of this site at any time, but we have no obligation to update any information on our site. You agree that it is your responsibility to monitor changes to our site. MODIFICATIONS TO THE SERVICE AND PRICES Prices for our products are subject to change without notice. We reserve the right at any time to modify or discontinue the Service (or any part or content thereof) without notice at any time. We shall not be liable to you or to any third-party for any modification, price change, suspension or discontinuance of the Service. PRODUCTS OR SERVICES Certain products or services may be available exclusively online through the website. These products or services may have limited quantities and are subject to return or exchange only according to our Limited Warranty and Refund Policy. We may accept orders by confirmation through our website or by processing the shipment for such order. If we do not have any available inventory for a product you have ordered, we will place it on backorder. We reserve the right, but are not obligated, to limit the sales of our products or Services to any person, geographic region or jurisdiction. We may exercise this right on a case-by-case basis. We reserve the right to limit the quantities of any products or services that we offer. All descriptions of products or product pricing are subject to change at anytime without notice, at the sole discretion of us. We reserve the right to discontinue any product at any time. Any offer for any product or service made on this site is void where prohibited. You may transfer or sell products you have purchased from us. Warranties on products are not transferable, expire on transfer or sale, and remain expired if products are returned to the original customer. All prices are exclusive of applicable taxes and you will pay or reimburse us for all applicable taxes, duties, levies or assessments that may be assessed in any jurisdiction, whether based on the amounts paid or payable or the supply of Products, Software or Services to you or otherwise. If you wish to claim an exemption from same, you must furnish to us a tax exemption certificate acceptable to the applicable taxing authority. ACCURACY OF SHIPPING, BILLING, AND ACCOUNT INFORMATION We reserve the right to refuse any order you place with us. We may, in our sole discretion, limit or cancel quantities purchased per person, per household or per order. These restrictions may include orders placed by or under the same customer account, the same credit card, and/or orders that use the same billing and/or shipping address. In the event that we make a change to or cancel an order, we may attempt to notify you by contacting the e-mail and/or billing address/phone number provided at the time the order was made. We reserve the right to limit or prohibit orders that, in our sole judgment, appear to be placed by dealers, resellers or distributors. You agree to provide current, complete and accurate information for all purchases made at our store. You are solely liable for any losses or extra expenses arising from incomplete or inaccurate information. You agree to promptly update your account and other information, including your email address and credit card numbers and expiration dates, so that we can complete your transactions and contact you as needed. OPTIONAL TOOLS We may provide you with access to third-party tools over which we neither monitor nor have any control nor input. You acknowledge and agree that we provide access to such tools ”as is” and “as available” without any warranties, representations or conditions of any kind and without any endorsement. We shall have no liability whatsoever arising from or relating to your use of optional third-party tools. Any use by you of optional tools offered through the site is entirely at your own risk and discretion and you should ensure that you are familiar with and approve of the terms on which tools are provided by the relevant third-party provider(s). We may also, in the future, offer new services and/or features through the website (including, the release of new tools and resources). Such new features and/or services shall also be subject to these Terms of Service. THIRD-PARTY LINKS Certain content, products and services available via our Service may include materials from third-parties. Third-party links on this site may direct you to third-party websites that are not affiliated with us. We are not responsible for examining or evaluating the content or accuracy and we do not warrant and will not have any liability or responsibility for any third-party materials or websites, or for any other materials, products, or services of third-parties. We are not liable for any harm or damages related to the purchase or use of goods, services, resources, content, or any other transactions made in connection with any third-party websites. Please review carefully the third-party's policies and practices and make sure you understand them before you engage in any transaction. Complaints, claims, concerns, or questions regarding third-party products should be directed to the third-party. USER COMMENTS, FEEDBACK AND OTHER SUBMISSIONS If, at our request, you send certain specific submissions or without a request from us you send creative ideas, suggestions, proposals, plans, or other materials, whether online, by email, by postal mail, or otherwise (collectively, 'comments'), you agree that we may, at any time, without restriction, edit, copy, publish, distribute, translate and otherwise use in any medium any comments that you forward to us. We are and shall be under no obligation (1) to maintain any comments in confidence; (2) to pay compensation for any comments; or (3) to respond to any comments. We may, but have no obligation to, monitor, edit or remove content that we determine in our sole discretion are unlawful, offensive, threatening, libelous, defamatory, pornographic, obscene or otherwise objectionable or violates any party’s intellectual property or these Terms of Service. You agree that your comments will not violate any right of any third-party, including copyright, trademark, privacy, personality or other personal or proprietary right. You further agree that your comments will not contain libelous or otherwise unlawful, abusive or obscene material, or contain any computer virus or other malware that could in any way affect the operation of the Service or any related website. You may not use a false e-mail address, pretend to be someone other than yourself, or otherwise mislead us or third-parties as to the origin of any comments. You are solely responsible for any comments you make and their accuracy. We take no responsibility and assume no liability for any comments posted by you or any third-party. PERSONAL INFORMATION Your submission of personal information is governed by our Privacy Policy. ERRORS, INACCURACIES AND OMISSIONS Occasionally there may be information on our site or in the Service that contains typographical errors, inaccuracies or omissions that may relate to product descriptions, pricing, promotions, offers, product shipping charges, transit times and availability. We reserve the right to correct any errors, inaccuracies or omissions, and to change or update information or cancel orders if any information in the Service or on any related website is inaccurate at any time without prior notice (including after you have submitted your order). We undertake no obligation to update, amend or clarify information in the Service or on any related website, including without limitation, pricing information, except as required by law. No specified update or refresh date applied in the Service or on any related website, should be taken to indicate that all information in the Service or on any related website has been modified or updated. PROHIBITED USES In addition to other prohibitions as set forth in the Terms of Service, you are prohibited from using the site or its content: (a) for any unlawful purpose; (b) to solicit others to perform or participate in any unlawful acts; (c) to violate any international, federal, provincial or state regulations, rules, laws, or local ordinances; (d) to infringe upon or violate our intellectual property rights or the intellectual property rights of others; (e) to harass, abuse, insult, harm, defame, slander, disparage, intimidate, or discriminate based on gender, sexual orientation, religion, ethnicity, race, age, national origin, or disability; (f) to submit false or misleading information; (g) to upload or transmit viruses or any other type of malicious code that will or may be used in any way that will affect the functionality or operation of the Service or of any related website, other websites, or the Internet; (h) to collect or track the personal information of others; (i) to spam, phish, pharm, pretext, spider, crawl, or scrape; (j) for any obscene or immoral purpose; (k) to interfere with or circumvent the security features of the Service or any related website, other websites, or the Internet; (l) replicate, duplicate, copy, trade, sell, resell nor exploit for any commercial reason any part, use of, or access to our web content. We reserve the right to terminate your use of the Service or any related website for violating any of the prohibited uses. TRADEMARK INFORMATION You herein acknowledge, understand and agree that all of the Shift Devices AG trademarks, copyright, trade name, service marks, and other logos and any brand features, and/or product and service names are trademarks and as such, are and shall remain the property of Shift Devices AG. You herein agree not to display and/or use these in any manner without our express written consent. DISCLAIMER OF WARRANTIES; LIMITATION OF LIABILITY We do not guarantee, represent or warrant that your use of our service will be uninterrupted, timely, secure or error-free. We do not warrant that the results that may be obtained from the use of the service will be accurate or reliable. You agree that from time to time we may remove the service for indefinite periods of time or cancel the service at any time, without notice to you. You expressly agree that your use of, or inability to use, the service is at your sole risk. The service and all products and services delivered to you through the service are (except as expressly stated by us) provided 'as is' and 'as available' for your use, without any representation, warranties or conditions of any kind, either express or implied, including all implied warranties or conditions of merchantability, merchantable quality, fitness for a particular purpose, durability, title, and non-infringement. In no case shall Shift Devices AG, our directors, officers, employees, affiliates, agents, contractors, interns, suppliers, service providers or licensors be liable for any injury, loss, claim, or any direct, indirect, incidental, punitive, special, or consequential damages of any kind, including, without limitation lost profits, lost revenue, lost savings, loss of data, replacement costs, or any similar damages, whether based in contract, tort (including negligence), strict liability or otherwise, arising from your use of any of the service or any products procured using the service, or for any other claim related in any way to your use of the service or any product, including, but not limited to, any errors or omissions in any content, or any loss or damage of any kind incurred as a result of the use of the service or any content (or product) posted, transmitted, or otherwise made available via the service, even if advised of their possibility. Because some states or jurisdictions do not allow the exclusion or the limitation of liability for consequential or incidental damages, in such states or jurisdictions, our liability shall be limited to the maximum extent permitted by law. FORCE MAJEURE If our performance of any of our obligations is prevented, restricted, or interfered with, by reason of: fire, flood, earthquake, explosion or other casualty or accident or act of nature; strikes or labour disputes; inability to procure or obtain delivery of parts, supplies, power, telecommunication services, equipment or software from suppliers, war or other violence; any law, order, proclamation, regulation, ordinance, demand or requirement of any governmental authority; or any other act or condition whatsoever beyond our reasonable control, we will be excused from such performance. INDEMNIFICATION You agree to indemnify, defend and hold harmless Shift Devices AG and our parent, subsidiaries, affiliates, partners, officers, directors, agents, contractors, licensors, service providers, subcontractors, suppliers, interns and employees, harmless from any claim or demand, including reasonable attorneys’ fees, made by any third-party due to or arising out of your breach of these Terms of Service or the documents they incorporate by reference, or your violation of any law or the rights of a third-party. SEVERABILITY In the event that any provision of these Terms of Service is determined to be unlawful, void or unenforceable, such provision shall nonetheless be enforceable to the fullest extent permitted by applicable law, and the unenforceable portion shall be deemed to be severed from these Terms of Service, such determination shall not affect the validity and enforceability of any other remaining provisions. TERMINATION The obligations and liabilities of the parties incurred prior to the termination date shall survive the termination of this agreement for all purposes. These Terms of Service are effective unless and until terminated by either you or us. You may terminate these Terms of Service at any time by notifying us that you no longer wish to use our Services, or when you cease using our site. If in our sole judgment you fail, or we suspect that you have failed, to comply with any term or provision of these Terms of Service, we also may terminate this agreement at any time without notice and you will remain liable for all amounts due up to and including the date of termination; and/or accordingly may deny you access to our Services (or any part thereof). ENTIRE AGREEMENT The failure of us to exercise or enforce any right or provision of these Terms of Service shall not constitute a waiver of such right or provision. These Terms of Service and any policies or operating rules posted by us on this site or in respect to The Service constitutes the entire agreement and understanding between you and us and govern your use of the Service, superseding any prior or contemporaneous agreements, communications and proposals, whether oral or written, between you and us (including, but not limited to, any prior versions of the Terms of Service). Any ambiguities in the interpretation of these Terms of Service shall not be construed against the drafting party. GOVERNING LAW These Terms of Service and any separate agreements whereby we provide you Services shall be governed by and construed in accordance with the laws of Birsfelden, Basel-Landschaft, Switzerland. CHANGES TO TERMS OF SERVICE You can review the most current version of the Terms of Service at any time at this page. We reserve the right, at our sole discretion, to update, change or replace any part of these Terms of Service by posting updates and changes to our website. It is your responsibility to check our website periodically for changes. Your continued use of or access to our website or the Service following the posting of any changes to these Terms of Service constitutes acceptance of those changes. CONTACT INFORMATION Please report any and all violations of these Terms of Service to: Shift Devices AG
4005 Basel

Privacy Policy

Effective 2017-03-15 WHAT DO WE DO WITH YOUR INFORMATION? When you purchase something from our store, we collect the personal information you give us: your name, address and email address. When you browse our website, we may receive your computer’s internet protocol (IP) address in order to learn about your browser and operating system and improve user experiences. After purchasing a product, we may send you emails about important security notices, new products, and updates from Shift Cryptosecurity AG. When you use the mobile app or desktop app, the app collects some personal information from you using the device camera ('Camera permission') in order to pair the two apps or to acquire information for completing a financial transaction. Shift Cryptosecurity AG has not, does not now, and will not in the future, sell, rent or lease any of our customer lists and/or names to any third parties. CONSENT How do you get my consent? When you enter personal information to place or amend an order, we imply that you consent to our collecting it. When you install the mobile app or desktop app, we imply that you consent to the Camera permission. Camera permission is defined as 'accessing the camera or capturing images and video from the device'. How do I withdraw my consent? You may withdraw your consent at anytime by uninstalling the mobile app or destop app or by contacting us at DISCLOSURE We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service. DATA Data we collect is stored on a secure server behind a firewall. Credit card information is collected by Stripe, a PCI Level 1 Service Provider, and is subject to their terms and privacy policy: We do not collect or store your credit card information. Communication Data between the mobile app and the desktop app (including the relay server) is encrypted except for application version information. Communication Data is not stored outside of the apps. THIRD-PARTY SERVICES Third-party service providers, such as blockchain explorers, payment gateways and payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them in order to fullfill our services to you. We recommend that you read their privacy policies so you can understand how your personal information will be handled by them. Third-party service providers may be located in or have facilities that are located a different jurisdiction than either you or us. In this case, your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service. THIRD-PARTY LINKS When you click on links in our website, they may direct you to a third-party website. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements. SECURITY To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. AGE OF CONSENT By using this site, you represent that you are at least the age of majority in your state or province or country of residence, or that you are the age of majority in your state or province or country of residence and you have given us your consent to allow any of your minor dependents to use this site. CHANGES TO THIS PRIVACY POLICY We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it. If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you. QUESTIONS AND CONTACT INFORMATION Shift Cryptosecurity AG
Soodmattenstr. 4
8134 Adliswil

Limited Lifetime Warranty

Effective 20 Aug. 2018 Shift Cryptosecurity AG ("us", "we", "our") warrants to the end user that its product, excluding content and or software supplied with or on the product, will be free from defects in material or workmanship and will be fit for normal use. This warranty is non-transferable and is enforceable only by the end customer who originally purchased the product and only while the customer owns the product. Proof of purchase is required. Any product that has not been purchased as new from us or our authorized partner (reseller or distributor) is expressly excluded from this warranty. Our responsibility is limited solely to the product itself. We shall not be responsible for any incidental or consequential damages incurred and/or occurred in connection with the product or its purchase. We do not warrant that the functions contained in the software on the product will meet specific requirements or that the operation of the software will be uninterrupted or error-free. The product is sold “as is”. We reserve the right to make changes or improvements in design, firmware or manufacturing without assuming any obligation to change or improve products previously manufactured and/or sold. This warranty does not apply to: (a) normal wear and tear; (b) damage resulting from accident, abuse, misuse, neglect, undue physical or electrical stress, improper handling or installation, or acts of nature ("force majeure"); (c) alterations by persons other than us; (d) damage or loss of data due to interoperability with current or future operating systems, software and/or hardware. Neither Shift Cryptosecurity AG nor any parent, officer, director, member, shareholder agent, employee or joint venturer of Shift Cryptosecurity AG shall be liable for any direct, indirect, consequential, incidental or special damages whatsoever, including, without limitation, business interruption, extra expense, loss of profits, loss of property (for purposes of this warranty the term “property” shall specifically include any form of crypto-currency/property stored or maintained by the product), loss of use of property, delay or damages consequential upon delay and/or loss of use or loss of use of property, or for damage caused by improper use (including use in an incompatible device and use not in accordance with the instructions). For purposes of this Agreement, the foregoing types of excluded damages shall include any cost arising out of a product recall. Shift Cryptosecurity AG's liability will not exceed the price you paid for the product. Shift Cryptosecurity AG disclaims all express and implied warranties of merchantability or fitness for a particular purpose to the fullest extent permitted by law. WARRANTY CLAIMS To make a warranty claim, contact Shift Cryptosecurity AG at and provide proof of purchase (showing date and place of purchase and name of the reseller, if any) and the product name, version. You may return an unused product according to the guidelines in the Refund Policy. Before returning the product, please make sure to backup any sensitive data and erase the device. Shift Cryptosecurity AG is not responsible for damages to or loss of any data stored in the product. Shift Cryptosecurity AG may at its discretion repair this product or provide a buyer with an equivalent product; and if unable to repair or replace the product, will refund either the original purchase price or fair market value, whichever is lower to the original buyer. The repair or replacement of the product is free of charge for the parts, components and labor necessary in order to perform the repair and restore the product's proper operating condition, provided the unit is returned otherwise undamaged and shipping prepaid, including insurance, to our facilities. The costs incurred in connection with returning of the product to our facilities shall be carried by the product owner or reseller. If the product is returned uninsured, you assume all risks of loss or damage during shipment. If Shift Cryptosecurity AG determines that failure of the product was not a result of a defect in materials or workmanship, Shift Cryptosecurity AG reserves the right to charge you either (1) for parts and labor at Shift Cryptosecurity AG's then-current labor rate or (2) a 20% restocking fee. Shift Cryptosecurity AG will advise you prior to assessing these charges. Any product returned to Shift Cryptosecurity AG shall become the property of Shift Cryptosecurity AG. National, state and local laws may grant you other rights that are not affected by this warranty.

Use of Branding Agreement

Effective 2017-03-24 GENERAL 1.1. Shift Cryptosecurity AG, ("Company", "we", "us", "our"), manufactures and sells the BitBox (TM) hardware wallet. We hereby grant to approved parties ("you", "your", "yours") a limited, non-exclusive, royalty-free license to use our logos, names, and approved product photos ("branding") in your company’s advertising, literature and websites solely in connection with the marketing and resale of our products. 1.2. __To be granted a license__, you acknowledge acceptance of the Use of Branding Agreement by sending written (email) communication to the Company that (i) states "I/We agree to the terms and conditions of Shift Cryptosecurity AG's Use of Branding Agreement", (ii) provides your company's name, address, and primary contact information, and (iii) provides information about how the logos and/or names will be used. 1.3. The license granted by this Agreement shall commence upon the date we acknowledge receipt and acceptance of the information provided in 1.2. The license will continue until terminated as provided below. 1.4. Only parties who accept this Agreement in its entirety may be granted a license. Exceptions to the Agreement must be agreed in writing. AGREEMENT OBLIGATIONS AND LIMITATIONS 2.1. You agree to use our branding in strict conformity with the standards set forth here. You acknowledge and agree that it is your responsibility to remain informed about, and to immediately comply with, any changes we may make in the standards that affect your use of our logos and names. Any exceptions must be approved by us in writing. 2.2. You agree to not modify our branding, including overlaying or underlaying other content, in any way. Overall size may be changed if the conditions of 2.3 are met and the orginal aspect ratio is maintained. 2.3. Our branding shall be displayed approximately NO SMALLER than the equivalent branding of other products that are displayed on shared media. Shared media includes all sets of digital and physical documents that can be manually or automatically turned, scrolled, paged, rotated, or similarly grouped. 2.4. Our branding may NOT be used on business cards, badges, clothing, hats or any type of apparel, or any object or product typically used in connection with company identification. 2.5. Use of our branding in any form, including both visual and audial communication, must comply with local, national, and international law. You are solely responsible for ensuring that your practices comply with all applicable laws. This Agreement is in no way a substitute for legal advice. 2.6. You may not assign, sub-license, or transfer in any means the license granted by this Agreement. 2.7. No person associated or affiliated with your company may make or imply any representation that they are a Shift Cryptosecurity AG employee or agent. You will have no authority to make or accept any offers, warrants, or representations on our behalf. 2.8. Each party agrees not to use the other's proprietary materials in any manner that is disparaging, misleading, obscene or that otherwise portrays the party in a negative light. Each party reserves all of its respective rights in the proprietary materials covered by this Agreement. Other than the rights granted in this Agreement, each party retains all right, title, and interest to its respective rights, and no right, title, or interest is transferred to the other. 2.9. Our branding may not be used in any manner, including marketing material and website content or URLs, which leads third parties to believe you are the Company or an affiliated business of the Company. You shall clearly state and display the name of your business and provide appropriate contact information in any medium where you use our branding. 2.10. Upon request, you shall furnish to Shift Cryptosecurity AG, without charge, samples of materials which feature our branding. We shall have the right of approval over such items by giving written notice to you, within twenty (20) days of receipt of the samples, of such reasonable changes or corrections as may be necessary to comply with reasonable quality concerns. You shall make and incorporate said changes or corrections. Our failure, following receipt of samples, to give notice of any such changes or corrections shall constitute approval by Shift Cryptosecurity AG. 2.11. If Shift Cryptosecurity AG, in its sole discretion, determines that any materials used, sold, distributed or offered for sale or distribution by you under this Agreement are unsatisfactory to Shift Cryptosecurity AG, either based on the quality of the materials themselves or the depiction of the branding on the materials, then we shall notify you in writing. Upon receipt of this notification, you shall have thirty (30) days to implement reasonable changes according to our suggestion, ensuring that the materials are satisfactory. REPRESENTATIONS AND WARRANTIES (3) You hereby represent and warrant to us that you (i) have the right, power and authority to enter into this Agreement and to perform your obligations as set forth herein; (ii) are under no obligation or restriction that does or would interfere or conflict with your obligations under this Agreement, nor will you assume any such obligations or restrictions during the term hereof; and (iii) the information provided by you in connection with this Agreement is true, correct and complete. AMENDMENTS AND TERMINATION 4.1. Shift Cryptosecurity AG may, in its sole discretion, terminate this Agreement or modify your license to use our branding at any time upon written notice to you. Upon termination of this Agreement, you shall immediately cease any and all use of our branding or any trademarks confusingly similar to our branding. 4.2. You may terminate this Agreement at any time upon thirty (30) days prior written notice to us. 4.3. You agree that upon termination of the Agreement, for any reason, the Company and associated partners bear no responsibility for any loss or damages caused by the termination. 4.4. Unless renewed by mutual agreement of the parties, this Agreement shall expire one (1) year from the Agreement commencement date. DISCLAIMER (5) SHIFT Cryptosecurity AG DISCLAIMS ANY AND ALL WARRANTIES THAT MAY BE EXPRESS, IMPLIED OR STATUTORY WITH RESPECT TO OUR BRANDING OR OTHERWISE, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES AGAINST INFRINGEMENT, TITLE, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE, AND AGAINST ALL CLAIMS AND LIABILITIES ARISING OUT OF YOUR USE OF OUR BRANDING. SHIFT Cryptosecurity AG MAKES NO EXPRESS OR IMPLIED REPRESENTATIONS OR WARRANTIES REGARDING OUR SERVICE AND WEBSITE OR THE PRODUCTS OR SERVICES PROVIDED THEREIN, ANY IMPLIED WARRANTIES OF THE COMPANY'S ABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE EXPRESSLY DISCLAIMED AND EXCLUDED. IN ADDITION, WE MAKE NO REPRESENTATION THAT THE OPERATION OF OUR SITE WILL BE UNINTERRUPTED OR ERROR FREE, AND WE WILL NOT BE LIABLE FOR THE CONSEQUENCES OF ANY INTERRUPTIONS OR ERRORS. LIMITATIONS OF LIABILITY (6) SHIFT Cryptosecurity AG WILL NOT BE LIABLE TO YOU WITH RESPECT TO ANY SUBJECT MATTER OF THIS AGREEMENT UNDER ANY CONTRACT, NEGLIGENCE, TORT, STRICT LIABILITY OR OTHER LEGAL OR EQUITABLE THEORY FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL OR EXEMPLARY DAMAGES (INCLUDING, WITHOUT LIMITATION, LOSS OF REVENUE OR GOODWILL OR ANTICIPATED PROFITS OR LOST BUSINESS), EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BOTH PARTIES ACKNOWLEDGE AND AGREE THAT THE LACK OF A REQUIREMENT OF ANY MONETARY PAYMENT HEREUNDER IS BASED IN PART UPON THESE LIMITATIONS, AND FURTHER AGREE THAT THESE LIMITATIONS SHALL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY. INDEMNIFICATION (7) You hereby agree to indemnify and hold harmless Shift Cryptosecurity AG, and its subsidiaries and affiliates, and their directors, officers, employees, agents, shareholders, partners, members, and other owners, against any and all claims, actions, demands, liabilities, losses, damages, judgments, settlements, costs, and expenses (including reasonable attorneys' fees) (any or all of the foregoing hereinafter referred to as "Losses") insofar as such Losses (or actions in respect thereof) arise out of or are based on (i) any misrepresentation or breach of your representations and warranties set forth in this Agreement; and (ii) any non-compliance by you with any agreements or undertakings contained in or made pursuant to this Agreement. CONFIDENTIALITY (8) All confidential information, including, but not limited to, any business, technical, financial, and customer information, disclosed by one party to the other during negotiation or the effective term of this Agreement which is marked "Confidential," will remain the sole property of the disclosing party, and each party will keep in confidence and not use or disclose such proprietary information of the other party without express written permission of the disclosing party. GOVERNING LAW (9) This Agreement shall be governed by and construed in accordance with the laws of the Company's domicile, Basel-Landschaft, Switzerland, without regard to the conflicts of laws provisions thereof. The parties hereby submit to the exclusive jurisdiction of, and any action or suit under this Agreement shall only be brought by the parties to, courts with jurisdiction in Basel-Landschaft, Switzerland. MISCELLANEOUS 10.1. The Agreement does not constitute any partnership, joint venture, agency, franchise, sales representative, or employment relationship between you and the Company. You will have no authority to make or accept any offers, warrants, or representations on our behalf. You will not make any statement, whether on your site or otherwise, that contradicts this section. 10.3. This Agreement represents the entire agreement between us and you, and shall supersede all prior agreements and communications of the parties, oral or written. 10.4. The headings and titles contained in this Agreement are included for convenience only, and shall not limit or otherwise affect the terms of this Agreement. 10.5. If any provision of this Agreement is held to be invalid or unenforceable, that provision shall be eliminated or limited to the minimum extent necessary such that the intent of the parties is effectuated, and the remainder of this agreement shall have full force and effect. 10.6. No waiver by either party of any breach of any provision of this Agreement shall constitute a waiver of any concurrent or subsequent breach of the same or any other provisions hereof, and no waiver shall be effective unless made in writing by the waiving party.

Bug Bounty & Responsible Disclosure

Updated December 6th, 2018

0. Introduction

At Shift Cryptosecurity, we strive towards excellence when it comes to the security and privacy of our products and believe that an open architecture is vital to keep our users safe. However, even in time-proven security architectures, vulnerabilities can be found. This is why our code is open source. In the case you find a vulnerability, we would like to ask you to follow our bug bounty program for responsible disclosure.

I. Hall of fame

We are thankful to the researchers who work with us to help keep users safe. We wish to acknowledge those who have contacted us and coordinated the release of their research. At their discretion, contributions are attributed on our hall of fame page. We also understand that anonymity may be an important concern to the researcher and are prepared to protect their identity.

II. Preamble

Respect and appreciation of the effort, time and skills of independent security researchers is important to Shift Cryptosecurity. We enable researchers in their work to help us equip users with safe products by establishing responsible disclosure guidelines and a bug bounty program. We understand that researchers are free to choose their work’s focus as well as when and to whom they disclose their findings. When a vulnerability is found, we recommend you follow our guidelines below.

  1. Information that significantly helps improve our security will be rewarded. This includes user and customer privacy. The main areas are:
    • Official code implementations in production that we maintain and make available at the BitBox GitHub repository.
    • All Shift Cryptosecurity hardware.
  2. Keep lines of communication open
    • Additional information is needed and we want to ensure that we give your research proper attribution.
  3. Do not at any time:
    • Actively exploit or commit a Denial of Service against us or other user's wallets and nodes where the software connects.
    • Socially engineer our company, those who contact us, and users of our products.
    • Enact any physical or electronic attack against company property.
    • Release user data.
    • Release any private data related to Shift Cryptosecurity.
  4. If applicable, the bounty will be granted after the Incident Response is successfully completed and the relevant software fixes have been released.
  5. Known issues are not applicable for the bug bounty program. When Shift becomes aware of a vulnerability, it will be time stamped on the blockchain.

III. Security Response Team

The security team may be reached at (PGP: 4B40 A37E D0BB 0775 EA91 0A31 684B DEA7 EF01 480E) for reports and discussion about potential issues.

IV. Incident Response

  1. Submit your report via PGP or another end-to-end encrypted communication channel. .
  2. We will respond within 3 business days and then make inquiries to satisfy any needed information.
    • Confirm receipt of your contact and triage the reported issues.
    • Follow up with the results of our validation process.
  3. For vulnerabilities or important observations that impact our users, we’ll layout a timeline regarding mitigation and suggestions for coordinated disclosure with you. We will report on progress made and contact you if more time is required.

V. Post-Release Disclosure Process

  1. At your discretion, we will credit you on our hall of fame page and in relevant software release notes.
  2. Rewards are based on the severity of the bug and at a level that we feel is reasonable.
  3. If the Incident Response process in section IV is not successfully completed and consensus on a timely disclosure not met, we encourage you to publish your results without us.
  4. We may even invite you for a bite to eat in Switzerland with the team for especially nice cryptographic or elegant code execution attacks. Novel bugs will be rewarded with novel rewards.