Sphyr

Terms of Service & Acceptable Use Policy

Sphyr Agent Guard  ·  Effective May 22, 2026  ·  Last updated June 10, 2026

Beta Service — Read Before Using

THE SERVICE IS CURRENTLY OFFERED IN A PRE-RELEASE (BETA) STATE. BETA SOFTWARE BY ITS NATURE CONTAINS KNOWN AND UNKNOWN DEFECTS, BUGS, INCOMPLETE FEATURES, AND SECURITY GAPS THAT HAVE NOT YET BEEN IDENTIFIED OR REMEDIATED. BY ACCESSING OR USING THE SERVICE YOU EXPRESSLY ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THESE LIMITATIONS, THAT YOU ACCEPT ALL RISKS ASSOCIATED WITH USING PRE-RELEASE SOFTWARE, AND THAT NO COMPENSATION IS OWED FOR DEFECTS, OUTAGES, OR ENFORCEMENT FAILURES INHERENT TO BETA-STAGE DEVELOPMENT.

1 - Definitions

  • "Service" - The Sphyr Agent Guard, including all associated APIs, infrastructure, and enforcement tooling operated by the Operator.
  • "Operator" - Larson Tech Solutions, LLC, a Florida limited liability company registered as a foreign LLC in Utah, doing business as Sphyr.
  • "Customer" - A natural person (age 18 or older) or a registered legal entity capable of forming a binding contract that accesses the Service using a provisioned API key. Automated systems are not legal entities; a human or company must be accountable for each API key issued.
  • "Agent" - Any AI model, autonomous system, script, or automated process that issues requests through the Service on a Customer's behalf.
  • "Credits" - Prepaid usage units purchased by the Customer and consumed by the Service on a per-request basis.
  • "Honeytoken" - A designated decoy domain or data path monitored by the Service for the purpose of detecting compromised or unauthorized Agents.

Agreement Formation. By creating an account, purchasing Credits, or making any API call through the Service, you (the Customer) agree to be bound by these Terms. You must be at least 18 years of age and have the legal capacity to enter a binding contract in your jurisdiction to use the Service. If you are accepting these Terms on behalf of a company or legal entity, you represent that you have authority to bind that entity. If you do not agree to these Terms, do not use the Service.

2 - The "Seat Belt" Principle (Exclusions of Liability)

The Service is a defense-in-depth transport-layer security tool designed to monitor and mitigate risks associated with autonomous Agent activity. It is not a guarantee of security, not a Web Application Firewall (WAF), not a Data Loss Prevention (DLP) solution, and does not relieve Customers of responsibility for their own systems, Agents, or data.

Agent Behavior is Solely the Customer's Responsibility. The Customer is solely and exclusively responsible for the design, development, configuration, deployment, behavior, and output of any Agent connected to the Service. The Operator has no visibility into, and no control over, what instructions or data a Customer provides to an Agent, how an Agent is programmed or fine-tuned, what APIs or data sources an Agent is authorized to access, or what actions an Agent takes using the access granted by the Customer. The Operator shall not be liable for any harm, data loss, security incident, or regulatory violation caused or contributed to by an Agent, regardless of whether the Service intercepted, allowed, blocked, or failed to detect the relevant request.

Assumption of Risk. By using the Service, Customer expressly assumes all risks arising from: (a) the beta and pre-release nature of the Service; (b) known and unknown bugs, incomplete features, and security gaps in the Service; (c) misconfigurations of the Customer's own systems or Agents; and (d) the inherent limitations of transport-layer security described in this Section. This assumption of risk is a material condition of access to the Service and cannot be waived.

The Operator makes no representation that the Service will intercept every malicious, erroneous, or out-of-policy request. Specifically, the Operator explicitly disclaims liability for the following exclusions of service:

  • No Semantic Filtering: The Service inspects request metadata and data density (entropy). It does not evaluate the meaning, intent, or safety of the prompt or response. It cannot prevent an Agent from generating harmful, biased, or incorrect content.
  • Low-Entropy Leakage: The entropy scanner is designed to catch high-density keys and tokens. It cannot prevent "slow-burn" exfiltration where sensitive data is transmitted in small, low-entropy increments over long durations.
  • Application-Level Exploits: Sphyr Agent Guard is a transport-layer identity firewall. It does not protect upstream APIs from application-level attacks (e.g., Prompt Injection, SQL Injection, or XSS) initiated by the Agent.
  • Limited Payload Inspection: While the Service scans for secrets, it cannot decrypt or inspect payloads that are pre-encrypted or intentionally obfuscated to appear as low-entropy text.
  • Third-Party Dependency: Service availability is strictly dependent on the uptime of third-party providers (e.g., Cloudflare, Stripe). The SDK defaults to fail-closed (v2.0+): if the Sphyr gateway is unreachable, instrumented requests throw SphyrNetworkError and do not pass through unscreened. The server-side billing subsystem includes a fail-open circuit for continuity under database outages — requests may be forwarded without credit deduction within a bounded window before the circuit breaker engages. This billing continuity logic does not bypass security enforcement; HMAC replay protection, rate limiting, and URL safety checks remain fail-closed. See the SDK documentation for the failClosed option. The Operator bears no liability for any security incident arising from Customer misconfiguration or third-party provider failures.
  • User Misconfiguration: The Operator is not liable for security bypasses resulting from the Customer configuring overly permissive policies (e.g., whitelisting malicious domains or arbitrarily raising entropy thresholds).
  • Beta Defects: The Operator is not liable for any harm resulting from bugs, incomplete features, incorrect enforcement logic, or undiscovered vulnerabilities present in the beta-stage Service, whether or not such defects are known to the Operator at the time of the incident.
  • Data Portability & Loss: Forensic logs are aggressively purged to maintain privacy-by-design principles. The Service is not a compliance archive or a long-term data store.

3 - Acceptable Use

3.1 Permitted Use

The Service may only be used for lawful, authorized proxying of HTTPS requests by AI agents and automated systems under the Customer's direct control.

3.2 Prohibited Conduct

The following activities constitute a material breach of this agreement and may result in immediate account termination:

  • Bypassing Security Controls - Any attempt to circumvent HMAC signature verification, session IP binding, rate-limiting windows, or any other enforcement mechanism of the Service.
  • Secret Exfiltration - Using the Service to move unauthorized credentials, private keys, bearer tokens, or other high-entropy secrets through the request pipeline.
  • Infrastructure Attacks - Using the Service to perform Server-Side Request Forgery (SSRF), DNS rebinding, Denial-of-Service (DoS), or any attack against third-party infrastructure.
  • Honeytoken Interaction - Deliberate access to a designated Honeytoken domain or decoy data path by the Customer, or by an Agent acting on the Customer's instructions. Honeytoken access that results from a third party's unauthorized compromise of the Customer's systems, credentials, or Agent context is not a breach of this Section; it triggers the automated security response described in Section 4.1 and is eligible for the Compromise Exception in Section 5.2. Honeytoken access caused by the Customer's own misconfiguration likewise triggers the automated security response and is reviewed under the dispute process in Section 4.2.
  • Key Sharing - Distributing, reselling, or transferring an API key to any party not under the Customer's direct control without the Operator's prior written consent.
  • Illegal Activity - Using the Service to facilitate any activity that violates applicable local, state, national, or international law.
  • Chargeback Abuse - Initiating a payment chargeback without first attempting to resolve the dispute through the internal 30-day billing dispute process described in Section 5.3. Chargeback abuse constitutes fraudulent misuse of the payment system and is grounds for permanent account termination and forfeiture of all remaining Credits.

4 - Automated Enforcement & Forensics

4.1 Enforcement Mechanisms

  • Immediate Key Revocation - Interaction with a Honeytoken domain results in the immediate suspension of the associated API key and flagging of the Customer account. This action is logged as a security incident. Suspension is an automated containment measure and does not by itself constitute a determination that the Customer breached Section 3.2.
  • Automated Suspension - Repeated high-risk signals, including session IP mismatches and entropy violations, may trigger automated account suspension without prior notice.
  • Forensic Logging - All requests are recorded as salted SHA-256 hashes for 180 days to support post-incident forensics and financial dispute resolution. Raw diagnostic rationale is purged within 36 days (typically 30 days; up to 6 days of scheduled-job lag). No plaintext URLs or IP addresses are stored in forensic logs; account email addresses are stored separately for account management — see Privacy Policy §1.

4.2 Disputes & Appeals

Customers who believe an automated enforcement action was applied in error may contact the Operator at legal@sphyr.io within 14 days of the action. The Operator will review the request and respond within 7 business days. The Operator retains sole discretion over all reinstatement decisions. Submitting a dispute does not guarantee reinstatement or suspend any enforcement action.

4.3 Law Enforcement Cooperation

The Operator may provide forensic log data (in hashed form) to law enforcement or regulatory authorities in response to a valid legal order. Where legally permitted, the Operator will make reasonable efforts to notify the affected Customer prior to disclosure.

5 - Billing & Credits

5.1 Prepaid Credits

The Service operates on a prepaid credit model. Credits are consumed on a per-request basis at rates published in the Service documentation. Credits are not legal tender, have no cash value, and are non-transferable. Credits expire 12 months from their issue date. Expired credits are forfeited without refund. Credits are consumed in first-in, first-out (FIFO) order. This structure is consistent with prepaid API credit programs offered by providers such as Anthropic and OpenAI.

5.2 Credits Upon Termination or Closure

  • Termination for AUP Violation - If the Operator terminates an account due to a breach of Section 3.2, any unused Credits are forfeited. No refund will be issued.
  • Termination for Other Reasons - If the Operator terminates an account for reasons other than a Customer's AUP violation, the Operator will issue a prorated refund of unused, non-expired Credits within 30 days.
  • Voluntary Cancellation - Customers who close their account voluntarily forfeit all unused Credits unless a refund request is submitted to legal@sphyr.io within 30 days of closure. Refunds are issued at the Operator's discretion and are not guaranteed.
  • Compromise Exception - If an account is closed or terminated as a direct result of a confirmed security compromise (e.g., stolen API key used by an unauthorized third party), the Customer may submit a written exception request within 14 days. The Operator will review the request and, at its sole discretion, may issue a partial or full refund of unused Credits that were consumed or forfeited due to the unauthorized activity.

5.3 Billing Disputes

Billing disputes must be submitted to legal@sphyr.io within 30 days of the charge in question. Disputes submitted after this window will not be considered.

5.4 Service Discontinuation

In the event the Operator elects to discontinue the Service entirely, the Operator will provide at least 90 days advance written notice via the email address associated with each Customer account. All unused, non-expired Credits held at the time of the notice will be eligible for a prorated refund, calculated at $0.0002 per unused Credit. Refund requests must be submitted to legal@sphyr.io within 30 days of the stated service end date. Credits that have already expired prior to the discontinuation notice are not eligible for refund.

6 - Data & Privacy

The Service collects and processes request metadata as described in the Privacy Policy located at https://sphyr.io/legal/privacy, which is incorporated into this agreement by reference. By using the Service, you consent to the data practices described therein.

In summary: the Service does not store plaintext URLs or IP addresses in forensic logs; account email addresses are stored separately for account management — see Privacy Policy §1. All logged identifiers are one-way salted SHA-256 hashes. Raw diagnostic rationale is purged within 36 days (typically 30 days; up to 6 days of scheduled-job lag); all log rows are deleted after 180 days.

6.1 Data Processing Agreement

Customers who are subject to the General Data Protection Regulation (GDPR) as data controllers and use the Service to process personal data of their end users may request a Data Processing Agreement (DPA) from the Operator at legal@sphyr.io. The DPA governs the Operator's role as a data processor on the Customer's behalf under GDPR Article 28. Use of the Service by a GDPR data controller without a signed DPA is at the Customer's own legal risk.

7 - Operator Rights

7.1 Account Termination

The Operator reserves the right to suspend or terminate any Customer account that poses a threat to the Service's security, stability, or legal standing. For suspected security threats or active AUP violations, termination may occur without prior notice. For all other terminations, the Operator will provide at least 7 days written notice where practicable, except where prohibited by a legal obligation or ongoing investigation.

7.2 Enforcement Threshold Adjustments

The Operator may adjust enforcement thresholds — including entropy sensitivity, rate limits, and ban criteria — in response to evolving threats. The Operator will provide at least 48 hours advance notice of such changes, except in response to an active security incident, in which case changes may take effect immediately.

7.3 Policy Updates

The Operator reserves the right to update this document at any time. Material changes will be communicated via the email address associated with the Customer's account and/or posted to the Service website at least 14 days before taking effect. Continued use of the Service after the effective date constitutes acceptance of the revised terms.

8 - Security Research

Customers who identify a potential vulnerability in the Service and wish to conduct testing are required to obtain prior written approval from the Operator before any active probing. Researchers who disclose vulnerabilities responsibly — without prior unauthorized testing — will not be subject to automated enforcement for incidental policy triggers arising from good-faith disclosure activity.

To initiate responsible disclosure, contact security@sphyr.io.

9 - Limitation of Liability

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, OR NON-INFRINGEMENT. THE OPERATOR DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, FREE OF BUGS OR VULNERABILITIES, OR THAT ANY SPECIFIC REQUEST WILL BE BLOCKED OR ALLOWED. THE OPERATOR MAKES NO WARRANTY THAT THE SERVICE WILL MEET CUSTOMER'S SECURITY OR COMPLIANCE REQUIREMENTS.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE OPERATOR SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES OF ANY KIND ARISING FROM OR RELATED TO THE SERVICE, INCLUDING WITHOUT LIMITATION: (A) THE SERVICE'S FAILURE TO INTERCEPT, BLOCK, OR DETECT A SPECIFIC REQUEST OR SECURITY THREAT; (B) DATA BREACHES, CREDENTIAL LEAKS, OR UNAUTHORIZED ACCESS TO UPSTREAM SYSTEMS CAUSED BY AN AGENT; (C) THE AUTOMATED SUSPENSION OR TERMINATION OF A CUSTOMER ACCOUNT; (D) ANY BUG, DEFECT, OR INCOMPLETE FEATURE IN THE BETA-STAGE SERVICE; OR (E) ANY UNAUTHORIZED ACCESS TO OR USE OF THE SERVICE.

THE OPERATOR'S TOTAL CUMULATIVE LIABILITY TO ANY CUSTOMER FOR ALL CLAIMS ARISING UNDER OR RELATED TO THESE TERMS SHALL NOT EXCEED THE GREATER OF: (I) THE TOTAL FEES ACTUALLY PAID BY THAT CUSTOMER IN THE 90 DAYS PRECEDING THE CLAIM, OR (II) ONE HUNDRED U.S. DOLLARS ($100.00). THIS LIMITATION APPLIES REGARDLESS OF THE LEGAL THEORY OF LIABILITY AND EVEN IF THE OPERATOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CUSTOMER ACKNOWLEDGES THAT THIS LIMITATION REFLECTS A REASONABLE ALLOCATION OF RISK AND IS A FUNDAMENTAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES.

10 - Governing Law & Dispute Resolution

10.1 Governing Law

This agreement is governed by the laws of the State of Utah, United States, without regard to its conflict of law provisions.

10.2 Binding Arbitration

PLEASE READ THIS SECTION CAREFULLY. IT REQUIRES YOU TO RESOLVE DISPUTES THROUGH BINDING ARBITRATION AND LIMITS HOW YOU CAN SEEK RELIEF FROM SPHYR.

EXCEPT FOR CLAIMS FOR INJUNCTIVE OR EQUITABLE RELIEF OR CLAIMS REGARDING INTELLECTUAL PROPERTY RIGHTS, ANY DISPUTE, CONTROVERSY, OR CLAIM ARISING OUT OF OR RELATING TO THESE TERMS OR THE SERVICE THAT CANNOT BE RESOLVED INFORMALLY WITHIN 30 DAYS OF WRITTEN NOTICE SHALL BE RESOLVED EXCLUSIVELY BY FINAL AND BINDING ARBITRATION ADMINISTERED BY THE AMERICAN ARBITRATION ASSOCIATION (AAA) UNDER ITS COMMERCIAL ARBITRATION RULES. FOR CLAIMS UNDER $10,000 USD, THE AAA CONSUMER ARBITRATION RULES SHALL APPLY IN LIEU OF THE COMMERCIAL ARBITRATION RULES. FOR CLAIMS UNDER $500 USD, THE OPERATOR WILL PAY ALL AAA FILING FEES AND ADMINISTRATIVE COSTS. THE PARTIES SHALL EACH BEAR THEIR OWN ATTORNEYS' FEES UNLESS THE ARBITRATOR DETERMINES THAT A PARTY'S CLAIM OR DEFENSE WAS FRIVOLOUS OR BROUGHT IN BAD FAITH. THE ARBITRATION SHALL TAKE PLACE IN SALT LAKE COUNTY, UTAH, OR BY REMOTE MEANS IF MUTUALLY AGREED. THE ARBITRATOR'S AWARD SHALL BE FINAL AND BINDING AND MAY BE ENTERED AS A JUDGMENT IN ANY COURT OF COMPETENT JURISDICTION.

SMALL CLAIMS: NOTWITHSTANDING THE FOREGOING, EITHER PARTY MAY BRING AN INDIVIDUAL CLAIM IN SMALL CLAIMS COURT IN SALT LAKE COUNTY, UTAH — OR, IF THE CUSTOMER IS A CONSUMER, IN THE COUNTY OF THE CUSTOMER'S RESIDENCE — INSTEAD OF ARBITRATION, FOR SO LONG AS THE CLAIM REMAINS IN SMALL CLAIMS COURT ON AN INDIVIDUAL BASIS.

RIGHT TO OPT OUT: YOU MAY OPT OUT OF THIS ARBITRATION AGREEMENT BY SENDING WRITTEN NOTICE TO LEGAL@SPHYR.IO WITHIN 30 DAYS OF FIRST ACCEPTING THESE TERMS, STATING YOUR NAME, THE EMAIL ADDRESS ASSOCIATED WITH YOUR ACCOUNT, AND YOUR INTENT TO OPT OUT OF ARBITRATION. OPTING OUT OF ARBITRATION DOES NOT AFFECT ANY OTHER PROVISION OF THESE TERMS.

MASS FILINGS: IF 25 OR MORE SUBSTANTIALLY SIMILAR ARBITRATION DEMANDS ARE FILED AGAINST THE OPERATOR BY OR WITH THE ASSISTANCE OF THE SAME LAW FIRM, GROUP OF LAW FIRMS, OR COORDINATED COUNSEL, THE DEMANDS SHALL BE ADMINISTERED UNDER THE AAA'S MASS ARBITRATION SUPPLEMENTARY RULES AND SHALL PROCEED IN STAGED BATCHES OF NO MORE THAN 25 DEMANDS EACH, BEGINNING WITH A SINGLE BELLWETHER BATCH SELECTED JOINTLY BY THE PARTIES' COUNSEL. ALL REMAINING DEMANDS SHALL BE HELD IN ABEYANCE — AND ANY APPLICABLE STATUTE OF LIMITATIONS TOLLED — UNTIL THE BELLWETHER BATCH IS RESOLVED. A COURT OF COMPETENT JURISDICTION MAY ENFORCE THIS PARAGRAPH AND MAY ENJOIN THE MASS FILING OR PROSECUTION OF ARBITRATION DEMANDS THAT CIRCUMVENT IT.

CLASS ACTION WAIVER: ALL CLAIMS AND DISPUTES MUST BE ARBITRATED OR LITIGATED ON AN INDIVIDUAL BASIS. NEITHER CUSTOMER NOR OPERATOR MAY BRING OR PARTICIPATE IN ANY CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION OR ARBITRATION. THE ARBITRATOR MAY NOT CONSOLIDATE MORE THAN ONE PERSON'S CLAIMS AND MAY NOT PRESIDE OVER ANY FORM OF REPRESENTATIVE OR CLASS PROCEEDING. IF THIS CLASS ACTION WAIVER IS FOUND UNENFORCEABLE, THEN THE ENTIRETY OF THIS ARBITRATION PROVISION SHALL BE NULL AND VOID, EXCEPT THAT THE SMALL CLAIMS AND OPT-OUT PROVISIONS ABOVE SHALL SURVIVE.

For any claims not subject to arbitration, each party consents to the exclusive jurisdiction of the state or federal courts located in Salt Lake County, Utah.

11 - Contact

Purpose Contact
Legal notices & AUP disputes legal@sphyr.io
Security & responsible disclosure security@sphyr.io
General support support@sphyr.io

Notices sent by email are deemed received one business day after transmission, unless the sender receives a delivery failure notification. The Operator will endeavor to acknowledge notices promptly; acknowledgment is not required for a notice to be effective.

12 - Indemnification

To the fullest extent permitted by applicable law, the Customer agrees to defend, indemnify, and hold harmless the Operator and its members, managers, officers, employees, and agents from and against any and all claims, damages, obligations, losses, liabilities, costs, and expenses (including reasonable attorney fees) arising from: (a) the Agent's use of and access to the Service; (b) any violation of these Terms by the Customer or the Agent; (c) any data breach, credential leak, or security incident caused or contributed to by the Customer's Agent or systems, regardless of whether the Service detected or blocked the relevant activity; or (d) any claim by a third party that the Customer's Agent caused harm through the Service.

The Operator will provide prompt written notice of any claim subject to this indemnification and will cooperate reasonably in the defense. The Customer shall not settle any such claim in a manner that imposes obligations on the Operator without the Operator's prior written consent.

13 - General Provisions

13.1 Entire Agreement

These Terms, together with the Privacy Policy at https://sphyr.io/legal/privacy, constitute the entire agreement between the Customer and the Operator with respect to the Service and supersede all prior or contemporaneous agreements, representations, warranties, and understandings, whether written or oral, relating to the Service.

13.2 Severability

If any provision of these Terms is found by a court or arbitrator of competent jurisdiction to be invalid, illegal, or unenforceable, that provision shall be modified to the minimum extent necessary to make it enforceable, or if modification is not possible, severed from these Terms. The remaining provisions shall continue in full force and effect.

13.3 No Waiver

The Operator's failure to enforce any right or provision of these Terms on any occasion shall not constitute a waiver of that right or provision on any future occasion. No waiver of any term shall be effective unless made in writing and signed by an authorized representative of the Operator.

13.4 Force Majeure

The Operator shall not be liable for any delay or failure in performance of the Service resulting from causes beyond the Operator's reasonable control, including but not limited to: acts of God, natural disasters, pandemic, war, terrorism, government action, power failures, internet or telecommunications outages, third-party infrastructure failures (including but not limited to Cloudflare or Stripe outages), cyberattacks directed at the Service or its infrastructure, or other events outside the Operator's reasonable control. During any such event, the Operator's obligations under these Terms are suspended to the extent caused by the event.

13.5 Assignment

Customer may not assign or transfer these Terms or any rights hereunder without the Operator's prior written consent. The Operator may assign these Terms freely, including in connection with a merger, acquisition, or sale of assets, upon notice to the Customer. Any assignment in violation of this provision is void.

13.6 Survival

Sections 2, 9, 10, 12, and 13 shall survive any termination or expiration of these Terms.

14 - Intellectual Property

14.1 Operator IP

The Operator retains all right, title, and interest in and to the Service and its underlying technology, including all software, algorithms, interfaces, documentation, trademarks, and other intellectual property. Nothing in these Terms transfers any ownership interest in the Service to the Customer.

14.2 License to Customer

Subject to the Customer's compliance with these Terms and payment of applicable Credits, the Operator grants the Customer a limited, non-exclusive, non-transferable, revocable license to access and use the Service solely for lawful purposes in accordance with these Terms. This license does not include the right to sublicense, resell, or otherwise make the Service available to third parties except as expressly permitted herein.

14.3 Customer Data

The Customer retains ownership of all data submitted through the Service, including agent request content and any outputs generated by the Customer's Agents. The Customer grants the Operator a limited, non-exclusive license to process such data solely to the extent necessary to operate and provide the Service as described in the Privacy Policy. The Operator acquires no ownership interest in Customer data.