# Application Governance

We review PDA access contracts to ensure quality and trust. This application governance consists of 5 parts:

### 1. Transaction Requests and Application Rating

To gain permission to store, process and use a data account or to retrieve data from other data accounts, "transactions" must be enabled. Dataswyft Transactions are data flows on the platform that have to be enabled by Dataswyft upon the server owner's permission and instruction. An application owner needs to request for contracts to be created so that server owners can agree to them and Dataswyft can then enable the transactions.&#x20;

Such contracts declare the application's activity, purpose and duration of use i.e. the application's data conduct. They would be encapsulated within a [HAT Microserver Instruction (HMI)](https://app.gitbook.com/s/-MU8i7kzqfJronlf3llG/reference/understanding-hmi.md) contract, reviewed by Dataswyft's governance team, then set up to be issued on demand when individuals are onboarded onto the app. This enables the app to freely use PDAs according to the contract's terms. Dataswyft maintains the HMI contracts and supervises the data conduct so that transactions are always compliant with platform and data regulations.&#x20;

Dataswyft implements a [rating system](https://app.gitbook.com/s/-MU8i7kzqfJronlf3llG/knowledge-base/application-review/rating-assurance-and-certification.md) to help server owners understand the data conduct of applications. We display the application’s rating when the HMI contracts are presented to server owners for acceptance.

### 2. Review

The Dataswyft Review Committee conducts the following reviews of the Application:

* **Design review** – ensuring design consistency across all apps in the ecosystem, i.e. use of terms and design assets
* **Technical quality check** – ensuring the API endpoints are called on correctly, error handling has been attended to and there are no other technical issues
* **Contractual review** – ensuring the contract is valid and set up correctly for the right set of data within the PDA for the stipulated usage, duration, and purpose
* **Compliance review** – ensuring standard platform rules are followed as well as ensuring compliance with data protection and privacy regulations
* **Data Conduct review** – ensuring that data collection, storage, usage, and processing have been handled responsibly

As you get ready to go live, please review this [checklist](https://resources.dataswift.io/contents/adb6dccd-58fa-4ea9-a75f-180621fcfb8a).

### 3. Contracts Maintenance

Once your app is live, HMI contracts will be logged on the Dataswyft One platform when users login to the application and accept the contract. Dataswyft will keep a log of contract details, manage versions and updates on behalf of app owners and users. Dataswyft will monitor compliance with the contract agreement obligations, including necessary audits, under the HAT Community Foundation's oversight.

### 4. Continued Monitoring and Audits

HMI contracts are checked by Dataswyft’s Performance and Monitoring committee to ensure apps behave in accordance with the policies (including any other governance protocols). Such policies may be regulatory (e.g. imposed by the HAT Community Foundation), standard (e.g. for contracted or regulated PDAs) or non-standard (e.g. source constraints set by Data Providers).

### 5. Certification

Post-approval, applications can apply for an official [Rating Assurance certificate](https://app.gitbook.com/s/-MU8i7kzqfJronlf3llG/knowledge-base/application-review/rating-assurance-and-certification.md) from the HAT Community Foundation.

Dataswyft reserves the right to refuse or reject any permission request by an application. We recommend all applications take their first MVP version live to ensure they are able to pass governance requirements.&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.dataswyft.com/deploy/application-governance.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.