Open Source Licenses & Attributions
Effective Date: February 2026
Document Version: 1.0
1. Purpose
Rymeda, Inc. ("Rymeda," "we," "us") is committed to acknowledging and respecting the open source software community. The Rymeda platform is built upon numerous open source libraries and frameworks, and we are grateful for the contributions of the developers and organizations that create and maintain these projects.
This page provides a comprehensive listing of the key open source packages used in the Rymeda platform, organized by license type. Each package is attributed to its respective copyright holders, and the applicable license is identified using SPDX (Software Package Data Exchange) license identifiers.
Complete license texts for all open source packages are available in the source code distribution of the Rymeda platform. If you have questions about the licensing of any component used in the Rymeda platform, please contact us at legal@rymeda.com.
2. License Summary
The open source packages used in the Rymeda platform are distributed under the following license families:
MIT License (SPDX: MIT)
A permissive license that allows use, modification, and distribution with minimal restrictions. Requires inclusion of the original copyright notice and license text. Full text: opensource.org/licenses/MIT
Apache License 2.0 (SPDX: Apache-2.0)
A permissive license that allows use, modification, and distribution. Includes an express grant of patent rights and requires preservation of copyright and license notices. Full text: apache.org/licenses/LICENSE-2.0
BSD License (SPDX: BSD-2-Clause / BSD-3-Clause)
A permissive license family with minimal restrictions. The 2-clause variant requires copyright notice retention; the 3-clause variant adds a non-endorsement clause. Full text: opensource.org/licenses/BSD-3-Clause
Other / Custom Licenses
Some packages are distributed under vendor-specific or custom licenses. These are identified individually in the tables below.
3. MIT License (SPDX: MIT)
The following packages are licensed under the MIT License:
3.1 Backend (Python)
| Package | Description | SPDX |
|---|---|---|
| fastapi | Modern, fast web framework for building APIs with Python | MIT |
| uvicorn | Lightning-fast ASGI server implementation | MIT |
| pydantic | Data validation using Python type annotations | MIT |
| httpx | Fully featured HTTP client for Python 3 | MIT |
| python-dotenv | Read key-value pairs from .env files | MIT |
| bcrypt | Password hashing library | MIT |
| PyJWT | JSON Web Token implementation for Python | MIT |
| python-jose | JOSE (JavaScript Object Signing and Encryption) implementation | MIT |
| slowapi | Rate limiting extension for FastAPI/Starlette | MIT |
| motor | Asynchronous Python driver for MongoDB | MIT |
| typer | CLI application framework built on Click | MIT |
| black | Uncompromising Python code formatter | MIT |
| isort | Python import sorting utility | MIT |
| pytest | Python testing framework | MIT |
| sendgrid | SendGrid email service Python SDK | MIT |
3.2 Frontend (React / Node.js)
| Package | Description | SPDX |
|---|---|---|
| react | JavaScript library for building user interfaces | MIT |
| react-dom | React DOM rendering package | MIT |
| next | React framework for production applications | MIT |
| tailwindcss | Utility-first CSS framework | MIT |
| framer-motion | Animation library for React | MIT |
| lucide-react | Beautiful & consistent icon library for React | MIT |
| axios | Promise-based HTTP client | MIT |
| lodash | Modern JavaScript utility library | MIT |
| zod | TypeScript-first schema validation | MIT |
| date-fns | Modern JavaScript date utility library | MIT |
| clsx | Utility for constructing className strings | MIT |
| class-variance-authority | CSS class variance utility (CVA) | MIT |
| tailwind-merge | Merge Tailwind CSS classes without conflicts | MIT |
| uuid | RFC-compliant UUID generation | MIT |
| embla-carousel-react | Lightweight carousel library for React | MIT |
| sonner | Opinionated toast notification component | MIT |
| qrcode.react | QR code React component | MIT |
| eslint-plugin-jsx-a11y | Accessibility linting rules for JSX | MIT |
| react-hook-form | Performant, flexible form library for React | MIT |
| react-router-dom | Declarative routing for React applications | MIT |
3.3 Radix UI Primitives (MIT)
The Rymeda platform uses the Radix UI component library, which provides unstyled, accessible UI primitives. All 27 Radix UI packages used are licensed under the MIT License:
4. Apache License 2.0 (SPDX: Apache-2.0)
The following packages are licensed under the Apache License, Version 2.0:
4.1 Backend (Python)
| Package | Description | SPDX |
|---|---|---|
| boto3 | AWS SDK for Python | Apache-2.0 |
| botocore | Low-level AWS service interface for boto3 | Apache-2.0 |
| google-generativeai | Google Generative AI Python SDK | Apache-2.0 |
| google-genai | Google GenAI unified client library | Apache-2.0 |
| litellm | Unified LLM API routing and abstraction layer | Apache-2.0 |
| openai | OpenAI Python API library | Apache-2.0 |
| requests | HTTP library for Python | Apache-2.0 |
| cryptography | Cryptographic recipes and primitives for Python | Apache-2.0 |
| watchtower | AWS CloudWatch Logs handler for Python logging | Apache-2.0 |
4.2 Frontend (React / Node.js)
| Package | Description | SPDX |
|---|---|---|
| aws-amplify | AWS Amplify JavaScript library for authentication and cloud services | Apache-2.0 |
| @aws-amplify/ui-react | AWS Amplify UI components for React | Apache-2.0 |
5. BSD License (SPDX: BSD-3-Clause)
The following packages are licensed under the BSD License (3-Clause or 2-Clause variants):
| Package | Description | Stack | SPDX |
|---|---|---|---|
| pandas | Data analysis and manipulation library | Python | BSD-3-Clause |
| numpy | Fundamental package for scientific computing | Python | BSD-3-Clause |
| scipy | Scientific and technical computing library | Python | BSD-3-Clause |
| aiohttp | Asynchronous HTTP client/server framework | Python | BSD-2-Clause |
| flake8 | Python code linting and style checker | Python | BSD-2-Clause |
6. Other Licenses
The following packages are distributed under vendor-specific or custom licenses:
| Package | Description | Stack | License |
|---|---|---|---|
| stripe | Stripe payment processing Python SDK (v14.1.0) | Python | Stripe License |
The Stripe Python SDK is distributed under the Stripe License, which permits use in connection with Stripe's payment processing services. The full license text is available in the stripe-python repository.
7. License Compliance
Rymeda is committed to full compliance with all open source license terms. Our compliance practices include:
- License auditing: All dependencies are regularly audited for license compliance using automated tooling as part of our CI/CD pipeline.
- Attribution preservation: All copyright notices and license texts from open source packages are preserved in the source code distribution and build artifacts.
- License compatibility: We evaluate license compatibility before introducing new dependencies to ensure they are compatible with the Rymeda platform's licensing model.
- Vulnerability monitoring: Open source dependencies are continuously monitored for known security vulnerabilities and updated promptly when patches are available.
- SBOM generation: A Software Bill of Materials (SBOM) in SPDX format is generated for each release and is available upon request for Enterprise customers.
Complete License Texts: Complete license texts for all open source packages used in the Rymeda platform are included in the source code distribution. Enterprise customers may request a full SBOM and license bundle by contacting legal@rymeda.com.
8. Reporting License Concerns
If you believe that the Rymeda platform uses an open source package in a manner inconsistent with its license terms, or if you are a copyright holder and believe your work is not properly attributed, please contact us immediately. We take license compliance seriously and will investigate all reported concerns promptly.
Reports should include: the name of the package, the applicable license, a description of the concern, and your contact information. Please send reports to legal@rymeda.com.
Contact
For questions about open source licenses, attribution, or compliance: