The first thing I think you need to do is to read the contract very carefully. What does it say about code and interfaces? What constites their web site and what is your supporting infrastructure? The first they can have, the second they can't, or so the contract should read. The question then becomes on which side of the line does the module in question fall?

Have fun,
Carl Forde