API Usage Policy
Effective Date: 22 June 2025
1. General API Overview
Purpose of the API
- Our API lets clients upload and retrieve client-side–encrypted data stored on our platform.
- Because encryption occurs in the browser, we cannot access decrypted data.
- The API gives full programmatic access to encrypted content, so customers can integrate it without exposing plaintext data to us.
API Documentation
- Complete docs—endpoints, examples, and usage notes—are available on our website and GitHub.
Public vs. Private Endpoints
- Basic endpoints may be open to all registered developers.
- Advanced or high-volume features require an active subscription on specific plans.
2. Access & Authentication
API Keys
- Access is granted via API keys that uniquely identify your account.
Key Provisioning
- Each developer receives one or more API keys tied to their account (and optionally to a domain).
Key Security
- You are responsible for keeping keys secret.
- If a key is compromised, email mark@0am.ch immediately so we can revoke or re-issue credentials.
3. Rate Limits & Usage Restrictions
Call Limits
- Requests per minute/hour/other interval depend on your subscription tier.
Data Transfer Limits
- No separate hard response-size limits, but overall usage counts toward your plan’s data allowance.
Fair / Acceptable Use
- Prohibited: artificially inflating request counts, stressing infrastructure, or violating the Terms of Service.
- We may suspend or terminate abusive or harmful accounts.
- Compliance with laws/regulations for your end users is solely your responsibility.
4. Data Usage & Privacy
User-Data Protection
- The API returns encrypted data; only you or your end users can decrypt it.
- You must securely handle any decrypted data.
Retention & Deletion
- We impose no specific retention rules on downloaded data, but you must honor applicable data-protection laws and your own end-user agreements.
Compliance
- We do not process personal user info beyond what is needed for encrypted storage.
- GDPR or other privacy obligations for end-user data rest with you, the developer.
5. Intellectual Property & License
Ownership of Data & Code
- We own the platform, API code, and libraries.
- Encrypted user data remains the property of its owners; we store it but claim no rights over it.
License Type
- You receive a limited, non-exclusive, revocable license to use the API and libraries, provided you comply with this Policy and maintain any required subscription.
Branding & Trademarks
- Mentioning or displaying our logo is optional—but appreciated if you do.
6. Security Requirements
API Security
- Follow best practices to protect data and prevent exploits (e.g., XSS).
Reporting Vulnerabilities
- Report any security issues to mark@0am.ch. Email is the preferred channel if no formal form exists.
Prohibited Actions
- Reverse-engineering, tampering with authentication, or intentional security probing (outside responsible disclosure) is forbidden.
7. Fees & Payment
Paid Plans
- API usage is included in each subscription tier (Essential, Professional, etc.).
- No extra fees beyond your plan’s subscription cost.
Overage Billing
- Up to a 10 % buffer beyond plan limits prevents immediate interruptions.
- Alerts are sent at 80 % usage.
- If you exceed the buffer, the API may stop functioning until you upgrade.
- We do not currently charge automatic overage fees.
8. Warranties & Liabilities
Service Level Agreement (SLA)
- We aim for high availability but provide no formal SLA. Service is best-effort.
Disclaimer
- The API is provided “as is,” with no warranties of accuracy, reliability, or availability.
Indemnification
- We are not liable for your end users’ actions or damages from your integration. You must handle disputes or legal claims.
9. Termination & Suspension
Termination Rights
- We may suspend or revoke API access for Policy breaches, non-payment, or misuse.
Data Retention After Termination
- We aim to delete data tied to terminated accounts as soon as feasible.
- You must cease using or storing data obtained via the API once access ends.
10. Modification of the API
Versioning
- We strive for backward compatibility. Major changes will trigger a new API version and a migration period.
Advance Notice
- For breaking changes, we give at least one month’s notice via email or the developer dashboard.
- Minor non-breaking updates may occur without extensive notice.
11. Policy Updates
Notification Method
- Significant changes are announced via email and/or notices on the developer dashboard.
Effective Date
- Updates take effect when posted unless stated otherwise.
- Continued API use after updates means you accept the revised Policy.
12. Contact Us
If you have questions or need help with your integration, email mark@0am.ch.
Thank you for choosing 0am.ch. We look forward to supporting your secure encryption and data-management needs.