API Usage Policy

Effective Date: 22 June 2025

1. General API Overview

Purpose of the API

  • Our API lets clients upload and retrieve client-side–encrypted data stored on our platform.
  • Because encryption occurs in the browser, we cannot access decrypted data.
  • The API gives full programmatic access to encrypted content, so customers can integrate it without exposing plaintext data to us.

API Documentation

  • Complete docs—endpoints, examples, and usage notes—are available on our website and GitHub.

Public vs. Private Endpoints

  • Basic endpoints may be open to all registered developers.
  • Advanced or high-volume features require an active subscription on specific plans.

2. Access & Authentication

API Keys

  • Access is granted via API keys that uniquely identify your account.

Key Provisioning

  • Each developer receives one or more API keys tied to their account (and optionally to a domain).

Key Security

  • You are responsible for keeping keys secret.
  • If a key is compromised, email mark@0am.ch immediately so we can revoke or re-issue credentials.

3. Rate Limits & Usage Restrictions

Call Limits

  • Requests per minute/hour/other interval depend on your subscription tier.

Data Transfer Limits

  • No separate hard response-size limits, but overall usage counts toward your plan’s data allowance.

Fair / Acceptable Use

  • Prohibited: artificially inflating request counts, stressing infrastructure, or violating the Terms of Service.
  • We may suspend or terminate abusive or harmful accounts.
  • Compliance with laws/regulations for your end users is solely your responsibility.

4. Data Usage & Privacy

User-Data Protection

  • The API returns encrypted data; only you or your end users can decrypt it.
  • You must securely handle any decrypted data.

Retention & Deletion

  • We impose no specific retention rules on downloaded data, but you must honor applicable data-protection laws and your own end-user agreements.

Compliance

  • We do not process personal user info beyond what is needed for encrypted storage.
  • GDPR or other privacy obligations for end-user data rest with you, the developer.

5. Intellectual Property & License

Ownership of Data & Code

  • We own the platform, API code, and libraries.
  • Encrypted user data remains the property of its owners; we store it but claim no rights over it.

License Type

  • You receive a limited, non-exclusive, revocable license to use the API and libraries, provided you comply with this Policy and maintain any required subscription.

Branding & Trademarks

  • Mentioning or displaying our logo is optional—but appreciated if you do.

6. Security Requirements

API Security

  • Follow best practices to protect data and prevent exploits (e.g., XSS).

Reporting Vulnerabilities

  • Report any security issues to mark@0am.ch. Email is the preferred channel if no formal form exists.

Prohibited Actions

  • Reverse-engineering, tampering with authentication, or intentional security probing (outside responsible disclosure) is forbidden.

7. Fees & Payment

Paid Plans

  • API usage is included in each subscription tier (Essential, Professional, etc.).
  • No extra fees beyond your plan’s subscription cost.

Overage Billing

  • Up to a 10 % buffer beyond plan limits prevents immediate interruptions.
  • Alerts are sent at 80 % usage.
  • If you exceed the buffer, the API may stop functioning until you upgrade.
  • We do not currently charge automatic overage fees.

8. Warranties & Liabilities

Service Level Agreement (SLA)

  • We aim for high availability but provide no formal SLA. Service is best-effort.

Disclaimer

  • The API is provided “as is,” with no warranties of accuracy, reliability, or availability.

Indemnification

  • We are not liable for your end users’ actions or damages from your integration. You must handle disputes or legal claims.

9. Termination & Suspension

Termination Rights

  • We may suspend or revoke API access for Policy breaches, non-payment, or misuse.

Data Retention After Termination

  • We aim to delete data tied to terminated accounts as soon as feasible.
  • You must cease using or storing data obtained via the API once access ends.

10. Modification of the API

Versioning

  • We strive for backward compatibility. Major changes will trigger a new API version and a migration period.

Advance Notice

  • For breaking changes, we give at least one month’s notice via email or the developer dashboard.
  • Minor non-breaking updates may occur without extensive notice.

11. Policy Updates

Notification Method

  • Significant changes are announced via email and/or notices on the developer dashboard.

Effective Date

  • Updates take effect when posted unless stated otherwise.
  • Continued API use after updates means you accept the revised Policy.

12. Contact Us

If you have questions or need help with your integration, email mark@0am.ch.

Thank you for choosing 0am.ch. We look forward to supporting your secure encryption and data-management needs.

Legal