Do I need a backend to use ProtectMyAPI?

No. ProtectMyAPI handles API protection without requiring you to build or maintain a backend proxy.

How fast is the setup?

Setup takes about 5 minutes. Create your app in the dashboard, define endpoints, and install the SDK.

What languages does ProtectMyAPI support?

Swift, Kotlin, Flutter, and React Native.

ProtectMyAPI | Secure Mobile APIs in minutes, no backend needed

Faq

Blog

Request access

Last Updated: February 2, 2026 · Version 2.0

Agreement to Terms
Definitions
Description of Service
Eligibility and Account Registration
Account Security and Responsibilities
Subscription Plans and Pricing
Payment Terms
Free Tier and Trials
Usage Limits and Quotas
Acceptable Use Policy
Prohibited Activities
Your Content and Data
Intellectual Property Rights
Third-Party Services and Integrations
API Terms and Developer Obligations
Device Attestation and Security
Service Level Agreement (SLA)
Modifications to Service
Suspension and Termination
Effect of Termination
Disclaimer of Warranties
Limitation of Liability
Indemnification
Dispute Resolution
Governing Law
Changes to Terms
General Provisions
Contact Information

1. Agreement to Terms

1.1 Acceptance

By accessing or using the ProtectMyAPI service ("Service"), website, dashboard, APIs, SDKs, documentation, or any related services, you ("User," "you," or "your") agree to be bound by these Terms of Service ("Terms," "Agreement").

If you are using the Service on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these Terms. In such case, "you" and "your" refer to that organization.

1.2 Binding Agreement

These Terms constitute a legally binding agreement between you and ProtectMyAPI ("Company," "we," "us," or "our"). If you do not agree to all of these Terms, you may not access or use the Service.

1.3 Additional Agreements

Your use of the Service is also governed by:

Our Privacy Policy (https://protectmyapi.com/privacy)
Our Acceptable Use Policy (Section 10 of these Terms)
Any Service-specific terms presented during registration or use
Data Processing Agreement (for Enterprise customers)

In case of conflict, these Terms take precedence unless otherwise specified.

2. Definitions

"Account" means the user account you create to access the Service.

"API" means Application Programming Interface, the programmatic interface through which you access the Service.

"API Key" or "App Token" means the unique authentication credential assigned to your App for accessing the Service.

"App" means a mobile application (iOS or Android) that you configure within our platform to use the Service.

"Content" means any data, text, code, configurations, files, or other materials you upload, submit, or transmit through the Service.

"Device Attestation" means the cryptographic verification process using Apple App Attest or Google Play Integrity to verify that requests originate from legitimate apps on genuine devices.

"Effective Date" means the date when you first accept these Terms or begin using the Service, whichever occurs first.

"Endpoint" means an API endpoint configuration within the Service that proxies requests to a third-party API.

"Fees" means all charges, costs, and payments associated with your use of the Service.

"Organization" means a workspace within the Service where you manage Apps, team members, and billing.

"Personal Data" has the meaning given in our Privacy Policy and applicable data protection laws.

"Secrets" means API keys, tokens, credentials, and other sensitive data you store in the Service's encrypted vault.

"Service" means the ProtectMyAPI platform, including the website, dashboard, APIs, SDKs, documentation, and all related services.

"Subscription" means a paid plan that provides access to specific features and usage limits.

"Third-Party Services" means external services (such as OpenAI, Anthropic, Google AI, Stripe) that integrate with or are accessed through the Service.

"Usage" means any use of the Service measured by API requests, data transfer, storage, or other metrics.

"User" means any individual or entity that accesses or uses the Service.

3. Description of Service

3.1 Service Overview

ProtectMyAPI is a secure API proxy platform designed for mobile applications. The Service provides:

A) Device Attestation

Apple App Attest verification for iOS apps
Google Play Integrity verification for Android apps
Cryptographic proof that requests originate from legitimate apps

B) API Proxy

Secure proxying of API requests to third-party services
Server-side injection of API credentials
Request/response transformation capabilities

C) Secrets Management

Encrypted storage of API keys and credentials
Server-side credential injection
Secret rotation capabilities

D) Analytics and Monitoring

Request logging and analytics
Usage tracking and billing
Error monitoring and debugging

E) Team Collaboration

Multi-user organizations
Role-based access control
Audit logging

3.2 Service Limitations

The Service is designed for mobile application security and API proxy use cases. The Service is NOT:

A general-purpose computing platform
A data storage or hosting service
A replacement for your own security practices
A guarantee against all forms of API abuse

3.3 Supported Platforms

The Service supports:

iOS applications (iOS 14.0+)
Android applications (Android 8.0+)
React Native applications
Flutter applications

3.4 Third-Party API Support

The Service can proxy requests to any HTTP/HTTPS API, including but not limited to:

AI providers (OpenAI, Anthropic, Google AI, Mistral, Cohere, etc.)
Payment processors (with appropriate compliance)
Custom APIs
Any RESTful or GraphQL API

4. Eligibility and Account Registration

4.1 Eligibility Requirements

To use the Service, you must:

Be at least 18 years old, or the age of majority in your jurisdiction
Have the legal capacity to enter into binding contracts
Not be prohibited from using the Service under applicable laws
Not have been previously banned from the Service

4.2 Business Use

If using the Service for business purposes, you represent that:

You have authority to bind your organization
Your organization is legally formed and in good standing
Your use complies with all applicable business regulations

4.3 Account Creation

To access certain features, you must create an Account by providing:

A valid email address
Your name (optional)
A secure password (or OAuth authentication)
Organization name (for business accounts)

You agree to:

Provide accurate, current, and complete information
Update your information as necessary
Keep your login credentials confidential
Accept responsibility for all activities under your Account

4.4 Account Verification

We may require verification of your identity or organization through:

Email verification
Phone verification
Document verification (for Enterprise accounts)
Payment method verification

4.5 One Account Per Person

Each individual may maintain only one Account unless:

You have explicit written permission from us
You are creating separate Accounts for distinct organizations
You are using the Service in a testing/development capacity

Creating multiple Accounts to circumvent usage limits or other restrictions is strictly prohibited.

5. Account Security and Responsibilities

5.1 Credential Security

You are responsible for:

Maintaining the confidentiality of your Account credentials
Using strong, unique passwords
Enabling two-factor authentication (strongly recommended)
Not sharing your Account with unauthorized individuals
Immediately notifying us of any unauthorized access

5.2 API Key Security

For API Keys and Secrets stored in the Service:

Keep your App Tokens confidential
Never expose Secrets in client-side code, logs, or public repositories
Rotate credentials if you suspect compromise
Use environment-specific credentials (development, staging, production)

5.3 Team Member Access

If you add team members to your Organization:

Grant only the minimum necessary permissions
Regularly review and audit team member access
Remove access promptly when no longer needed
You remain responsible for all team member actions

5.4 Unauthorized Access

You must immediately notify us at security@protectmyapi.com if you suspect:

Unauthorized access to your Account
Compromise of your API Keys or Secrets
Any security breach affecting your use of the Service

5.5 Account Recovery

We may provide Account recovery options, but we are not liable for:

Inability to recover an Account due to lost credentials
Delays in Account recovery
Actions taken by unauthorized users before recovery

6. Subscription Plans and Pricing

6.1 Available Plans

We offer the following subscription plans (subject to change):

Free Tier:

Price: $0/month
API Requests: 10,000/month
Apps: 1
Endpoints per App: 3
Team Members: 1
Analytics Retention: 7 days
Support: Community

Pro Plan:

Price: $29/month (or $290/year)
API Requests: 100,000/month
Apps: 10
Endpoints per App: 25
Team Members: 5
Analytics Retention: 30 days
Features: Caching, Request Transformation, Webhooks
Support: Email (48-hour response)

Enterprise Plan:

Price: $99/month (or $990/year)
API Requests: Unlimited
Apps: Unlimited
Endpoints per App: Unlimited
Team Members: Unlimited
Analytics Retention: 365 days
Features: All Pro features + SSO (coming soon)
Support: Priority email (24-hour response)

Custom Plans: Contact sales@protectmyapi.com for custom volume pricing

6.2 Plan Features

Feature availability varies by plan:

Feature	Free	Pro	Enterprise
Device Attestation	✓	✓	✓
API Proxy	✓	✓	✓
Encrypted Secrets	✓	✓	✓
Response Caching	✗	✓	✓
Request Transformation	✗	✓	✓
Webhooks	✗	✓	✓
Custom Domains	✗	✗	✓
SLA Guarantee	✗	✗	99.9%
Dedicated Support	✗	✗	✓

6.3 Pricing Changes

We may modify pricing with at least 30 days' advance notice. Price changes:

Do not affect current billing periods
Apply at the next renewal
May be rejected by canceling before renewal

6.4 Taxes

All prices are exclusive of applicable taxes unless stated otherwise. You are responsible for paying any applicable:

Sales tax
Value-added tax (VAT)
Goods and services tax (GST)
Other similar taxes based on your jurisdiction

7. Payment Terms

7.1 Billing

Paid subscriptions are billed:

Monthly: On the same date each month
Annually: On the anniversary of your subscription start date

7.2 Payment Methods

We accept payment via:

Credit cards (Visa, Mastercard, American Express)
Debit cards
Other methods supported by our payment processor (Stripe)

For Enterprise customers, we may offer:

Invoice billing (Net 30)
ACH/wire transfer
Purchase orders

7.3 Payment Processing

Payments are processed by Stripe, Inc. By making a payment, you also agree to Stripe's Terms of Service. We do not store your full payment card details.

7.4 Automatic Renewal

Subscriptions automatically renew unless:

You cancel before the renewal date
Your payment method fails
We terminate the Service or your Account

7.5 Failed Payments

If payment fails:

We will attempt to charge your payment method again
We may send you notifications about the failed payment
After multiple failures, your Account may be downgraded or suspended
You remain responsible for all outstanding charges

7.6 Refunds

Refund policy:

Monthly subscriptions: No refunds for partial months
Annual subscriptions: Pro-rata refunds available within 30 days
Discretionary refunds may be provided in exceptional circumstances

To request a refund, contact billing@protectmyapi.com.

7.7 Disputes

If you dispute a charge:

Contact us at billing@protectmyapi.com within 30 days
Provide details about the disputed charge
We will investigate and respond within 10 business days

Chargebacks initiated without contacting us first may result in Account suspension.

8. Free Tier and Trials

8.1 Free Tier

The free tier:

Is available to all eligible users
Does not require a credit card
Includes limited features and usage
May be modified or discontinued with notice

8.2 Free Tier Limitations

Free tier accounts are subject to:

Usage limits as specified in Section 6.1
Reduced analytics retention (7 days)
Community-only support
No SLA guarantee

8.3 Free Tier Restrictions

We reserve the right to:

Limit free tier availability in certain regions
Require upgrade for certain features or usage patterns
Suspend free tier accounts that appear abandoned (no activity for 90 days)
Prevent abuse of free tier through multiple account creation

8.4 Trials

We may offer trial periods for paid features:

Trial terms will be communicated at sign-up
Trials automatically convert to paid subscriptions unless canceled
Each user/organization is eligible for one trial per feature

9. Usage Limits and Quotas

9.1 Request Limits

Your plan includes a monthly limit on API requests:

Free: 10,000 requests/month
Pro: 100,000 requests/month
Enterprise: Unlimited (fair use policy applies)

Requests are counted when they reach our proxy servers, regardless of whether the upstream API call succeeds.

9.2 Quota Reset

Usage quotas reset:

Monthly on your billing date
Unused quota does not roll over

9.3 Overage Handling

When you reach your request limit:

At 80% Usage: Warning notification sent to account administrators

At 90% Usage: Urgent warning notification sent, upgrade recommendation provided

At 100% Usage: API requests return HTTP 429 (Too Many Requests), dashboard remains accessible, you may upgrade to restore service immediately

9.4 Rate Limiting

In addition to monthly quotas, requests are rate-limited:

Per-device rate limits (configurable per endpoint)
Per-IP rate limits (configurable per endpoint)
Global rate limits for platform stability

Exceeding rate limits results in temporary request rejection (HTTP 429).

9.5 Fair Use

Even with "unlimited" plans, usage must be reasonable:

No deliberate waste of resources
No automated systems designed to maximize usage
No redistribution or resale of Service capacity

We reserve the right to contact you if usage appears abnormal and to apply reasonable limits.

9.6 Usage Monitoring

You can monitor your usage:

In the Dashboard under Billing > Usage
Via usage alert notifications
Through the billing API

10. Acceptable Use Policy

10.1 General Principles

You agree to use the Service:

In compliance with all applicable laws
In a manner that does not harm others
In accordance with these Terms
For legitimate business purposes

10.2 Lawful Use

You must comply with all applicable laws, including:

Data protection and privacy laws (GDPR, CCPA, etc.)
Export control and sanctions laws
Intellectual property laws
Consumer protection laws
Anti-money laundering laws
Any laws specific to your industry

10.3 Security Practices

You agree to:

Implement appropriate security measures in your applications
Not circumvent or disable security features of the Service
Report security vulnerabilities responsibly
Cooperate with security investigations

10.4 Responsible Use

You agree to:

Use accurate and truthful information
Respect the rights of others
Not interfere with other users' use of the Service
Not overload or impair the Service

11. Prohibited Activities

11.1 Strictly Prohibited

You may NOT use the Service to:

A) Illegal Activities

Violate any law, regulation, or court order
Facilitate or promote illegal activities
Launder money or finance terrorism
Evade taxes or other legal obligations

B) Harmful Content

Distribute malware, viruses, or malicious code
Engage in phishing or social engineering attacks
Create, distribute, or access child sexual abuse material
Promote violence, terrorism, or hate speech
Harass, threaten, or harm others

C) Fraud and Deception

Impersonate others or misrepresent your identity
Create fake accounts or identities
Engage in fraudulent transactions
Deceive users about the nature of your application

D) Unauthorized Access

Attempt to access other users' accounts or data
Probe, scan, or test vulnerability of the Service
Circumvent authentication or security measures
Access the Service through unauthorized means

E) Service Abuse

Reverse engineer, decompile, or disassemble the Service
Scrape, crawl, or index the Service without permission
Create derivative works based on the Service
Use the Service for competitive analysis
Resell or redistribute the Service

F) Resource Abuse

Generate excessive load on the Service infrastructure
Use automated systems to consume resources wastefully
Cryptocurrency mining using Service resources
Create multiple accounts to circumvent limits

G) Third-Party Violations

Violate terms of third-party APIs accessed through the Service
Use the Service to circumvent rate limits of third-party APIs
Misrepresent your usage to third-party API providers

11.2 Content Restrictions

You may NOT transmit through the Service:

Illegal content in any jurisdiction
Content that infringes intellectual property rights
Spam or unsolicited commercial messages
Sensitive personal data without proper authorization
Regulated data (health, financial) without compliance measures

11.3 Enforcement

Violation of these prohibitions may result in:

Warning and request to cease activity
Temporary suspension of Account
Permanent termination of Account
Legal action
Reporting to law enforcement

12. Your Content and Data

12.1 Ownership

You retain all ownership rights to:

Content you upload to the Service
Data you transmit through the Service
Secrets you store in our vault
Configurations you create

12.2 License Grant

By using the Service, you grant us a limited license to:

Store and process your Content as necessary for the Service
Create backups of your Content for disaster recovery
Analyze anonymized usage patterns to improve the Service
Display your Content to authorized users you designate

This license:

Is non-exclusive and royalty-free
Is limited to operating the Service
Does not transfer ownership
Terminates when you delete your Content or Account

12.3 Content Responsibility

You are solely responsible for:

The legality of your Content
Ensuring you have rights to use and share your Content
Backing up your Content
The accuracy of your Content

12.4 Content Removal

We may remove Content that:

Violates these Terms
Is illegal
Is reported by third parties with valid claims
Poses security risks

We will notify you of removal when legally permitted.

12.5 Data Processing

We process your data in accordance with our Privacy Policy. For users subject to GDPR or similar laws, we act as a data processor for Customer Data and a data controller for Account information.

12.6 Data Portability

You may export your data:

Through the Dashboard export feature
By contacting support for bulk exports
In standard formats (JSON, CSV)

12.7 Data Retention

After Account deletion:

Your Content is deleted within 90 days
Backups are deleted within 90 days
Anonymized analytics may be retained indefinitely
Legal hold data may be retained as required

13. Intellectual Property Rights

13.1 Our Intellectual Property

The Service and its components are protected by intellectual property laws. We own or license:

The ProtectMyAPI name, logo, and branding
The Service software, code, and architecture
Documentation, tutorials, and written content
APIs, SDKs, and developer tools
User interface designs and user experience
Patents, trade secrets, and know-how

13.2 Restrictions

You may NOT:

Copy, modify, or distribute our intellectual property
Use our trademarks without written permission
Create derivative works based on the Service
Reverse engineer or decompile the Service
Remove copyright or trademark notices

13.3 SDK License

Our SDKs (iOS, Android, React Native, Flutter) are provided under the MIT License, which permits:

Commercial and non-commercial use
Modification and distribution
Private use

Subject to including the copyright notice and license.

13.4 Feedback

If you provide feedback, suggestions, or ideas about the Service, you grant us a perpetual, irrevocable, royalty-free license to use that feedback for any purpose without compensation to you.

13.5 Third-Party Intellectual Property

Respect the intellectual property rights of others:

Only use Content you own or have rights to
Do not infringe copyrights, trademarks, or patents
Respond promptly to valid infringement claims

13.6 DMCA Compliance

We comply with the Digital Millennium Copyright Act (DMCA). To report copyright infringement, send a notice to:

DMCA Agent
Email: legal@protectmyapi.com
Subject: DMCA Takedown Notice

Include:

Your contact information
Identification of the copyrighted work
Identification of the infringing material
A statement of good faith belief
A statement under penalty of perjury
Your physical or electronic signature

14. Third-Party Services and Integrations

14.1 Third-Party APIs

The Service allows you to proxy requests to third-party APIs. You acknowledge:

A) Separate Agreements

Your use of third-party APIs is subject to their terms of service
You must comply with third-party API terms independently
We are not a party to your agreement with third-party providers

B) Third-Party Terms

Common third-party providers and their terms:

OpenAI: https://openai.com/terms
Anthropic: https://www.anthropic.com/terms
Google AI: https://ai.google.dev/terms
Mistral: https://mistral.ai/terms
Cohere: https://cohere.com/terms

C) Responsibility

You are responsible for compliance with third-party terms
We are not liable for third-party service outages or changes
Third-party rate limits and quotas apply independently

14.2 Payment Processor

Payments are processed by Stripe, Inc.:

Stripe's terms apply to payment processing
Your payment data is handled by Stripe
We do not store full payment card details

14.3 Authentication Providers

If you use social login (Google, GitHub, Apple):

Those providers' terms apply to authentication
We receive limited profile information as described in our Privacy Policy
You can unlink accounts at any time

14.4 No Endorsement

Our integration with third-party services does not imply:

Endorsement by us of those services
Endorsement by those services of us
Any partnership or affiliation

14.5 Third-Party Changes

We are not responsible for:

Changes to third-party APIs or services
Third-party service outages or discontinuation
Price changes by third-party providers
Data handling by third-party services

15. API Terms and Developer Obligations

15.1 API Access

Access to our API is subject to:

Valid Account and subscription
Compliance with these Terms
Rate limits and quotas
API-specific documentation

15.2 API Keys

API Keys (App Tokens):

Are unique to each App
Must be kept confidential
Should not be shared or published
Can be regenerated if compromised

15.3 Developer Responsibilities

As a developer using our Service, you must:

A) Proper Implementation

Follow our SDK documentation
Implement device attestation correctly
Handle errors gracefully
Keep SDKs updated

B) User Privacy

Have a privacy policy for your app
Disclose use of device attestation
Handle user data appropriately
Comply with app store guidelines

C) Security

Store Secrets securely
Use HTTPS for all communications
Implement proper authentication in your app
Report security issues responsibly

15.4 App Store Compliance

You are responsible for:

Compliance with Apple App Store guidelines
Compliance with Google Play Store policies
Any app review or rejection issues
Disclosures required by app stores

15.5 API Changes

We may modify the API with notice:

Non-breaking changes: May be made without notice
Breaking changes: 30 days' notice when possible
Emergency changes: May be made immediately for security

15.6 API Deprecation

When deprecating API features:

We will provide at least 6 months' notice
Deprecated features will continue working during the notice period
Migration guides will be provided

16. Device Attestation and Security

16.1 Attestation Requirements

Device attestation is a core security feature. You understand:

A) Requirements

iOS apps must implement Apple App Attest
Android apps must implement Google Play Integrity
Attestation is cryptographic and hardware-backed

B) Limitations

Attestation cannot guarantee 100% security
Rooted/jailbroken devices may be detected and blocked
Debug builds are blocked by default in production

C) Configuration

You can configure attestation requirements per app
Stricter settings improve security but may block some devices
You are responsible for choosing appropriate settings

16.2 Security Model

The Service's security model:

A) What We Protect

API keys are never exposed to client devices
Requests are verified through device attestation
Per-device rate limiting prevents abuse

B) What We Cannot Protect

Your own app's security vulnerabilities
Compromised backend systems
Social engineering attacks
Insider threats

16.3 Security Best Practices

We recommend:

Using the highest attestation level feasible
Implementing additional security measures in your app
Regularly rotating Secrets
Monitoring analytics for anomalies
Keeping SDKs updated

16.4 No Guarantee

While we employ robust security measures, we cannot guarantee:

Complete elimination of API abuse
Protection against all attack vectors
Zero vulnerabilities in the Service
Immunity from sophisticated attacks

17. Service Level Agreement (SLA)

17.1 Availability Commitment

For Enterprise customers with SLA:

Target uptime: 99.9% monthly
Measured excluding scheduled maintenance
Calculated per calendar month

17.2 Calculating Uptime

Uptime = (Total Minutes - Downtime Minutes) / Total Minutes × 100%

Downtime is when the API is completely unavailable, not including:

Scheduled maintenance (with 48 hours' notice)
Customer-side issues
Third-party service outages
Force majeure events

17.3 Service Credits

If we fail to meet the SLA:

Monthly Uptime	Service Credit
< 99.9% - >= 99%	10%
< 99% - >= 95%	25%
< 95%	50%

Credits are applied to future invoices, not refunded in cash.

17.4 Claiming Credits

To claim credits:

Submit a request within 30 days of the incident
Include affected times and impact
Email sla@protectmyapi.com

17.5 Exclusions

SLA does not apply to:

Free tier accounts
Pro plan accounts (unless purchased as add-on)
Beta features
Sandbox/development environments

18. Modifications to Service

18.1 Service Changes

We may modify the Service at any time, including:

Adding new features
Removing features with notice
Changing functionality
Updating interfaces

18.2 Notice of Changes

We will provide notice of material changes:

Email notification for significant changes
In-dashboard announcements
Documentation updates
Changelog posts

18.3 Feature Deprecation

When removing features:

30 days' notice for non-critical features
90 days' notice for critical features
Migration assistance when feasible

18.4 Emergency Changes

We may make immediate changes without notice for:

Security vulnerabilities
Legal compliance
Service stability
Preventing abuse

19. Suspension and Termination

19.1 Termination by You

You may terminate your Account at any time:

Through Dashboard: Settings > Account > Delete Account
By contacting support@protectmyapi.com

Upon your termination:

Access is revoked at the end of the current billing period
No refunds for partial periods (except as stated in Section 7.6)
Data is retained per our Privacy Policy deletion schedule

19.2 Termination by Us

We may terminate or suspend your Account:

A) For Cause (Immediate)

Violation of these Terms
Fraudulent or illegal activity
Failure to pay after notice
Abusive behavior toward staff
Actions that harm other users

B) Without Cause

With 30 days' written notice
Pro-rata refund of prepaid amounts

19.3 Suspension

We may suspend (rather than terminate) for:

Suspected security compromise
Investigation of Terms violations
Payment issues (temporary suspension)
Unusual activity requiring verification

During suspension:

You cannot access the Service
Your data is preserved
Billing may continue (depending on cause)

19.4 Appeals

If you believe termination was in error:

Contact legal@protectmyapi.com within 30 days
Provide relevant information
We will review and respond within 14 days

20. Effect of Termination

20.1 Upon Termination

When your Account is terminated:

A) Immediate Effects

Access to the Service is revoked
API Keys stop working
Dashboard access is removed

B) Data Handling

Content deletion begins per Privacy Policy
Backup data deleted within 90 days
Some data may be retained for legal compliance

C) Billing

Outstanding charges remain due
Prepaid amounts handled per refund policy
Auto-renewal stops

20.2 Survival

The following provisions survive termination:

Section 7 (Payment Terms) – for outstanding amounts
Section 12 (Your Content) – regarding retained data
Section 13 (Intellectual Property)
Section 21 (Disclaimer of Warranties)
Section 22 (Limitation of Liability)
Section 23 (Indemnification)
Section 24 (Dispute Resolution)
Section 25 (Governing Law)

20.3 No Liability

We are not liable for any consequences of termination, including:

Loss of access to Content
Business interruption
Lost profits or revenue
Costs of replacement services

21. Disclaimer of Warranties

21.1 "As Is" Basis

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED.

21.2 Disclaimer

TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE DISCLAIM ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO:

A) Implied Warranties

Merchantability
Fitness for a particular purpose
Non-infringement
Accuracy or completeness

B) Specific Disclaimers

No guarantee of uninterrupted service
No guarantee of error-free operation
No guarantee that defects will be corrected
No guarantee regarding security or data protection

21.3 Third-Party Services

We make no warranties regarding third-party services, including:

Availability or performance
Accuracy of results
Security of data
Compliance with their terms

21.4 Beta Features

Beta or experimental features are provided without any warranty and may:

Contain bugs or errors
Change without notice
Be discontinued at any time

21.5 Jurisdictional Limitations

Some jurisdictions do not allow disclaimer of implied warranties. In such jurisdictions, our liability is limited to the maximum extent permitted by law.

22. Limitation of Liability

22.1 Exclusion of Damages

TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE SHALL NOT BE LIABLE FOR:

A) Indirect Damages

Incidental damages
Special damages
Consequential damages
Punitive damages

B) Specific Exclusions

Loss of profits or revenue
Loss of data or content
Loss of business opportunities
Business interruption
Cost of substitute services
Reputational harm

22.2 Liability Cap

OUR TOTAL LIABILITY FOR ALL CLAIMS ARISING FROM OR RELATED TO THESE TERMS OR THE SERVICE SHALL NOT EXCEED:

The greater of:

The amount you paid us in the 12 months preceding the claim, OR
One hundred US dollars ($100)

22.3 Exceptions

These limitations do not apply to:

Liability that cannot be limited by law
Death or personal injury caused by negligence
Fraud or fraudulent misrepresentation
Gross negligence or willful misconduct

22.4 Essential Purpose

These limitations apply even if:

We have been advised of the possibility of such damages
A remedy fails of its essential purpose

22.5 Allocation of Risk

You acknowledge that:

The Service pricing reflects this risk allocation
These limitations are essential to the agreement
You have had opportunity to review these terms

23. Indemnification

23.1 Your Indemnification

You agree to indemnify, defend, and hold harmless ProtectMyAPI and its officers, directors, employees, agents, and affiliates from any claims, damages, losses, costs, and expenses (including legal fees) arising from:

Your use of the Service
Your Content
Your violation of these Terms
Your violation of any third-party rights
Your violation of any applicable laws
Your applications and how they use the Service
Actions of users of your applications

23.2 Indemnification Procedure

Upon receiving a claim, we will:

Notify you promptly
Allow you to assume defense (subject to our approval of counsel)
Cooperate with your defense
Not settle without your consent (which shall not be unreasonably withheld)

23.3 Our Indemnification (Enterprise Only)

For Enterprise customers, we will indemnify you against claims that the Service infringes third-party intellectual property rights, subject to:

Written terms in your Enterprise agreement
Prompt notification of claims
Control of defense and settlement

24. Dispute Resolution

24.1 Informal Resolution

Before initiating formal proceedings, you agree to:

Contact us at legal@protectmyapi.com
Describe the dispute in detail
Attempt good-faith resolution for 30 days

24.2 Arbitration Agreement

If informal resolution fails, disputes shall be resolved by binding arbitration, except:

Either party may seek injunctive relief in court
Small claims court is available for qualifying disputes

Arbitration will be conducted:

By a single arbitrator
Under the rules of the American Arbitration Association (AAA)
In the English language
Remotely via video conference (or in-person in Delaware if required)

24.3 Class Action Waiver

YOU AND PROTECTMYAPI AGREE THAT:

Disputes will be resolved individually
Neither party will participate in class actions
Neither party will participate in collective arbitration
Neither party will participate in representative proceedings

24.4 Exceptions

This arbitration agreement does not apply to:

Intellectual property disputes
Emergency injunctive relief
Claims within small claims court jurisdiction

24.5 Opt-Out

You may opt out of arbitration by:

Sending written notice within 30 days of accepting these Terms
Email: legal@protectmyapi.com
Subject: "Arbitration Opt-Out"
Include your Account email and statement of opt-out

25. Governing Law

25.1 Applicable Law

These Terms are governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to conflict of law principles.

25.2 Jurisdiction

Subject to the arbitration agreement, any legal proceedings shall be brought exclusively in:

State courts of Delaware, or
Federal courts in Delaware

You consent to personal jurisdiction in these courts.

25.3 International Users

If you access the Service from outside the United States:

You are responsible for compliance with local laws
You consent to data transfer to the United States
Local consumer protection laws may apply

26. Changes to Terms

26.1 Modifications

We may modify these Terms at any time. Changes become effective:

For material changes: 30 days after notice
For non-material changes: Upon posting
For changes required by law: Immediately

26.2 Notice

We will notify you of material changes via:

Email to your Account email address
In-dashboard notification
Website announcement

26.3 Acceptance

Continued use of the Service after changes constitutes acceptance. If you do not agree to changes:

You may terminate your Account before changes take effect
Contact us to discuss concerns

26.4 Version History

Previous versions of these Terms are available upon request.

27. General Provisions

27.1 Entire Agreement

These Terms, together with the Privacy Policy and any other agreements referenced herein, constitute the entire agreement between you and us regarding the Service.