API TERMS OF SERVICE: RATIO READY

Supplement to: General Terms of Service

These API Terms of Service (“API Terms”) govern your access to and use of the RatioReady Application Programming Interface (the “API”). These terms are incorporated into the RatioReady Master Terms of Service. In the event of a conflict, these API Terms take precedence regarding programmatic access.

1. Licensing and Access Data

1.1 Grant of License

We grant you a limited, non-exclusive, non-assignable, revocable license to access the API solely to integrate RatioReady processing into your own internal business workflows or authorized third-party automation platforms (e.g., Make.com, n8n).

1.2 Authentication Security

Access requires a valid API Key (pk_ for Personal or ptr_ for Partners).

1. Confidentiality: You are strictly responsible for maintaining the secrecy of your keys. You must not embed keys in client-side code (JavaScript), public GitHub repositories, or mobile app binaries where they can be extracted.
2. Compromise: If a key is compromised, you must revoke it immediately via the Dashboard. RatioReady is not liable for credits consumed by unauthorized parties using a leaked key.

1.3 No "Wrapper" Services

You are expressly prohibited from using the API to build a website, app, or service that "wraps" or "clones" RatioReady's functionality for resale to third parties without a signed Enterprise Reseller Agreement.

2. Rate Limits and Infrastructure Integrity

To ensure the stability of our Hetzner-based GPU clusters and protect against Distributed Denial of Service (DDoS) patterns, the following limits apply:

2.1 Standard Throttling

100 requests per minute (RPM) for metadata/account calls; 20 RPM for AI-processing endpoints.

2.2 Burst Management

We utilize Cloudflare Advanced Rate Limiting. Coordinated "bursts" across multiple accounts from the same IP range will be flagged as a security threat.

2.3 Exponential Backoff

Your client must respect 429 Too Many Requests status codes and the Retry-After header. Failure to implement exponential backoff may result in an automated IP-level block.

3. Trade Secret & Anti-Reverse Engineering

3.1 Logic Harvesting Prohibited

You may not use the API to perform "parameter sweeps"—submitting repetitive, slightly varied requests to map our internal upscaling weights, ratio-logic, or PSD smart-object replacement sequences.

3.2 Systematic Extraction

Using the API to extract data for the purpose of training a competing machine learning model or "mirroring" our production pipeline is a violation of our Protected Trade Secrets and will result in immediate termination and legal action.

3.3 Competitive Ban

As stated in our General Terms, use of the API by employees or agents of a direct competitor is strictly prohibited and constitutes a material breach of contract.

4. Data Handling and "Volatile" Storage

4.1 Temporary Transit

Images submitted via the API are stored in our secure Germany (EU) data centers.

4.2 Automatic Purge

• Processed assets are purged 30 minutes after completion.
• Batch ZIP archives are purged after 24 hours.

Warning: It is your responsibility to poll the /v1/status endpoint and download results immediately. We do not provide persistent storage.

4.3 SSL/TLS Requirement

All API communication must occur over TLS 1.3. Requests over unencrypted channels or outdated protocols (TLS 1.1 or lower) will be rejected.

5. Credit Consumption and Billing

5.1 Real-Time Deduction

Credits are deducted from your balance the moment a job hits the processing queue.

5.2 Error Refunds

If a job returns a 5XX Server Error, credits are automatically refunded. Credits are not refunded for 4XX errors (e.g., User submitted a corrupted file or invalid URL).

5.3 Balance Checks

To prevent workflow interruptions, your middleware should check the /v1/account/balance endpoint. We are not liable for business losses caused by 402 Payment Required interruptions.

6. Service Evolution and Deprecation

6.1 Versioning

We follow Semantic Versioning (SemVer). Breaking changes will be introduced in new versions (e.g., /v2/).

6.2 Deprecation Notice

We will provide at least 60 days' notice via email before retiring a legacy API version. It is your responsibility to migrate your integrations (Make.com/n8n) within this window.

6.3 "As-Is" Nature

We provide the API "As-Is." We do not guarantee that the API will be compatible with all third-party middleware or custom environments.

7. Automated Enforcement & Termination

7.1 Honeypot Endpoints

Our API documentation may contain "Honeypot" endpoints. Any request to these undocumented, invisible endpoints is considered proof of a malicious bot/scraper and will trigger an instant, permanent account ban.

7.2 Behavioral Monitoring

We monitor for "non-human" API usage patterns. If we detect high-frequency polling that suggests an attempt to "stress test" our infrastructure, we reserve the right to revoke your API key without a refund.

8. Indemnification

You agree to indemnify and hold Your Brand Assistant LLC harmless from any claims, losses, or damages (including legal fees) arising from:

1. Your integration of the API into a third-party product.
2. Any data breach occurring on your servers or within your middleware (Make.com/Zapier/LateNode).
3. Your violation of any third-party intellectual property rights via the API.

9. Contact

For technical API support or to report a security vulnerability, contact our engineering team at support@ratioready.com.