Application Developer and API Agreement

Last Revised: November 12th, 2024

This Application Developer & API License Agreement (the “Agreement”) governs your access to and use of the PushPulse application programming interfaces, webhooks, SDKs, developer tools, sample code, documentation, and related materials (collectively, the “APIs”) provided by PushPulse, Inc. (“PushPulse,” “we,” “us,” or “our”). By accessing or using the APIs, you (“Licensee,” “you,” or “your”) agree to be bound by this Agreement. If you are entering into this Agreement on behalf of an organization, you represent that you have authority to bind that organization, and “you” refers to that organization.

1. Definitions

1.1 Application means any software, website, integration, workflow, or service you develop that interacts with the APIs.

1.2 Customer means any organization or individual that has a valid account with PushPulse and uses PushPulse products or services.

1.3 Customer Data means information submitted to or collected by PushPulse Services from or about Customers and their end users, including contact lists, message content, incident reports, audit records, audio transmissions, and telemetry.

1.4 Developer Credentials means API keys, OAuth client IDs/secrets, tokens, certificates, and any other credentials issued to you to authenticate to the APIs.

1.5 Documentation means the then‑current technical and usage documentation for the APIs published by PushPulse.

1.6 Marks means names, logos, trade dress, and other brand features of a party.

1.7 PushPulse Services means PushPulse’s hosted software products and services, including mass notifications, incident management, audio communications, custom forms, Access check‑in features, and related components.

1.8 Service Data means operational data about the APIs and PushPulse Services (e.g., logs, diagnostics, performance metrics) that may include limited metadata about API calls.

1.9 High‑Risk Use means use in which failure or fault of an Application could lead to death or serious bodily injury, or significant physical or environmental damage, including use in life‑support, emergency dispatch as the system of record, air/ground traffic control, or critical infrastructure control.

2. License and Access

2.1 License. Subject to this Agreement, PushPulse grants you a limited, revocable, non‑exclusive, non‑transferable, non‑sublicensable license during the Term to: (a) access and use the APIs to develop, test, and support your Application; (b) display data retrieved via the APIs within your Application to its authorized users; and (c) use the Documentation to support your development.

2.2 Distribution. You may distribute your Application to Customers and other lawful users, provided that: (i) the Application adds material functionality to the APIs or PushPulse Services and does not substantially replicate core PushPulse functionality; (ii) any user of the Application maintains all required PushPulse accounts and consents; and (iii) you do not distribute the APIs themselves.

2.3 Developer Credentials. You must keep Developer Credentials confidential and not share them (including within client‑side code). You must use OAuth where required by the Documentation. You are responsible for all activities under your credentials.

2.4 Rate Limits and Fair Use. You will comply with rate limits and usage thresholds described in the Documentation or otherwise communicated by PushPulse. PushPulse may throttle, suspend, or revoke access if your use negatively impacts the PushPulse Services or exceeds reasonable thresholds.

2.5 Sandbox; Changes; Deprecation. PushPulse may provide sandbox/testing environments. We may modify, discontinue, or deprecate any API, endpoint, or feature upon reasonable notice (which may be via the website, dashboard, or email). For deprecated APIs, PushPulse will provide an overlap period where feasible; after deprecation, calls may fail.

3. Acceptable Use & Restrictions

You will not, and will not permit any third party to:

3.1 Misuse. (a) reverse engineer or derive source code from the APIs (except to the extent such restriction is prohibited by law), (b) access the APIs for competitive analysis, benchmarking, or to build a competing service, (c) interfere with or degrade the APIs, (d) remove or alter any notices, or (e) use any undocumented or private APIs.

3.2 Data Restrictions. (a) Cache, store, or use Customer Data beyond what is necessary for your Application’s functionality; (b) sell Customer Data; (c) combine Customer Data with third‑party datasets in a manner that would violate applicable law or PushPulse policies; or (d) attempt to re‑identify anonymized data.

3.3 Security & Authentication. Circumvent or disable authentication, authorization, or security features; share Developer Credentials; or use a single set of credentials across multiple unrelated Applications or organizations.

3.4 Messaging Compliance. Use the APIs to send unlawful, deceptive, or unsolicited communications; violate anti‑spam, robocall, or messaging regulations (including TCPA, CAN‑SPAM, CTIA guidelines); or to initiate emergency calls/SMS without required consents.

3.5 High‑Risk Use. Use the APIs for High‑Risk Use. The APIs and PushPulse Services are not a substitute for calling 911/112/999 or other emergency services and must not be used as the sole system for life‑critical alerting or dispatch.

3.6 Prohibited Content. Use the APIs to transmit content that is illegal, harmful, exploitative, harassing, or infringes third‑party rights.

3.7 Branding and Confusion. Misrepresent your relationship with PushPulse; use Marks in a way that is confusing, misleading, or implies sponsorship; or clone the look and feel of PushPulse products.

4. Privacy, Data Use, & Security

4.1 Roles. As between the parties, PushPulse acts as a service provider/processor for Customer Data processed via PushPulse Services. For your Application, you are an independent controller or processor, as applicable, and will provide any legally required notices and obtain all necessary rights and consents for your processing.

4.2 Your Processing. You will process Customer Data only: (a) to provide and improve your Application; and (b) as permitted by this Agreement, your agreement with the Customer (if applicable), and applicable law.

4.3 Sensitive Data. If your Application processes location data, biometric data, audio communications, health‑related information, children’s data, or other sensitive categories, you must: (a) disclose such processing to users; (b) obtain all required consents; and (c) implement appropriate safeguards. HIPAA: PushPulse does not provide the APIs as a HIPAA‑compliant service unless a separate written BAA is executed by PushPulse.

4.4 Security. You will implement administrative, physical, and technical safeguards that are no less protective than industry standard practices, including encryption in transit, secure credential storage, least‑privilege access, vulnerability management, and secure software development practices. On request, you will provide a high‑level description of your security program.

4.5 Incident Notification. You will notify PushPulse without undue delay (and in any event within 72 hours) after becoming aware of any breach of security leading to accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, Customer Data that you process in connection with the APIs, and will reasonably cooperate with PushPulse’s remediation efforts.

4.6 Data Deletion. Upon a Customer’s request or termination of your relationship with a Customer, you will promptly delete or return Customer Data in your possession, unless a longer retention is required by law.

5. Compliance & Certification

5.1 Laws. You will comply with all applicable laws and regulations, including privacy and communications laws (e.g., GDPR, CCPA/CPRA, ePrivacy, TCPA, CAN‑SPAM, CTIA), export control and sanctions, and industry guidelines for emergency communications.

5.2 Regulatory Use. If your Application is used by public safety entities, schools, healthcare, or other regulated industries, you are solely responsible for meeting any additional regulatory or accreditation requirements.

5.3 Audit & Monitoring. PushPulse may monitor API usage for security, compliance, and performance, and may request reasonable information about your Application’s use of the APIs. You agree to cooperate and promptly remediate verified issues.

6. Ownership & Feedback

6.1 Ownership. PushPulse and its licensors own all right, title, and interest in and to the APIs, Documentation, Service Data, and Marks. Except for the limited license in Section 2, no rights are granted.

6.2 Feedback. If you provide ideas, suggestions, or feedback, you grant PushPulse a perpetual, irrevocable, worldwide, royalty‑free license to use and exploit such feedback without restriction.

7. Fees; Support

7.1 Fees. PushPulse may charge fees for API access or usage in accordance with the then‑current pricing or an applicable order. You are responsible for taxes and third‑party costs (e.g., carrier messaging fees) related to your use of the APIs.

7.2 Support. PushPulse may provide developer support as described in the Documentation or an applicable order. PushPulse has no obligation to provide support for your Application to any third party.

8. Third‑Party Services

Your Application may rely on third‑party products or networks (e.g., SMS carriers, voice networks, push notification providers, identity providers, mapping services). PushPulse does not control and is not responsible for third‑party services. You are responsible for complying with their terms.

9. Confidentiality

9.1 Confidential Information. Non‑public information disclosed by a party to the other that is marked or identified as confidential, or that should reasonably be understood to be confidential, including Developer Credentials, security information, and non‑public API specifications.

9.2 Obligations. The receiving party will use confidential information only to exercise its rights and fulfill its obligations under this Agreement, and will protect it using at least the degree of care it uses to protect its own similar information, but no less than reasonable care.

9.3 Exceptions. Information that is: (a) publicly available through no breach; (b) independently developed; or (c) rightfully received from a third party without confidentiality obligations.

9.4 Compelled Disclosure. The receiving party may disclose confidential information when required by law, with reasonable prior notice (if legally permitted).

10. Representations & Warranties; Disclaimers

10.1 Mutual. Each party represents that it has the legal power and authority to enter into this Agreement.

10.2 Your Warranties. You represent and warrant that your Application and your use of the APIs will comply with this Agreement and applicable law, and that you have obtained all necessary rights and consents.

10.3 Disclaimers. THE APIS AND DOCUMENTATION ARE PROVIDED “AS IS” WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON‑INFRINGEMENT, OR THAT THE APIS WILL BE UNINTERRUPTED OR ERROR‑FREE. PUSH PULSE IS NOT RESPONSIBLE FOR DELAYS, FAILURES, OR DAMAGES RESULTING FROM CARRIERS OR NETWORKS.

11. Indemnification

You will defend, indemnify, and hold harmless PushPulse and its affiliates, officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of or related to: (a) your Applications or your use of the APIs; (b) your processing of Customer Data; (c) your breach of this Agreement; or (d) alleged infringement or misappropriation of third‑party rights by your Application.

12. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, COVER, OR PUNITIVE DAMAGES, OR FOR ANY LOSS OF PROFITS, REVENUE, GOODWILL, OR DATA, EVEN IF ADVISED OF THE POSSIBILITY. EXCEPT FOR YOUR PAYMENT OBLIGATIONS OR BREACHES OF SECTIONS 3 (ACCEPTABLE USE), 4 (PRIVACY…), 6 (OWNERSHIP…), OR 9 (CONFIDENTIALITY), EACH PARTY’S TOTAL LIABILITY UNDER THIS AGREEMENT WILL NOT EXCEED THE GREATER OF: (A) THE AMOUNTS PAID OR PAYABLE BY YOU TO PUSH PULSE FOR API ACCESS IN THE 12 MONTHS PRECEDING THE CLAIM; OR (B) US $5,000.

13. Term & Termination

13.1 Term. This Agreement begins when you first access the APIs and continues until terminated.

13.2 Termination by Either Party. Either party may terminate this Agreement for convenience on 30 days’ notice. PushPulse may suspend or terminate immediately if you materially breach this Agreement, if your use poses a security or operational risk, or if required by law.

13.3 Effect. Upon termination, all rights and licenses granted to you terminate and you must cease using the APIs, delete Developer Credentials, and delete Customer Data obtained via the APIs (unless legally required to retain). Sections that by their nature should survive (including 3–6 and 9–15) will survive.

14. Branding; Publicity; Marketplace

14.1 Marks. Subject to PushPulse brand guidelines, PushPulse grants you a limited, revocable right to use the PushPulse name solely to identify that your Application integrates with the PushPulse Services. You will not register domains, social handles, or search keywords incorporating PushPulse Marks.

14.2 Publicity. With your consent, PushPulse may identify you as a developer or partner and may describe your Application.

14.3 Marketplace. If you list your Application in a PushPulse marketplace or directory, additional terms will apply.

15. Export & Sanctions

You will not use or access the APIs in violation of export control or sanctions laws of the United States or any other applicable jurisdiction, including the U.S. Export Administration Regulations and OFAC sanctions. You represent that you are not on any U.S. government restricted list.

16. Government Users

The APIs and Documentation are "commercial computer software" and "commercial computer software documentation" provided with only the rights set forth in this Agreement.

17. Miscellaneous

17.1 Governing Law; Venue. Delaware law without regard to conflicts of law. The parties consent to the exclusive jurisdiction and venue of the state and federal courts located in Wilmington, Delaware for any dispute not subject to arbitration.

17.2 Order of Precedence. If you have a separately executed agreement with PushPulse that expressly governs API access, that agreement controls to the extent of any conflict.

17.3 Assignment. You may not assign this Agreement without PushPulse’s prior written consent, except to an affiliate or in connection with a merger, acquisition, or sale of substantially all assets, with prompt notice.

17.4 Independent Contractors. The parties are independent contractors. This Agreement does not create a partnership, joint venture, or agency relationship.

17.5 Notices. Notices to PushPulse must be sent to legal@pushpulse.com and to: PushPulse, Inc., Attn: Legal, 8 The Green Suite 14212 Dover, DE, 19901. Notices to you may be sent to your developer account email.

17.6 Entire Agreement; Updates. This Agreement is the entire agreement regarding the APIs and supersedes prior or contemporaneous agreements or understandings on this subject. PushPulse may update this Agreement from time to time. If we make material changes, we will provide notice by posting the updated Agreement and updating the Effective Date. Your continued use of the APIs after the updated Effective Date constitutes acceptance.

17.7 Severability; Waiver. If any provision is unenforceable, it will be modified to the minimum extent necessary to make it enforceable, and the remainder will remain in effect. Failure to enforce a provision is not a waiver.

17.8 Equitable Relief. Unauthorized use of the APIs may cause irreparable harm. PushPulse may seek injunctive relief without posting a bond.

18. Service‑Specific Terms (Emergency Communications)

18.1 Emergency Limitations. PushPulse is not a carrier and does not provide emergency calling to public safety answering points (PSAPs). Your Application must clearly disclose to users that the Application and PushPulse Services do not replace calling emergency services and should not be the sole means of emergency notification.

18.2 Trials & Testing. You must not simulate or send test alerts to real emergency channels, first responders, or public endpoints without authorization.

18.3 Location Data. If your Application transmits or processes device or facility location data for alerts, you must implement reasonable accuracy controls, user disclosures, and opt‑outs where required by law.

18.4 Audio Communications. For push‑to‑talk or audio features, you are responsible for obtaining all required one‑party or two‑party recording consents and for complying with applicable wiretap and recording laws.

18.5 Child Safety & Schools. If used in K‑12 or child‑focused contexts, you will comply with COPPA and student privacy laws (e.g., FERPA) as applicable.

19. API Keys & Technical Requirements

19.1 OAuth. Where indicated in the Documentation, you must implement OAuth 2.0 for user‑authorized access and token refresh.

19.2 Webhooks. You must validate webhook signatures (if provided) and respond within required timeouts. Your endpoints must use TLS and be highly available.

19.3 Versioning. You must pin to a specific API version where available and promptly adopt breaking changes before end‑of‑life.

19.4 Testing & Observability. Maintain non‑production testing environments and reasonable logging/monitoring of API interactions; do not log Developer Credentials or sensitive Customer Data.

19.5 Rate Limits & Backoff. Implement exponential backoff and respect Retry‑After headers.

20. Contact

Questions about this Agreement may be directed to legal@pushpulse.com.