API Acceptable Use Policy
1. Scope
This policy governs all programmatic access to the Future Proof Website API (the
"API"), including the public audit endpoint (/api/audit) and the agent
surfaces (/mcp and /a2a). By calling the API — with or without
an API key — you ("you", "the consumer") agree to this policy. If you do not agree, do
not use the API. It complements our general
Terms of Use.
The API scans publicly accessible URLs and returns an automated AI-readiness assessment. It is a read-only analysis service provided by Paul Masterson, trading as datavision.ie, Ireland.
2. Access tiers
- Open tier (no key). A rate-limited anonymous tier exists so that AI agents, evaluators, and people trying the service can call the API without signing up. It is capped (see §4) and offered as is.
- Keyed tier (request access). Production, higher-volume, or partner use requires an API key, issued on request. Keys are personal to your account, metered, and revocable. For server-to-server use we may bind a key to an IP allowlist; keyed calls must be made server-side only (see §5).
We may decline, suspend, or revoke access at our discretion — in particular for any breach of this policy.
3. Acceptable use
You may use the API to assess sites you own or are authorised to assess, to build tools and integrations, and to surface results to your own users (with attribution where reasonable).
You must not:
- exceed, evade, or circumvent rate limits or quotas (for example by rotating keys or IP addresses to multiply an allocation);
- resell, sublicense, or repackage raw API access as if it were your own API, or redistribute bulk results as a competing dataset;
- use the API to scan sites you have no right to assess where doing so would breach the target's terms, or to facilitate any unlawful, infringing, or abusive activity;
- attempt to overload, disrupt, probe, or reverse-engineer the service beyond what the documented endpoints return (security testing is covered separately — see §7);
- misrepresent the source or meaning of results (see §8).
4. Rate limits & fair use
The open tier is rate-limited per client; keyed tiers carry the limits and quota
attached to your plan. Exceeding a limit returns 429 Too Many Requests —
back off and retry rather than hammering the endpoint. Limits may change; material
changes will be reflected in the API
documentation.
5. API key handling
If you hold a key, you are responsible for keeping it secret:
- treat it like a password — never embed it in browser or client-side code, mobile apps, public repositories, or shared logs; keyed calls are server-side only;
- send it only in the
Authorization: Bearer …header over HTTPS — never in a URL or query string; - rotate it immediately if you suspect exposure, and tell us; you may hold more than one key for zero-downtime rotation;
- you are responsible for all usage under your key until it is revoked.
6. Data & privacy
The API processes the public content of the URL you submit. Do not submit URLs that expose personal data you are not entitled to process, or content behind a login you lack the rights to access. We log requests (timestamp, endpoint, key or IP, target URL, and response status) for security, abuse-prevention, billing, and service-quality purposes, retained for a limited period. You remain the controller for any URLs and targets you choose to submit; we process the request metadata you send to operate and protect the service. Handle any personal data in results in line with the EU GDPR and the Irish Data Protection Act 2018. See our Privacy Policy for how we handle personal data generally.
7. Security & vulnerability reporting
Found a security issue in the API? Report it responsibly via the contact in our security.txt. Please don't test against production beyond what is needed to demonstrate the issue, and don't access or alter other users' data. We will not pursue good-faith research that follows that process.
8. Results are informational
API results are an automated, point-in-time assessment provided "as is", without warranty of accuracy, completeness, or fitness for a particular purpose. They are guidance, not a guarantee or certification of any outcome. You are responsible for decisions you make based on them. To the fullest extent permitted by law, we exclude liability for losses arising from use of the API or reliance on its results. Nothing here limits any liability that cannot be limited under applicable law.
9. Suspension & termination
We may suspend or terminate access (including revoking keys) immediately for breach of this policy, suspected abuse, or to protect the service or other users. You may stop using the API at any time; on termination you must stop calling it and delete any keys.
10. Changes
We may update this policy. The "last updated" date above reflects the current version and material updates will be noted in the API documentation. Continued use after a change means you accept it.