CarsDataset API — Terms of Service

Last updated: 10 April 2026 · Version 1.0 · Supplements the general Terms of Service

These API Terms of Service ("API Terms") govern Customer's access to and use of the CarsDataset application programming interface (the "API") operated by Knitted Logic, obrt za IT usluge, vl. Vedran Balagović ("Provider"). These API Terms supplement and incorporate by reference the general CarsDataset Terms of Service. In case of conflict between the general Terms and these API Terms with respect to API usage, these API Terms control.

1. Access Grant

Subject to Customer's active paid subscription and compliance with these API Terms and the general Terms of Service, Provider grants Customer a non-exclusive, non-transferable, non-sublicensable, revocable right to access the API and to use the data returned by the API (the "API Data") solely for Customer's internal business purposes and within Customer's own applications serving Customer's own end users, subject to the restrictions below.

2. API Keys & Authentication

Issuance. Upon successful subscription payment, Provider will issue an API key to the email address associated with Customer's payment method. The key is transmitted via email once; Provider does not retain a recoverable plaintext copy.

Confidentiality. API keys are confidential credentials equivalent to passwords. Customer shall:

• Not share, publish, or disclose API keys to any third party;
• Not embed API keys in publicly-distributed client-side code (browsers, mobile apps without a server proxy, public GitHub repositories, npm packages, etc.);
• Use a server-side proxy or secret-management system to mediate all API calls from untrusted environments;
• Immediately notify Provider if Customer suspects an API key has been compromised; and
• Promptly rotate keys upon personnel changes or security incidents.

Attribution of activity. All traffic authenticated with Customer's API key is conclusively attributed to Customer, regardless of whether Customer actually authorized that traffic. Customer is responsible for all fees, damages, and consequences of activity conducted under its key, including the acts of its employees, contractors, and any third party that comes into possession of the key by any means.

Key rotation. Customer may request key rotation at any time by emailing vedran@knittedlogic.com. The previous key will be deactivated within twenty-four (24) hours of the new key being issued.

3. Rate Limits & Fair Use

Each subscription tier is associated with rate limits (requests per minute and per day) as stated in the product description at the time of Order. Rate limits are enforced by the API and requests exceeding them will return HTTP 429 responses.

In addition to numeric rate limits, Customer shall use the API in accordance with reasonable and fair usage principles, meaning:

• No bulk enumeration of the database (e.g., iterating through every ID or page to exfiltrate the entire dataset);
• No concurrent connections exceeding ten (10) unless expressly permitted;
• Reasonable back-off on error responses (at least exponential back-off on 429 and 5xx);
• No use of multiple API keys or account-sharding to circumvent limits; and
• No denial-of-service or load-test traffic without prior written approval.

Customers engaging in bulk enumeration patterns indistinguishable from dataset exfiltration may be immediately suspended without notice, in addition to remedies available under Section 12 and the general Terms.

4. Caching & Data Freshness

Customer may cache API responses locally for up to twenty-four (24) hours for the purpose of improving end-user performance and reducing API load. Caching periods longer than 24 hours, or persistent storage of the API Data beyond 30 days, require the equivalent of a one-time dataset License and are not permitted under a subscription alone.

For clarity: using the API to silently build a local copy of the dataset is a material breach of these API Terms regardless of the technical method used, and shall be treated as an attempted circumvention of the license fee for the applicable one-time dataset product.

5. Prohibited Usage Patterns

Customer shall not, and shall not permit any third party to:

1. Use the API to construct, train, fine-tune, or benchmark a publicly-released machine-learning model whose weights or outputs would allow substantial reconstruction of the API Data;
2. Use the API as a backend for a service that re-exposes the API Data to unauthenticated users or via another API;
3. Use the API to compete with, replicate, or substitute for the CarsDataset product;
4. Use the API in any manner that would harm the integrity, security, or performance of the Service;
5. Probe, scan, penetration-test, or attempt to bypass authentication or authorization controls;
6. Submit requests containing illegal content, malicious payloads, or content intended to compromise other users;
7. Use the API from within jurisdictions subject to EU or US comprehensive sanctions;
8. Circumvent, disable, or interfere with security-related features of the API;
9. Use scraping automation tools against either the API endpoints or the CarsDataset website to supplement API data with non-API content;
10. Use the API for any purpose that would require a higher subscription tier than Customer currently holds.

6. End-User Applications

Customer may integrate API responses into Customer's own application(s) for use by Customer's end users, provided that:

• Raw API responses are not exposed as-is to end users in a way that allows them to download the underlying dataset (e.g., no "export to CSV" feature that dumps entire API-Data pages);
• API responses presented to end users are rendered within Customer's UI and combined with Customer's value-adding functionality;
• Customer's end users are bound by terms of service at least as protective of Provider as these API Terms are;
• Customer does not attribute inaccurate data to end users in a way that could cause harm; and
• Customer adds reasonable attribution ("Vehicle specifications via CarsDataset") where feasible.

7. End-User Responsibilities

Customer shall be solely responsible for all acts and omissions of its end users, including any misuse of the API Data received through Customer's application. Provider has no contractual relationship with Customer's end users and no obligation to support them. Claims by end users arising out of the API Data shall be addressed by Customer and are subject to Customer's indemnification obligation under Section 11 of the general Terms.

8. Service Availability & SLA

Provider will use commercially reasonable efforts to maintain API availability, but does not guarantee any specific uptime, latency, or error rate unless separately agreed in a written Enterprise SLA. Scheduled and emergency maintenance may occur without notice. Transient outages, cloud-provider incidents, and third-party network failures do not constitute a breach of these API Terms and do not entitle Customer to any refund or credit.

Customers requiring uptime guarantees, incident response SLAs, or a financial credit mechanism should contact Provider to discuss a custom Enterprise plan.

9. Changes to the API

The API is provided on an evolving basis. Provider may, at any time and without liability:

• Add, modify, deprecate, or remove endpoints, parameters, response fields, or features;
• Change request/response formats in a backward-compatible manner without notice, or in a backward-incompatible manner with at least thirty (30) days' notice to the email on file;
• Change rate limits, quotas, and fair-use policies with at least fourteen (14) days' notice;
• Introduce new paid tiers and migrate features between tiers.

It is Customer's responsibility to monitor such notices and to keep its integration compatible with the current version of the API. Provider has no obligation to maintain backward compatibility with deprecated versions indefinitely.

10. Monitoring, Logging & Abuse Detection

Provider logs API requests for operational, security, billing, and abuse-detection purposes. Logged information may include the API key hash, source IP address, request path, query parameters, response status, and timestamp. Logs are retained for a reasonable period (typically up to ninety (90) days for operational logs and longer for billing/audit records).

Provider may share logs with law enforcement or regulators as required by law and may use aggregated log data to improve the Service. Customer consents to such logging and use.

11. Subscription, Billing & Cancellation

Billing cycle. Subscriptions are billed monthly in advance via Stripe at the fee stated on the pricing page at the time of Order. Prices are in USD and exclude applicable VAT/sales tax, which will be added at checkout where required.

Automatic renewal. Subscriptions automatically renew each month until cancelled by Customer or terminated by Provider. Customer authorizes Stripe to charge the payment method on file for each renewal.

Cancellation. Customer may cancel at any time through the Stripe customer portal (link available by emailing vedran@knittedlogic.com). Cancellation takes effect at the end of the current paid period. API access continues until period end.

Failed payments. If a renewal payment fails, Provider may immediately suspend API access. Customer will be notified by email and may re-activate access by updating payment information within fourteen (14) days, after which the subscription and associated API key may be permanently terminated.

No refunds. Subscription fees are non-refundable for the current period, except where required by mandatory applicable law.

Price changes. Provider may change subscription fees with at least thirty (30) days' advance notice to the email on file. New prices take effect at the next renewal; Customer's continued use constitutes acceptance.

12. Suspension & Termination

Provider may, at its sole discretion and without prior notice, suspend or terminate Customer's API access if Provider reasonably believes that:

• Customer has materially breached these API Terms or the general Terms of Service;
• Customer's API usage presents a security, legal, or operational risk to the Service or other customers;
• Customer's API key has been compromised or is being used by an unauthorized party;
• A payment has failed, been reversed, or been subject to a chargeback; or
• Continued provision of the API to Customer would violate applicable law or third-party rights.

Upon suspension, API requests authenticated with Customer's key will return HTTP 401 or 403 errors. Upon termination, the key is permanently deactivated, and Customer must cease using any cached API Data in accordance with Section 15 of the general Terms.

Termination by Provider for cause does not entitle Customer to any refund. In the case of termination without cause (e.g., Provider discontinuing the API entirely), Customer shall receive a pro-rata refund for the unused portion of the current paid period.

13. Survival

Sections 2 (Attribution of activity), 4 (Caching), 5 (Prohibited Usage), 7 (End-User Responsibilities), 10 (Monitoring), 12 (Suspension & Termination), and 13 (Survival) shall survive termination of these API Terms, together with all provisions of the general Terms that survive by their nature.

14. Contact

Knitted Logic, obrt za IT usluge, vl. Vedran Balagović
Ulica Bedřicha Smetane 13
10000 Zagreb, Croatia
OIB: 94496971361
Email: vedran@knittedlogic.com