API Terms of Service & Acceptable Use Policy

These API Terms of Service and Acceptable Use Policy (together, the “API Terms”) govern your access to and use of the Mecanik API, the developer dashboard at members.mecanik.dev, the API documentation at api.mecanik.dev, the related software development kits, and any associated tools, endpoints, and services (together, the “API”), provided by MECANIK DEV LTD, a company registered in England and Wales under company number 17003013, with its registered office at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ (“the Company”, “we”, “us”, “our”).

By creating an account, generating an API token, or otherwise accessing or using the API, you (“you”, “your”, “the Customer”) agree to these API Terms. If you are using the API on behalf of an organisation, you confirm that you have authority to bind that organisation, and “you” refers to that organisation. If you do not agree, you must not use the API.

These API Terms apply specifically to the API and are separate from our Services Terms of Service , which govern professional services. Where the API is concerned, these API Terms prevail.

1. The API and licence

Subject to your continuous compliance with these API Terms, we grant you a limited, non-exclusive, non-transferable, non-sublicensable, revocable licence to access and use the API for your internal business or personal purposes. We may add, change, deprecate, or remove endpoints, features, models, and limits at any time. We reserve all rights not expressly granted to you.

2. Accounts, tokens, and security

2.1. You must provide accurate registration information and keep it up to date.

2.2. You are responsible for safeguarding your account credentials and API tokens, and for all activity that occurs under your account or tokens, whether or not authorised by you. You must keep your API tokens confidential and must not embed them in client-side code, public repositories, or any location where they may be exposed.

2.3. You must notify us promptly at the contact address below if you suspect any unauthorised use of your account or tokens. We are not liable for any loss arising from unauthorised use of your account or tokens.

2.4. You must be at least 18 years old, or the age of majority in your jurisdiction, to use the API.

3. Credits, billing, and payment

3.1. The API operates on a prepaid credit model. Each call to an endpoint consumes a number of credits as published in the documentation, which we may change from time to time.

3.2. Paid credits are purchased through our payment processor (Stripe). Free credits, including any promotional or sign-up credits, have no cash value, are non-transferable, and may be modified or withdrawn at any time.

3.3. Credits are consumed when an endpoint is called and are non-refundable once consumed, except where a refund is required by applicable law or expressly provided in our Refund & Cancellation Policy . Unused credit balances may be refundable only as set out in that policy.

3.4. You are responsible for all charges incurred under your account. You agree not to initiate chargebacks or payment disputes for credits that have been consumed in accordance with these API Terms. Fraudulent chargebacks may result in immediate suspension or termination.

3.5. Prices and credit costs are subject to change. Changes do not affect credits already purchased but apply to future purchases and usage.

3.6. Consumers and immediate supply of digital content. If you are a consumer, you may have a statutory right to cancel a purchase of digital content within 14 days. By purchasing credits and by calling any endpoint, you expressly request and consent to the immediate supply of that digital content before the end of the cancellation period, and you acknowledge that you will lose your right to cancel once credits have been supplied to you (that is, consumed by an API call). To the extent credits remain unused, any cancellation or refund right is as set out in our Refund & Cancellation Policy . Nothing in this clause affects any statutory rights that cannot be waived.

4. Acceptable Use Policy

You are solely responsible for your use of the API and for any data, targets, content, or instructions you submit to it. You agree to the following.

4.1 Authorised targets only

Several endpoints accept a URL, domain, hostname, IP address, email address, file, or specification that you supply as the subject of analysis (including, without limitation, the security headers, TLS, technology detection, DNS lookup, subdomain finder, exposed files, SEO, email deliverability, broken link checker, performance audit, carbon footprint, and website audit endpoints). You may only submit a target that you own or that you have explicit, current, and documented authorisation from the owner to test, scan, or analyse. You must not use the API to scan, probe, enumerate, test, attack, or otherwise assess any system, network, domain, or service that you do not own or are not authorised to assess. You bear full responsibility for ensuring you have the necessary rights and permissions for every target you submit.

4.2 Prohibited uses

You must not use the API to:

  • violate any applicable law, regulation, or third-party right, or to facilitate any unlawful activity;
  • attempt to gain unauthorised access to, disrupt, degrade, or compromise any system, account, network, or data;
  • conduct penetration testing, vulnerability scanning, reconnaissance, or security assessment against any target without authorisation as set out in section 4.1;
  • send unsolicited communications (spam), harvest or validate email lists for spam, or otherwise breach anti-spam or privacy laws;
  • generate, request, or distribute content that is unlawful, infringing, defamatory, harassing, hateful, sexually exploitative, deceptive, or otherwise harmful, including via the AI endpoints;
  • submit personal data that you are not lawfully permitted to process, or use the API in a way that breaches data protection law;
  • infringe, misappropriate, or violate any intellectual property, privacy, or other right of any person;
  • resell, sublicense, rent, lease, or provide the raw API to third parties as a standalone product, or build a competing service that re-exposes the API;
  • reverse engineer, decompile, scrape, or attempt to derive the source, models, or underlying data of the API, except to the extent this restriction is prohibited by law;
  • circumvent, disable, or interfere with any rate limit, quota, billing, authentication, security, or usage-monitoring feature;
  • impose an unreasonable or disproportionately large load on the API, or use automated means to exceed fair usage; or
  • use the API in a manner that could damage, disable, overburden, or impair the API or interfere with any other party’s use of it.

4.3 AI endpoints

Outputs from AI-powered endpoints are generated automatically, may be inaccurate, incomplete, or offensive, and do not constitute professional, legal, financial, medical, or security advice. You are responsible for reviewing, verifying, and deciding how to use any output. You must not rely on AI outputs as a sole basis for decisions that have legal or safety consequences.

4.4 Security tool outputs

Results from the security and analysis endpoints are informational and provided on a best-efforts basis. They do not constitute a guarantee that a target is secure, compliant, or free of vulnerabilities, and must not be relied upon as a substitute for a professional security assessment.

5. Rate limits and fair use

We apply rate limits, quotas, and abuse controls, which we may change at any time. We may throttle, suspend, or block requests that exceed these limits or that we reasonably believe to be abusive, automated beyond fair use, or harmful to the API or other customers.

6. Suspension and termination

6.1. We may suspend or terminate your access to the API, in whole or in part, with or without notice, if you breach these API Terms, if we are required to do so by law, if you fail to pay, if your use poses a security or legal risk, or if we reasonably suspect fraud or abuse.

6.2. You may stop using the API at any time. On termination, your right to use the API ceases immediately. Sections that by their nature should survive termination (including sections 3, 4, 7, 8, 9, 10, and 13) will survive.

6.3. We are not liable to you or any third party for suspension or termination of your access in accordance with these API Terms. Where access is terminated for your breach or unlawful use, consumed and remaining credits are non-refundable.

7. Your data and content

7.1. You retain ownership of the data and content you submit to the API (“Inputs”) and of the results returned to you (“Outputs”), subject to our rights in the underlying API.

7.2. You grant us a worldwide, non-exclusive, royalty-free licence to host, process, transmit, and use your Inputs and Outputs solely to operate, provide, secure, and improve the API, and as otherwise described in our Privacy Policy .

7.3. You represent and warrant that you have all rights, consents, and authority necessary to submit your Inputs and to permit the processing described in these API Terms, and that your Inputs and your use of the Outputs do not and will not infringe or violate any law or third-party right.

8. Disclaimers

8.1. The API is provided “as is” and “as available”, without warranties or conditions of any kind, whether express, implied, or statutory, including any implied warranties of merchantability, satisfactory quality, fitness for a particular purpose, accuracy, or non-infringement, to the maximum extent permitted by law.

8.2. We do not warrant that the API will be uninterrupted, timely, secure, error-free, or that results, data, scores, or AI outputs will be accurate or reliable. You use the API and rely on its outputs at your own risk.

9. Limitation of liability

9.1. Nothing in these API Terms limits or excludes our liability for death or personal injury caused by our negligence, for fraud or fraudulent misrepresentation, or for any other liability that cannot be limited or excluded under applicable law.

9.2. Subject to section 9.1, we will not be liable to you for any indirect, incidental, special, consequential, or punitive loss, or for any loss of profits, revenue, business, goodwill, anticipated savings, or data, however arising, whether in contract, tort (including negligence), or otherwise, even if advised of the possibility of such loss.

9.3. Subject to section 9.1, our total aggregate liability arising out of or in connection with the API and these API Terms will not exceed the greater of (a) the total amount you paid to us for the API in the twelve (12) months immediately preceding the event giving rise to the liability, or (b) one hundred pounds sterling (GBP 100).

10. Indemnity

You agree to indemnify, defend, and hold harmless the Company and its officers, directors, employees, and agents from and against any and all claims, demands, proceedings, losses, liabilities, damages, costs, and expenses (including reasonable legal fees) arising out of or in connection with: (a) your use of the API; (b) any target, Input, or content you submit; (c) your breach of these API Terms, including the Acceptable Use Policy; (d) your violation of any law or any third-party right; or (e) any unauthorised scanning, testing, or assessment you conduct using the API.

11. Intellectual property

The API, including its software, documentation, design, models, and all related intellectual property, is and remains the exclusive property of the Company and its licensors. These API Terms do not transfer any ownership in the API to you. “Mecanik” and associated logos are marks of the Company.

12. Privacy and data protection

We process personal data in accordance with our Privacy Policy . Where you submit personal data through the API, you are responsible for having a lawful basis to do so and for complying with applicable data protection law in respect of that data.

13. Third-party services

The API relies on third-party providers (including Cloudflare and our payment and email providers). We are not responsible for the acts, omissions, availability, or content of third-party services, and your use of them may be subject to their own terms.

14. Changes to these API Terms

We may update these API Terms from time to time. We will update the date at the top of this page, and material changes may be notified by email or through the dashboard. Your continued use of the API after changes take effect constitutes acceptance of the revised API Terms.

15. Governing law and jurisdiction

These API Terms and any dispute or claim arising out of or in connection with them or their subject matter are governed by and construed in accordance with the laws of England and Wales. The courts of England and Wales have exclusive jurisdiction to settle any such dispute or claim, save that we may bring proceedings to protect our rights in any competent jurisdiction.

16. General

If any provision of these API Terms is held to be invalid or unenforceable, the remaining provisions will continue in full force. Our failure to enforce any provision is not a waiver of it. You may not assign these API Terms without our prior written consent; we may assign them to an affiliate or successor. These API Terms, together with the documents referenced in them, constitute the entire agreement between you and us regarding the API.

17. Contact

For any questions about these API Terms, please contact us through our contact page .

MECANIK DEV LTD, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. Company number 17003013.