API Terms

1. Introduction & Acceptance

These API Terms govern access to and use of the askHermis Public API (the "API") — programmatic, organization-scoped access to bookings, guest conversations, alerts, and room availability. They supplement the askHermis Terms of Service; in case of conflict regarding API use, these API Terms prevail. By requesting or using an API key you agree to these terms. If you integrate on behalf of a hotel or other organization, you represent that you are authorized to bind that organization.

2. API Keys & Security

API keys are issued per organization by the askHermis team and are shown exactly once at issuance. You must:

• Treat keys as confidential credentials — store them securely and never embed them in client-side code, mobile apps, or public repositories.
• Never share keys with third parties or between organizations.
• Accept responsibility for all activity performed with your keys, whether or not authorized by you.
• Notify us immediately at contact@askhermis.com if you suspect a key has been compromised; revocation takes effect within sixty (60) seconds.
• Accept that we may rotate, suspend, or revoke keys at any time for security or compliance reasons.

3. Sandbox & Live Environments

Sandbox keys (prefixed ah_sandbox_) perform real read operations against your organization's data, while all write operations are simulated and have no side effects. Live keys (prefixed ah_live_) perform real operations — including delivering messages to guests. You must test your integration against the sandbox environment before using a live key, and you are solely responsible for the content and timing of messages your integration sends to guests.

4. Acceptable Use

You may use the API only to provide services to the organization that owns the key. You must not:

• Attempt to circumvent authentication, rate limits, or organization-level data isolation.
• Access or attempt to access data of any organization other than the one that owns your key.
• Sell, sublicense, or disclose data obtained through the API to third parties without the organization's authorization and a lawful basis.
• Use the API to build or train a competing product or service.
• Poll endpoints excessively or in ways that degrade the service for others.
• Use the API in violation of applicable law, including data-protection and consumer-communication laws.

5. Guest Data & Privacy

The API exposes personal data of hotel guests, including names, contact details, booking information, and conversation content. The organization remains the data controller; you process this data solely on its behalf and instructions. You must:

• Process guest data only as necessary to provide services to the organization.
• Apply appropriate technical and organizational security measures.
• Not use guest data for your own marketing, profiling, or any other purpose without a lawful basis.
• Comply with the EU General Data Protection Regulation (GDPR) and all other applicable data-protection law.
• Delete guest data obtained through the API when your key is revoked or your engagement with the organization ends, except where retention is required by law.

6. Rate Limits, Availability & API Changes

API usage is subject to the rate limits stated in the API reference, which we may adjust with reasonable notice. The API is provided without an availability guarantee and may be temporarily unavailable for maintenance or operational reasons. The API is versioned (currently /api/v1); we aim to give reasonable advance notice of breaking changes or deprecations, but additive, non-breaking changes may occur at any time.

7. Suspension & Termination

We may suspend or revoke API keys, with or without notice, in case of a breach of these terms, suspected abuse, security risk, or legal requirement. You or the organization may request key revocation at any time. Sections concerning guest data, confidentiality, and liability survive termination.

8. Disclaimer & Limitation of Liability

The API and its documentation are provided "as is" and "as available", without warranties of any kind, express or implied. To the maximum extent permitted by law, askHermis shall not be liable for indirect, incidental, special, or consequential damages, loss of profits, or loss of data arising from use of the API, and our aggregate liability shall not exceed the fees paid for API access (if any) in the twelve (12) months preceding the claim.

9. Changes to These Terms & Governing Law

We may update these API Terms from time to time; material changes will be announced with reasonable notice through the dashboard or by email, and continued use of the API after the effective date constitutes acceptance. These terms are governed by the laws of Greece, and any disputes are subject to the exclusive jurisdiction of the courts of Athens, Greece.