Last updated: May 17th, 2018
Today’s Plan provides an application programming interface (API) for third parties to integrate their own application or platform (developer application).
The API allows for third party applications to be delegated access to a Today’s Plan user’s account. With this delegated access, the third party app can access personal and sensitive information, but only once the user has specifically granted the application this permission.
It is important that you and your application are aware of your privacy obligations to user’s data. If you are accessing data related to a user who resides in the European Union, you may also be subject to the General Data Protection Regulation (GDPR).
Today’s Plan is bound by a number of privacy and security requirements – both via the Australian Privacy Act (Cth), the European GDPR, and through a number of our agreements with our service providers and connected partners.
As such, before we can enable your Today’s Plan API usage, you agree to maintain and undertake certain privacy obligations and data usage restrictions.
If you are unsure on any of the content of this agreement, please contact firstname.lastname@example.org
Today’s Plan API agreement
The Today’s Plan API Agreement (Agreement) is made and entered into by and between Today’s Plan Pty Ltd (Today’s Plan) and you. “You” means you individually or the entity that you represent. If you are entering into this Agreement for an entity, you represent and warrant to us that you have the legal authority to bind that entity to this Agreement.
By accessing or using the Today’s Plan API, you acknowledge that you have read, and agree to abide by this Agreement. If you are unable to comply with the current or any future version of this Agreement, you must immediately cease all use of the Today’s Plan API.
- You are solely responsible for your use of the Today’s Plan API and for the development, maintenance and support of your application
- You are solely responsible for maintaining any relevant privacy and data access, modification and deletion requirements to data held or processed in your application.
- You will honour any user’s request to access, rectify or delete their personal data
- Today’s Plan makes no warranties about the Today’s Plan API, and is not liable for your use
- Today’s Plan reserves the right to modify or discontinue the API at any time, and may impose volume limits or other usage restrictions at its discretion
- Today’s Plan may monitor and collect data regarding your use of the Today’s Plan API
- Today’s Plan may, but is under no obligation to, feature or promote your application
- You are responsible for the privacy and security of your supplied OAuth client ID and secret. The client id and secret can not be shared between applications.
Please read the entire Today’s Plan API Agreement below as it governs your use of the Today’s Plan API.
Today’s Plan API The application programming interface provided by Today’s Plan providing a set of functions and procedures that allow access to the features or data from the Today’s Plan Platform by a third party application or service. For the purposes of this document, the API also includes any other documentation, source code, SDK etc provided by Today’s Plan as part of your integration.
Today’s Plan Data Information owned, held or processed by Today’s Plan within the Today’s Plan systems.
Today’s Plan Marks Designs, logos, pictures and diagrams that identify Today’s Plan’s services and distinguish them from other services.
Today’s Plan Platform All applications, processes, systems, databases, websites, mobile applications, APIs, computers and policies that are required to deliver services to customers by Today’s Plan.
- Today’s Plan will provide you with an OAuth client ID and secret (token) which you can use to authorize users against the Today’s Plan API. This token will initially be allocated for use against our test/staging servers. You should develop and test your application against our test/staging servers.
- Once your development is complete, you may request a production token. It is at Today’s Plan discretion that this production token will be allocated to you. Today’s Plan may request the use of your application to perform additional tests before allocating a production token
- You are solely responsible for the confidentiality of your token, and you must not share your token with any other developer or use it for more than one application or service. You agree to use best practice to keep your token secure. If you believe an unauthorized person has gained access to your token, then you must notify us as soon as possible
- Today’s Plan may contact you from time to time to discuss your API usage, and you agree to be responsive to these inquiries
- Today’s Plan reserves the right at any time to modify or discontinue, temporarily or permanently the Today’s Plan API, your use of the API, or any portion thereof with or without notice to you and without any form of compensation or consideration to you, regardless of the status of any of your developer applications
- Today’s Plan has no obligation to provide you with support, software upgrades, enhancements, or modifications to the API.
- Today’s Plan reserves the right to create, modify and enforce controlling mechanisms such as a rate limiting structure for use of the Today’s Plan API. Further, you acknowledge that Today’s Plan has no obligation to ensure that an upgrade of the API or the Today’s Plan platform will be compatible with existing or planned developer applications.
- Today’s Plan reserves the right to revoke your token or terminate or limit any uses of the API if you violate this Agreement or we otherwise object to your use of the API. If you are unsure if a certain use of the API is permitted please email@example.com to discuss. Today’s Plan reserve the sole right to determine whether or not your use of the Today’s Plan API is acceptable, and to revoke API access for any developer
- Today’s Plan may use your developer applications and related marks and logos for the purposes of promoting Today’s Plan and marketing. However, Today’s Plan has no obligation to use or promote any developer application
- You are solely responsible for providing all customer and technical support and maintenance for your developer applications. Today’s Plan has no obligation to provide any type of technical or other support for the Today’s Plan API or developer application.
- You agree to use commercially reasonable and appropriate measures to maintain the security and integrity of any user data accessed via the Today’s Plan API. You are fully responsible for the security of data used in connection with your developer applications. You agree to comply with all applicable state and federal laws and rules, which includes applicable privacy requirements such as GDPR. All data about Today’s Plan user obtained via the API in your possession or control must be deleted by you upon a user’s request or upon the user’s termination or cancellation of the developer application subscriptions.
- You agree to ensuring that any Today’s Plan data is encrypted and transmitted over a secure, encrypted channel (e.g., HTTPS). Where technically feasible, data at rest should also be encrypted. You must notify Today’s Plan of any security breach, including any personal data breach within the meaning of the GDPR, related to your developer application or Today’s Plan data within 24 hours any such security incident
- Your application must allow the Today’s Plan user to expressly authorize your developer application prior to you accessing any of their data. Your developer application must allow the end user of your developer application to access the user’s data that you have collected via the API.
- Your application must not
- be disparaging of Today’s Plan, libelous or may otherwise be perceived as detrimental or harmful to Today’s Plan and its business and reputation.
- use web scraping, web harvesting, or web data extraction methods to extract data from the Today’s Plan Platform.
- be defamatory, libelous, hateful, violent, obscene, pornographic, unlawful, or otherwise offensive to any individual, entity, known or unknown.
- distribute any virus, spyware, adware, malware, or other harmful or malicious component.
- be used in a purpose which or might overburden, impair or disrupt the Today’s Plan Platform or related servers or networks.
- use the API to distribute unsolicited advertising or promotions, or to send messages, make comments, or initiate any other unsolicited direct communication or contact with Today’s Plan users or partners.
- use the Today’s Plan API in any way that would grant someone other than you or the applicable user the right to see any data related to that user without obtaining the prior express consent of that user.
- You may cancel your access to the Today’s Plan API at any time by notifying Today’s Plan at firstname.lastname@example.org. You agree that Today’s Plan shall not be liable to you or to any third party for any access, use, modification, suspension or discontinuance of the API
- Today’s Plan may terminate your access to the Today’s Plan API immediately if you do not comply with the this Agreement, are you are engaged in any activity that may expose Today’s Plan to risk or liability of any kind, or if we otherwise reasonably object to your use of the Today’s Plan API. You agree that Today’s Plan shall not be liable to you or any third party for any costs, liabilities, losses, expenses, or damages that may result from termination of this Agreement or your access to the Today’s Plan API
- Your developer application must respect users privacy. You may use and retain data only so long as necessary for the purpose you originally obtained it. Your developer application logs into Today’s Plan and acts on behalf of a Today’s Plan user. It is essential that your application does not disclose such data to, or use it for, another user or any other third party without a lawful basis
- Your application must delete all data received from Today’s Plan API if so requested by a user.
- For reference, personal data means data that may be used, either alone or together with other information, to identify an individual user, including, without limitation, a user’s name, address, telephone number, username, email address, city and country, geolocation, unique identifiers, picture, or other similar information and includes personal data as defined in the GDPR.
- You agree that Today’s Plan and licensors retain all worldwide right, title and interest in and to the Today’s Plan API, Today’s Plan Data, Today’s Plan Marks and the Today’s Plan Platform, including, without limitation, all intellectual property rights therein. Any rights not expressly granted herein are prohibited and reserved.
- You understand that Today’s Plan may currently or in the future develop products and services that may be similar to or compete with your developer applications. Nothing in this Agreement shall in any way restrict Today’s Plan from pursuing any business activities or from entering into any agreement with any other person or company.
- To the maximum extent permitted by applicable law, you hereby release and waive all claims against Today’s Plan, and its affiliates, officers, agents, licensors, co-branders or other partners, and employees from any and all liability for claims, damages (actual and/or consequential), costs and expenses (including litigation costs and attorneys’ fees) of every kind and nature, arising from or in any way related to your use of the API
- You represent and warrant that your developer application shall not infringe or otherwise violate any third party rights, including but not limited to third party intellectual property rights
- To the maximum extent permitted by applicable law, you agrees to hold harmless and indemnify Today’s Plan and its affiliates, officers, agents, licensors, co-branders or other partners, and employees from and against any third party claim, loss, liability, judgment, cost and expense arising from or in any way related your use of the API, including any liability or expense arising from all claims, losses, damages (actual and/or consequential), suits, judgments, litigation costs and attorneys’ fees, of every kind and nature, including without limitation claims that Licensee application or user infringes the intellectual property rights of a third party
- Where pursuant to Article 82(4) of the GDPR, either party is found to be liable for the entire damage arising from a breach or breaches of the GDPR, in order to ensure effective compensation of a one or more individuals, then the other party shall indemnify that party for that portion of the compensation attributable to any breaches of GDPR giving rise to the compensation for which it is responsible.
- This Agreement does not create or imply any partnership, agency or joint venture between the parties. For the purposes of Article 26 of the GDPR, the parties acknowledge that each party is a separate and independent controller of the personal data which it discloses or receives under this Agreement. The parties do not and will not process personal data which it discloses or receives under the Agreement as joint controllers. Each party shall be individually and separately responsible for complying with the obligations that apply to it as a controller under applicable data protection and privacy laws. It is agreed that where either party receives a request from a data subject in respect of personal data controlled by the other party, where relevant, the party receiving such request will direct the data subject to the other party, as applicable, in order to enable the other party to respond directly to the data subject’s request.