Terms and Conditions for Human Design API

Effective Date: April 24, 2026

1. Introduction

These Terms of Service ("Terms") govern your (the "Customer") access to and use of the Human Design API website located at https://humandesignapi.nl (the "Website") and the Human Design API service (the "API") offered by App de Bock (the "Company"). By accessing or using the Website or API, you agree to be bound by these Terms. If you disagree with any part of these Terms, you may not access or use the Website or API.   

2. User Accounts and Access

To access certain features of the API, you may be required to create an account and obtain an API key. You are responsible for maintaining the confidentiality of your account information, including your API key, and for all activity that occurs under your account. You agree to notify the Company immediately of any unauthorized use of your account or any other security breach.   

3. API Keys & Authentication

To access the API, you must create an account and obtain an API key from Human Design API. Your API key is used to authenticate all requests.

API v1 accepts the key via the HD-Api-Key request header. API v2 requires the key in the Authorization: Bearer <api-key> header. Your API key works across both versions.

For location-based endpoints in API v1, you are also required to obtain a Geocoder Google API Key from Google Cloud. The coordinates endpoint (/v2/charts/coordinates) in API v2 does not require a Google Geocode key.

You may rotate your API key at any time from your account dashboard. Upon rotation, your old key is immediately and permanently invalidated with no grace period. You are solely responsible for updating all integrations that use your key.

You are responsible for maintaining the confidentiality of your API key and for all activity that occurs under it.

4. Subscriptions and Payment

The Company offers API access through the following plans, purchasable through the Website via Stripe Checkout. There is no free tier — all plans require a paid subscription.

Subscription Tiers
The Company offers monthly and annual subscription tiers (Hobbyist, Developer, and Scale), each with a fixed monthly credit allocation. Subscription pricing and credit allocations are listed on the Website.

Lifetime Access & Licensing
The "Lifetime Access" plan (the "License") is a one-time payment that grants the User access to the Human Design API platform for the operational lifetime of the product.

- Scope of Access: The License applies to all core features and maintenance updates within the current major version (v2.x) of the Service. Future major architectural shifts or "v3.0" standalone modules may, at the Company's discretion, require a separate upgrade fee.

- Usage Allocation: The License includes a recurring monthly allocation of 50,000 API calls. Unused calls roll over to the following month with a cap of 2x monthly allocation. The Company reserves the right to adjust the technical delivery of these calls to maintain system integrity.

- Definition of "Lifetime": For the purposes of this agreement, "Lifetime" refers to the period during which Human Design API is actively developed, hosted, and commercially available as a standalone service. In the event of a product sunset or "End of Life," the Company will provide at least 60 days' notice and, where feasible, a method for Users to export their data.

- Support and Maintenance: Lifetime Access includes standard support. As a "self-running" service, the Company does not guarantee specific response times (SLAs) but will provide "best effort" maintenance to ensure service uptime.

Credit System
Each subscription tier includes a monthly credit allocation. Credits reset at the start of each billing period. Unused credits may roll over subject to a cap defined per tier. Credits cannot be transferred, sold, or exchanged for cash.

No Free Tier
The Company does not offer a free tier. All API access requires an active paid subscription.

Overage Billing
Overage billing is strictly opt-in. By default, API requests are rejected when your monthly credits are exhausted. If you explicitly opt in to overage billing through your account dashboard, additional API calls beyond your allocation will be charged at a per-credit rate via Stripe Billing Meters. By opting in, you acknowledge and consent to the possibility of additional recurring charges on your payment method.

Cancellation
You may cancel your subscription at any time. Cancellation takes effect at the end of the current billing period. Your credits remain accessible until the period ends, after which they expire. Cancellation does not entitle you to a refund except as described in §5.

Legacy Users
Users who had access to the API prior to the introduction of the subscription model ("Legacy Users") are grandfathered. Legacy status is non-transferable.

By purchasing a plan, you are granted a non-exclusive, non-transferable license to use the API. You do not have the right to resell access to the API.

5. Refunds

Subscriptions and Lifetime Deal
You are entitled to a full refund within seven (7) days of your initial purchase of a subscription plan or the Lifetime deal. A processing fee of 3.5% of the purchase value will be deducted from your refund. To request a refund, contact us at info@appdebock.nl within the 7-day window.

Overage Charges
Overage charges are non-refundable. By opting in to overage billing, you acknowledge that charges for API calls already made cannot be reversed.

Cancellation vs. Refund
Cancelling your subscription stops future billing but does not entitle you to a refund for the current billing period. To receive a refund, you must request one within the 7-day window described above. Renewal charges (monthly or annual) after the initial 7-day purchase window are not eligible for refunds.

6. User Data and Privacy

The Company collects certain user data, including your name, email, and payment information. The Company also collects non-personal data through web cookies. For more information on how the Company collects and uses your data, please refer to our Privacy Policy located at https://humandesignapi.nl/privacy-policy.

7. Intellectual Property

The Website, API, and all content contained therein are the intellectual property of the Company. You are granted a limited, non-exclusive license to use the API for your own personal or commercial use in accordance with your purchased package. You may not reverse engineer, decompile, or disassemble the API.

8. Disclaimers

The Website and API are provided "as is" and without warranties of any kind, express or implied. The Company disclaims all warranties, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. The Company does not warrant that the Website or API will be uninterrupted, secure, or error-free. 

The company acknowledges inspiration for its algorithms is from the work of Jonah Dempcy. Following his MIT license:

Copyright (c) 2016-2023 Jonah Dempcy

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

9. Data Processing Agreement (DPA)

9.1 Scope and Roles

This section applies to the processing of personal data (the "Birth Data": date, time and location of birth) submitted by the Customer to the API. In this context, the Customer is the Data Controller and the Service Provider (Human Design API) is the Data Processor. For the Customer's own account information (e.g. email address, billing information), the Service Provider acts as the Data Controller.

9.2 Documented Instructions

The Processor shall process the Birth Data only on documented instructions from the Controller. The Customer's use of the API constitutes the instruction to process the data for the sole purpose of returning a human design profile. The Processor shall not process this data for any other purpose. The Processor shall immediately inform the Controller if, in its opinion, an instruction infringes the GDPR or other applicable data protection laws.

9.3 Confidentiality

The Processor ensures that all personnel authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

9.4 Security

The Processor implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the use of SSL encryption for data in transit and processing in secure, EU-region infrastructure provided by Railway.app (API hosting and cron), Supabase (database) and Cloudflare (object storage), all operating within the European Union.

9.5 Sub-processors

The Controller grants a general authorization to the Processor to engage sub-processors. The Processor currently utilizes the following sub-processors, all operating within the European Union or European Economic Area:

    - Railway: API hosting and cron services (EU region)
    - Supabase: PostgreSQL database for user, billing, and usage data (EU region)
    - Cloudflare R2: Object storage for ephemeris data (EU region)

The Processor shall inform the Controller of any intended changes concerning the addition or replacement of sub-processors, giving the Controller the opportunity to object.

9.6 Assistance to the Controller

Taking into account the nature of the processing, the Processor shall assist the Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the data subject's rights. The Processor shall also assist the Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 (Security, Breach Notification, and Data Protection Impact Assessments).

9.7 Deletion of Data

The Processor follows a "Privacy by Design" model. Birth Data is processed in-memory and is not stored on any disk or database. All Birth Data is automatically deleted immediately after the API response is generated. At the choice of the Controller, the Processor shall delete all existing copies of Birth Data immediately after processing, and upon termination of the agreement, shall cease all processing of such data, unless European Union or Member State law requires storage.

9.8 Audits and Inspections

The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.

9.9 Customer Obligations

The Customer represents and warrants that it has a valid legal basis (such as explicit consent or contractual necessity) to process the Birth Data and to transfer it to the Service Provider for the purposes described in this Agreement. The Customer is solely responsible for providing any required notices to data subjects and for ensuring the accuracy and lawfulness of the data provided to the API.

10. Limitation of Liability

The Company shall not be liable for any damages arising from your use of the Website or API, including but not limited to, direct, indirect, incidental, special, consequential, or punitive damages.

11. Governing Law and Dispute Resolution

These Terms shall be governed by and construed in accordance with the laws of the Netherlands. Any dispute arising out of or relating to these Terms shall be subject to the exclusive jurisdiction of the courts of the Netherlands.   

12. Updates to the Terms

The Company may update these Terms at any time by posting a new version on the Website. You are advised to review the Terms periodically for any changes. Your continued use of the Website or API after the posting of any revised Terms constitutes your acceptance of the revised Terms.

13. Contact Us

If you have any questions about these Terms, please contact us at info@appdebock.nl.