These Developer Terms (the "Agreement") form a binding contract between Attendium AB ("Attendium," "we," "us") and each person or entity that registers an OAuth client, accesses the Attendium API, or operates an Application integrating with the Services ("Developer," "you"). By doing any of those things, you accept this Agreement. If you do not accept, do not register, integrate with, or use the API.
This Agreement supplements the Attendium Terms of Service. For matters concerning Developer activity, this Agreement controls over any conflicting term in the Terms of Service.
3.1 This Agreement binds each person or entity that (a) submits a client registration request, (b) operates an Application using credentials obtained from Attendium, or (c) causes software under their control to do either. Where the registering party differs from the Operator — as is common with automated registration from end-user software — both are bound, jointly and severally, in proportion to their role.
3.2 By registering an OAuth client by any means — including automated registration — the requester represents that (a) it has authority to bind the Operator, (b) metadata submitted is accurate to the extent within its control, (c) it accepts the then-current version of this Agreement, and (d) registration is made for a legitimate integration need.
3.3 The latest version of this Agreement is always available at https://attendium.com/developer-terms. Continued use of the API constitutes ongoing acceptance of the Agreement as updated in accordance with Section 23.
Subject to this Agreement, Attendium grants you a non-exclusive, non-transferable, revocable, royalty-free license during the term to (a) access the API and Documentation, (b) register and operate Applications that integrate with the Services, and (c) use Attendium trademarks solely as permitted in Section 11. No other rights are granted. All rights not expressly granted are reserved.
5.1 You may use the API and Authorized Data only to provide functionality that the End User has expressly authorized through the OAuth consent flow.
5.2 You must request the minimum scopes necessary for your Application's functionality.
5.3 You must respect all rate limits, quotas, and technical restrictions Attendium publishes or enforces.
You shall not, and shall not permit any third party to:
(a) Competitive use. Use the API, Authorized Data, or Services outputs to design, develop, train, market, or operate a product or service that is substantially similar in purpose to, and primarily intended to replace, Attendium's paid offerings; to replicate the "look and feel" of the Services; or to publish performance, feature, or pricing comparisons of the Services without Attendium's prior written consent. Where you are a Competitor, these restrictions apply mutually.
(b) Model training. Use the API, Authorized Data, or Services outputs in bulk to train, fine-tune, or evaluate foundation models, general-purpose AI systems, or any model intended to replicate or substitute for the Services. Per-request inference by an End User's authorized AI agent, strictly scoped to that End User's session and not retained for training, is permitted.
(c) Credential proxying. Build, operate, or offer a service that authenticates End Users to the Services by collecting Attendium passwords or by any means other than Attendium's official OAuth flow.
(d) Resale or service-bureau. Resell, sublicense, or expose the API (directly, via a wrapper, proxy, or alternative endpoint) to third parties as a standalone offering, or act as a service bureau, pass-through, or thin wrapper that adds no substantial independent value.
(e) Circumvention. Bypass paid features, pricing tiers, rate limits, scopes, authentication, or any other technical restriction.
(f) Bulk extraction. Systematically extract, mirror, or retain Authorized Data beyond what is necessary to provide your Application's End-User-facing functionality, or retain Authorized Data after the End User revokes authorization.
(g) Advertising use. Use Authorized Data for advertising, ad targeting, or marketing to End Users or their guests, or sell, share, or disclose Authorized Data to any advertising or marketing network.
(h) Harmful activity. Use the API for spam, phishing, fraud, harassment, malware distribution, unauthorized surveillance, or any unlawful purpose.
(i) Prohibited AI practices. Use the Services or API in any AI system in a manner prohibited under applicable law, including the EU AI Act.
(j) Impersonation. Operate an Application that impersonates Attendium or implies endorsement, partnership, or affiliation, including through domain names, branding, or logos.
(k) Other harmful activity. Any other use that Attendium reasonably determines harms the Services, Attendium, Attendium's users, or the ecosystem of integrations.
7.1 Roles. You are an independent controller of Authorized Data you further process for purposes you determine. Where you process Authorized Data solely on an End User's documented instructions, you act as that End User's processor; Attendium is not part of that chain. Joint controllership with Attendium requires a separate written agreement.
7.2 Data minimization. You must collect only the data necessary for your Application's disclosed functionality.
7.3 Retention. You must retain Authorized Data only for as long as necessary for your Application's disclosed functionality, and must delete it when (a) the End User revokes your Application's authorization, (b) the End User requests deletion, (c) the data is no longer needed for the disclosed purpose, or (d) Attendium terminates your access. Deletion in each case must be completed within 30 days of the triggering event. For Authorized Data relating to End Users who have had no interaction with your Application for twelve (12) consecutive months, deletion is required regardless of other retention purposes. On Attendium's written request following termination, you shall certify in writing that all Authorized Data has been deleted.
7.4 No sale. You shall not sell, rent, or share Authorized Data with third parties except as strictly necessary to operate your Application and as disclosed to the End User.
7.5 Sub-processors. You shall maintain a list of sub-processors used in connection with Authorized Data and provide it to Attendium or the relevant End User on reasonable request.
7.6 Transparency. You must publish a clear and accessible privacy policy describing what Authorized Data you access, how you use and retain it, and how End Users can request deletion.
7.7 Processor terms. Where GDPR requires a data processing agreement, the parties will enter into one on reasonable request.
8.1 You must follow industry-standard security practices, including secure storage of OAuth tokens and client secrets, TLS for all communications, and prompt patching of known vulnerabilities.
8.2 You must not store End User Attendium passwords under any circumstances.
8.3 You must notify Attendium at security@attendium.com without undue delay, and no later than 72 hours after becoming aware of any unauthorized access to Authorized Data, OAuth tokens, or client credentials. Notifications must include the nature of the incident, data affected, remediation steps, and a point of contact.
8.4 You must cooperate with Attendium's security investigations and implement reasonable remediation requested by Attendium.
8.5 You shall not make any public statement regarding a security incident affecting the Services without Attendium's prior written consent during any active coordinated-disclosure window. This restriction does not apply to notices you are legally required to issue to regulators or affected data subjects.
9.1 Information shown on the OAuth consent screen must accurately reflect the Application and its Operator. Attendium may, at its discretion, override, modify, or supplement any client-provided metadata shown on the consent screen.
9.2 You must not induce End Users to grant scopes they do not understand or that exceed what the Application needs.
9.3 You must provide End Users with a reasonable way to revoke the Application's access and request data deletion.
Attendium may, at its sole discretion, offer differentiated access tiers with different scopes, rate limits, and consent-screen treatment, and may require identity verification or additional terms as a condition of any access. Attendium may restrict, throttle, mark as unverified, or remove any Application at any time.
11.1 You may not use Attendium trademarks in your Application name, domain name, logos, or in a manner suggesting endorsement, partnership, or affiliation without Attendium's prior written consent.
11.2 Attendium may, but is not obligated to, list your Application's name and logo as an integration in its marketing materials. You may opt out in writing.
11.3 No exclusivity. Attendium makes no commitment of exclusivity and may offer similar integrations, partnerships, or relationships with any party, including your Competitors.
Attendium may add, modify, deprecate, or remove any part of the API at any time, with or without notice. Attendium makes no commitment to backward compatibility, versioning, or migration paths.
Attendium provides no support, no service-level commitments, and no uptime guarantees for the API. Any support, documentation, changelog, or communication provided is at Attendium's discretion and may be reduced or discontinued at any time.
Attendium may introduce or change fees, quotas, or paid tiers at any time. Continued use after a change takes effect constitutes acceptance.
15.1 By you. You may terminate this Agreement at any time by deleting your OAuth clients and ceasing use of the API.
15.2 By Attendium. Attendium may suspend or terminate your access, any Application, or this Agreement at any time, with or without cause and with or without notice, including where Attendium reasonably believes that (a) you have violated this Agreement or the Terms of Service, (b) you are developing, or intend to develop, a product or service that competes with Attendium, (c) your Application poses a security, privacy, or reputational risk, or (d) continued access is inconsistent with Attendium's legal, regulatory, or business interests. Termination under this Section 15.2 shall not require Attendium to disclose or prove the reason for termination.
15.3 Effect. On termination, you must immediately cease use of the API and delete all Authorized Data and Attendium credentials within 30 days. Sections intended by their nature to survive — including those governing prohibited use, data protection, security, confidentiality, feedback, sanctions, disclaimers, liability, and indemnification — survive termination.
Non-public API features, documentation marked confidential, and Attendium business information disclosed to you must be kept confidential and used only to operate your Application under this Agreement.
Any feedback, suggestions, or ideas you provide regarding the Services or API are non-confidential, and Attendium may use them for any purpose without obligation or attribution to you.
You warrant that your use of the Services does not violate applicable sanctions or export control laws (including EU and US regimes), and that you are not a sanctioned person or acting on behalf of one.
The API and Services are provided "as is" and "as available." Attendium disclaims all warranties, express or implied, including merchantability, fitness for a particular purpose, non-infringement, and uninterrupted or error-free operation, to the maximum extent permitted by law.
Outputs generated by AI agents or models interacting with the Services through the API are produced by third-party systems outside Attendium's control. Attendium disclaims all liability for the accuracy, completeness, or appropriateness of such outputs.
20.1 To the maximum extent permitted by law, Attendium's aggregate liability under this Agreement shall not exceed the greater of (a) €1,000 or (b) fees paid by Developer to Attendium in the twelve (12) months preceding the event giving rise to liability.
20.2 Neither party shall be liable for indirect, incidental, consequential, special, or punitive damages, or for loss of profits, revenue, data, or goodwill.
20.3 The limitations in this Section 20 do not apply to (a) gross negligence or wilful misconduct, (b) indemnification obligations under Section 21, (c) breach of Section 16 (Confidentiality) or Section 7 (Data protection), (d) liability to data subjects under GDPR Article 82, or (e) any liability that cannot be limited under applicable Swedish law.
You shall defend, indemnify, and hold harmless Attendium and its affiliates, officers, employees, and agents from any claim, loss, damage, liability, or expense (including reasonable attorneys' fees) arising out of (a) your Application, (b) your breach of this Agreement, (c) your violation of law or third-party rights, or (d) your handling of Authorized Data.
Attendium shall not be liable for any delay or failure to perform caused by events beyond its reasonable control.
23.1 Attendium may modify this Agreement at any time.
23.2 Material changes — those that reduce Developer's rights or expand Developer's obligations in a material way — take effect no earlier than 30 days after Attendium publishes the updated Agreement. Developer is responsible for monitoring https://attendium.com/developer-terms for updates.
23.3 Non-material changes take effect on publication.
23.4 If you do not accept a material change, you must cease use of the API before the effective date.
24.1 This Agreement is governed by the laws of Sweden, excluding conflict-of-laws rules.
24.2 Disputes shall be resolved by the Stockholm District Court as court of first instance.
24.3 Notwithstanding Section 24.2, either party may seek interim or injunctive relief in any court of competent jurisdiction to protect its intellectual property or confidential information.
25.1 Language. The English-language version of this Agreement governs.
25.2 Entire agreement. This Agreement and the Terms of Service constitute the entire agreement between the parties regarding Developer activity.
25.3 Assignment. You may not assign this Agreement without Attendium's consent. Attendium may assign freely in connection with a corporate reorganization, merger, or sale of assets.
25.4 Severability. If any provision is held unenforceable, the remainder continues in effect.
25.5 No waiver. Failure to enforce any provision is not a waiver.
25.6 Notices. Notices to Attendium: legal@attendium.com. Attendium may give notice to Developer by any reasonable means, including publication on the developer portal or email to the address associated with registration or the Operator account.