Terms of Use
Last Updated: February 16, 2026
INTRODUCTION
These Terms of Service (“Terms”) constitute a binding agreement between LLC “INTSURFING” (“the Company”, “we”, “us”, or “our”) and the individual or entity accessing or using our API-based Services (“you” or “the User”). By creating an account, generating an API Key, or submitting any request to our endpoints, you acknowledge that you have read, understood, and agreed to be bound by these Terms.
The Services provide structured technical access to publicly available datasets sourced from official or authoritative sources, as well as non-data technical processing functionalities. We act solely as an infrastructure provider: we standardize, normalize, and deliver publicly accessible datasets through secure API interfaces designed for compliant, professional, and legitimate business use. We do not create, verify, or alter the underlying content of any public record.
These Terms describe the conditions under which you may access and use the Services, the limitations and responsibilities applicable to such use, the rules governing authentication and billing, and the legal framework associated with handling publicly available datasets. If you are accepting these Terms on behalf of a business or organization, you represent that you have full authority to bind that entity to this agreement.
If you do not agree with these Terms, you must discontinue all use of the Services and refrain from accessing any API Keys. Continued use of the Dashboard or the submission of API calls constitutes acceptance of the current version of these Terms and any subsequent modifications.
DEFINITIONS
For the purposes of these Terms of Service, the following terms shall have the meanings set out below. Definitions apply to both the singular and plural and are intended to ensure clarity in technical, legal, and billing matters associated with the use of the Services.
-
“Company”, “we”, “us”, or “our” means LLC “INTSURFING”, a Ukrainian legal entity, and Diia. City resident who develops, operates, and maintains the API infrastructure enabling access to publicly available datasets sourced from official U.S. public records.
-
“Services” means the suite of API endpoints, technical infrastructure, and functionalities provided by the Company, including (a) access to publicly available datasets sourced from official or authoritative sources; and (b) non-data technical processing services, such as parsing, normalization, enrichment, validation, and transformation, and related tooling and interfaces.
-
“User”, “Client”, or “you” means any natural or legal person who creates an account, accepts these Terms of Service, obtains an API Key, and accesses or uses the Services in any capacity.
-
“Dashboard” means the secure web-based interface through which the User manages Account settings, billing, API Keys, and usage information.
-
“Account” means the User’s registered relationship with the Company for access, billing, and administration of the Services.
-
“API Key” means the unique authentication credential issued to the User for accessing the Services. An API Key is considered confidential information and functions as the technical and legal identifier of the User within the system. Each request submitted using an API Key is deemed to be made by the User to whom that key is assigned.
-
“Pay-As-You-Go Model” means a usage-based billing structure under which charges accrue only for executed API calls. The calculation of fees is tied to the number of successful requests and applies regardless of the number of records returned in the response.
-
“Payment Processor” means any third-party payment service provider authorized by the Company to process payments, perform currency conversion, and transfer settlement funds to the Company in connection with the Services.
The Company may engage one or more Payment Processors at its sole discretion. Information regarding supported Payment Processors, if any, may be published on the Website or in the Documentation and may be updated from time to time without amending these Terms.
-
“Data” means information accessed, processed, or delivered through the Services that originates from publicly available sources, including but not limited to governmental, administrative, regulatory, or other lawfully published public information, which may include justice, civil, administrative, or other public records, depending on the specific API.
-
“Effective Date” means the date on which the current version of these Terms of Service becomes operative. Each version is assigned a unique timestamp for audit and compliance tracking.
-
“Documentation” means all publicly available technical materials describing how the Services operate, including API schemas, endpoint descriptions, rate limits, usage examples, and integration guidelines as published by the Company.
-
“Confidential Information” means any non-public information disclosed by one party to the other in connection with the Services, including API Keys, billing information, usage patterns, or internal system behavior. Publicly available Data retrieved through the API does not constitute Confidential Information.
-
“Applicable Law” means all laws, regulations, and binding legal requirements applicable to the use of the Services, as determined by the User’s location, the nature of the Services used, and the applicable regulatory framework. Applicable Law may include, where relevant, Ukrainian law (as the governing law of these Terms), U.S. federal and state laws governing access to and use of publicly available data, and applicable data protection and privacy laws, such as the GDPR and the CCPA, to the extent they apply to the User or the Services.
DESCRIPTION OF THE SERVICES
-
Scope of the Services. The Company grants the User a limited, revocable, non-exclusive, and non-transferable right to access and use the Services via API interfaces for lawful business purposes.
The Services may include both (a) access to publicly available datasets sourced from official or authoritative sources, and (b) non-data technical processing functionalities, such as parsing, normalization, enrichment, validation, transformation, and other data-processing or analytical services.
The specific scope, functionality, data categories, and technical characteristics of each Service or API endpoint are described in the applicable Documentation and may vary depending on the Service used.
-
Nature of Public Data. The Services provide technical access to information that is lawfully published and made publicly available by competent authorities or other lawful public sources. The specific type, jurisdiction, and scope of Data may vary depending on the API and applicable Documentation.
-
No Transfer of Intellectual Property. All right, title, and interest in and to the Services, including the API, Dashboard, underlying systems, documentation, and all related intellectual property, remain exclusively with the Company. Access to Data does not grant ownership or intellectual-property rights of any kind.
-
Permitted Use. The Services may be used solely for lawful, legitimate business purposes consistent with the nature of public records. All use of the Services is further governed by the Acceptable Use Policy outlined in Section 6, which forms an integral part of these Terms.
-
Prohibited Use. The User must not rely on the Services for any purpose regulated under the Fair Credit Reporting Act (FCRA) or for decisions relating to employment, housing, insurance, credit, government benefits, or any other regulated sector. The Services must not be used to generate, contribute to, or support any regulated “consumer report.”
-
Commercial Model. The Services are provided on a Pay-As-You-Go basis. A valid payment method is required to maintain continuous access. Charges apply per successfully processed API call, regardless of the results returned, including parsed, normalized, informational, or empty responses.
-
Modification of the Services. The Company may modify, enhance, limit, or discontinue any component of the Services to maintain operational stability, comply with legal requirements, or improve functionality. Such changes do not constitute a breach of these Terms.
-
No Relationship with Data Subjects. Individuals whose information appears in public records accessed through the Services are not users of the Services and have no contractual, legal, fiduciary, or other relationship with the Company. The Company owes no duty of care, obligation, or responsibility to such individuals arising from the availability, processing, or delivery of public record information.
-
No Professional or Investigative Services. The Services do not constitute professional due diligence, investigative, verification, screening, or background-check services of any kind. The Company does not validate identities, confirm factual accuracy, or provide conclusions, recommendations, or assessments regarding any individual, record, or dataset.
ACCOUNT REGISTRATION AND MANAGEMENT
-
Account Creation. To access the Services, the User must create an Account through the Dashboard and provide accurate, complete, and up-to-date information, including full legal name and a valid email address. The email address serves as the primary identifier of the Account and cannot be changed after registration. The User represents and warrants that all information submitted during registration is truthful and lawful.
-
Responsibility for Credentials. The User is solely responsible for safeguarding their login credentials and API Key(s). Any action performed through the User’s Account or API Key, whether authorized or unauthorized shall be deemed an action of the User. The Company shall not be liable for any loss, misuse, or unauthorized access arising from the User’s failure to protect their password, API Key, or local security environment.
-
Updating Account Information. The Dashboard allows the User to modify their first name, last name, and password at any time. Changes do not take effect unless explicitly confirmed through the “Update” action. The system does not auto-save modifications; unconfirmed changes are discarded.
-
Optional Telephone Number. The Services do not require a phone number. If voluntarily provided, the number may be used solely for communication related to support or security verification. The absence of a phone number does not affect functionality or access to the Services.
-
API Key Issuance and Lifecycle. Upon acceptance of these Terms, the Company automatically issues an API Key to the User. The User may view, revoke, regenerate, or deactivate their API Key within the Dashboard. Regenerating an API Key immediately invalidates all previous keys and may disrupt active integrations.
Revocation or deactivation of an API Key may result in immediate final billing for all recorded usage accrued prior to such revocation or deactivation, where no other active Services remain associated with the Account.
-
Restrictions on Sharing and Disclosure. An API Key is issued for the User’s exclusive use. The User must not: share, sublicense, resell, or transfer any API Key; embed an API Key in client-side or publicly accessible code; expose an API Key through repositories, logs, screenshot uploads, support tickets, or third-party systems.
Any detection of API Key sharing, exposure, or unauthorized use may result in immediate suspension under Section 4.7, without liability to the User.
-
Local Security Obligations. The User must implement reasonable and industry-standard security measures to protect their development, staging, and production environments, including but not limited to: secure storage of API Keys, restricted developer access, encrypted configuration vaults, version-control hygiene, and timely rotation of compromised credentials.
The User must notify the Company immediately if they suspect unauthorized access, misuse of their credentials, or compromise of their API Key.
-
Account Suspension and Reinstatement. The Company may suspend Account access, without prior notice, if: an API Key is compromised or suspected of compromise; the User engages in activity violating these Terms or Applicable Law; suspicious or abusive request patterns are detected; the User fails to maintain a valid payment method; required communications are unanswered or administrative issues remain unresolved.
Reinstatement of the Account is at the sole discretion of the Company and may require additional verification, updated credentials, or satisfaction of outstanding billing obligations.
ACCESS TO API SERVICES
-
Authentication Requirements. Access to the Services requires a valid, active API Key. Each API request must include the API Key in the designated authentication header. Requests submitted without proper authentication, with expired or revoked API Keys, or via deprecated methods will be rejected. The User is responsible for ensuring that API Keys are securely integrated and not exposed in client-side environments, public repositories, shared logs, or unsecured configurations.
-
Technical Limits and Rate Controls. Technical limits, including request rates, record limits per request, response times, and other performance characteristics, vary depending on the specific API, usage plan, and applicable Documentation.
The Company may establish, modify, or enforce technical limits at any time to maintain platform stability, ensure equitable access, and prevent abuse.
-
Availability and Operational Stability. The Services are provided on an “as-available” basis. While the Company implements robust infrastructure, redundancy, and monitoring, uninterrupted availability is not guaranteed. Temporary delays, interruptions, throttling, or maintenance windows may occur due to infrastructure updates, system load, public-record source changes, cloud service disruptions, or other external factors.
The Company may temporarily throttle or delay request processing to preserve overall system stability.
-
API Key Regeneration, Revocation, and Expiry. The User may regenerate their API Key at any time via the Dashboard. Regeneration immediately invalidates all previous keys. The Company may revoke or invalidate an API Key, in whole or in part, if: suspicious activity is detected; abuse or misuse is identified; security risks or anomalies arise; the User fails to comply with these Terms or Applicable Law; or access must be restricted for operational or legal reasons. Revocation may occur without prior notice.
-
Geographic, Regulatory, and Legal Restrictions. The Company may restrict or deny access to the Services from jurisdictions where the retrieval, use, or dissemination of publicly available data or technical processing services is limited, prohibited, or inconsistent with Applicable Law.
Where specific datasets or API endpoints are subject to additional legal or regulatory requirements (including, where applicable, rules governing the dissemination of certain categories of public-record information), the Company may impose additional access restrictions to ensure compliance with such requirements.
The User is solely responsible for ensuring that their use of the Services is lawful in their applicable jurisdiction.
-
Automated Monitoring and Abuse Detection. The Company utilizes automated and manual monitoring to detect abnormal request patterns, high-volume enumeration, scraping activity, data harvesting, unusual concurrency, rotating tokens, or any behavior inconsistent with legitimate use. Detection of such activity may trigger rate limiting, throttling, API Key revocation, or account suspension as described in Section 3.8.
-
Temporary Suspension for Security or System Protection. The Company may temporarily suspend, restrict, or limit access to the Services if necessary to: protect system security or infrastructure; respond to suspected or actual misuse; comply with legal requests or obligations; prevent degradation of service for other Users; respond to inconsistencies or changes in upstream public-record sources.
Such suspension may occur immediately, without prior notice, and without liability to the User.
BILLING AND PAYMENTS
-
Billing Model. The Services operate on a Pay-As-You-Go billing model. Charges apply solely for successfully processed API calls.
An API call is deemed successful when the Company accepts the request, processes the input, and returns a response without a system error, irrespective of the content, completeness, or outcome of the response, including parsed data, normalized output, informational responses, or empty results.
A valid payment method must be maintained at all times to ensure uninterrupted access to the Services.
-
Free Request Allowance. Certain APIs may include a limited number of free requests per billing cycle, as specified in the applicable Documentation. Any such free request allowance resets at the beginning of each new billing period, does not constitute a trial period, and is provided at the Company’s discretion.
Usage exceeding the applicable free request allowance is subject to standard usage-based charges under the Pay-As-You-Go billing model.
-
Payment Processing. All payments for the Services are processed exclusively through third-party Payment Processors, which perform payment authorization, processing, and, where applicable, currency conversion into the Company’s settlement currency prior to settlement.
The Company does not receive, store, or process card numbers or other sensitive payment information. Such information is handled solely by the applicable Payment Processor in accordance with its own terms, security standards, and PCI-DSS requirements.
Payment processing is governed solely by Payment ProcessingPCI-DSS obligations, terms, and internal authentication procedures. The Company bears no responsibility for: card verification procedures; 3D Secure flows; AML/KYC requirements imposed by Hutko; chargeback rules or dispute deadlines; restrictions imposed by banks or issuing institutions.
-
Payment Method Requirements. To maintain continuous access to the Services, the User must: provide a valid payment card supported by Hutko; ensure sufficient funds are available; ensure the card remains active and unexpired.
During account registration or prior to issuing an API Key, the Company may perform a temporary authorization charge (e.g., USD 1.00) to verify the validity and ownership of the User’s payment method. Such authorization is not a fee, is not retained by the Company, and is automatically released by the payment processor.
Failure to maintain a valid payment method may result in immediate suspension under Section 3.8.
-
Billing Cycles and Automatic Charges. Charges are applied automatically based on recorded usage under the Pay-As-You-Go billing model.
Such charges may be billed at periodic intervals determined by the Company, or upon revocation or deactivation of an API Key, deactivation or termination of the Account, removal or failure of a payment method, or suspension or termination of the Services, as applicable.
The User authorizes the Company to initiate such charges automatically without additional approval.
-
Invoices and Records. The Dashboard maintains a complete and immutable archive of all invoices generated in connection with the Services. Invoices include usage metrics, applicable charges, total amounts due or paid, and timestamps of billing events.
Invoices cannot be retroactively edited, modified, or deleted.
-
Taxes and Bank Fees. The User is responsible for all applicable taxes, duties, levies, currency conversion fees, and bank charges associated with their payment method.
The Company does not reimburse bank commissions, exchange-rate differences, or fees imposed by financial institutions.
-
Billing Disputes. The User must report any billing-related issues within seven (7) calendar days of invoice issuance. Failure to dispute within this period constitutes irrevocable acceptance of the invoice.
A billing dispute does not suspend the User’s obligation to pay undisputed amounts.
-
Refunds. Refunds are issued only where the Company determines, in its sole discretion, that a charge resulted from a verified and reproducible service malfunction attributable to the Company. Refunds are not provided for: User errors; integration mistakes; invalid or malformed requests; downtime caused by third parties; periods of throttling or rate limiting; or changes in public-record availability or content.
Refunds are issued only where the Company determines, in its sole discretion, that a charge resulted from a verified and reproducible service malfunction attributable to the Company. Refund decisions are final and non-negotiable.
-
Non-Payment and Collection. If a payment attempt fails, the Company may: retry the payment method, request an updated card, suspend API access, or terminate the Account.
If outstanding amounts remain unpaid, the Company reserves the right to engage collection procedures or legal action. The User shall be liable for all associated costs, fees, and expenses, including attorneys’ fees.
-
Payment Services. To enable payment for access to and use of the Services, the Company utilizes one or more third-party Payment Processors that allow Users to pay usage-based fees and other applicable charges associated with the Services. As of the Effective Date, the Company supports the following Payment Services: (a) Fondy (https://fondy.ua); and (b) Hutko (https://hutko.org).
Each Payment Service is operated by an independent third-party payment service provider and is subject to such provider’s own terms, conditions, privacy policies, and compliance requirements. The Company does not control, and is not responsible for, the policies, operations, availability, or actions of any Payment Service provider.
The availability, functionality, and conditions of a particular Payment Service may vary depending on the User’s location, account configuration, currency, regulatory requirements, or other operational factors.
The Company may, at its discretion, add, remove, replace, or modify any Payment Service without amending these Terms, provided that at least one reasonable method of payment remains available to the User.
ACCEPTABLE USE POLICY
The User must use the Services responsibly, ethically, and strictly in accordance with Applicable Law. This Acceptable Use Policy (“AUP”) forms an integral part of these Terms and applies to all access to, and use of, the Services.
-
General Principles. The Services provide access to publicly available data and technical processing functionalities for legitimate and lawful business purposes only.
The User must not misuse the Services, interfere with or disrupt the Company’s systems, violate Applicable Law, applicable data dissemination rules, or use the Services in any manner contrary to these Terms.
The User is solely responsible for the legality of their downstream use of the Services and any data or outputs obtained through the Services.
-
Prohibited Uses. The User must not use the Services, Data, Dashboard, or any API Key for any of the following:
-
Fair Credit Reporting Act (FCRA) Uses. The Services may not be used to create, contribute to, or support: employment eligibility decisions, tenant screening, creditworthiness assessments, insurance underwriting, government benefit determinations, or any regulated “consumer report.” Any FCRA-related use is strictly prohibited.
-
Harassment, Discrimination, or Abuse. The User must not use the Data to: harass, intimidate, threaten, or target any individual; discriminate based on race, nationality, religion, gender, disability, or any protected class; shame, stalk, or expose individuals for personal, political, or ideological purposes.
-
Commercial Republishing or Data Harvesting. The User must not: resell, redistribute, publish, or repackage the Data; build competing services or datasets using the Data; use the API for bulk extraction, scraping, or enumerating entire jurisdictions; create derivative datasets intended for resale or redistribution. Public records accessed through the Services cannot be republished in bulk or commercialized.
-
Security Violations and Technical Misuse. The User must not: share, expose, or embed API Keys in public repositories; rotate accounts or tokens to bypass technical limits; simulate or spoof traffic, identities, or systems; interfere with rate limits or circumvent API restrictions; use bots, traffic generators, or distributed infrastructure to overload endpoints; attempt to access systems or data outside the permitted scope.
-
Unlawful or Unauthorized Purposes. The User must not use the Services for: unauthorized surveillance, social-media doxxing, law-enforcement impersonation, hacking or cyber operations, extracting private or sealed data, any breach of Applicable Law.
-
-
Permitted Uses. The Services may be used for: internal analytics and research; risk mapping, modeling, and data enrichment; compliance workflows not regulated under FCRA; due diligence workflows that rely solely on public records; software integrations for lawful business operations; generating internal insights based on publicly available information.
Permitted uses do not override any prohibition listed in this Section.
-
State-Level Dissemination Restrictions. The User acknowledges that U.S. states may impose differing legal rules governing how publicly available records may be accessed, displayed, redistributed, updated, or removed, including variations in update frequency, retention periods, redaction requirements, and expungement or sealing rules.
Where applicable, such restrictions may also apply to specific categories of criminal-justice-related public information. The User must comply with all state-level dissemination rules relevant to their use of the Data.
The Company may restrict, modify, or limit access to certain Services or data categories as necessary to comply with applicable state requirements.
-
Security Responsibilities. The User must implement industry-standard technical safeguards to protect their systems, including: secure storage of API Keys; prevention of unauthorized access; encryption of sensitive environments; prompt rotation of compromised credentials; monitoring and logging of internal API usage.
The User is solely responsible for the cybersecurity of any system that sends requests to the Company’s API.
-
Enforcement and Consequences. The Company may take any of the following actions, at its sole discretion, upon detecting or suspecting a violation of this AUP: immediate suspension of API access, revocation of API Keys, temporary or permanent account termination, reporting unlawful activity to relevant authorities, preservation or disclosure of logs for investigation or legal compliance.
Suspension or termination under this Section may occur immediately and without liability to the User.
-
The Services are not available to individuals, residents, citizens, entities, or organizations located in, incorporated in, or operating under the laws of the Russian Federation or the Republic of Belarus. The Company may suspend or terminate access immediately upon detecting a violation of this restriction.
DATA ORIGINS AND LEGAL BASIS
-
Public Record Sources Only. The Data accessible through the Services originates exclusively from publicly available sources that are lawfully published and accessible under applicable law. The Services may aggregate, process, or structure public information from different jurisdictions and subject matters, depending on the specific API and the applicable Documentation.
Such sources may including, by way of example and without limitation, publicly available governmental or administrative publications, such as state or federal registries, court records, regulatory notices, and other public records made available by competent authorities for public access, including, where applicable, certain categories of criminal-justice-related public information.
The Company does not obtain, purchase, license, collect, or scrape any non-public, sealed, restricted, proprietary, or commercially confidential databases.
-
No Private, Sealed, or Restricted Data. The Company does not access private, paid, sealed, restricted, or non-public databases, including law-enforcement back-office systems, systems requiring warrants, subpoenas, or exceptional credentials, or commercial datasets that aggregate non-public information.
The Services are strictly limited to information already released to the general public by competent authorities.
-
Nature, Variability, and Accuracy of Public Records. Nature, Variability, and Accuracy of Public Records. Public records, including publicly available datasets released by governmental or administrative authorities, inherently vary by jurisdiction, source, and agency in completeness, scope, update frequency, accuracy, formatting, structure, and availability.
The Company does not modify the substance of any record. Any formatting, normalization, or structuring performed by the Company is technical and does not alter the legal meaning of the underlying information. The Data is provided strictly “as-is” and “as available”.
-
Company’s Role in Data Processing. The Company functions solely as a technical intermediary, standardizing and delivering publicly available data and technical processing outputs through API interfaces.
The Company does not verify identities or data accuracy; evaluate individual profiles or histories; provide risk assessments, compliance determinations, or eligibility decisions for employment, housing, insurance, credit, or government programs; or interpret, classify, or provide legal conclusions regarding any data.
All conclusions, decisions, or actions taken by the User based on the Services are solely at the User’s own discretion and responsibility.
-
Legal Basis for Processing (GDPR, CCPA, International). Where Data constitutes “personal data” under applicable privacy laws, the Company relies on the following legal bases:
-
GDPR - Legitimate Interest (Art. 6(1)(f)). The processing is necessary to provide technical access to information that is already publicly accessible and lawfully published by authorities.
-
GDPR - Publicly Available Information Exception. The Data originates from sources expressly intended for public access under law.
-
CCPA - “Business Purpose”. Processing is limited to operational business purposes relating to access to public records.
-
Allocation of Roles (Critical Legal Clarification). For GDPR and similar frameworks: The User acts as the data controller of any personal data obtained through the Services. The Company acts solely as a technical processor/intermediary, facilitating access to publicly available information.
-
-
Compliance with Dissemination Laws. The User is solely responsible for: determining the lawfulness of their downstream processing, understanding state-specific dissemination rules, complying with federal, state, and international privacy frameworks, respecting restrictions on republication, aggregation, redistribution, or removal of public records.
The Company may restrict, suspend, modify, or revoke access if required to comply with changing disclosure rules or legal obligations.
-
No Guarantee of Continuity, Completeness, or Availability. Because publicly available records may be revised, corrected, removed, sealed, restricted, or unpublished by competent authorities at any time, the Company does not guarantee that any Data will remain available in the future, that the Data is complete or up to date, or that all jurisdictions publish information with the same frequency, scope, or level of detail.
This applies, where relevant, to all categories of publicly available data, including public-record or criminal-justice-related information, if and to the extent such data is made publicly accessible by the originating authorities.
The Company’s role is limited to technically retrieving and transmitting information that is publicly available at the time of the User’s request.
-
No Obligation to Update or Correct Data. The Company has no obligation to monitor, update, correct, refresh, or otherwise maintain the accuracy, completeness, or timeliness of any Data after it has been retrieved from public sources. Any updates, corrections, sealing, expungement, removal, or modification of public records are determined exclusively by the originating governmental authorities and are outside the Company’s control.
DATA STORAGE AND SECURITY
-
Hosting and Cloud Infrastructure. Hosting and Cloud Infrastructure. All components of the Services are hosted on Amazon Web Services (AWS) using industry-standard cloud infrastructure.
The Company selects AWS regions and resources appropriate for hosting publicly available data, service-related data, technical processing outputs, system metadata, and logs. The Company maintains full administrative control over its cloud environment and implements strict role-based access controls to minimize exposure and ensure operational integrity.
The Company does not store or process sensitive payment information. Payment data is handled exclusively by third-party Payment Processors in accordance with their applicable security standards and compliance requirements.
-
Encryption and Data Protection. The Company employs multiple layers of security controls, including:
-
Encryption at Rest: All stored Data, logs, and system metadata are encrypted using AWS-managed or equivalent secure encryption mechanisms.
-
Encryption in Transit: All communication between the User’s systems and the Services occurs through secure HTTPS/TLS channels.
-
IAM and Access Controls: Access to operational systems is restricted using least-privilege principles, multi-factor authentication, and continuous audit logging.
The Company regularly updates and reviews access rights to ensure adherence to internal and industry-standard security practices.
-
-
API Logs, Monitoring, and Retention. The Company maintains API request logs for security monitoring, billing accuracy, diagnostics, and abuse detection. Such logs may include: request timestamps, endpoint identifiers, rate-limit interactions, API Key metadata, performance metrics and error details.
API logs do not include the User’s internal data unrelated to API interactions, nor are logs used for user profiling, behavioral analytics, or any purpose beyond operational needs.
Retention periods follow the Company’s internal data-retention schedule and may be extended only where required to meet legal obligations or investigate security incidents.
-
User Account Data Stored in the Dashboard. The Dashboard stores only the minimum internal data necessary to operate the Services. Certain technical identifiers or payment-related tokens may be stored internally for operational purposes and are not exposed or displayed to the User.
The Company does not store plaintext passwords or card numbers. Passwords are hashed using industry-standard algorithms.
-
Internal Access, Personnel Controls, and Confidentiality. Access to production infrastructure, code repositories, logs, and operational tools is strictly limited to authorized personnel whose roles require it. All employees and contractors are bound by confidentiality obligations and are required to comply with internal security procedures.
Administrative access requires multi-factor authentication. Permissions are reviewed periodically and revoked upon role changes or termination.
-
Security Monitoring, Incident Detection, and Response. The Company maintains technical and procedural controls to identify and respond to potential security incidents, including: automated anomaly detection, alerting on suspicious API activity, investigation of irregular request patterns, triage and escalation procedures, containment and remediation measures.
In the event of a confirmed security incident involving the Services, the Company will act promptly to mitigate impact and, where legally required, notify affected Users.
-
No Guarantee of Error-Free or Uninterrupted Operation. While the Company employs reputable cloud infrastructure, monitoring, and best-practice security measures, no method of electronic transmission or storage is completely secure or error-free. The User acknowledges that temporary downtime, delays, or security vulnerabilities may occur due to infrastructure conditions, third-party dependencies, or events beyond the Company’s control.
-
User Responsibilities for Local Security. The security of the User’s systems, devices, networks, and development environments is entirely the User’s responsibility. The User must: store API Keys securely, prevent unauthorized access to their systems, encrypt sensitive environments, use secure configuration management, rotate compromised credentials promptly.
Any breach of the User’s local environment does not constitute a breach of the Company’s systems.
SUPPORT AND COMMUNICATION
-
Support Channels. The Company provides technical and account-related support through the communication channels listed in the Dashboard and on the official website. At a minimum, support is available via email at support@intsurfing.com.
The Company may introduce additional support mechanisms - including a ticketing system, secure messaging interface, or live chat - at its discretion.
-
Scope of Support. Support is limited to matters directly related to Account access and credential management, API availability, errors, performance issues, billing inquiries and invoice clarification, and interpretation of the Documentation and endpoint behavior.
Unless expressly agreed in writing under a separate agreement, the Services and Support do not include custom development, software integration, consulting, or other professional services.
Any custom development, integration, or professional services, if provided, are subject to separate commercial terms and agreements.
Support does not include troubleshooting of the User’s local environment, network, infrastructure, or code.
-
Response Times. The Company aims to respond to support requests within commercially reasonable timeframes, taking into account request volume, severity, and operational conditions. No guaranteed response time or service-level agreement (SLA) applies unless expressly agreed in writing.
-
Official Communications. All official notices regarding these Terms, important service updates, billing matters, or security alerts are sent to the email address associated with the User’s Account. The User is responsible for maintaining an active, monitored, and deliverable email inbox.
The Company is not responsible for communications that are filtered, blocked, delayed, or redirected by the User’s email provider, security systems, spam filters, or technical configuration.
-
Changes to Communication Methods. The Company may update or modify its communication or support procedures at any time to maintain the quality, availability, or security of the Services.
WARRANTIES AND LIABILITY
-
No Warranty on Data Accuracy, Completeness, or Timeliness. The Services provide access to information originating exclusively from official U.S. public justice records, which are created, maintained, and updated by independent governmental authorities.
Because the Company does not control these sources, the Company makes no representation, warranty, or guarantee, whether express or implied, regarding: accuracy, completeness, or correctness of any Data; timeliness or frequency of updates; the legal status of any public record; availability or continued publication of any information; errors, omissions, redactions, or inconsistencies made by state or federal agencies.
All Data is provided strictly on an “as-is”, “as-available”, and “with all faults” basis.
-
No Legal, Regulatory, or Compliance Advice. The Company does not provide: legal advice, background screening services, compliance assessments, identity verification, risk scoring, recommendations regarding Data interpretation.
The User acknowledges that the Services are not designed to satisfy any requirement under the Fair Credit Reporting Act (FCRA) or any equivalent screening regulation. The User must not use the Services for employment, housing, credit, insurance, or benefit determinations.
All decisions made using Data are solely at the User’s own risk and responsibility.
-
No Guarantee of Availability or Performance. The Company does not warrant that the Services will: be uninterrupted or error-free, meet the User’s performance expectations, integrate seamlessly with the User’s environment, function without delays, throttling, or rate limiting, remain compatible with future systems, tools, or platforms.
Temporary unavailability may occur due to maintenance, system load, updates, upstream changes, or external factors beyond the Company’s control.
-
Limitation of Liability. To the fullest extent permitted by Applicable Law:
-
The Company shall not be liable for any: direct, indirect, incidental, punitive, or consequential damages; lost revenue, profits, business opportunities, savings, or goodwill; reputational harm; decisions or actions taken by the User based on Data; loss or corruption of data; integration errors or system failures; delays, outages, or third-party interruptions; unauthorized use of API Keys resulting from the User’s failure to secure their environment.
-
In all cases, the Company’s maximum aggregate liability, whether arising in contract, tort, negligence, strict liability, or otherwise, shall not exceed the total amount paid by the User for the Services in the thirty (30) days immediately preceding the event giving rise to the claim. If no such payments were made, the Company’s liability is zero.
-
This limitation applies regardless of: the number of claims, form of action, theory of liability, foreseeability of damages.
-
-
Allocation of Risk. The User agrees that the limitations set forth in this Section reflect a fair and reasonable allocation of risk, taking into account: the nature of public data, the variability and imperfection of public records, the technical model of the Services, the pricing structure, the fact that the Company does not create or verify the underlying information.
The User acknowledges that these limitations are essential terms of the Agreement.
-
Indemnification by the User. The User shall defend, indemnify, and hold harmless the Company and its directors, officers, employees, contractors, and affiliates from and against any and all claims, liabilities, losses, damages, costs, or expenses (including attorneys’ fees) arising out of or relating to:
- the User’s misuse of the Services or Data; violation of these Terms or Applicable Law; unlawful, discriminatory, or harmful downstream use of Data; publication, redistribution, or commercialization of Data; failure to implement adequate security measures to protect API Keys; use of the Data in any FCRA-regulated or otherwise prohibited context; breach of intellectual-property, privacy, or confidentiality obligations.
This obligation survives termination of the User’s Account.
-
External Dependencies and Upstream Data Sources. The Company is not responsible for downtime, latency, inaccuracy, or disruption caused by:
- AWS or other cloud infrastructure providers, Hutko or other payment processors, state/federal agencies modifying or removing public records, internet service outages, routing failures, or DDoS attacks, acts of government, courts, or law enforcement, third-party integrations or systems used by the User, or force-majeure events.
The User acknowledges that any change in upstream public records may directly affect the availability, consistency, or content of the Data retrieved via the Services.
-
No Duty to Investigate or Resolve Complaint. The Company has no duty to investigate, verify, resolve, adjudicate, or respond to complaints, disputes, or claims regarding the accuracy, legality, relevance, or impact of any public record Data. Any such complaints or disputes must be addressed directly with the governmental authority or court responsible for the publication or maintenance of the relevant record.
GOVERNING LAW AND DISPUTE RESOLUTION
-
Governing Law. These Terms, and any dispute, claim, or controversy arising out of or relating to them or to the Services, shall be governed exclusively by the laws of Ukraine, excluding its conflict-of-laws rules, and the United Nations Convention on Contracts for the International Sale of Goods (CISG).
The choice of Ukrainian law is a fundamental and essential condition of these Terms.
-
Exclusive Jurisdiction. All disputes arising out of or relating to the Agreement, the Services, the Data, the conduct of the parties, or the interpretation or enforcement of these Terms shall be resolved exclusively by the competent courts of Kyiv, Ukraine.
The User irrevocably: submits to the personal jurisdiction of such courts, waives any objection based on inconvenient forum, lack of jurisdiction, or international venue concerns.
-
Pre-Litigation Good-Faith Negotiation. Before initiating any legal proceedings, the parties shall attempt in good faith to resolve the dispute through informal written communication. A party may initiate negotiation by delivering written notice to the other party describing the nature of the dispute.
If the parties cannot resolve the matter within thirty (30) days, either party may proceed with legal action under this Section.
-
Injunctive and Equitable Relief. Nothing in these Terms prevents the Company from seeking immediate equitable relief, including temporary restraining orders or injunctions, in any jurisdiction, if necessary to:
-
prevent misuse or unauthorized disclosure of the Services, Data, API Keys, or Confidential Information;
-
stop ongoing or imminent violations of these Terms;
-
protect intellectual property rights or the security of systems;
-
enforce restrictions under the Acceptable Use Policy.
The User agrees that monetary damages may be insufficient to remedy breach of obligations relating to security, confidentiality, or unlawful use.
-
-
No Class Actions. To the fullest extent permitted by law, the User agrees that: all disputes shall be brought solely in the User’s individual capacity, and the User shall not participate in any class action, class arbitration, collective proceeding, private attorney-general action, or any representative action.
Any claim filed in violation of this provision shall be subject to dismissal.
-
International Users. Users accessing the Services from outside Ukraine acknowledge and agree that:
-
Ukrainian law governs this Agreement regardless of their country of residence;
-
Kyiv courts have exclusive jurisdiction;
-
the Company is not subject to the laws of the User’s country solely by virtue of providing access to publicly available U.S. justice information;
-
no foreign consumer protection statute, data localization rule, or extraterritorial regulation shall override the governing-law selection unless mandatory and non-waivable under international law.
-
-
Time Limit to Bring a Claim. Any claim arising from or related to the Services must be brought within one (1) year from the date the cause of action arose. After this period, such claim is permanently barred.
This limitation is critical to allocation of risk and pricing of the Services.
CHANGES TO THESE TERMS
-
Right to Modify the Terms. The Company may amend, update, or modify these Terms at any time to reflect changes in the Services, Applicable Law, operational requirements, or business practices. All modifications are made at the Company’s sole discretion.
-
Publication and Effective Date. Each updated version of the Terms will be published on the Company’s official website and assigned a new Effective Date and version number. The updated Terms become legally binding on the Effective Date indicated at the top of the document.
No modification to these Terms shall be effective unless published in accordance with this Section.
-
Notification of Material Changes. If the Company makes changes that materially affect the User’s rights or obligations, the Company may, at its discretion, provide notice via: email to the address associated with the User’s Account, or a notification displayed in the Dashboard.
The Company is not required to provide individualized notice for administrative, technical, non-material, or clarifying updates.
-
Continued Use Constitutes Acceptance. By continuing to access the Dashboard, maintain an active Account, submit API calls, or use any part of the Services after the updated Terms become effective, the User automatically accepts the revised Terms.
If the User does not agree to the updated Terms, the User must: discontinue all use of the Services, revoke their API Key(s), and deactivate their Account before the Effective Date.
Failure to take these actions constitutes acceptance of the updated Terms.
-
Archival and Versioning. For regulatory, audit, and compliance purposes, the Company maintains an internal archive of previous versions of the Terms, each with an associated timestamp and period of enforceability.
Archived versions may be provided upon written request, subject to verification of identity and legal purpose.
MISCELLANEOUS
-
Severability. If any provision of these Terms is held to be invalid, unlawful, or unenforceable, such provision shall be enforced to the maximum extent permitted by law, and the remaining provisions shall remain in full force and effect without limitation.
-
No Waiver. No failure or delay by the Company in exercising any right, power, or remedy under these Terms shall operate as a waiver of such right. A waiver is valid only if provided in a written instrument executed by the Company.
-
Entire Agreement. These Terms constitute the entire agreement between the parties with respect to the Services and supersede all prior and contemporaneous agreements, proposals, negotiations, representations, and communications, whether written or oral.
No statement, promise, or representation not expressly included in these Terms is binding.
-
Assignment. The Company may assign or transfer its rights or obligations under these Terms, in whole or in part, without requiring the User’s consent, including in connection with a merger, acquisition, corporate restructuring, or transfer of assets.
The User may not assign, transfer, or delegate any rights or obligations under these Terms without the Company’s prior written consent. Any attempted assignment in violation of this provision is void.
-
Independent Contractors. The parties are independent contractors. These Terms do not create any partnership, joint venture, employment, fiduciary, agency, or franchise relationship.
The User has no authority to bind the Company in any manner.
-
Force Majeure. The Company shall not be liable for any failure or delay in performing its obligations resulting from events beyond reasonable control, including: natural disasters, war, civil unrest, acts of government or law enforcement, internet or telecom failures, cloud infrastructure outages, strikes or labor disputes, pandemics, or any other event qualifying as force majeure under Applicable Law.
During such events, obligations remain suspended until performance becomes feasible.
-
Interpretation. Headings, titles, and section labels are provided for convenience only and do not affect the interpretation of these Terms.
References to “including” or “include” mean “including without limitation.”
-
Survival. The following provisions survive termination or expiration of the Agreement: Confidentiality (Section 1.12), Acceptable Use Policy (Section 6), Data Origin & Responsibilities (Section 7), Security (Section 8), Liability & Indemnification (Section 10), Governing Law (Section 11). Any payment obligations accrued prior to termination. These obligations continue indefinitely to the extent permitted by law.
-
Notices. All notices under these Terms must be sent in writing to the official email address provided in Section 12. Notices are deemed delivered when: sent by email with no bounce or delivery failure within 24 hours; posted in the Dashboard or on the official website (for general notices).
The User is responsible for maintaining a valid and monitored email address.
-
Third-Party Beneficiaries. Except as expressly stated, these Terms do not grant rights to any third party. Affiliates, directors, and employees of the Company may enforce rights relating to liability protections and indemnification.
-
Export Compliance. The User must comply with all applicable export-control, sanctions, and trade-compliance laws. The Services may not be used in, or exported to, jurisdictions subject to comprehensive sanctions.
COMPANY DETAILS
LLC “INTSURFING”
A Ukrainian legal entity and Diia.City resident
Registered Address: 10 Sums’ka St., Krasnopillya, Sums’ka oblast’,
42400, Ukraine
USREOU Code: 41038512
IBAN: UA943052990000026000005202077
Bank: JSC CB “PRIVATBANK”, 1D HRUSHEVSKOHO STR., KYIV, 01001, UKRAINE
Email (official correspondence):
contact@intsurfing.com
Support Email:
support@intsurfing.com
Website:
https://www.api.intsurfing.com/
Director (CEO): E.A. Sitailo