Legal.

Terms of service

These terms govern access to the GetProductData API, the Dictionary, the dashboard, and this site (together, the service), operated by GetProductData (we). The service is offered to businesses and professionals only; it is not a consumer offering. By creating an account or using a key you accept these terms on behalf of the organization you name.

1. The service

The service provides programmatic access to canonical product data: resolution of product identifiers, product dossiers with provenance, search, comparison, distributions, and research ingestions. The API is versioned by date; within a pinned version, request and response shapes do not change for the life of that version. The vocabulary (the schema) evolves additively through dated releases and never breaks a pinned reader.

2. Accounts, keys, eligibility

2.1 Keys are issued to organizations and to working developers acting for one. 2.2 One organization, one ledger, one truthful name; routing traffic through affiliate or shell accounts to multiply limits voids every key involved. 2.3 You confirm you are at least 18 and authorized to bind the organization you name. 2.4 We cannot serve persons or entities under applicable sanctions regimes (EU, UN, OFAC) or in territories under embargo. 2.5 Keys are secrets: you are responsible for traffic signed with your keys until you revoke them, which takes effect globally within one minute.

3. Credits, billing, limits

3.1 Usage is metered in credits; the price list is on the pricing page and in the dashboard, stated as numbers. 3.2 Synchronous calls decrement on execution; research jobs reserve their tier price and settle to actual cost on completion, refunding the difference. A failed job refunds all but a stated floor. 3.3 Rate limits are enforced per key and per plan; a 429 names the exceeded layer and the reset time. Evading limits through key pools breaches section 2.2. 3.4 Credit prices may change with 30 days notice; pinned API versions never change. 3.5 Insufficient balance returns 402 with the price of the attempted call; nothing is silently queued against future payment.

4. Data license

4.1 You may query the data, cache responses for your operational use, display values in your products, and build derived works that add substantial value, with attribution where your medium reasonably allows it. 4.2 You may not re-publish or resell the data or the Dictionary in bulk as a substitute for the service, operate a mirror, or use the data to train a competing canonical product record. Quotation, citation, benchmarking, and journalism are expressly fine. 4.3 Identifiers and facts are not our property and never become anyone's; what you license is the curated record: structure, provenance, statistics, and maintenance.

5. Service levels

Read availability target is 99.9% monthly with p75 latency under 400 milliseconds uncached. A created ingestion always reaches a terminal state; jobs that fail refund per section 3.2. Status, incidents, and historic uptime are published at the status page without cosmetic smoothing. Enterprise agreements may add contractual SLAs; these targets apply to everyone regardless.

6. Honest data, no warranty of facts

Every statement in the record carries an epistemic status, a confidence score, and its sources. We warrant the process (provenance kept, adjudication recorded, corrections shipped), not the truth of third-party claims. Values marked contested or incomplete say so in the payload and must be treated accordingly. Verify independently before relying on a value where reliance could cause damage, regulatory exposure, or safety risk; the API gives you the tools to do exactly that, including confidence floors and the prefer=measured ranking.

7. Liability

For ordinary negligence we are liable only for breach of essential contractual duties and capped at the typical foreseeable damage, not exceeding the credits you purchased in the 12 months before the event. Liability that cannot be excluded by law remains unaffected, including intent, gross negligence, and injury to life, body, or health. No liability is accepted for free-tier use beyond mandatory law. This clause survives termination.

8. Your input

Corrections, contested claims, and evidence you submit may be used to improve the record; you grant us the rights needed to adjudicate and publish the outcome with provenance. We never attribute a correction to you publicly without consent. Feedback on the service itself may be used without restriction or compensation, which is the industry standard sentence and the only one in here.

9. Intellectual property

The service, the site, the Dictionary's curated content, and our marks remain ours; your products and data remain yours. All product names, brand names, marks, and identifiers referenced in the record are the property of their respective owners and appear as factual references without implied affiliation, in either direction. If you believe the record cites your content beyond what evidence law permits, the correction loop at legal@getproductdata.com is faster than a letter.

10. Term and termination

Either side may terminate at any time; prepaid credits beyond the current month are refunded if we terminate without cause. We may suspend keys immediately for breaches of sections 2 or 4 or the acceptable-use policy, with notice and the cited rule. After termination you may export your usage data and stored configuration for 30 days; we delete personal data per the privacy notice and keep what commercial law makes us keep.

11. Changes

We may change these terms with 30 days notice by email to the account address. If a change materially reduces your rights, you may terminate before it takes effect and receive a pro-rata refund of prepaid credits. Continued use after the effective date is acceptance. The changelog of this document is public, like every other changelog we keep.

12. Governing law, venue, form

Governing law and exclusive venue follow the seat of the operating entity and are stated on this page before keys ship; enterprise agreements may elect otherwise in the order form. The CISG is excluded. Should a clause be invalid, the remainder stands; the invalid clause is replaced by what commercially comes closest. Text form satisfies any written-form requirement in these terms.

Acceptable use

Short version: query honestly, attribute reasonably, do not pretend our data has no conditions. The numbered rules cite the Terms section they operationalize and are enforced the way they read.

1. No bulk re-publication. Serving the data back to the public as a dataset, mirror, or competing reference breaches §4.2. Cite the Dictionary instead; canonical URLs are forever and built for linking.
2. No epistemic laundering. Do not strip epistemic status, confidence, or contested flags when displaying values in contexts where the difference matters. A measured value and a manufacturer claim are different things; the payload keeps them apart and so must your UI, where users rely on it.
3. No limit evasion. Key pools, rotating accounts, and synthetic organizations to multiply free tiers breach §2.2 and end accounts retroactively.
4. No scraping the site. Everything on the site is in the API, plus llms.txt and markdown mirrors for machines. Scraping HTML when a documented endpoint exists is unsupported; the mirrors exist so nobody has to. Rate limits apply either way.
5. No prohibited inference. Do not use the data to derive health or safety efficacy claims, demographic attributions, or other inferences our methodology registry forbids; the schema refuses to publish them and so do you, by contract.
6. No sanctioned use. See Terms §2.4. This includes indirect supply through your own customers where you know or should know.
7. Security research is welcome. Good-faith testing within your own account's scope is fine; disclosure goes to the address in security.txt and gets a response from a person within 72 hours. Do not test other tenants; isolation is per organization and we monitor for cross-tenant probes.

Privacy notice

Controller: GetProductData; entity details are published in the imprint below and finalized at incorporation. Reach data protection at privacy@getproductdata.com. This notice covers the site, the dashboard, and the API as a service to business customers. It is written in the same voice as the rest of the site because you are meant to actually read it.

What we process, and why

• Account data. Name, work email, organization, role. Purpose: contract performance, Art. 6(1)(b) GDPR. Kept for the life of the account plus statutory retention.
• Usage metadata. Request id, key id, route, credit cost, latency, and the IP address for security and abuse prevention. Purpose: billing accuracy and platform security, Art. 6(1)(b) and 6(1)(f). Raw access logs are kept 30 days; billing-grade usage events are kept as long as commercial law requires (§257 HGB, §147 AO: up to 10 years).
• Billing data. Processed by Stripe as payment provider; we never see full card numbers. Art. 6(1)(b).
• Release notes. Only with consent, Art. 6(1)(a), revocable in one click. Monthly, plain text, that is all we send.
• Support mail. Kept as correspondence; deleted on request where retention law allows.

What we do not do

The marketing site sets no cookies and runs no third-party trackers, which is why there is no banner; analytics are aggregate and cookieless. The dashboard sets one first-party session cookie, strictly necessary, lifetime 24 hours. We do not sell personal data, we do not profile you, and the research pipeline that builds the record processes product information, not personal data; the schema forbids personal data in dossiers as a validation rule, not a policy hope.

Transfers

Where a processor operates outside the EU/EEA, transfers rest on adequacy decisions or EU standard contractual clauses with documented supplementary measures. Enterprise organizations can pin processing to EU jurisdiction at the account level; the flag is set at organization creation and never silently changed.

Your rights

Access, rectification, erasure, restriction, portability, and objection under Art. 15 to 21 GDPR, exercised by mail to privacy@getproductdata.com; identity verification is proportional, not theatrical. You may complain to the supervisory authority competent for your establishment or ours; the imprint names ours once entity details are final. A data processing agreement per Art. 28 GDPR with the subprocessor list below is part of business accounts and available countersigned.

Subprocessors

The complete list. Changes are announced 30 days ahead by email and in the changelog; objection rights per the DPA. Each entry names what the processor actually touches, because a list without that column is decoration.

Imprint

Legal provider information, maintained like an API surface: complete, versioned, and updated the day anything changes.

Provider

GetProductData.
Legal entity, registered office, registration numbers, and tax identifiers are completed at incorporation and published here before keys ship. This page is versioned; the change will be in the changelog like everything else.

Represented by: the managing directors; names publish with the entity details at incorporation.

Contact

hello@getproductdata.com for everything human, api@getproductdata.com for everything technical, privacy@getproductdata.com for data protection, legal@getproductdata.com for the rest. Mail is answered by people; the median first response is measured and published with the rest of our numbers.

Content responsibility

Responsible for editorial content: the provider, reachable through the addresses above. Product data on this site is published with provenance and epistemic status; corrections enter through the correction loop and ship as webhooks, not silent edits.

Dispute resolution

The service addresses businesses; consumer arbitration boards do not apply, and we do not participate in proceedings before them. The EU online dispute resolution platform exists at ec.europa.eu/consumers/odr for those it covers.