Terms of Service

1Agreement

These Terms of Service ("Terms") govern your access to and use of the Gatefare service ("Service", "Gatefare", "we", "us"). By creating an account, registering an API, or otherwise using the Service, you agree to be bound by these Terms. If you do not agree, you must not use the Service.

Gatefare is a software tool that wraps third-party HTTP APIs with the x402 payment protocol. We do not produce, own, control, endorse, verify, or moderate the responses returned by third-party APIs. We act as a technical intermediary (a payment and proxy facilitator) only.

2Definitions

• Publisher — a user who registers a third-party API on Gatefare.
• Consumer — an end user or application that pays to call a Publisher's API through Gatefare.
• Target API — the upstream HTTP endpoint owned or controlled by the Publisher.
• Proxy URL — the Gatefare-issued URL of the form /p/<slug> that fronts the Target API.
• Content — any data, metadata, responses, descriptions, or materials transmitted through or displayed via the Service.

3Eligibility

You must be at least 18 years old and legally capable of entering into contracts in your jurisdiction. You must not be located in, ordinarily resident in, or a national of any country subject to comprehensive U.S. or EU sanctions, and you must not appear on any government sanctions list (OFAC SDN, EU Consolidated List, UK HMT, UN Security Council).

4Accounts & Security

You are responsible for maintaining the confidentiality of your credentials (email, password, API keys, JWT tokens) and for all activity under your account. Notify us immediately of any unauthorized access. We may suspend or terminate accounts that show signs of compromise, fraud, or abuse.

4.1 Credential custody

The Publisher bears sole responsibility for safeguarding Personal Access Tokens ("PATs"), wallet private keys, session JWTs, 2FA secrets, and 2FA backup codes. Treat each like a password: never commit them to public repositories, paste them into chat, share them with untrusted parties, or store them in plaintext on shared devices.

Gatefare is not liable for losses — including but not limited to unauthorized API modifications, revenue misdirection, payout drainage, data exposure, or service disruption — that result from credentials compromised, shared, or mishandled on the Publisher's side. This includes leaked PATs used by AI agents or automation you operate, and private keys held by third-party custodians you choose.

We provide rotation and revocation tools (dashboard → Settings → Access Tokens, wallet rotation, password change, 2FA reset). Using them to respond to a suspected compromise is your duty, not ours. The sooner you revoke after a suspected leak, the less you lose.

4.2 Autonomous agents

If you grant a software agent (including AI agents) the ability to operate your account via a PAT or wallet key, every action that agent takes is treated as your action for the purposes of this Agreement. Choose the narrowest possible scope for each agent (see Access Tokens → Permissions), and rotate its child tokens on a schedule. Self-minted child tokens cap at 30 days; this is a floor, not a ceiling on your own rotation discipline.

5Publisher Obligations

By registering a Target API, you represent and warrant that:

• You own or have all necessary rights, licenses, and authorizations to expose and monetize the Target API;
• The Target API and all Content returned by it comply with all applicable laws and with our Acceptable Use Policy;
• The API name, description, and metadata you provide are accurate and not misleading;
• You have collected all consents required by applicable privacy law for any personal data processed by the Target API;
• You are solely responsible for the quality, availability, and lawfulness of the Target API and its responses.

5.1 Origin hiding

By registering an API, you acknowledge and authorize Gatefare to hide the Target API URL from Consumers. Gatefare strips identifying response headers (Server, X-Powered-By,Via, forwarding chains), rewrites Location redirects to route back through the Gatefare proxy, and sanitizes cookies that reference the Target host. Gatefare may optionally (at the Publisher's request via the dashboard) rewrite Target-origin URLs within response bodies.

Origin hiding is a feature intended to prevent payment bypass. You agree that the specific URL of your Target API is your own confidential infrastructure and that Gatefare's concealment of it from Consumers is a service you value, not deception. You remain responsible for ensuring your response content itself does not leak your origin (e.g., embedded self-links, pagination URLs). Gatefare offers detection tools to help you audit for such leaks.

5.2 Two-factor authentication

Gatefare offers time-based one-time-password (TOTP) two-factor authentication to all accounts. Enabling 2FA is strongly recommended for Publishers and may be mandatory for accounts that exceed USD $500 cumulative platform earnings (we will give 14 days' notice before enforcing). You can enable, disable, or regenerate backup codes at any time via Dashboard → Settings → Two-factor authentication. Programmatic use of per-API keys for managing a specific API is not subject to 2FA (the API key is itself a credential). Sensitive dashboard actions (changing the Target URL, changing the owner wallet, changing pricing, requesting data export or deletion, or clearing a legal hold) require re-authentication regardless of 2FA status. You are responsible for safeguarding your TOTP secret and any backup recovery codes.

6Payments, Fees & Splits

6.1 Payment flow

Gatefare uses the x402 protocol to collect USDC payments from Consumers on a per-request basis. Every registered API is bound to a non-custodial 0xSplits split contract that atomically routes 90% to the Publisher's wallet and 10% to Gatefare as the platform fee. If a split contract cannot be deployed (e.g. operator wallet is underfunded) registration is rejected — we do not offer a custodial fallback.

6.2 Non-custodial nature

Gatefare never takes custody of Publisher earnings. USDC from Consumer payments lands directly in the split contract on-chain, and is claimable by the Publisher at any time by calling the contract from their own wallet (or via the dashboard's one-click Distribute action). Gas for the distribute transaction is paid by the platform when the accumulated balance exceeds a threshold (currently USD $10); below that threshold the Publisher must pay the (typically sub-cent) gas to self-distribute. Gatefare does not hold, pool, or lend Publisher funds at any point.

6.3 Fees

The current platform fee is 10% of each paid request. We may change fees on 30 days' notice; price changes do not affect requests already paid.

6.4 Chargebacks & refunds

x402 payments are on-chain and irreversible. All payments are final. Gatefare does not process refunds. Disputes about the content of a Target API response must be resolved directly between Consumer and Publisher.

6.5 Taxes

You are solely responsible for determining and paying any taxes arising from your use of the Service, including income, VAT, GST, and sales tax applicable to Publisher earnings.

7Acceptable Use

Your use of the Service is subject to our Acceptable Use Policy, which is incorporated by reference. Violations may result in immediate suspension, removal of listings, termination of account, reversal of pending payouts, and reporting to law enforcement.

8Content Moderation & Suspension

We operate an automated keyword screen at registration and reserve the right to refuse any API. We may, at our sole discretion and without prior notice:

• Suspend or remove any API or account we believe violates these Terms, the AUP, or any law;
• Honor valid law-enforcement requests, court orders, or subpoenas;
• Cooperate with trusted reporters (NCMEC, IWF, Stop NCII, etc.) and remove reported content;
• Freeze pending payouts while investigating reports of abuse or fraud.

Decisions are made in good faith. We are not a court and do not adjudicate commercial disputes between Publishers and Consumers.

8AData Processing, Retention & DPA

8A.1 Data Processing Agreement (DPA)

Where Publisher's Target API processes personal data of Consumers (or any other data subjects) in the scope of the EU/UK GDPR, Publisher is the data controller and Gatefare acts as a data processor under GDPR Art. 28. By accepting these Terms, the parties incorporate the following DPA terms by reference:

• Gatefare processes personal data only on the Publisher's documented instructions (specifically, to relay HTTP requests between Consumer and Target API, to collect x402 payments, and to provide the Service);
• Gatefare ensures personnel with access are bound by confidentiality obligations;
• Gatefare implements appropriate technical and organizational security measures (encryption in transit, access control, audit logging) described at Privacy Policy §Security;
• Gatefare engages sub-processors (Cloudflare for edge delivery, AlexHost for server hosting, Backblaze for backup storage, Resend for transactional email); Publisher authorizes the current list and receives notice of changes via Privacy Policy updates;
• Gatefare will assist the Publisher in responding to data-subject requests (access, rectification, erasure) to the extent technically feasible given the non-custodial, proxy nature of the Service;
• On termination, Gatefare deletes or returns personal data in accordance with retention schedules described in Privacy Policy §Retention, unless legally required to retain (e.g., tax records, sanctions evidence, legal hold).

8A.2 Retention of your records

We retain operational data on a tiered schedule:

• Payment data — already on-chain, publicly available, not held by us (we store only split-address ↔ slug mapping, retained for 7 years for tax / law-enforcement cross-reference);
• Sanctions-screening records — 5 years (OFAC guidance);
• Administrative audit log — 3 years;
• User-action audit log — 1 year;
• Abuse reports (resolved) — 2 years after resolution;
• User PII (email, name) — while account active + 30 days after deletion request;
• Email verification / password reset tokens — 24 hours;
• Server and edge logs — 14 days (server), up to 90 days (CDN edge, per provider policy).

Rows subject to an active legal hold (subpoena, preservation order) are preserved until the hold is cleared, regardless of the above schedule.

8A.3 Your data rights (GDPR / CCPA)

You can:

• Export your personal data — via /api/me/export or request to [email protected];
• Delete your account and associated PII — via /api/me/delete or written request. On-chain records cannot be deleted (blockchains are immutable); off-chain PII is anonymized or removed per retention schedule;
• Rectify inaccurate personal data through dashboard Settings or support request;
• Object or restrict processing — email [email protected], noting that we cannot remove payment records that are publicly on-chain.

8A.4 Legal process & preservation holds

When we receive a valid legal request (subpoena, court order, law-enforcement inquiry, preservation letter), we flag the affected records with a "legal hold" and exempt them from scheduled auto-purge for the duration of the legal process. To submit a legal request or request a copy of our response policy, email [email protected].

9Intellectual Property

Gatefare and its logos, design, and codebase are owned by us or our licensors. You are granted a limited, revocable, non-exclusive license to use the Service as described in these Terms. You retain ownership of any Content you provide or transmit; you grant us a worldwide, royalty-free license to host, transmit, display, and process such Content solely to operate the Service.

10Disclaimers

Payment operations depend on public blockchains, RPC providers, and the x402 facilitator; delays, reorgs, MEV, gas spikes, or consensus failures are outside our control.

11Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, GATEFARE'S TOTAL AGGREGATE LIABILITY FOR ANY CLAIM ARISING OUT OF OR RELATED TO THE SERVICE IS LIMITED TO THE GREATER OF (A) USD $100 OR (B) THE TOTAL PLATFORM FEES YOU PAID US IN THE 90 DAYS PRECEDING THE CLAIM.

IN NO EVENT WILL GATEFARE BE LIABLE FOR INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR LOST PROFITS, LOST REVENUE, LOST DATA, OR BUSINESS INTERRUPTION.

12Indemnification

You agree to indemnify, defend, and hold harmless Gatefare, its affiliates, and their officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising out of: (a) your use of the Service; (b) your Target API and its responses; (c) your breach of these Terms or the AUP; (d) your violation of any third-party right, including intellectual property, privacy, or consumer-protection rights.

13Termination

You may stop using the Service at any time and delete your APIs through the dashboard. We may suspend or terminate your account at any time, with or without cause, and with or without notice, especially in cases of suspected abuse, fraud, sanctions risk, or material breach of these Terms. Sections 5 through 14 survive termination.

14Governing Law & Disputes

These Terms are governed by the laws of the jurisdiction in which Gatefare is established, without regard to conflict-of-laws rules. Any dispute will be resolved in the competent courts of that jurisdiction. If any provision is held unenforceable, the remainder will remain in effect.

15Changes

We may update these Terms from time to time. Material changes will be announced via email or dashboard notice at least 30 days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the new Terms.