Developer Agreement

Effective Date: December 12, 2025
Last Updated: December 12, 2025

1. Agreement Overview

This agreement covers API usage, SDK licensing, billing, and support for developers using Flowsta Auth.

2. Developer Account

Eligibility

  • 18+ years old
  • Authority to bind your organization
  • Compliance with applicable laws

Organizations

  • New accounts automatically create a personal organization (Free tier)
  • Subscriptions and billing belong to organizations, not individual users
  • Users can belong to multiple organizations with different roles
  • Roles: Owner (full control), Admin (manage team/apps), Member (view access)

Security

  • You are responsible for API key security
  • Rotate keys if compromised
  • Notify us of unauthorized access

3. API Access & License

We Grant You

  • Non-exclusive license to use Flowsta Auth API
  • OAuth 2.0 + PKCE authentication (no client secrets required)
  • Right to integrate into your applications
  • Use of SDKs (MIT license)

You May NOT

  • Reverse engineer the API
  • Circumvent rate limits
  • Resell API access without authorization
  • Create competing identity service

4. Rate Limits & Pricing

TierPriceMAUsAppsTeamAPI Rate
Free$0/mo10,0003110/sec, 10K/day
Starter$29/mo30,00010125/sec, unlimited
Pro$99/mo150,000255100/sec, unlimited
EnterpriseFrom $299/moCustomUnlimitedUnlimitedCustom

5. Billing

Calendar Month Billing

  • All subscriptions charged on the 1st of each month
  • First month is pro-rated (days remaining ÷ days in month)

Example:

  • Sign up on January 15th for Starter ($29/mo)
  • January charge: $29 × (16/31) = $14.97 (pro-rated)
  • February 1st charge: $29.00 (full month)
  • All future charges: 1st of each month

Payment

  • Via Stripe
  • Auto-renewal unless cancelled
  • 3-day grace period for failed payments

Cancellation

  • Cancel anytime via dashboard
  • Service continues until end of billing period
  • No refunds for partial months

Downgrades

  • Take effect on 1st of next month
  • Keep current features until then

6. Monthly Active Users (MAU)

Definition

A unique user who authenticates during a calendar month.

Zero-Knowledge MAU Tracking

  • We use random analytics_id (not user ID or DID)
  • You see aggregate counts only
  • You cannot identify individual users from MAU data
  • Same user across multiple apps = 1 billable MAU

Billing

  • "Billable MAU" = unique users across all your apps
  • "Total App Usage" = total logins (informational only)
  • You're billed on Billable MAU

7. Support & SLA

TierSupportResponse TimeUptime SLA
FreeCommunityBest effortNone
StarterEmail48 hours99.5%
ProEmail24 hours99.9%
BusinessPriority12 hours99.9%
EnterpriseDedicatedCustom99.99%

Downtime Credits (Paid Tiers)

  • 99.9% - 99.0%: 10% credit
  • 99.0% - 95.0%: 25% credit
  • Below 95.0%: 50% credit

8. SDK & Open Source

SDK 2.0 (@flowsta/auth) - MIT License

  • OAuth-only authentication with PKCE
  • No client secrets required
  • Use in commercial projects
  • Modify source code

You Must:

  • Preserve copyright notices
  • Include license file

9. Acceptable Use

You May NOT

  • Abuse API or exceed rate limits
  • Use for illegal purposes
  • Store end user passwords
  • Share end user data without consent
  • Use for CSAM or violence threats

Your Obligations

  • Have your own privacy policy
  • Inform users Flowsta is used
  • Obtain user consent
  • Handle user data requests

10. End User Data

Data Flow

End Users → OAuth Login → Flowsta → Your Callback

What You Receive (via OAuth profile scope)

  • DID, display name, username, profile picture, agent key
  • Email (if user consents and email scope requested)

What You DON'T Receive

  • Passwords (we don't have them)
  • Activity logs (stored in user's Holochain)
  • IP addresses (we don't collect them)

Your Responsibilities

  • Secure JWT tokens
  • Use HTTPS only
  • Implement proper session management
  • Comply with GDPR/CCPA

11. Termination

By You

Cancel anytime, export data first

By Us

  • For material breach (immediate)
  • For any reason (30 days notice)

Effect

  • API keys revoked
  • Data available for export (30 days)
  • Outstanding fees due

12. Liability

Maximum Liability

  • Free: $100
  • Paid: Fees paid in past 12 months
  • Enterprise: Per contract

Not Liable For

  • Indirect damages
  • Third-party claims
  • Force majeure

13. Contact

Changes to This Agreement

We may update this Agreement from time to time. We will notify you of material changes via:

  • Email notification (60 days advance notice)
  • Notice on this page

Continued use of Flowsta after changes constitutes acceptance of the new Agreement.

© {new Date().getFullYear()} Flowsta. All rights reserved.