Developer terms, decoded.

Introduction and Acceptance

These Developer API Usage Terms (the "Developer Terms") supplement and form part of the agreement between Zyntro, Inc. ("Zyntro", "we", "us", "our") and the Customer ("Customer", "you", "your") governing access to the Zyntro Platform (the "Platform"), including but not limited to the Zyntro APIs, SDKs, webhooks, and any related developer interfaces (collectively, the "APIs").

These Developer Terms apply whenever the Customer permits, instructs, authorizes, sponsors, contracts, or otherwise enables any individual, agency, contractor, employee, consultant, or third party (each a "Developer") to access, integrate with, build against, test, or interact with the APIs on the Customer's behalf or using the Customer's credentials, organization, account, or sub-accounts.

By granting any Developer access to the APIs — whether by issuing API keys, granting OAuth scopes, sharing credentials, providing test sandboxes, or otherwise enabling technical access — the Customer accepts these Developer Terms in full and warrants that every Developer so authorized has been bound to and will comply with them.

Definitions

Authorization and Sponsorship of Developers

3.1  Customer as Principal

The Customer is the sole legal principal for all API access associated with its account. Zyntro contracts only with the Customer. Zyntro does not have, and will not be deemed to have, any direct contractual relationship with any Authorized Developer, regardless of whether the Developer holds, possesses, or operates the API Credentials. All acts and omissions of every Authorized Developer in connection with the APIs are deemed acts and omissions of the Customer for all purposes under these Developer Terms and the underlying agreement.

3.2  Customer Warranties Regarding Developers

For each Authorized Developer, the Customer represents and warrants that:

• (a) the Customer has the legal right and authority to grant the Developer access to the APIs and to bind the Developer to these Developer Terms;
• (b) the Developer has been informed of and has agreed to comply with these Developer Terms, the underlying Zyntro Terms of Service, the Zyntro Acceptable Use Policy, and any applicable Data Processing Agreement, in writing or through a binding electronic acceptance, before being granted API access;
• (c) the Customer has conducted reasonable diligence regarding the Developer's identity, competence, and integrity;
• (d) the Developer is not an employee, contractor, or agent of any direct competitor of Zyntro, and has not been engaged for the purpose of building a competing product;
• (e) the Developer is not located in, ordinarily resident in, or operating from any jurisdiction subject to comprehensive trade sanctions administered by the United States Office of Foreign Assets Control, the United Nations Security Council, the European Union, the United Kingdom, or any other applicable sanctions authority; and
• (f) the Customer maintains a current, accurate record of every Authorized Developer's name, contact information, scope of access, and the date access was granted and (where applicable) revoked.

3.3  No Sub-Sponsorship

An Authorized Developer may not, under any circumstance, grant API access to any further party. Only the Customer may authorize Developers. Any onward sharing of API Credentials by a Developer is a material breach by the Customer.

3.4  Revocation Obligation

The Customer shall revoke API Credentials and disable API access for any Authorized Developer (i) immediately upon termination of the Developer's engagement with the Customer; (ii) immediately upon discovery of any breach or suspected breach of these Developer Terms by the Developer; and (iii) without undue delay where the Developer no longer requires access for the purpose originally granted.

Permitted Use of the APIs

Subject to compliance with these Developer Terms, Authorized Developers may access and use the APIs solely for:

• (a) integrating the Customer's own legitimate systems, applications, and workflows with the Platform;
• (b) automating the Customer's own business processes within the scope of the Customer's subscribed plan;
• (c) developing internal tools, dashboards, or extensions that consume the APIs in accordance with their published documentation; and
• (d) testing such integrations against documented sandbox or development environments.

All other uses are prohibited unless expressly authorized in writing by Zyntro.

Prohibited Activities

The Customer shall not, and shall ensure that no Authorized Developer shall, engage in any of the following activities. Each of the following is a material breach of the underlying agreement and these Developer Terms.

5.1  Reverse Engineering and API Mapping

The Customer and Authorized Developers shall not:

• (a) perform any form of Reverse Engineering against the APIs, the Platform, any Zyntro Module, or any Zyntro-issued client code (including but not limited to the Webby front-end, the Artefacts runtime, the Phona client SDK, and the OB1 control plane);
• (b) intercept, capture, log, replay, fuzz, or systematically analyze API request/response traffic using tools such as Burp Suite, mitmproxy, Charles Proxy, Wireshark, Fiddler, or equivalents, except where doing so is strictly limited to debugging the Customer's own integration code and the captured data is not retained, shared, or used to derive insights about Zyntro's internal architecture;
• (c) attempt to discover, enumerate, scan, or document undocumented API endpoints, fields, headers, parameters, query strings, error codes, response schemas, or rate-limit thresholds;
• (d) extract, replicate, or attempt to extract or replicate any AI model, prompt, embedding, vector representation, classification logic, scoring algorithm, or training artifact used by any Zyntro Module — including but not limited to Segmentation Intelligence scoring, Brand Intelligence audit logic, Phona prosody models, OB1 navigation policies, or Clinch deal-scoring methods;
• (e) employ adversarial techniques (including prompt injection, prompt extraction, jailbreak prompts, or systematic probing) against any AI-powered endpoint with the purpose of discovering internal prompts, system instructions, retrieval-augmented content, or model behaviour beyond what is exposed in published documentation;
• (f) decompile, disassemble, deobfuscate, or otherwise attempt to derive source code from any Zyntro binary, compiled module, minified script, or compiled artifact; or
• (g) create, publish, or distribute any tool, library, dataset, schema, or documentation that describes, mimics, or wraps undocumented Zyntro API behavior.

5.2  Spoofing and Circumvention of Security Controls

The Customer and Authorized Developers shall not:

• (a) engage in Spoofing of any kind;
• (b) rotate, randomize, or pool IP addresses, user-agents, device identifiers, or TLS fingerprints in a manner designed or reasonably likely to evade Zyntro's rate limits, abuse detection, geofencing, or attribution systems;
• (c) route API traffic through residential proxy networks, anonymizing VPN services, or third-party scraping infrastructure with the purpose or effect of obscuring the true origin of requests;
• (d) operate any browser automation tool (including headless Chromium, Puppeteer, Playwright, Selenium, or equivalents) against the Zyntro web interfaces for the purpose of programmatically accessing functionality that is exposed via the APIs, except where Zyntro has expressly authorized such use in writing;
• (e) tamper with, suppress, falsify, or omit telemetry, beacons, request identifiers, correlation tokens, or instrumentation embedded in Zyntro client code or response payloads;
• (f) bypass, disable, evade, or attempt to bypass any Security Control, rate limit, throttle, quota, plan limit, billing meter, credit consumption tracker (including those operated by Edge), CAPTCHA, anti-bot challenge, or paywall;
• (g) parallelize, shard, distribute, or pool API requests across multiple accounts, sub-accounts, organizations, or API Credentials for the purpose of exceeding the rate, volume, or quota limits applicable to a single account; or
• (h) use, share, sell, transfer, lend, or pool API Credentials across multiple unrelated Customers, projects, or end-users.

5.3  Credential Hygiene

The Customer and Authorized Developers shall not:

• (a) commit, publish, or otherwise expose API Credentials in any source-code repository (public or private), package registry, container image, log file, support ticket, or any other location accessible to parties not specifically authorized;
• (b) embed API Credentials in client-side code (browser JavaScript, mobile applications, desktop applications) where they would be retrievable by end-users, except where Zyntro has issued credentials specifically marked as public-safe (e.g., publishable widget keys for the Artefacts public artefact runtime);
• (c) continue to use any API Credential after becoming aware that it has been compromised, leaked, or shared with any unauthorized party; or
• (d) impersonate Zyntro, any other Zyntro Customer, or any end-user of the Platform.

5.4  Abuse of Communications, Voice, and Automation Modules

Given the elevated harm potential of voice, messaging, and browser automation capabilities, the Customer and Authorized Developers shall not:

• (a) use Phona, the communications stack, or any voice/SMS/email endpoint to send, place, or originate communications that violate the Telephone Consumer Protection Act (TCPA), CAN-SPAM Act, Canada's Anti-Spam Legislation (CASL), the UK Privacy and Electronic Communications Regulations (PECR), the Australian Spam Act 2003, Malaysia's Personal Data Protection Act 2010, or any other applicable communications law in any jurisdiction where a recipient is located;
• (b) use Phona to impersonate any real person, public figure, or entity without that person's or entity's express, documented, written consent;
• (c) configure OB1 or any browser automation primitive to operate against third-party websites, services, or platforms in violation of those services' terms of service, robots.txt directives, or computer-misuse laws applicable in the relevant jurisdictions;
• (d) use OB1 to brute-force credentials, harvest data at scale, bypass paywalls, or conduct any activity that would constitute unauthorized access under the Computer Fraud and Abuse Act, Canada's Criminal Code §342.1, the UK Computer Misuse Act 1990, the Australian Criminal Code Act 1995 Part 10.7, or equivalent legislation; or
• (e) use any Zyntro Module to facilitate fraud, identity theft, market manipulation, or any activity prohibited by applicable law.

5.5  Data Protection

The Customer and Authorized Developers shall not:

• (a) extract, export, scrape, or systematically download Customer Data, contact records, conversation transcripts, AI outputs, or any other Platform data for any purpose other than the Customer's own legitimate use;
• (b) input into the Platform any data the Customer is not lawfully entitled to process under applicable data protection law;
• (c) submit special-category personal data (including health, financial account, biometric, racial, ethnic, religious, sexual orientation, or children's data) through the APIs except via endpoints expressly designed and documented to receive such data, and only after executing any required supplementary agreement; or
• (d) cause the Platform to transmit personal data to any third party not authorized by the Customer's underlying Data Processing Agreement with Zyntro.

Security Requirements for Authorized Developers

The Customer shall ensure that every Authorized Developer:

• (a) stores API Credentials in a secrets management system (e.g., AWS Secrets Manager, HashiCorp Vault, Doppler, GCP Secret Manager) and never in plaintext configuration files, environment files committed to source control, shared documents, chat messages, or email;
• (b) rotates API Credentials at least every 180 days, and immediately upon any change in personnel with access to the credentials, upon termination of any individual with access, or upon any actual or suspected compromise;
• (c) uses TLS 1.2 or higher for all API requests and validates Zyntro's server certificates;
• (d) implements appropriate logging, monitoring, and alerting on the Customer's side to detect anomalous API usage;
• (e) follows the principle of least privilege when scoping API Credentials, requesting only the OAuth scopes and permissions strictly necessary for the integration;
• (f) complies with the published Zyntro API rate limits and backoff guidance, and implements exponential backoff with jitter on 429 and 5xx responses;
• (g) handles webhook signature verification correctly using the published signing keys and constant-time comparison; and
• (h) maintains a current, documented integration architecture diagram describing all systems that hold, use, or transmit Zyntro API Credentials or Customer Data, available to Zyntro on reasonable request.

Monitoring, Logging, and Audit Rights

7.1  Zyntro Monitoring

The Customer acknowledges and agrees that Zyntro continuously monitors API traffic for security, abuse, billing, and compliance purposes. Such monitoring may include, without limitation, the inspection of request metadata, timing patterns, originating IP addresses, device fingerprints, TLS fingerprints, user-agent strings, behavioural signals, and content of requests and responses to the extent necessary for the purposes set out above. The Customer warrants that it has obtained all necessary consents and provided all necessary notices to its Authorized Developers and end-users regarding such monitoring.

7.2  Audit Cooperation

Where Zyntro has a reasonable basis to suspect that the Customer or any Authorized Developer has breached these Developer Terms, the Customer shall, within ten (10) business days of a written request from Zyntro:

• (a) identify every Authorized Developer who has had API access during the relevant period, together with the scope and dates of their access;
• (b) provide copies of any contractual instruments binding Sponsored Developers to these Developer Terms;
• (c) provide access logs, source code, or integration documentation reasonably necessary to investigate the suspected breach; and
• (d) make available, for interview by Zyntro or its designated investigator, any Authorized Developer reasonably believed to have knowledge of the suspected breach.

The Customer's failure to cooperate as set out in this Section 7.2 is itself a material breach.

7.3  Independent Audit

No more than once per twelve-month period, except where Zyntro has a reasonable basis to suspect a material breach, Zyntro may, at its own expense and on no less than thirty (30) days' written notice, conduct a remote audit of the Customer's integration architecture and security controls insofar as they relate to the APIs. Such audit shall be conducted during normal business hours and shall not unreasonably interfere with the Customer's operations.

Suspension and Termination

8.1  Immediate Suspension Rights

Zyntro may, without notice and without liability, suspend, throttle, rate-limit, or terminate API access (in whole or in part, and to one or all Authorized Developers) where Zyntro has a reasonable basis to believe that:

• (a) Reverse Engineering or Spoofing has occurred;
• (b) Security Controls are being circumvented or attacked;
• (c) API Credentials have been compromised or shared with unauthorized parties;
• (d) the Platform is being used in a manner that threatens its availability, performance, security, or integrity for other Customers;
• (e) the Customer or any Authorized Developer is using the APIs in violation of any applicable law; or
• (f) any other material breach of these Developer Terms has occurred.

8.2  No Liability for Suspension

Zyntro shall have no liability to the Customer or any third party for any suspension or termination undertaken in good faith reliance on Section 8.1, including for any data loss, lost revenue, lost business opportunity, or other consequential harm arising from such suspension.

8.3  Cure and Reinstatement

Where the underlying basis for a suspension is curable, Zyntro will, at its sole discretion, communicate the nature of the breach and the conditions for reinstatement. Reinstatement may be conditioned on remedial actions including but not limited to revocation of specific Developer access, rotation of credentials, completion of a security review, payment of additional fees, or amendment of the integration architecture.

8.4  Termination for Cause

Repeated breaches of these Developer Terms, or any single breach that Zyntro reasonably determines to be wilful, malicious, or of material scope, shall constitute grounds for immediate termination of the underlying agreement without refund.

Customer Liability for Authorized Developers

9.1  Strict Vicarious Liability

The Customer is strictly liable, on a vicarious basis, for any act or omission of any Authorized Developer in connection with the APIs, regardless of (a) whether the act or omission was authorized, directed, or known by the Customer; (b) whether the Developer was an employee, contractor, agent, or any other capacity; (c) whether a written contract existed between the Customer and the Developer; and (d) whether the Developer acted within or outside the scope of their engagement with the Customer.

9.2  No "Rogue Developer" Defense

The Customer expressly waives any defense based on the unauthorized, ultra vires, or rogue conduct of any Authorized Developer. By granting API access, the Customer assumes the entire risk of misconduct by that Developer.

9.3  Joint and Several Liability with Developer

Where an Authorized Developer is itself a legal entity that could in principle be pursued directly, Zyntro retains the right (but not the obligation) to pursue remedies against the Developer directly. Such election shall not relieve the Customer of any liability under these Developer Terms, and the liability of the Customer and the Developer shall be joint and several.

9.4  Financial Responsibility for API Consumption

(a) Customer is the Account of Record. All charges, credits, units, tokens, voice minutes, messages, sessions, generations, or other meterable consumption arising from any API call made using API Credentials issued to the Customer's account, organization, or any sub-organization shall accrue exclusively to the Customer's Edge wallet and shall be the financial responsibility of the Customer.

(b) No Refund for Developer-Originated Consumption. The Customer expressly acknowledges and agrees that charges arising from API calls made by, or attributable to, any Authorized Developer are non-refundable, non-creditable, and non-reversible, and that all such consumption is final at the moment of metering. This non-refund obligation applies regardless of whether the consumption was:

• (i) authorized, instructed, or known by the Customer;
• (ii) the result of error, misconfiguration, defective code, or negligence by the Developer;
• (iii) the result of a runaway process, infinite loop, recursive invocation, retry storm, or other unintended programmatic behavior;
• (iv) the result of compromised, leaked, exfiltrated, or improperly stored API Credentials;
• (v) the result of malicious, fraudulent, or ultra vires conduct by the Developer or any third party using the Developer's access;
• (vi) the result of any breach of these Developer Terms; or
• (vii) consumption that the Customer subsequently disputes, characterizes as unauthorized, or claims is attributable to a Developer no longer engaged by the Customer.

(c) Third-Party Pass-Through Costs. Where API consumption triggers downstream charges from third-party providers — including but not limited to telecommunications carriers via Twilio for SMS and voice termination, voice-synthesis providers via ElevenLabs, large-language-model providers via Anthropic or Amazon Bedrock, browser-automation infrastructure via Steel.dev or Browser Use, and any other third-party service consumed by a Zyntro Module — such charges are non-refundable and non-reversible by Zyntro irrespective of the circumstances of consumption, as Zyntro itself cannot recover these costs from the upstream provider.

(d) Negative Balances and Credit Limits. Where API consumption results in a Customer wallet balance falling below zero, or in the Customer exceeding any credit limit Zyntro has extended, the Customer shall remain fully liable for the deficit. Zyntro may recover any such deficit through any payment method on file, by invoice with net-fifteen (15) day terms, or by setoff against any other amounts owed to the Customer. Failure to remit any deficit within thirty (30) days of demand is itself a material breach.

(e) Rate Limits Are Platform Protection, Not Wallet Protection. Zyntro enforces per-minute, per-hour, and per-day rate limits at its API gateways. These rate limits exist to protect the integrity, availability, and security of the Platform for all Customers and are not a wallet-protection mechanism, spend control, or financial safeguard for the Customer's benefit. The Customer expressly acknowledges that:

• (i) rate limits operate at thresholds set by Zyntro for Platform-protection purposes, and substantial consumption — including consumption sufficient to deplete a wallet balance — can occur within those rate limits;
• (ii) Zyntro is under no obligation to set, adjust, lower, or maintain any rate limit at any particular level for the purpose of constraining a Customer's spend, and may raise or lower rate limits at any time in its sole discretion based on Platform-protection considerations;
• (iii) Zyntro is under no obligation to detect, monitor, alert on, throttle, or otherwise intervene in anomalous consumption patterns originating from the Customer's own authenticated requests, including patterns that would be obvious indicators of misconfiguration, runaway processes, or compromised credentials; and
• (iv) responsibility for monitoring wallet balance, configuring self-imposed spending caps in Edge, reviewing usage telemetry, and managing the financial consequences of Authorized Developer activity rests entirely with the Customer.

Any throttling, alerting, anomaly notification, courtesy email, dashboard warning, or proactive intervention Zyntro may from time to time provide is offered as a discretionary courtesy and shall not constitute a guarantee, warranty, course of dealing, or representation that Zyntro will provide similar notification in any future instance.

(f) Pre-Paid Balances. Pre-paid credit balances are consumed at the moment of API call billing and become non-refundable upon consumption. Termination of the underlying agreement does not entitle the Customer to a refund of consumed credits.

(g) Forfeiture on Termination for Cause. Where the underlying agreement is terminated by Zyntro for cause pursuant to Section 8.4, any remaining pre-paid wallet balance and any subscription fees paid in advance are forfeited to Zyntro as partial liquidated compensation for the breach.

(h) Reasonable Use Caps Available But Not Required. The Customer may, at its option, configure self-imposed daily, weekly, or monthly spending caps in Edge for its own account or per-Developer sub-accounts. Zyntro strongly recommends but does not require that the Customer configure such caps. The Customer's failure to configure available caps shall not be raised as a defense to any consumption liability under this Section 9.4.

Indemnification

10.1  Customer Indemnity

The Customer shall defend, indemnify, and hold harmless Zyntro, its affiliates, and their respective directors, officers, employees, agents, and contractors (the "Indemnified Parties") from and against any and all claims, demands, suits, actions, proceedings, losses, damages, liabilities, judgments, settlements, costs, and expenses (including reasonable attorneys' fees) arising out of or relating to:

• (a) any breach of these Developer Terms by the Customer or any Authorized Developer;
• (b) any act or omission of any Authorized Developer in connection with the APIs;
• (c) any third-party claim that the Customer's or any Authorized Developer's use of the APIs violated any law, regulation, contract, intellectual property right, or right of privacy;
• (d) any regulatory enforcement action arising from communications sent, calls placed, or automated activities conducted via the APIs;
• (e) any data breach, security incident, or unauthorized disclosure resulting from the Customer's or any Authorized Developer's handling of API Credentials or Customer Data; and
• (f) any claim by an Authorized Developer against any Indemnified Party arising from or relating to the Developer's access to or use of the APIs.

10.2  Indemnification Procedure

The Indemnified Parties shall (a) promptly notify the Customer of any claim subject to indemnification (provided that failure to give such notice shall not relieve the Customer of its obligations except to the extent the Customer is materially prejudiced thereby); (b) grant the Customer reasonable control of the defense and settlement of the claim, except that the Customer shall not settle any claim that imposes any obligation, admission, or restriction on any Indemnified Party without that party's prior written consent; and (c) reasonably cooperate with the Customer at the Customer's expense.

10.3  No Limitation

The Customer's indemnification obligations under this Section 10 are not subject to any limitation of liability in the underlying agreement, including any cap on aggregate liability or exclusion of consequential damages.

Consequences of Breach

This Section consolidates the operational, financial, contractual, legal, and reputational consequences that may, at Zyntro's election, follow a breach of these Developer Terms by the Customer or any Authorized Developer. The remedies set out here are cumulative and not exclusive; Zyntro's election of one or more remedies does not preclude the exercise of others, whether under these Developer Terms, the underlying agreement, or applicable law.

11.1  Operational Consequences

• (a) Immediate Suspension or Throttling. Per Section 8.1, all or part of the Customer's API access may be suspended, throttled, or rate-limited without notice and without liability.
• (b) Targeted Revocation. Zyntro may revoke or invalidate specific API Credentials, OAuth grants, webhook secrets, or signing keys associated with one or more Authorized Developers without affecting the broader account.
• (c) Forced Rotation. Zyntro may compel the Customer to rotate all API Credentials, revoke all outstanding OAuth grants, and re-onboard all Authorized Developers as a condition of continued access.
• (d) Mandatory Remediation. Reinstatement of access may be conditioned on the Customer completing one or more of: a third-party security review at the Customer's expense, an integration architecture review, removal of specific Authorized Developers, written attestations from named individuals, implementation of additional controls (e.g., IP allowlisting, mutual TLS, hardware-bound credentials), or a probationary monitoring period.
• (e) Loss of Beta and Preferred Access. The Customer may lose access to beta features, early-release modules, partner-program benefits, preferred pricing tiers, or any other discretionary access privilege.

11.2  Financial Consequences

• (a) No Refund of Consumed Credits. All credit consumption arising from or in connection with the breach, including consumption that itself constitutes or evidences the breach, is non-refundable per Section 9.4.
• (b) No Refund of Subscription Fees. Where termination occurs for cause pursuant to Section 8.4, pre-paid subscription fees for the remainder of the term are forfeited.
• (c) Forfeiture of Wallet Balance. Any remaining pre-paid wallet balance may be forfeited per Section 9.4(g).
• (d) Recovery of Investigation and Response Costs. The Customer shall reimburse Zyntro's reasonable costs incurred in investigating, containing, and responding to the breach, including internal security and engineering personnel time at Zyntro's then-standard rates, third-party forensic and incident-response costs, legal fees, and the costs of any required notifications to affected parties or regulators.

(e) Liquidated Damages for Specific Breaches. Without limiting any other remedy, and acknowledging that breaches of Sections 5.1 (Reverse Engineering) and 5.2 (Spoofing) cause harm that is inherently difficult to quantify at the time of contracting, the parties agree that — as liquidated damages and not as a penalty — the Customer shall pay Zyntro:

• (i) USD 50,000 per discrete incident of breach of Section 5.1; and
• (ii) USD 25,000 per discrete incident of breach of Section 5.2.

For the avoidance of doubt, these amounts represent floors and not ceilings. Zyntro may, at its sole election, pursue actual damages in lieu of liquidated damages where actual damages are reasonably believed to exceed the liquidated amounts. The Customer expressly acknowledges and agrees that these sums are a genuine pre-estimate of the loss Zyntro would suffer from such breaches, taking into account: (A) the costs of investigation, containment, and remediation; (B) the cost of security architecture changes necessitated by exposure of internal threat models, signatures, and detection logic; (C) the difficulty of quantifying competitive harm from disclosure of proprietary AI models, prompts, scoring logic, and intellectual property; (D) the difficulty of quantifying harm to the integrity of Zyntro's abuse-detection systems once their signals are mapped or evaded; (E) the cost of customer-trust restoration where the breach affects Platform-wide security posture; and (F) the legitimate interest of Zyntro and its broader Customer base in deterring conduct that systematically undermines Platform security.

Savings clause. If a court of competent jurisdiction holds that any liquidated damages amount specified in this Section 11.2(e) is unenforceable in whole or in part as an excessive penalty or otherwise: (1) the amount shall be reduced to the maximum sum the court determines to be enforceable as liquidated damages; and (2) if no portion can be enforced as liquidated damages, the clause shall be severed and Zyntro shall retain the unrestricted right to pursue actual damages, restitution, disgorgement, and all other remedies available at law or in equity, with no presumption arising from the parties' attempt to liquidate damages.

• (f) Reinstatement Fee. Where access is restored following a suspension for breach, Zyntro may, at its discretion, charge a reinstatement fee reflecting administrative and security review costs.
• (g) Uncapped Indemnification. The Customer's indemnification obligations under Section 10 apply without limitation, per Section 10.3 and Section 15.2.

11.3  Contractual Consequences

• (a) Termination for Cause. Repeated breaches, or any breach Zyntro reasonably determines to be wilful, malicious, or of material scope, give rise to immediate termination of the underlying agreement per Section 8.4, without refund.
• (b) Denial of Re-Subscription. Zyntro may, at its sole discretion, refuse to enter into any further agreement with the Customer, any of its principals, any Authorized Developer involved in the breach, or any affiliated entity. Such refusal may extend to attempts by any such party to re-subscribe under different corporate identities, trade names, or beneficial ownership structures.
• (c) Notification to Affected Customers and End-Users. Where the breach has affected, or had reasonable potential to affect, other Zyntro Customers or end-users of the Platform, Zyntro may, and where required by applicable law shall, notify those parties of the nature and scope of the breach.
• (d) Industry Partner Notifications. Where the breach implicates third-party providers (including but not limited to Twilio, ElevenLabs, Anthropic, Amazon Web Services, Steel.dev, or other infrastructure partners), Zyntro may notify those partners as required to protect the integrity of its supply chain, including disclosing compromised credentials, abusive patterns, or identifying information about the responsible Authorized Developer.

11.4  Legal Consequences

• (a) Injunctive and Equitable Relief. Zyntro is entitled to seek immediate injunctive and equitable relief — including emergency, interim, and permanent injunctions — in any court of competent jurisdiction to prevent or restrain ongoing or threatened breaches of Sections 5.1, 5.2, 5.3, 12, or 13, without the need to post bond and without prejudice to any other remedy. The Customer acknowledges that such breaches may cause irreparable harm for which monetary damages would be inadequate.
• (b) Uncapped Damages for Specified Breaches. Per Section 15.2, the Customer's liability for breaches of Sections 5.1, 5.2, and the Customer's indemnification, confidentiality, and intellectual property obligations is not subject to any cap on aggregate liability set out in the underlying agreement.
• (c) Joint and Several Liability with Developer. Per Section 9.3, where the Authorized Developer is a legal entity, Zyntro may pursue the Developer directly or jointly with the Customer.
• (d) Referral to Law Enforcement. Where Zyntro reasonably believes that conduct constitutes a criminal offense — including under the U.S. Computer Fraud and Abuse Act, Canada's Criminal Code §342.1, the UK Computer Misuse Act 1990, the Australian Criminal Code Act 1995 (Cth) Part 10.7, Malaysia's Computer Crimes Act 1997, or equivalent legislation in any other jurisdiction where the conduct occurred — Zyntro may report the conduct to relevant law-enforcement authorities and cooperate fully with any resulting investigation, including by producing logs, communications, and identifying information about the Customer and the responsible Authorized Developer.
• (e) Preservation of Evidence. The Customer shall preserve, and shall direct each Authorized Developer to preserve, all logs, communications, source code, configuration, and other materials relevant to the breach for at least three (3) years from the date Zyntro notifies the Customer of the suspected breach, and shall not destroy, alter, or render inaccessible such materials except with Zyntro's prior written consent or pursuant to a court order. Destruction or alteration in breach of this Section 11.4(e) gives rise to an evidentiary inference adverse to the Customer in any subsequent proceeding.

11.5  Reputational Consequences

• (a) Internal Denylisting. Authorized Developers found to have engaged in material breaches may be added to an internal Zyntro denylist preventing future API access in connection with any other Customer of the Platform, and the Customer's principals and entities under common control may be similarly denylisted.
• (b) Public Disclosure Where Required. Where required by applicable law, regulatory order, or court order, Zyntro will publicly disclose the existence and nature of the breach. Otherwise, Zyntro will use reasonable efforts to maintain confidentiality regarding the identity of the Customer, but reserves the right to make truthful public statements where the Customer first makes inaccurate public statements about the matter.

11.6  Cumulative Remedies

The remedies set out in this Section 11 are cumulative and in addition to any other remedies available at law, in equity, or under any other agreement between the parties. No election by Zyntro of any one or more remedies shall be deemed an election against, or a waiver of, any other remedy. Zyntro's forbearance in exercising any remedy on any occasion shall not constitute a waiver of the right to exercise that remedy or any other remedy on any subsequent occasion.

Confidentiality

All non-public information about the APIs — including undocumented endpoints, internal error messages, beta features, response schemas, rate-limit values, security mechanisms, and the contents of any communications from Zyntro regarding security incidents or audit findings — is the confidential information of Zyntro. The Customer shall, and shall cause every Authorized Developer to, hold such information in strict confidence and not disclose it to any third party or use it for any purpose other than the permitted use set out in Section 4.

Intellectual Property

Nothing in these Developer Terms grants the Customer or any Authorized Developer any right, title, or interest in or to the APIs, the Platform, any Zyntro Module, or any underlying technology, models, prompts, or content, other than the limited right of access expressly granted. All rights not expressly granted are reserved.

The Customer assigns, and shall cause every Authorized Developer to assign, to Zyntro any improvement, suggestion, or feedback regarding the APIs that the Customer or Developer provides to Zyntro, on a non-exclusive, royalty-free, irrevocable, worldwide, perpetual basis.

Reporting Obligations

14.1  Security Incidents

The Customer shall notify Zyntro at security@zyntrohq.com without undue delay, and in any event within twenty-four (24) hours of becoming aware, of:

• (a) any actual or suspected compromise, loss, theft, or unauthorized disclosure of any API Credential;
• (b) any actual or suspected unauthorized access to the Platform via the Customer's account;
• (c) any incident in which an Authorized Developer is reasonably suspected of having engaged in any prohibited activity set out in Section 5; and
• (d) any third-party demand, subpoena, court order, regulatory inquiry, or government request that seeks information about the Customer's use of the APIs.

14.2  Developer Departures

The Customer shall maintain processes ensuring that Zyntro is notified promptly when any Sponsored Developer with material API access ceases to be engaged by the Customer.

Disclaimers and Limitation of Liability

15.1  No Warranty for Developer Conduct

Zyntro makes no representation or warranty regarding the conduct, competence, integrity, or compliance of any Developer, including any Developer Zyntro may refer, recommend, or list in a directory.

15.2  Carve-Outs from Customer's Liability Cap

Notwithstanding any contrary provision of the underlying agreement, the Customer's liability arising from (a) the indemnification obligations in Section 10; (b) breaches of Sections 5.1 (Reverse Engineering) or 5.2 (Spoofing); (c) any unauthorized use of the APIs causing harm to third parties; (d) liquidated damages and consumption charges under Sections 9.4 and 11.2; or (e) the Customer's confidentiality and intellectual property obligations, shall not be subject to any cap on aggregate liability set out in the underlying agreement.

Survival

Sections 5 (only in respect of obligations relating to information already accessed or actions already taken), 7.2, 7.3, 9, 9.4, 10, 11, 12, 13, 14.1(d), 15, 16, and 17 shall survive any termination or expiration of the underlying agreement and these Developer Terms.

Governing Law and Disputes

These Developer Terms are governed by the laws of the State of Delaware, United States, without regard to its conflict of laws principles, and the parties submit to the exclusive jurisdiction of the state and federal courts located in Wilmington, Delaware, for any dispute arising out of or relating to these Developer Terms.

Carve-out for Canadian Customers. Where the Customer's billing address is in Canada, these Developer Terms are governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein, with exclusive jurisdiction in the courts of Toronto, Ontario.

Carve-out for UK Customers. Where the Customer's billing address is in the United Kingdom, these Developer Terms are governed by the laws of England and Wales, with exclusive jurisdiction in the courts of London.

Carve-out for Australian Customers. Where the Customer's billing address is in Australia, these Developer Terms are governed by the laws of the State of New South Wales, with exclusive jurisdiction in the courts of Sydney.

Nothing in this Section 17 shall prevent Zyntro from seeking injunctive or equitable relief in any court of competent jurisdiction to prevent or restrain a breach of Sections 5.1, 5.2, 5.3, 12, or 13.

Miscellaneous

18.1  Updates

Zyntro may update these Developer Terms from time to time. Material changes will be notified to the Customer with at least thirty (30) days' advance notice via email to the Customer's registered administrative contact and via in-Platform notice. Continued use of the APIs after the effective date of an update constitutes acceptance.

18.2  No Waiver

Failure or delay by Zyntro in enforcing any provision of these Developer Terms shall not constitute a waiver of that provision or of any other provision.

18.3  Severability

If any provision of these Developer Terms is held unenforceable, the remaining provisions shall continue in full force and effect, and the unenforceable provision shall be modified to the minimum extent necessary to make it enforceable while preserving the parties' original intent.

18.4  Order of Precedence

In the event of a conflict between these Developer Terms and the underlying agreement, these Developer Terms shall prevail with respect to the subject matter addressed herein.

18.5  Entire Agreement

These Developer Terms, together with the underlying agreement, the Zyntro Terms of Service, the Zyntro Acceptable Use Policy, and any applicable Data Processing Agreement, constitute the entire agreement between the parties regarding access to and use of the APIs by Authorized Developers.