API Terms

Subject to your compliance with these API Terms and the Terms, Glasshouse grants you a limited, non-exclusive, non-transferable, revocable licence to access and use the API solely for your lawful internal business purposes and in accordance with your subscription plan.

The Glasshouse API provides programmatic access to Glasshouse's corporate intelligence capabilities, including entity search, company profile retrieval, officer and shareholder lookups, corporate structure traversal, entity resolution, risk scoring, and graph-based relationship analysis. The specific endpoints and features available to you depend on your subscription plan.

Glasshouse will provide you with API documentation describing the available endpoints, request formats, response schemas, and usage guidelines. The most current documentation is available at glasshouse.sh/docs. You are responsible for developing and maintaining the software necessary to integrate with the API.

Glasshouse may offer beta or preview API endpoints that are subject to additional terms. Beta endpoints are provided "as is" without any warranties and may be modified, deprecated, or removed at any time without notice. You should not rely on beta endpoints for production workloads.

All API requests must be authenticated using a valid API key issued by Glasshouse. API keys are tied to your Glasshouse account and must be included in the authorisation header of each request as described in the API documentation.

You are solely responsible for maintaining the confidentiality and security of your API keys. You must not share API keys with unauthorised third parties, embed them in client-side code, or commit them to public source code repositories. API keys should be stored securely using environment variables, secrets management systems, or equivalent secure storage mechanisms.

You are responsible for all API activity that occurs using your API keys, whether or not such activity is authorised by you. If you believe that your API keys have been compromised, you must immediately revoke the affected keys through your account dashboard and notify Glasshouse at security@glasshouse.sh.

Glasshouse reserves the right to revoke or rotate API keys at any time if we reasonably believe that they have been compromised or are being used in violation of these API Terms.

Your use of the API is subject to rate limits and usage quotas as specified in your subscription plan. Rate limits are applied on a per-key basis and are measured in requests per second and requests per month. Current rate limits are published in the API documentation and on your account dashboard.

If you exceed your rate limit, the API will return an HTTP 429 (Too Many Requests) response. You must implement appropriate retry logic with exponential backoff in your integration. You must not attempt to circumvent rate limits by creating multiple accounts, using multiple API keys in rotation, or any other means.

Usage overages beyond your subscription plan's included quota will be billed at the per-request overage rate specified in your plan or order form. Glasshouse will make reasonable efforts to notify you when you are approaching your usage limits, but you are ultimately responsible for monitoring your own consumption.

Glasshouse reserves the right to modify rate limits at any time. Any reduction to the rate limits included in your current subscription plan will take effect at the beginning of your next renewal period, with at least thirty (30) days' prior notice.

All data returned by the API ("API Data") remains the property of Glasshouse or its third-party data providers. You are granted a limited, non-exclusive, non-transferable licence to use API Data solely for the purposes permitted by your subscription plan and these API Terms.

You may cache API Data locally for a maximum of twenty-four (24) hours, unless a different caching period is specified in your subscription plan or the API response headers. You must refresh cached data at the expiry of the permitted caching period by making a new API request.

You must not use API Data to create, maintain, supplement, or update a permanent database or data store that serves as a substitute for the API, except to the extent expressly permitted in your Enterprise subscription agreement.

Where API Data includes personal data (as defined under the UK GDPR), you act as the data controller for such data once it is in your possession. You are responsible for ensuring that your processing of personal data obtained through the API complies with all applicable data protection legislation, including maintaining an appropriate lawful basis for processing and providing data subjects with required privacy notices.

Data sourced from Companies House or other public registries may be subject to the terms and conditions of those registries, including the Open Government Licence. You are responsible for complying with any such terms when using that data.

Use the API to systematically download, scrape, or bulk-extract data beyond the scope permitted by your subscription plan or these API Terms.

Redistribute, resell, sublicence, or otherwise make API Data available to third parties, whether in raw or processed form, except as expressly permitted by your subscription plan or a separate written agreement with Glasshouse.

Use the API to build, train, or improve a competing product or service, including any corporate intelligence, entity resolution, or data enrichment platform.

Attempt to access API endpoints, data, or functionality to which you are not entitled under your subscription plan, including by manipulating request parameters, headers, or authentication tokens.

Interfere with or disrupt the API or the servers and networks used to provide the API, including through excessive requests, denial-of-service attacks, or the transmission of malware or malicious payloads.

Misrepresent or obscure the source of API requests, including by spoofing headers, forging authentication credentials, or masking your identity or the identity of your application.

Glasshouse will use commercially reasonable efforts to maintain API availability of at least 99.9% uptime per calendar month, measured as the percentage of total minutes in the month during which the API is operational and responding to authenticated requests. This commitment excludes scheduled maintenance windows and force majeure events.

Scheduled maintenance windows will be communicated at least seventy-two (72) hours in advance via the Glasshouse status page and, where possible, via email to account holders with active API keys. Glasshouse will use reasonable efforts to schedule maintenance during off-peak hours.

If Glasshouse fails to meet the 99.9% uptime commitment in any calendar month, affected Enterprise customers may be eligible for service credits as described in the Enterprise Service Level Agreement. Service credits are the sole and exclusive remedy for any failure to meet the uptime commitment.

Glasshouse does not guarantee that the API will be error-free or that all data returned will be accurate, complete, or current. Data provided through the API is derived from public and third-party sources and is subject to the limitations and disclaimers set out in the Terms.

Glasshouse reserves the right to modify, update, or discontinue any part of the API at any time. We will use commercially reasonable efforts to provide advance notice of material changes, including endpoint deprecations, breaking changes to request or response schemas, and removal of features.

For breaking changes to stable (non-beta) endpoints, Glasshouse will provide at least ninety (90) days' notice via the API documentation, the Glasshouse changelog, and email to affected account holders. During this deprecation period, the existing endpoint behaviour will continue to function to allow you to migrate your integration.

Non-breaking changes, including the addition of new endpoints, new optional request parameters, and new fields in response objects, may be made at any time without prior notice. Your integration should be designed to gracefully handle the addition of new fields in API responses.

Glasshouse may version the API to manage breaking changes. When a new API version is released, prior versions will be supported for at least twelve (12) months from the date the new version becomes generally available, unless maintaining the prior version poses a security risk or is technically infeasible.

These API Terms remain in effect for the duration of your Glasshouse subscription or until terminated by either party. You may terminate your API access at any time by revoking all API keys through your account dashboard.

Glasshouse may suspend or terminate your API access immediately, without prior notice, if: (a) you breach any provision of these API Terms, the Terms, or the Acceptable Use Policy; (b) your API usage patterns suggest automated abuse or scraping; (c) your API activity poses a security risk to the Services or other users; or (d) Glasshouse is required to do so by law.

Upon termination of your API access, you must: (a) immediately cease all use of the API; (b) delete all cached API Data within seven (7) days, unless retention is required by applicable law; and (c) promptly delete or revoke all API keys in your possession.

Termination of API access does not relieve you of any obligations that accrued prior to termination, including payment obligations for usage during the term. Sections 4, 5, and 9 of these API Terms shall survive termination.