KSoft.Si API

Updated: 06. 09. 2018

Privacy Policy

Data that we collect when you visit our website

When you visit our website or CDN (https://ksoft.si or https://api.ksoft.si or https://cdn.ksoft.si), Cloudflare, a service provider we utilise, sets an identification cookie that is used to make sure that you don't abuse or perform dangerous actions towards them or us. This cookie is necessary to keep our website safe from automated systems/bots/users that have bad intentions. You can read more on that cookie here: https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-Cloudflare-cfduid-cookie-do- However, if you don't want to receive this cookie, you may use a so-called "cookie blocker" although this may impact the functionality of the website or give your various challenge messages. Therefore usage is at your discretion. In addition to this cookie, CloudFlare might save and use your data for analytical purposes, this includes, but it's not limited to: which URLs do you visit, what you or your browser downloads, where did request come from (Country, IP) and others. We anonymise all analytical data, so we are unable to track a single user based on the data Cloudflare collects. Beside Cloudflare cookie, we also place sessionid and csrftoken cookies for request protection and authentication system. This two are required for the website to work.


Data that we collect when you write us emails or contact us via Twitter

When you write anything to our e-mail addresses or chat boxes (ending in domains korenc.eu, ksoft.si, is-going-to-rickroll.me and other associated domains), We will store your e-mail for an indefinite amount of time, with your e-mail address we will also collect data from external providers like ClearBit and Gravatar. If you get a reply from us, we will also keep all raw data of conversation without prior consent to provide better customer service and prevent abuse.


Data that we collect when you utilise our APIs

When you as a user or an automated system you operate as bot/web-service requests any of our APIs (hosted at https://api.ksoft.si, https://api.korenc.eu, https://i.ksoft.si and https://is-going-to-rickroll.me). We store the IP address, the User-Agent header, and the URL visited (simple and with GET parameters), the API used (name, version, endpoint) as well as the internal ID and Discord ID of the account associated with the client application that called the API. Statistic data is stored internally for 31 days after that our system will automatically delete it from any databases, but we indefinitely store data about the IP address and check it with an external provider for reasons of preventing abuse, by using our websites or APIs you automatically agree to this type of data collection. We also track usage of our service in general through access logs, which can contain the source IP address, user-agent and response times with response code from our APIs. Our abuse system might connect your user account to different objects and data that would be thought to be abusive. This data will never be shared with any 3rd party and cannot be deleted or viewed by any user or staff the only exception is a few authorised personnel, the only time we allow the data to leave the servers is when we do an offsite backup. This data is required and will enable us to monitor the usage of our service and enables us to react to spikes and the number of requests on time as well as protect our infrastructure from misbehaving users. We will never give your data to any 3rd party or sell it.


Where do we store data:

If you utilise our APIs to store data, retrieve data or use website, we store this data on DigitalOcean servers or private first party providers located in London (United Kingdom), Amsterdam (Netherlands) and Ljubljana (Slovenia). At this point, we don't plan nor consider to have the data mentioned above on our platform ever to leave the EU or European economic zone.


Contact:

If you wish to get access to the data we collect on you or request deletion of such, you may write us an email at [email protected] Please note that you shall not use this email for applying to get access to our APIs or services, but you may request help or information, application emails send to it, will be ignored entirely, deleted and marked as spam. Please make sure to include what data you want to receive/have deleted. (e.g. APIs request data, statistic data, user data, email request data and similar, but please note that we will under no circumstances share or delete our abuse data or original data also note that we will remove some data points for privacy reasons of other users). Your data will be delivered to you in an industry standard format (JSON, XML and file types you uploaded) after a maximum of 30 business days after we received the request. We are not accountable for any actions taken by appropriate authorities to you as a user, we exclude ourselves from any liability and will not be responsible for any damages inflicted to you as a user in any way. Use data provided by our services at your own risk.


Terms of Use

When a user creates an application or an account on any of our services they agree to this terms of use without any objection, we have a right to change this terms at any time without prior notification. All users have five business days to adhere to this changes. We will notify users via announcements or e-mail when we significantly change this terms of use. All users are given one warning if they don't adhere to this terms, if a user does not adhere to the conditions in a given frame of time depending on the situation, we will revoke their token, or we will suspend the account. If a user intentionally attacks, disabled or tries to circumvent any rule or system of our services, we will suspend their account immediately and all users IP addresses will be banned. If the attack includes any information leak, we will report it to the appropriate authorities (SI-CERT).
a) Essential terms that must you must meet when using our services:
1. The user must not abuse, intentionally disrupt, break, circumvent or tamper with any of our services.
2. The user must not spam our services. We enforce a rate limit of 5 requests per second with allowed bursts of 2 requests within 100ms, all requests that hit rate limit will your request will be placed into a lower priority queue, and the server will process them when the next slot is available. The only time when we will cancel the request is when a sustained spike (more then 5req/s for more than 30 seconds) in requests is detected, the server will respond with 429 error code.
3. All content with NSFW (not safe for work) set to true by us, must be contained in NSFW marked Discord channels.
4. The user must not use multiple accounts to use our services (API only), such instances will result in an immediate account suspension without prior notice.
5. The user must stay in the official Discord server to be able to access our services if a user leaves the token and application will be revoked and removed. Staff will notify a user after the action.
6. All website resources (like the logo, name and other content) are copyright protected and shall not be used under different names or without our approval.
b) Essential terms that you must meet when using Meme API:
1. When using any of Reddit parsers and endpoints like random-meme, rand-reddit or random-nsfw you must add a contribution notice somewhere in the message sent, it must include one of following: subreddit, the user that was posted by or a direct link to the post.
2. If sending an image in the embed or the message from the random-images or random-wikihow endpoint, you must include one of the following in your message or embed: api.ksoft.si, KSoft.Si or KSoft.Si API.
3. You must not download images from the random-images or random-wikihow endpoint without the prior consent of the staff team or developer.
c) Essential terms that you must meet when using Bans API:
1. When doing more look-ups at one, you must use the bulkcheck endpoint. We will warn users about misuse.
2. When outsourcing data (this excludes 'check' endpoint), contribution notice must be added to the Discord message.
3. When using the API mentioned above on the website, it must include one of the following: KSoft.Si API, KSoft.Si Bans, api.ksoft.si, Powered by KSoft.Si API or similar.
4. Abuse of the report and add endpoint will result in account suspension without prior notice.
d) Essential terms that you must meet when using Kumo API:
1. You must not use GeoIP endpoint for any malicious intent. Abuse will result in account suspension and IP ban.
2. Any of our links provided must not be decoded, tempered with or changed in any way.
e) Essential terms that you must meet when using Lyrics API:
1. You must add attribution notice somewhere in the message, and it must state one of the following: api.ksoft.si, KSoft.Si or KSoft.Si API.

General suggestions that we recommend, but do not enforce them:

1. We will be pleased if you are using any of our resources your show a contribution notice for our service in the form of api.ksoft.si, KSoft.Si, KSoft.Si API or similar.

2. If you are using our logo it must obtained from our CDN:

3. Capitalization of the name should match "KSoft.Si".

4. When showing information about a global ban, it should link to https://bans.ksoft.si/check/user_id or just https://bans.ksoft.si