API Developer Policy

Fastmail is committed to a broad and inclusive ecosystem. Email and calendaring standards are core to what we do. We believe that people own their own data and that the ability to take that data with them is their right. One way we support this is through welcoming Client Application developers to use our publicly available application programming interfaces (the “APIs”). We look forward to seeing what you can build with Fastmail.

General

By “Client Application,” we mean any software application, functionality, website, product or service that uses the Fastmail API. “We”, “our” and “us” refers to Fastmail Pty Ltd. By “developer” or “you/your”, we mean any person who, whether by themselves, through their employees or agents or otherwise and whether on their own account or in conjunction with others, whether directly or indirectly, develops a Client Application. By using the expression “person”, we include any individual, corporation, firm, partnership, association, government and non-government department and any other entity or body of persons whether incorporated or not, regardless of whether it constitutes a separate legal entity or not. We require Client Applications and developers to follow this API Developer Policy (”Policy”) as well as all other Fastmail guidelines and policies including the Fastmail Privacy Policy, Fastmail’s Customer Terms of Service, the Fastmail Brand Guidelines and the API Terms. When we use the term “Services” we are referring to Fastmail’s services and related systems and technology, as well as Fastmail’s websites and all of the information and content made available by or on behalf of Fastmail through any of those services. Privacy, safety and a high-quality Customer and End-User experience are very important, and this Policy is designed with those goals in mind. To protect Customers, End-Users and our Services, we reserve the right to take any action we deem necessary if a Client Application violates the letter or spirit of this Policy. By “End-User” we mean any “Authorized User” as defined in our API Terms, including anyone who interacts with the Client Application directly or indirectly or anyone whose Data is exposed to or used by the Client Application. By “Customer” we mean the End-User responsible for the billing of the Services. By “Data” we mean data, information or content uploaded, posted, transmitted or otherwise made available by End-Users and Customers via the Services, including emails, addresses, calendars and events, notes, files, settings and any metadata.

Security

We take the security of Data very seriously, and you must as well. Your network and the operating system and software of your web servers, databases, computer systems and client software must be properly configured to securely operate your Client Application as well as fetch, send and store Data. Data must be served using strong encryption. In addition, Client Applications and developers are prohibited from:

  • Degrading or compromising security in any way.
  • Providing access to Fastmail in any fraudulent or unauthorized way, including bypassing or circumventing Fastmail protocols and access controls.
  • Using unpublished APIs.
  • Including misleading and/or deceptive statements about Client Application functionality, performance, origin or Data use.
  • Transmitting any viruses or other code that may damage, detrimentally interfere with, surreptitiously intercept or take away any system or Data.
  • Attempting to reverse engineer or otherwise derive source code, trade secrets, or know-how in the Fastmail API or any portion thereof.

User Experience

Every Client Application must be useful, appropriate, respect Customer and End-User privacy, and provide a generally good End-User experience. In keeping with this, Client Applications and developers are prohibited from:

  • Degrading or compromising performance of the Services.
  • Creating poor End-User experiences that do not add value to End-Users or that detract from the overall utility of Fastmail.
  • Neglecting appropriate Customer assistance. Every Client Application must include a reference or actual installation instructions and Customer support information, including a contact for Customer support. You must keep your Client Application updated and provide timely and accurate End-User support.

Business

In using Fastmail APIs, developers must agree to respect our business as we respect yours. Every Client Application must behave in accordance with appropriate and accepted business conduct. As part of good business practices, Client Applications and developers are prohibited from:

  • Circumventing Fastmail’s intended limitations (including pricing, features and access structures). You may not use the Fastmail API to replicate or compete with core products or services offered by Fastmail, including the Services.
  • Client Applications may not use Data or content from Fastmail in any advertisements or for purposes of targeting advertisements or contacting End-Users, including in that Client Application, your other applications, or elsewhere.
  • Implying a Fastmail endorsement, certification, affiliation or partnership unless you have explicit permission from Fastmail to do so.
  • Sub-licensing, distributing or allowing access to the Fastmail APIs to anyone else.

Branding

Please provide your End-Users with excellent, well-designed products. As part of good design practices, Client Applications and developers are prohibited from:

  • Violating the Fastmail Brand Guidelines
  • Infringing upon any intellectual property rights in your design. You must not use any logo that resembles the Fastmail icon. If you’re not sure, please contact us at press@fastmail.com.

Use of Data

Protecting Data is paramount at Fastmail, and must be for you. You are responsible for good Data stewardship practices. First and foremost, you have no independent rights to any Data. In accordance with this, Client Applications and developers are prohibited from:

  • Collecting, storing, and using Data without obtaining proper consent of the End-User.
  • Asking End-Users to provide sensitive, private, and confidential personal information, such as credit card numbers or passwords unless specifically necessary as part of the Client Application’s legitimate function and purpose.
  • Renting, selling or sharing Data with third parties under any circumstances not required for delivering functionality for the End-User.
  • Exploiting Data to create user profiles other than that which is necessary for the Client Application to function.
  • Ignoring an End-User’s request for deletion. When an End-User deletes your Client Application or if you discontinue your Client Application you must delete all associated Data within 14 business days . By “business day” we mean a day other than a Saturday, Sunday or public holiday in Melbourne, Australia.
  • Combining Data with data gathered from other sources for any purposes unrelated to the use of the Client Application.
  • Requesting and using scopes not required for your Client Application’s functioning. Use only the appropriate and necessary scopes and clearly define the need for scopes within your Client Application’s description.
  • Failing to notify End-Users about privacy and their Data. Your Client Application must include a publicly-available and easily accessible privacy policy that explains how the Client Application collects, uses, processes and stores Data, and what control End-Users have over their Data. The privacy policy must comply with any applicable privacy laws in the locations where your Client Application is made available to End-Users.
  • Accessing Data for surveillance purposes. You may not allow or assist any entity to conduct surveillance or obtain Data using your access to the Fastmail API.
  • Otherwise exploiting Data in a way not approved by Fastmail and not disclosed to and permitted by End-Users. You may, however, use Data that is both aggregated and anonymized for purposes of analytics and development related to the Client Application.

Law and Safety

Client Applications should not create unsafe environments or hardships for End-Users. Each Client Application must comply with all applicable laws and legal requirements in all locations where it is made available to End-Users. Client Applications must conform to Fastmail’s API Terms. In addition, Client Applications and developers are prohibited from:

  • Spamming, harassing, stalking, intimidating or threatening End-Users.
  • Allowing impersonation of End-Users or otherwise allowing for false representations within the Client Application.
  • Infringing on anyone else’s intellectual property rights (including Fastmail’s).
  • Representing that your Client Application is authorized by or produced by another company or organization.
  • Allowing or facilitating financial transactions conducted in an insecure or unapproved manner.

Export Controls

You are responsible for classifying your Client Applications pursuant to the Export Administration Regulations, including submission of any necessary classification requests or self-classification reports. By “Export Administration Regulations” we mean the set of regulations known as the “Export Administration Regulations” or “EAR” found at 15 C.F.R. § 730 et seq enforced by the US Department of Commerce through the US Bureau of Industry and Security (BIS). Among other things, the EAR relates to the export of commercial goods, software and technology.

Notification on change

Client Applications and developers must notify us immediately if you change the function of or discontinue your Client Application. This helps you and us support the Customer and End-Users.

Data breach

If Data is breached, exposed, exploited, or otherwise compromised through your Client Application or company, you must inform all affected End-Users and Fastmail immediately. You can reach Fastmail at dataprotection@fastmailteam.com.

Policy breach

Violations of this Policy may result in token revocation, developer suspension, End-User notification, legal action or any other action deemed necessary by Fastmail. If requested, you must provide us with proof of compliance with this Policy. If you violate this Policy we may or may not provide notice before taking action. Please note that we may periodically audit Client Applications. If you fail an audit before notifying us of any issues, penalties will be more severe.

Updates

This Policy will change as Fastmail grows and evolves. Please check back regularly for updates. We may use your email address to communicate any material changes to this Policy. If you have any questions about the or the review process, we’ll be happy to help. Send us a note to: support@fastmail.com.