Lightbox API Terms of Use

Effective Date: January 20, 2026

Thank you for using the Lightbox API. These Terms of Use ("Terms") govern your access to and use of the Lightbox API and related services, website, data, and documentation (collectively, the "Service") provided by Disconnect, Inc. ("Disconnect," "we," "us," or "our"). By accessing or using the Service, you agree to be bound by these Terms. If you do not agree to these Terms, do not access or use the Service.

These Terms supplement and incorporate by reference Disconnect's general Terms of Use and Privacy Policy. In the event of a conflict between these Terms and Disconnect's general Terms of Use, these Terms shall control with respect to your use of the Service.

1. Service Description

The Lightbox API provides programmatic access to privacy intelligence data, including information about mobile applications, websites, trackers, SDKs, data flows, ownership relationships, and security vulnerabilities. The Service enables customers to query and analyze this intelligence data as part of their services, products, security workflows, and compliance processes, subject to the Terms of this agreement.

2. Data License

2.1 Creative Commons License

All data provided through the Lightbox API ("API Data") is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0). The full license text is available at https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode. This license applies to all users of the Service, regardless of subscription tier.

2.2 NonCommercial Use Examples

To help clarify the scope of the NonCommercial restriction, the following are examples of prohibited uses:

Prohibited Commercial Uses (require separate license):

• Incorporating API Data into a product or service sold to customers
• Using API Data to provide paid consulting or advisory services
• Embedding API Data in commercial software, applications, or platforms
• Using API Data to support revenue-generating business operations
• Reselling, sublicensing, or redistributing API Data for payment

2.3 Commercial Licensing

If you wish to use the API Data for commercial purposes, you must obtain a separate commercial license from Disconnect. Commercial licenses are negotiated individually based on your specific use case, volume requirements, and business needs. To inquire about commercial licensing, please contact us at sales@disconnect.me or through the contact form on our website.

Paid subscription plans (e.g., Starter, Professional, Business, Enterprise) provide increased API access, credits, and support, but do not grant commercial use rights. All subscription tiers remain subject to the CC BY-NC-SA 4.0 license unless a separate commercial license agreement is in place.

3. API Access License

Subject to your compliance with these Terms, Disconnect grants you a limited, non-exclusive, non-transferable, revocable license to access and use the Service solely for your authorized purposes. This license does not include the right to sublicense, modify, adapt, translate, reverse engineer, decompile, or disassemble any portion of the Service's software, infrastructure, or proprietary technology.

4. Nature of API Data; No Endorsement of Infringement

4.1 Informational Purposes

The API Data is provided for informational, research, and analytical purposes only. The identification of security vulnerabilities, SDK integrations, tracking behaviors, or other characteristics in third-party applications and websites is intended to enable legitimate security research, compliance monitoring, vendor risk assessment, and privacy protection, not to facilitate unauthorized access to, reproduction of, or interference with such applications or websites.

Nothing in the API Data should be construed as authorization, encouragement, or endorsement of accessing, downloading, reverse engineering, or otherwise interacting with any third-party application or website in violation of that party's terms of service, end user license agreement (EULA), or applicable law.

4.2 Independent Research and Analysis

The API Data represents the results of Disconnect's independent security research, privacy analysis, and publicly observable information gathering. This includes:

• Technical metadata and characteristics of publicly available applications and websites;
• Observations about network traffic, data flows, and third-party connections;
• Classification of trackers, SDKs, and advertising technologies;
• Ownership and entity mapping based on publicly available information;
• Security vulnerability assessments and privacy risk indicators.

4.3 Research Methodology and Legal Basis

Disconnect conducts its analysis under principles of responsible security research recognized by the security research community and applicable legal frameworks. Our research activities include:

• Analysis of publicly available applications distributed through official app stores;
• Crawling and analysis of publicly accessible websites and web assets;
• Analysis of internet tracking technologies, scripts, and third-party connections;
• Observation of network traffic and publicly accessible behaviors;
• Examination of publicly documented APIs and SDK integrations;
• Review of publicly available metadata, permissions, and privacy policies.

This research is conducted to promote transparency, security, and privacy, not to enable infringement or unauthorized access. Disconnect's research practices are consistent with applicable legal exemptions for security research and interoperability analysis.

4.4 Intellectual Property Acknowledgment

Disconnect respects the intellectual property rights of third parties. The API Data consists of Disconnect's original analysis, classifications, and factual observations. The Service does not provide access to, distribute, or reproduce any third-party copyrighted software code, proprietary application binaries, or content protected by copyright, trademark, or other intellectual property rights, except as may be permitted under applicable law (including fair use, security research exemptions, and interoperability exceptions).

Nothing in this Service is intended to facilitate, encourage, or enable:

• Circumvention of technological protection measures;
• Violation of any application developer's End User License Agreement (EULA);
• Copyright infringement or unauthorized reproduction of protected works;
• Any other violation of applicable intellectual property laws.

4.5 User Responsibility

You are solely responsible for ensuring that your use of the API Data complies with all applicable laws, regulations, and third-party rights. Disconnect provides factual information and analysis for legitimate purposes including security research, compliance monitoring, vendor risk assessment, competitive intelligence, and privacy protection. You agree not to use the Service or API Data in any manner that would infringe upon the intellectual property rights of any third party or violate any applicable law or regulation.

5. Permitted Uses

The Service is designed to support legitimate use cases including, but not limited to:

• Security Research: Identifying vulnerabilities, privacy exposures, and security risks in applications and websites;
• Compliance and Regulatory: Supporting GDPR, CCPA, and other regulatory compliance efforts;
• Vendor Risk Assessment: Evaluating the privacy and security practices of third-party vendors and partners;
• Privacy Protection: Implementing transparency, tracker blocking, privacy features, and data protection measures;
• Academic Research: Conducting and publishing scholarly research on privacy, security, and the digital ecosystem;
• Investigative Journalism: Research and reporting in the public interest.

Note: Many of these use cases may be conducted on a noncommercial basis under the CC BY-NC-SA 4.0 license. However, if your use is primarily for commercial advantage or monetary compensation, you must obtain a separate commercial license.

6. Prohibited Uses

You agree not to use the Service or API Data to:

• Infringe upon the copyrights, trademarks, patents, trade secrets, or other intellectual property rights of any third party;
• Circumvent, disable, or interfere with security-related features or digital rights management technologies;
• Violate any EULA, terms of service, or contractual obligations you have with third parties;
• Engage in any form of piracy, unauthorized distribution, or reproduction of copyrighted software;
• Harvest, scrape, or collect personal information about individuals without proper authorization;
• Engage in any activity that is illegal, harmful, fraudulent, or otherwise objectionable;
• Use the API Data for commercial purposes without a valid commercial license from Disconnect;
• Interfere with, disrupt, or place an undue burden on the Service or its infrastructure;
• Attempt to reverse engineer, decompile, or disassemble the Service's proprietary technology;
• Use the Service in any manner that could harm Disconnect's reputation or goodwill.

7. Account Registration and API Keys

To access the Service, you must create an account and obtain API credentials. You agree to provide accurate and complete registration information, maintain the security of your API keys, promptly notify Disconnect of any unauthorized access, and accept responsibility for all activity under your account. API keys are personal to your account and may not be shared, transferred, or made publicly available.

8. Credits, Pricing, and Payment

The Service operates on a credit-based system as described in the pricing documentation. Credits are consumed based on API usage. All fees are non-refundable except as required by law or as explicitly stated in these Terms. Disconnect reserves the right to modify pricing with reasonable notice to existing subscribers.

Important: Payment for a subscription plan grants access to increased API credits and features. It does not grant commercial use rights. See Section 2.3 for information about commercial licensing.

9. Data Accuracy and Disclaimers

While Disconnect strives to provide accurate and current information, the API Data is provided "AS IS" without warranties of any kind. The digital landscape changes rapidly, and information may become outdated. Disconnect does not guarantee the accuracy, completeness, reliability, or timeliness of any API Data. You should independently verify critical information before relying on it for important decisions.

10. Intellectual Property

10.1 Disconnect's Intellectual Property

The Service, including but not limited to the software, APIs, algorithms, classifications, methodologies, and documentation, is protected by copyright, trademark, and other intellectual property laws. Except for the limited license granted herein, Disconnect retains all rights in and to the Service.

10.2 Third-Party Rights

The API Data may reference third-party applications, websites, companies, and technologies. All third-party trademarks, trade names, and copyrights are the property of their respective owners. Reference to any third party in the API Data does not constitute endorsement by or affiliation with such third party.

10.3 DMCA and Intellectual Property Complaints

Disconnect respects intellectual property rights and responds to valid notices of alleged infringement. If you believe that any content available through the Service infringes your intellectual property rights, please contact us at legal@disconnect.me with a detailed description of the alleged infringement.

11. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, DISCONNECT SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES ARISING OUT OF OR RELATING TO YOUR USE OF THE SERVICE OR API DATA. THIS INCLUDES, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, GOODWILL, DATA, OR OTHER INTANGIBLE LOSSES. IN NO EVENT SHALL DISCONNECT'S TOTAL LIABILITY EXCEED THE AMOUNT YOU HAVE PAID TO DISCONNECT IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.

12. Indemnification

You agree to indemnify, defend, and hold harmless Disconnect and its officers, directors, employees, and agents from and against any and all claims, liabilities, damages, losses, and expenses (including reasonable attorneys' fees) arising out of or relating to: (a) your use of the Service or API Data; (b) your violation of these Terms; (c) your violation of any third-party rights, including intellectual property rights; or (d) any claim that your use of the API Data caused damage to a third party.

13. Termination

Either party may terminate this agreement at any time. Disconnect may suspend or terminate your access immediately if you violate these Terms, including by using API Data for unauthorized commercial purposes. Upon termination, your license to access the Service terminates. Note that the CC BY-NC-SA 4.0 license to API Data you have already lawfully obtained continues according to its terms, provided you continue to comply with its conditions.

14. Governing Law and Dispute Resolution

These Terms shall be governed by and construed in accordance with the laws of the State of California, without regard to its conflict of law principles. Any dispute arising from these Terms shall be resolved in the state or federal courts located in Santa Clara County, California.

15. Modifications to Terms

Disconnect may modify these Terms at any time. Material changes will be communicated via email to registered users or through the Service dashboard. Continued use of the Service after changes become effective constitutes acceptance of the modified Terms.

16. General Provisions

These Terms constitute the entire agreement between you and Disconnect regarding the Service. If any provision is found unenforceable, the remaining provisions will continue in effect. Disconnect's failure to enforce any right or provision does not constitute a waiver. You may not assign these Terms without Disconnect's prior written consent.

17. Contact Information

For questions about these Terms, please contact us at:

Disconnect, Inc.
General support: support@disconnect.me
Commercial licensing: sales@disconnect.me
Legal inquiries: legal@disconnect.me