API Terms of Service

"API" means the 3D AI Studio application programming interface accessible at api.3daistudio.com, including all endpoints, features, and related services.

"API Key" means the unique authentication credential issued to the Customer for accessing the API.

"Credits" means the prepaid units of value purchased by the Customer and consumed when making API requests.

"Customer" means the entrepreneur (Unternehmer) who enters into a contract with the Provider by accepting these Terms and using the API.

"Dashboard" means the web-based management interface accessible at 3daistudio.com/Platform/API for managing API Keys, Credits, and account settings.

"Documentation" means the technical documentation for the API available at 3daistudio.com/Platform/API/Documentation.

"Input" means any data, images, text prompts, files, or other content submitted by the Customer to the API.

"Output" means any data, images, 3D models, files, or other content generated by the API in response to the Customer's Input.

"Data Processing Agreement" or "DPA" means the data processing agreement pursuant to Article 28 GDPR, available at /Platform/API/DPA, which forms an integral part of these Terms.

"Sub-Processor List" means the current list of Sub-Processors maintained at /Platform/API/Subprocessors.

"Third-Party Services" means the external AI models, infrastructure, and services used by the Provider to process API requests, as listed in the Sub-Processor List.

(1) The contract between the Provider and the Customer is formed when the Customer explicitly accepts these Terms during account setup or API key creation (e.g., by clicking "I agree to the API Terms of Service"). The Provider logs the timestamp, Terms version, and account identifier of each acceptance for audit purposes.

(2) The Provider offers the following services through the API: AI-powered 3D model generation from text and images; AI-powered image generation and editing; 3D model processing tools including format conversion, mesh repair, optimization, rendering, and texture baking; multi-step AI processing flows.

(3) The Provider reserves the right to modify, extend, or discontinue individual API endpoints or features at any time. The Provider shall use commercially reasonable efforts to provide at least thirty (30) days' prior notice before discontinuing an existing endpoint.

(4) The Documentation forms an integral part of these Terms. In the event of a conflict between the Documentation and these Terms, these Terms shall prevail.

(1) Access to the API requires a valid API Key. API Keys are issued through the Dashboard and must be included in the Authorization header of each API request as a Bearer token.

(2) API Keys are bound to the Customer's account, non-transferable, and may not be shared with third parties. The Customer is solely responsible for maintaining the confidentiality and security of their API Keys and account credentials.

(3) API Keys expire ninety (90) days after issuance. The Customer may create new API Keys and revoke existing ones at any time through the Dashboard.

(4) Dashboard access requires two-factor authentication (TOTP). The Customer is responsible for safeguarding their authenticator device and recovery codes.

(5) The Provider may revoke API Keys or suspend account access immediately and without prior notice if the Customer violates these Terms, in particular the Acceptable Use Policy (Section 8).

(6) The Customer shall notify the Provider immediately at Jan@3DAIStudio.com if they become aware of any unauthorized use of their API Key or account.

(1) The API operates on a prepaid credit system. Credits must be purchased before making API requests. Each API request consumes a specific number of Credits as specified in the Documentation.

(2) Credits are purchased through the Dashboard via the payment processor Stripe. The minimum purchase amount is USD 100.00 and the maximum single purchase amount is USD 50,000.00. The default currency is US Dollars (USD); the actual currency displayed at checkout may vary depending on the Customer's location.

(3) All prices are exclusive of applicable taxes. Taxes are calculated and collected at checkout by the payment processor on behalf of the Provider.

(4) Purchased Credits expire three hundred sixty-five (365) days after the date of purchase. Promotional or granted Credits expire thirty-one (31) days after issuance. Expired Credits are forfeited and cannot be restored.

(5) Credits are non-transferable and may not be resold, traded, or otherwise transferred to any third party.

(6) If an API request fails due to a system error on the Provider's side, the Credits consumed by that request are automatically refunded to the Customer's account. The Customer does not need to take any action to receive such refund.

(7) The Customer may view their current Credit balance, transaction history, and usage at any time through the Dashboard or the wallet API endpoint.

(1) API requests are subject to rate limiting. The default rate limit is three (3) requests per minute per user account.

(2) Custom rate limits may be configured through the Dashboard settings or agreed upon individually between the Provider and the Customer.

(3) Requests that exceed the applicable rate limit will receive an HTTP 429 (Too Many Requests) response. The Customer is responsible for implementing appropriate retry logic with exponential backoff.

(4) Repeated or deliberate attempts to circumvent rate limits may result in immediate suspension of API access.

(1) The API provides access to AI-powered generation and processing services. The Customer acknowledges that AI-generated Outputs are inherently probabilistic and may vary in quality, accuracy, and completeness. The Provider does not warrant any specific outcome or result.

(2) The Provider shall make commercially reasonable efforts to maintain the availability and functionality of the API but does not guarantee uninterrupted or error-free operation. The API is provided on an "as-available" basis. Scheduled and unscheduled maintenance may occur without prior notice.

(3) The Services rely on Third-Party Services as specified in Section 10. The Provider selects such providers with reasonable care but is not liable for their performance, output quality, or availability beyond the Provider's control.

(4) The Customer is solely responsible for evaluating whether any Output is suitable for their intended use, complies with applicable laws and regulations, and meets their quality requirements.

(5) Generated results (Output files) are available for download for twenty-four (24) hours after generation completes. After this period, files are automatically and permanently deleted. API request logs are retained for the purpose of billing, troubleshooting, and security.

(6) The Provider reserves the right to impose or adjust technical limits on file upload sizes, request payloads, and processing parameters as documented in the Documentation.

(1) The Customer retains all rights to any content they submit to the API ("Input"). The Provider does not acquire any rights to Customer Input beyond what is necessary to provide the Services.

(2) The Customer may use, modify, reproduce, distribute, and commercially exploit all content generated through the API ("Output") without restriction, subject to applicable law and these Terms.

(3) The Provider does not claim ownership of any Output. The Customer acknowledges that the Provider may generate the same or similar Output for other customers using the same or similar Input.

(4) The Customer acknowledges that under current European Union and German copyright law (in particular Section 2 of the German Copyright Act, UrhG), purely AI-generated content may not qualify for copyright protection, as copyright requires a personal intellectual creation by a human author. The Provider makes no representation regarding the copyrightability or legal protectability of any Output.

(5) The Provider does not warrant that Output will not infringe the intellectual property rights of third parties. The Customer is solely responsible for evaluating whether any Output may infringe such rights before use.

(6) The API, its underlying technology, the Documentation, and all associated intellectual property rights (including trademarks, trade names, and logos) remain the exclusive property of the Provider and their respective licensors.

(7) The Customer is granted a limited, non-exclusive, non-transferable, revocable right to access and use the API in accordance with these Terms for the duration of the contract.

(1) The Customer shall use the API only in compliance with these Terms, the Documentation, and all applicable laws and regulations.

(2) The following uses of the API are strictly prohibited:

(a) Generating, processing, or distributing any content that depicts, promotes, or facilitates child sexual abuse material (CSAM) or the sexual exploitation of minors in any form;

(b) Generating non-consensual intimate imagery, deepfakes, or synthetic media depicting identifiable real persons without their explicit, informed consent;

(c) Generating content that promotes, incites, or provides instructions for terrorism, violent extremism, mass violence, or acts of war;

(d) Generating content that promotes, glorifies, or provides instructions for self-harm or suicide;

(e) Generating content that constitutes hate speech, harassment, bullying, or discrimination based on race, ethnicity, religion, gender, sexual orientation, disability, or any other protected characteristic;

(f) Generating content intended to deceive, defraud, or mislead, including but not limited to phishing, scams, impersonation, and disinformation campaigns;

(g) Generating content for use in the development, manufacture, or deployment of weapons, weapons systems, ammunition, or military equipment;

(h) Generating content for use in surveillance systems, mass biometric identification, or social scoring systems;

(i) Generating content for use in medical devices, clinical diagnosis, or pharmaceutical development where the Output could directly affect patient health or safety, unless the Customer has obtained all necessary regulatory approvals;

(j) Using the API or any Output to train, fine-tune, distill, or otherwise improve machine learning models that compete with the Provider's services;

(k) Reselling, sublicensing, or redistributing access to the API, in whole or in part, to any third party;

(l) Reverse engineering, decompiling, disassembling, or otherwise attempting to derive the source code, algorithms, or model weights underlying the API;

(m) Attempting to circumvent, disable, or interfere with rate limits, authentication mechanisms, security features, or any other technical restrictions of the API;

(n) Using the API in any manner that violates applicable export control laws, trade sanctions, or embargoes (see Section 14);

(o) Submitting Input that the Customer knows or reasonably should know infringes the intellectual property rights or other rights of any third party;

(p) Using the API to generate or distribute unsolicited bulk communications (spam).

(3) The Provider reserves the right, but is not obligated, to monitor API usage for compliance with this Acceptable Use Policy. The Provider may review patterns of use, metadata, and request volumes. Where necessary for security, abuse prevention, support, or legal compliance, the Provider may also access the substance of Customer Input or Output.

(4) The Provider may report suspected illegal content, including but not limited to CSAM, to the competent authorities where legally required or where the Provider deems such reporting necessary and lawful.

(5) Violation of this Acceptable Use Policy may result in immediate suspension or termination of API access, forfeiture of remaining Credits, and referral to law enforcement authorities where required or permitted by law.

(1) The Provider processes personal data in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and all other applicable data protection laws. Details are set out in the Provider's Privacy Policy at /Datenschutz.

(2) To the extent that the Customer submits personal data as Input through the API (for example, images containing identifiable individuals), the Provider acts as a data processor (Auftragsverarbeiter) within the meaning of Article 28 GDPR. In such cases, the Customer acts as the data controller and is responsible for ensuring that they have a valid legal basis for such processing.

(3) The Data Processing Agreement (Auftragsverarbeitungsvertrag) pursuant to Article 28 GDPR is available at /Platform/API/DPA and forms an integral part of these Terms. It is deemed concluded upon the Customer's acceptance of these Terms. The DPA specifies the nature, purpose, and duration of the processing, the types of personal data, categories of data subjects, the Sub-Processor list, and the Provider's obligations.

(4) The Customer is responsible for ensuring that any personal data submitted through the API is processed lawfully, including obtaining all necessary consents from data subjects and complying with all data subject rights requests.

(5) The Provider employs appropriate technical and organizational measures to protect Customer data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews.

(6) Generated result files (Output) are automatically deleted twenty-four (24) hours after generation. API request logs (containing metadata such as endpoint called, timestamp, status code, and credits consumed, but not the substance of Input or Output) are retained for up to twenty-four (24) months for billing, security, and troubleshooting purposes. Billing and financial records are retained for ten (10) years in accordance with German tax law.

(1) The Provider uses third-party AI providers and infrastructure services ("Sub-Processors") to deliver the API. The current list of Sub-Processors, including their purposes and processing locations, is maintained at /Platform/API/Subprocessors and forms part of these Terms.

(2) Processing locations may include EU and non-EEA locations depending on the Sub-Processor. For transfers of personal data to Sub-Processors located outside the European Economic Area, the Provider relies on the EU-US Data Privacy Framework (where applicable) or EU Standard Contractual Clauses (SCCs) pursuant to Article 46 GDPR, supplemented by appropriate technical and organizational measures. Details of the applicable transfer mechanisms are set out in the Data Processing Agreement.

(3) The Customer grants the Provider general authorisation within the meaning of Article 28(2) GDPR to engage Sub-Processors. The Provider shall inform the Customer of any intended addition or replacement of Sub-Processors by email to the account email address and by updating the Sub-Processor list, at least thirty (30) days before the change takes effect. The Customer may object to the addition of a new Sub-Processor on reasonable data protection grounds within the thirty (30) day notice period. If the objection cannot be resolved, the Customer may terminate the contract in accordance with Section 13.

(4) The Customer acknowledges that the terms of service and acceptable use policies of the Third-Party Services may impose additional restrictions on the use of Output generated through their models.

(1) The Provider shall have unlimited liability for damages caused by intentional acts (Vorsatz) and for injury to life, body, or health, regardless of the degree of fault.

(2) In cases of gross negligence (grobe Fahrlässigkeit), the Provider's liability is limited to damages that were foreseeable at the time of contract formation and typical for the type of contract in question. This limitation does not apply to injury to life, body, or health.

(3) In cases of slight negligence (leichte Fahrlässigkeit), the Provider shall only be liable for breaches of essential contractual obligations (Kardinalpflichten) — obligations whose fulfillment is a prerequisite for the proper performance of the contract and on whose compliance the Customer may regularly rely. In such cases, liability is limited to damages that were foreseeable at the time of contract formation and typical for the type of contract in question.

(4) Subject to paragraphs (1) through (3), the Provider's total aggregate liability for all claims arising out of or in connection with these Terms within any twelve (12) month period shall not exceed the total amount of Credits purchased by the Customer in the twelve (12) months preceding the first event giving rise to the claim.

(5) The Provider shall not be liable for indirect damages, consequential damages, loss of profits, loss of data, loss of business, or any damages arising from business interruption, except in cases of intentional acts or where such exclusion is prohibited by mandatory law.

(6) The Provider shall not be liable for the accuracy, completeness, legality, or fitness for any particular purpose of any Output generated through the API.

(7) The Provider shall not be liable for failures, outages, or degraded performance of Third-Party Services beyond the Provider's reasonable control.

(8) The limitations of liability set forth in this section also apply in favor of the Provider's employees, agents, and vicarious agents (Erfüllungsgehilfen).

(9) Any claims for damages against the Provider shall become time-barred twelve (12) months after the Customer becomes aware of the circumstances giving rise to the claim, unless the claim relates to intentional acts or injury to life, body, or health, in which case the statutory limitation periods apply.

(1) The Customer shall indemnify, defend, and hold harmless the Provider from and against all claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or in connection with:

(a) the Customer's use of the API in violation of these Terms, including the Acceptable Use Policy;

(b) the Customer's Input, including but not limited to claims that the Input infringes the intellectual property rights, privacy rights, or other rights of any third party;

(c) the Customer's use or distribution of Output in a manner that violates applicable law or third-party rights;

(d) any claims brought by the Customer's end users, clients, or other third parties in connection with the Customer's products or services that integrate the API.

(2) The Provider shall promptly notify the Customer of any such claim and shall provide reasonable cooperation in the defense thereof. The Customer shall not settle any claim that imposes obligations on the Provider without the Provider's prior written consent.

(1) The contract is concluded for an indefinite period and may be terminated by either party with thirty (30) days' written notice to the end of a calendar month.

(2) The Provider may terminate the contract immediately and without notice for good cause (aus wichtigem Grund), in particular if the Customer materially breaches these Terms, violates the Acceptable Use Policy, or engages in illegal activity using the API.

(3) Upon termination, all API Keys are revoked and the Customer's access to the API ceases immediately.

(4) Credits are non-refundable. Upon termination by either party, any unused Credits are forfeited. The Customer is advised to consume remaining Credits before the termination takes effect. This does not affect the automatic refund of Credits for failed API requests as described in Section 4(6).

(5) Generated Output that has not been downloaded at the time of termination is subject to the standard twenty-four (24) hour retention period and will not be preserved beyond that period.

(6) The following sections survive termination: Definitions (Section 1), Intellectual Property (Section 7), Acceptable Use Policy (Section 8), Data Protection (Section 9), Liability (Section 11), Indemnification (Section 12), Export Controls (Section 14), Governing Law (Section 16), and this Section 13.

(1) The Customer shall comply with all applicable export control laws, trade sanctions, and embargoes, including but not limited to those imposed by the European Union, the Federal Republic of Germany, and the United States of America.

(2) The Customer represents and warrants that they are not (a) located in, organized under the laws of, or a resident of any country or territory that is subject to comprehensive EU or US sanctions (currently including but not limited to Russia, Belarus, Iran, North Korea, Syria, Cuba, and the Crimea, Donetsk, and Luhansk regions of Ukraine); (b) listed on any applicable sanctions or restricted party list, including the EU Consolidated Financial Sanctions List, the US SDN List, or the German Export Control List; and (c) owned or controlled by any person or entity described in (a) or (b).

(3) The Customer shall not use the API or any Output in connection with activities that would violate applicable export control laws or sanctions.

(4) Violation of this section constitutes grounds for immediate termination without refund.

(1) The API provides access to AI systems that generate synthetic images, 3D models, and other content. The Provider and the Customer each acknowledge their respective obligations under Regulation (EU) 2024/1689 (the "EU AI Act").

(2) The Provider shall make available information about the capabilities and limitations of the AI models accessible through the API, as required by the EU AI Act, through the Documentation.

(3) To the extent that transparency obligations under Article 50 of the EU AI Act apply to the Customer's use of Output (as of the applicable dates under the EU AI Act), the Customer is solely responsible for compliance with such obligations. This includes, where required, disclosing that content has been artificially generated or manipulated, and ensuring that machine-readable markers or labels are applied in accordance with applicable law.

(4) The Customer shall not use the API as a component of a "high-risk AI system" as defined in Article 6 of the EU AI Act without conducting the required conformity assessment and fulfilling all applicable obligations under the AI Act.

(1) These Terms and any disputes arising out of or in connection with them shall be governed by and construed in accordance with the laws of the Federal Republic of Germany, excluding the United Nations Convention on Contracts for the International Sale of Goods (CISG) and conflict of law rules.

(2) The exclusive place of jurisdiction for all disputes arising out of or in connection with these Terms is Heilbronn, Germany, provided that the Customer is a merchant (Kaufmann), a legal entity under public law, or a special fund under public law, or has no general place of jurisdiction in Germany.

(1) The Provider reserves the right to amend these Terms at any time. The Customer shall be notified of any amendments by email at least thirty (30) days before the amended Terms take effect.

(2) If the Customer does not object to the amended Terms within the thirty (30) day notice period, the amended Terms shall be deemed accepted. The Provider shall specifically inform the Customer of this consequence in the amendment notification.

(3) If the Customer objects to the amended Terms, the contract shall continue under the previous Terms. The Provider may then terminate the contract with thirty (30) days' notice.

(1) Force Majeure. The Provider shall not be liable for any failure or delay in the performance of its obligations under these Terms to the extent that such failure or delay is caused by circumstances beyond the Provider's reasonable control, including but not limited to natural disasters, pandemics, acts of war or terrorism, government sanctions or embargoes, labor disputes, failures of third-party services or infrastructure, power outages, or cyberattacks. The Provider shall notify the Customer as soon as reasonably practicable and shall use reasonable efforts to mitigate the effects of the force majeure event.

(2) Severability. If any provision of these Terms is held to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect. The invalid provision shall be replaced by a valid provision that most closely achieves the economic purpose of the invalid provision.

(3) Assignment. The Customer may not assign or transfer any rights or obligations under these Terms without the Provider's prior written consent. The Provider may assign these Terms in whole or in part to a successor in connection with a merger, acquisition, reorganization, or sale of all or substantially all of its assets, provided that the successor assumes all obligations under these Terms.

(4) Entire Agreement. These Terms, together with the Documentation, the Privacy Policy, the Data Processing Agreement, and the Sub-Processor List, constitute the entire agreement between the Provider and the Customer with respect to the subject matter hereof and supersede all prior agreements, negotiations, and representations.

(5) Notices. All notices under these Terms shall be in writing and sent by email. Notices to the Provider shall be sent to Jan@3DAIStudio.com. Notices to the Customer shall be sent to the email address associated with their account.

(6) No Waiver. The failure of the Provider to enforce any right or provision of these Terms shall not constitute a waiver of such right or provision.

(7) Language. These Terms are drafted in English. In the event of any conflict between the English version and any translation, the English version shall prevail.

Jan Hammer

Hammer Creations, trading as 3D AI Studio

Lärchenstraße 17, 74389 Cleebronn, Germany

Email: Jan@3DAIStudio.com

VAT Identification Number: DE400058226

This information is provided in accordance with Section 5 of the German Digital Services Act (DDG).