WalletWallet API
Get API Key Docs Pricing Changelog Log in

Terms & Conditions

Last updated: 24 June 2026

These Terms & Conditions (“Terms”) govern your access to and use of the WalletWallet API, website, dashboard, and related services (together, the “Service”), operated by Proof of Stake SRL, a company registered in Romania (“WalletWallet”, “we”, “us”). By creating an account, generating an API key, or using the Service, you (“Customer”, “you”) agree to these Terms. If you are using the Service on behalf of an organisation, you confirm you are authorised to bind that organisation.

In plain English: WalletWallet is a developer tool for creating and updating Apple Wallet and Google Wallet passes. You’re responsible for what you put in your passes and for following Apple’s and Google’s rules. We provide the Service “as is”, we don’t take on financial liability, and fees are non-refundable. Romanian law applies. The detail is below.

1. Definitions

  • Service: the WalletWallet API, website (walletwallet.dev), dashboard, pass editor, and documentation.
  • Pass: an Apple Wallet (.pkpass) or Google Wallet object generated or updated through the Service.
  • Customer Content: the data, text, images, barcodes, and field values you submit to the Service to generate or update Passes.
  • End User: a person who installs or holds a Pass you issue.
  • API Key: the credential (ww_live_…) that authenticates your requests.

2. The Service

WalletWallet lets you programmatically create, host, update, and revoke Apple Wallet and Google Wallet passes, distribute them via hosted install pages, and send updates to installed Passes via Apple Push Notification service and the Google Wallet API. Features available to you depend on your plan. We may improve, change, or discontinue features; we will give reasonable notice of material adverse changes where practicable.

3. Accounts and API Keys

3.1 You register with an email address (via a one-time code or Google sign-in). One account is permitted per email address. You are responsible for all activity under your account and API Key, and for keeping your API Key secret.

3.2 You must provide accurate information and be at least 18 years old. The Service is intended for businesses and developers, not consumers.

3.3 You may request regeneration of your API Key (for example, if it is lost or compromised); once a new key is issued, the previous key is disabled.

4. Plans, Trials, Fees and Payment

4.1 Plans. We offer a Free plan and paid plans (currently “Pro” and “Bring Your Own Cert”), each with usage limits and pricing described on our pricing page. We may change plans and pricing prospectively on reasonable notice.

4.2 Usage limits. Each plan includes a monthly Pass-operation allowance. Requests beyond your allowance may be refused (HTTP 429) until the allowance resets at the start of the next calendar month (UTC).

4.3 Trial. New accounts may receive a 30-day Pro trial. At the end of the trial, unless you have subscribed to a paid plan, your account automatically reverts to the Free plan and its limits.

4.4 Payment. Paid subscriptions are billed through our payment provider, Polar, which acts as merchant of record and collects your billing details and payment method. We do not store your card details or billing address. Subscriptions renew automatically until cancelled.

4.5 No refunds. Except where required by mandatory law, all fees are non-refundable, including for partial billing periods, unused allowance, or features you did not use. Cancelling stops future renewals; it does not refund the current period.

4.6 Taxes and total price. Our payment provider, Polar, acts as merchant of record and seller for paid subscriptions. The total price payable, including any applicable VAT and taxes, is shown at the Polar checkout before you confirm the order. Polar handles invoicing, VAT, refunds, and chargebacks for the subscription in accordance with its checkout terms.

5. Acceptable Use

You agree not to use the Service to:

(a) violate any law, regulation, or third-party right;

(b) infringe intellectual property, publicity, or privacy rights;

(c) transmit malware, or interfere with or attempt to gain unauthorised access to the Service, its infrastructure, or other customers’ data;

(d) generate Passes that are fraudulent, deceptive, counterfeit, or that impersonate another person or brand;

(e) generate Passes containing unlawful, harmful, hateful, harassing, or sexually exploitative content;

(f) resell, sublicense, or redistribute the Service, or use it to build a competing product; or

(g) exceed, circumvent, or manipulate usage limits or rate limits.

5.1 Prohibited data. You must not submit to the Service, or place in any Pass, any special-category personal data under Article 9 GDPR (e.g. data on health, racial or ethnic origin, religious or political beliefs, sexual orientation, or biometric or genetic data), payment card numbers, or government-issued identification numbers. You are solely responsible for compliance with this clause.

We may suspend or terminate accounts, and remove or revoke Passes, that violate this Section, and may report unlawful activity to the competent authorities.

6. Customer Content and Passes

6.1 Ownership. As between you and us, you retain all rights in your Customer Content and the Passes you create. We claim no ownership of them.

6.2 Licence to operate. You grant us a worldwide, non-exclusive, royalty-free licence to host, process, transmit, cache, and display your Customer Content solely to provide and maintain the Service (including signing, hosting, distributing, and pushing updates to your Passes).

6.3 Your responsibility. You are solely responsible for your Customer Content and Passes, including their lawfulness, accuracy, and that you have all rights and consents needed to process the personal data they contain. We do not monitor or verify Customer Content and have no obligation to do so.

7. Third-Party Wallet Platforms

7.1 Your use of the Service in connection with Apple Wallet and Google Wallet is subject to the applicable terms, policies, developer agreements, and acceptable-use requirements of Apple and Google. You are responsible for complying with them and for promptly discontinuing or revoking any Pass that does not comply.

7.2 Depending on your configuration, you may need your own Apple Developer account and/or Google Wallet issuer credentials. Where a Pass requires it, you must display the contact and other information those platforms mandate.

7.3 Apple and Google are independent third parties. You use their platforms at your own risk, and we are not responsible for their availability, behaviour, or enforcement actions (including the rejection, suspension, or removal of Passes).

8. Data Protection

8.1 Roles. For personal data in your account and billing records and in our website analytics, we act as a controller. For personal data contained in your Customer Content and in End-User device data we process to deliver your Passes, we act as a processor and you are the controller.

8.2 Processing terms (Article 28 GDPR). When we process personal data on your behalf as processor, the following terms apply and form our data processing agreement:

(a) we process such personal data only on your documented instructions, which include your use of the Service’s features, and as required by applicable law; if law requires us to process otherwise, we inform you first unless that law prohibits it;

(b) we notify you without undue delay if, in our opinion, an instruction infringes the GDPR or other data protection law;

(c) we ensure persons authorised to process the data are bound by confidentiality;

(d) we implement appropriate technical and organisational measures under Article 32, including encryption in transit, access controls, scoped credentials, and use of a managed cloud platform;

(e) you give general authorisation for us to engage the sub-processors listed in our Privacy Policy; we give advance notice of any intended addition or replacement and you may object on reasonable data-protection grounds. We impose data-protection obligations on each sub-processor no less protective than these terms, and we remain fully liable to you for their performance;

(f) we assist you, taking into account the nature of processing and the information available to us, with responding to data-subject requests and with your obligations under Articles 32 to 36 GDPR (security, breach notification, data protection impact assessments, and prior consultation);

(g) we notify you without undue delay after becoming aware of a personal data breach affecting personal data we process for you;

(h) on termination, at your choice we delete or return the personal data and delete existing copies, unless law requires retention, and subject to the platform constraint that Passes already installed on a device cannot be removed by us (see Section 14.3); and

(i) we make available the information reasonably necessary to demonstrate compliance with Article 28 and allow for and contribute to audits, including inspections, conducted by you or an auditor you mandate, subject to reasonable notice and confidentiality.

8.2.1 Details of processing. Subject matter: provision of the Service. Duration: the term of these Terms. Nature and purpose: generating, hosting, updating, revoking, and delivering Passes and related notifications on your behalf. Types of personal data: the pass content you submit (which may include names, identifiers, barcode values, and images) and End-User device data (device identifiers and push tokens). Categories of data subjects: your End Users and your personnel. You must not include special-category data, payment card numbers, or government ID numbers (see Section 5.1).

8.2.2 Standalone DPA. Where you require a separate signed data processing agreement (for example, with transfer and technical-measures annexes), we will enter into one; in case of conflict on data-protection matters, that signed DPA prevails over this Section.

8.3 Transfers. The Service runs on Cloudflare’s global infrastructure and other sub-processors; personal data may be processed outside your country, including outside the EEA. Such transfers are governed by Standard Contractual Clauses or other lawful mechanisms, as described in the Privacy Policy. We do not guarantee EU-only data residency.

8.4 The Privacy Policy (available at /privacy) forms part of these Terms.

9. Intellectual Property

The Service, including its software, APIs, documentation, design, and trademarks, is owned by WalletWallet and its licensors and is protected by law. We grant you a limited, non-exclusive, non-transferable, revocable right to access and use the Service during the term, solely as permitted by these Terms. No other rights are granted.

10. Service Availability: No SLA

The Service is provided on an “as available” basis. We do not offer or guarantee any specific uptime, availability, or response time, and we may perform maintenance, impose limits, or suspend the Service as needed. Apple, Google, and other third-party platforms are outside our control.

This Section, and the disclaimers and entire-agreement provisions in these Terms, are subject to any separate signed order form or custom agreement (for example, a Bring Your Own Cert plan with a committed SLA or DPA). Where such a signed agreement exists, its terms prevail over the general provisions of these Terms to the extent of any conflict.

11. Disclaimer of Warranties

To the maximum extent permitted by law, the Service is provided “as is” and “as available”, without warranties of any kind, whether express, implied, or statutory, including any implied warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, or uninterrupted or error-free operation. You are responsible for determining whether the Service is suitable for your use.

12. Limitation of Liability

12.1 To the maximum extent permitted by law, WalletWallet shall not be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, or for any loss of profits, revenue, data, goodwill, or business, however caused and under any theory of liability, even if advised of the possibility of such damages.

12.2 To the maximum extent permitted by law, WalletWallet’s total aggregate liability for all claims arising out of or relating to the Service or these Terms shall not exceed the lesser of (a) the total fees you paid to us in the 12 months preceding the event giving rise to the claim, or (b) EUR 100.

12.3 Nothing in these Terms excludes or limits liability that cannot be excluded or limited under mandatory law, including liability for intent, gross negligence, death or personal injury caused by negligence, or fraud.

13. Indemnification

You will defend, indemnify, and hold harmless WalletWallet against any third-party claims, damages, liabilities, and reasonable costs (including legal fees) arising out of (a) your Customer Content or Passes, (b) your use of the Service in breach of these Terms or applicable law, or (c) your violation of any Apple, Google, or other third-party platform terms.

14. Term, Suspension and Termination

14.1 These Terms apply for as long as you use the Service. You may stop using the Service and cancel any subscription at any time through your dashboard or the payment provider’s portal; cancellation takes effect at the end of the current billing period.

14.2 We may suspend or terminate your access immediately if you breach these Terms, fail to pay, or create risk or legal exposure for us or other customers.

14.3 Revocation vs. removal of Passes. You may revoke a Pass at any time (DELETE /api/passes/{serial}). Because neither Apple nor Google permits us to remove a Pass already installed on a device, revocation voids the Pass (it is marked expired and updated on the device) rather than deleting it from the device; the voided Pass and its stored content may remain accessible to already-installed devices by platform design.

14.4 Account deletion. You may request deletion of your account and associated personal data by contacting us; we will complete deletion within 30 days, subject to legal retention obligations and to Section 14.3.

14.5 Sections that by their nature should survive termination (including Sections 5.1, 6, 8, 9, 11, 12, 13, and 18) survive.

15. Switching and Data Portability (EU Data Act)

We support your right to switch providers and port your data under the EU Data Act (Regulation (EU) 2023/2854).

15.1 Switching notice and transition. You may end the Service and switch to another provider on a maximum notice period of two months. On termination for switching, we provide a transition period of normally 30 days, during which we maintain continuity and security and assist your migration.

15.2 Exportable data. Exportable data includes your account data, your pass definitions and current pass content, and your usage records, provided in a commonly used, machine-readable format (for example, JSON via the API). It excludes our own derived analytics, security logs, and any data we are legally required to withhold.

15.3 Retrieval and deletion. You may retrieve your exportable data during the term and the transition period. After the retrieval period ends, we delete it, subject to legal retention.

15.4 Switching charges. We do not impose switching charges beyond those permitted by the EU Data Act.

15.5 Non-portable dependencies. Some elements cannot be ported because they depend on third-party platforms: Apple and Google wallet issuer accounts, Pass Type identifiers, and signing certificates are tied to those platforms and to your own developer accounts, and Passes already installed on End-User devices remain governed by Apple and Google.

16. Changes to These Terms

We may update these Terms from time to time. We will post the updated Terms with a new “Last updated” date and, for material changes, give reasonable notice. Continued use of the Service after changes take effect constitutes acceptance.

17. Governing Law and Jurisdiction

These Terms are governed by the laws of Romania, without regard to conflict-of-laws rules. The courts competent for the registered seat of Proof of Stake SRL in Romania shall have exclusive jurisdiction over any dispute, subject to any mandatory consumer protections that may apply.

18. Miscellaneous

18.1 Entire agreement. These Terms and the Privacy Policy are the entire agreement between you and us regarding the Service, except that any separate signed order form or custom agreement (see Section 10) prevails over these Terms to the extent of any conflict.

18.2 Severability. If any provision is held unenforceable, the remaining provisions remain in effect.

18.3 No waiver. Failure to enforce a provision is not a waiver.

18.4 Assignment. You may not assign these Terms without our consent; we may assign them in connection with a merger, acquisition, or sale of assets.

18.5 Provider identification. The Service is provided by Proof of Stake SRL, Romanian Trade Registry No. J35/638/2018, sole registration code / VAT RO38943299.

18.6 Notices. We may give notice by email or by posting on the website. You may contact us at [email protected].