Pabau Developer Policy

Last Modified: 24th August 2024

Thank you for choosing to develop on the Pabau Platform. Our goal is to foster an ecosystem where End Users and developers can easily build, deploy, and grow their businesses through a wide range of tools, integrations, applications, and modules that connect to the Pabau Platform. Developers are required to comply with this Pabau Developer Policy (this “Policy”), our Developer Terms, and our Terms of use. All capitalized terms used in this Policy are defined as in the Developer Terms.

We are committed to providing a secure, high-quality, and data protection-focused environment for End Users, and this policy outlines our expectations for all developers. This policy may not cover every type of Application or Integration, and there may be instances where your Application and/or Integration is not specifically addressed by this Policy. We reserve the right to take any action or steps necessary if your Application and/or Integration violates the terms or spirit of this policy, or if we believe such action is necessary to maintain the integrity of our Developer ecosystem or protect End Users.

Violations of this Developer Policy may result in your Application and/or Integration being blocked from connecting to the Pabau Platform. We reserve the right to make changes to this Policy with or without notification to you.

If you have questions about this Policy or our Developer ecosystem, please contact Pabau Support.

A. Data Protection

We take Data Protection very seriously at Pabau and expect a high standard from our Developers. You are required to comply with all applicable laws and regulations. The following guidelines outline our expectations for data protection and privacy standards:

  1. You will not create Applications and/or Integrations that violate applicable data protection laws and regulations.
  2. You will not create Applications and/or Integrations that enable End Users to circumvent or violate the Pabau Terms of Service and/or the Developer Terms
  3. You will not create Applications and/or Integrations that enable End Users to circumvent or violate the terms or policies of other platforms, applications, integrations, or any entity that has a relationship with the End User.
  4. You will not sell, rent, exploit, or distribute Pabau End User Data without express consent from the End User.
  5. Your Application and/or Integration should clearly explain your data privacy practices, and you must inform Users how you plan to use the data being shared. This should be included in an easily accessible privacy policy that explains to End Users how their data will be collected, used, processed, and what control they have over their data.
  6. Your Application and/or Integration must not collect, store, and/or use personal data (any information relating to an identified or identifiable natural person) without the consent of the data subject or a lawful basis to collect, store, or use such information.
  7. If your Application and/or Integration stores personal data for an End User and the End User requests their data or Content to be erased, you must erase their data and/or Content.
  8. If your Application and/or Integration stores personal data for an End User and the End User modifies their data, you must either erase or update the data.
  9. Your use and transfer of any information received from third-party APIs (e.g., Google APIs) must adhere to the relevant third-party API services’ user data policies, including any applicable Limited Use requirements.
  10. In the event Pabau End User Data or the Pabau Platform is breached, compromised, or exploited by your Application and/or Integration, or by your organization, you must contact all affected End Users and Pabau immediately.

B. Security

In addition to Data Protection, we prioritize security. We expect the following from our ecosystem developers:

  1. You must enforce a form of authentication for your Application and/or Integration and audit logins to secure your Application and/or Integration with the Pabau Platform.
  2. You must securely handle any End User credentials using industry-standard protocols.
  3. To be eligible for any benefits from Pabau, you must use OAuth 2.0 as per our guide [insert link to guide].
  4. You will not make any misleading or deceptive statements about your Application’s functionality, performance, origin, or data use.
  5. You will not transmit any viruses or other malicious code that may damage, detrimentally interfere with, surreptitiously intercept, or expropriate any system or Pabau End User Data.
  6. You will not attempt to reverse engineer or otherwise derive source code, trade secrets, or know-how in our APIs.
  7. You will only ask End Users for permissions that your Application needs and will not request permissions beyond the scope required for the operation of your Application.

C. Using End User Data

  1. You will not collect, store, and/or use Pabau End User Data without obtaining proper consent from the End User, as determined by applicable law.
  2. You will not ask End Users to provide sensitive, private, or confidential personal information, such as credit card numbers or passwords, or information that violates the Pabau Terms of Service or GTC.
  3. Unless such information is necessary for your Application and/or Integration’s legitimate function and purpose, you will not enable End Users to store or process such information through the Pabau Platform.
  4. You will not create Applications and/or Integrations that encourage or allow End Users to circumvent or interfere with their own data privacy and security policies in a negative way.
  5. You will not request, use scopes, or permissions not required for your Application and/or Integration’s functionality.

D. Compliance with Laws

We expect Developers to comply with applicable laws and regulations (in addition to data/privacy protection laws). Therefore, we prohibit you or your Application and/or Integration from:

  1. Spamming, harassing, stalking, intimidating, or threatening End Users or other Developers.
  2. Allowing impersonation of Users or otherwise enabling false representations within your Application and/or Integration.
  3. Facilitating violations of the law.
  4. Infringing on anyone else’s intellectual property rights (including Pabau’s).
  5. Representing that your Application is authorized by or produced by another company or organization without proper authorization.
  6. Allowing or facilitating financial transactions conducted in an insecure or unapproved manner.

E. Design

We want our Developers to create applications that are well-designed and easy to use.

  1. Your Application should not violate the Pabau brand guidelines.
  2. Your Application should not violate any third party’s trademark, copyright, or patent.
  3. The design of your Application should comply with all applicable laws and regulations.
  4. We reserve the right to require you to make changes to the look and feel of your Application. We will do our best to provide you with written notice explaining any required changes.
  5. We encourage you to develop Applications and/or Integrations that enable End Users to comply with applicable data protection and privacy laws.

F. User Experience

We expect all Applications and/or Integrations to provide a good user experience, so we require the following:

  1. Your Application and/or Integration should not degrade or compromise the performance or user experience of the Pabau Services.
  2. Your Application and/or Integration should not use vulgar or obscene language or images. Likewise, your Application or Integration should not contain or offer content that is violent, pornographic, extreme, or that a reasonable person would consider inappropriate.
  3. You should provide appropriate customer assistance. Every Application and/or Integration must include a link to technical instructions and customer support information, including a contact for customer support.
  4. You must keep your Application and/or Integration updated and provide timely and accurate support to End Users.
  5. Your Application and/or Integration must operate and function in accordance with the documentation you make available to End Users.
  6. If requested, you must provide us with proof of compliance with this policy.

Violations of this policy may result in removal from our marketplace, token revocation, developer suspension, having your Application and/or Integration blocked, End User notification, legal action, or any other action deemed necessary solely by Pabau.

If you violate this policy, we may or may not provide notice before taking action. Please note that we may periodically audit Applications and Integrations. If you fail an audit before notifying us of any issues, penalties will be more severe.