Legal
Developer & API Terms
These Developer & API Terms supplement the Terms for anyone using Bee through an API, SDK, CLI, MCP connector, editor extension, agent, or embedded integration.
1. Keys, OAuth, and end users
- Keep API keys and client credentials confidential, use the least privilege scopes available, rotate compromised credentials immediately, and never embed a secret key in public client code.
- You are responsible for your application, its end users, and having a lawful basis to send their data to Bee. You must provide your own privacy notice and obtain required permissions.
2. AI disclosure and human oversight
Tell downstream users when they are interacting with AI or receiving AI-generated content where required. Do not represent outputs as human-authored or verified. Consequential medical, legal, employment, credit, housing, education, insurance, safety, or government decisions require qualified human review and any legally required assessment, explanation, and appeal path.
3. Agents and tool use
Agents must use least-privilege tools, bounded spend and rate limits, auditable actions, and an out-of-band human approval before physical-world action or irreversible legal or financial commitments. Do not allow Bee output to construct executable tool parameters without validation appropriate to the risk.
4. Technical restrictions
- Do not evade quotas, share accounts to multiply allowances, scrape the service, interfere with security controls, benchmark production without coordination, or extract weights or confidential system prompts.
- Respect documented rate limits and retry instructions. We may throttle or suspend traffic that threatens reliability or cost integrity.
5. Security testing
Good-faith testing of your own integration is permitted. Testing Bee itself requires compliance with /.well-known/security.txt and must avoid privacy invasion, persistence, data destruction, denial of service, social engineering, or access to another tenant. Report findings to bee-security@heossi.com.
6. Inputs, outputs, and third-party rights
You must have rights to inputs and must review outputs before use. Outputs may not be unique and may resemble third-party material. You are responsible for clearance, attribution, and sector-specific compliance in your product; Bee does not grant rights in third-party content.
7. Data handling
The Privacy Policy applies to account and telemetry data; the DPA applies when Bee processes personal data for a business customer. Model-improvement use is off by default and controlled by the Model Improvement & Data Use policy. Do not send regulated or sensitive data to shared tiers unless the applicable product documentation and contract expressly support it.
8. Changes and compatibility
We may evolve APIs and models. Material breaking changes receive reasonable notice where practicable, but emergency security changes may be immediate. Published versioning and deprecation notices, an Order Form, or an SLA control over general expectations in this section.
Questions about this document? Contact bee-legal@heossi.com. Service of process: bee-legal@heossi.com (HEOSSI (Pte.) Ltd., Singapore).
Counter-signed copies on request. The text on this page is the canonical published version. For procurement teams that need a counter-signed copy of the Terms, DPA, or Order Form, email bee-legal@heossi.com. Where there is conflict between this page and an executed counter-signed agreement, the counter-signed agreement controls.