Backport
Home/Terms of Service

Terms of Service

Last updated: April 2026

1. Acceptance of Terms

By creating an account or using the Backport API Gateway service ("Service"), you agree to be bound by these Terms of Service. If you do not agree with any part of these terms, do not use the Service. These terms apply to the hosted cloud service available at backport-io.vercel.app, not to the open-source code itself.

2. Description of Service

Backport is a cloud-hosted API gateway that sits in front of your backend server. It provides:

  • Request proxying — forwards traffic to your configured backend URL.
  • WAF (Web Application Firewall) — regex-based threat detection for common attack vectors (SQL injection, XSS, path traversal, command injection, LDAP injection, XXE).
  • Rate limiting — sliding-window request throttling per plan.
  • LRU caching — in-memory caching for GET requests (when enabled).
  • Idempotency — duplicate request prevention for POST/PUT/PATCH (when enabled).
  • Dashboard analytics — request logs, traffic charts, latency data, and security alerts.

The Service is currently in beta. Features, pricing, and capabilities may change as we iterate on the product.

3. Permitted Use

You may use the Service to proxy, secure, and monitor HTTP API traffic to your own legitimate backend servers. You agree NOT to:

  • Use the Service to route traffic involving illegal activity or content.
  • Deliberately attempt to bypass rate limits, quotas, or security mechanisms.
  • Use the Service to attack, scan, or probe third-party systems without explicit authorization from the system owner.
  • Use the Service as a proxy for scraping, botting, or automated data extraction at scale.
  • Resell, sublicense, or redistribute the Service without prior written permission.
  • Attempt to reverse engineer, decompile, or extract the source code of the hosted cloud service.
  • Share your API key publicly or with unauthorized parties.

4. Account & API Keys

  • You must provide a valid email address and create a password to sign up.
  • You are responsible for maintaining the confidentiality of your API keys and JWT tokens.
  • If you believe your API key has been compromised, you must delete it immediately from the dashboard and create a new one.
  • We are not liable for any damage caused by unauthorized use of your API key due to your failure to secure it.
  • Accounts that remain inactive for an extended period may be subject to deletion with prior notice.

5. Usage Limits & Plans

Each plan has documented request rate limits. Current limits are:

  • Free: 100 requests/minute, 1 API key (3-month trial).
  • Plus: 500 requests/minute, 5 API keys, response transformation, API mocking.
  • Pro: 5,000 requests/minute, unlimited API keys, custom WAF rules, webhooks.

Exceeding your plan limits will result in requests being throttled (HTTP 429) until the rate limit window resets. Persistent and intentional circumvention of limits may result in account suspension. Plan limits are subject to change with notice.

6. Billing & Payments

  • Paid plans are processed through Razorpay. We do not store your payment card or bank details.
  • Prices are listed in INR and may change with 30 days notice.
  • Plan upgrades take effect immediately after successful payment verification.
  • Refunds are handled on a case-by-case basis. Contact us within 7 days if you believe you were charged in error.
  • There is no automatic recurring billing. You must manually purchase or renew your plan each billing period.

7. Data & Privacy

Your use of the Service is also governed by our Privacy Policy, which explains in detail what data we collect, how we use it, and your rights regarding your data. By using the Service, you consent to the data practices described in the Privacy Policy.

8. Service Availability

The Service is provided on a best-effort basis. We aim for high availability but do not guarantee uninterrupted service. We are not liable for losses arising from:

  • Server downtime, maintenance, or outages beyond our control.
  • Increased latency due to gateway processing.
  • Data loss due to server restarts (in-memory cache and rate limit data are not persisted).
  • Issues with our hosting providers (Render for backend, Vercel for frontend).
  • Third-party service failures (Razorpay for payments, Resend for emails).

9. Open Source

The core Backport software is open source under the MIT license and available on GitHub. These Terms of Service govern the hosted cloud service (Backport Cloud), not your use of the open-source code under the MIT license. You are free to fork, modify, and self-host the open-source version without these restrictions.

10. Termination

  • You may cancel your account at any time by contacting us.
  • We reserve the right to suspend or terminate accounts that violate these Terms.
  • Upon termination, your API keys will be invalidated immediately.
  • We may retain anonymized, aggregated usage data after account termination.

11. Limitation of Liability

To the maximum extent permitted by applicable law, Backport and its contributors are not liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the Service. This includes, but is not limited to, loss of data, loss of revenue, business interruption, or any other commercial damages. Our total liability is limited to the amount you paid us in the 3 months preceding the claim.

12. Changes to Terms

We may update these Terms from time to time. Material changes will be notified via email at least 7 days before they take effect. Continued use of the Service after changes take effect constitutes acceptance of the updated Terms. The latest version is always available at backport-io.vercel.app/terms.

13. Contact

For questions about these Terms: support@backportio.com