1. Agreement and scope
This Partner API Agreement ("Agreement") is entered into between CondoHQ Inc. ("CondoHQ", "we", "our", or "us") and the customer accepting this Agreement ("Customer", "you", or "your") on behalf of the property for which partner integrations are enabled (the "Property").
This Agreement governs the configuration and use of CondoHQ Partner Integrations, including outbound webhook delivery, the CondoHQ Partner API, integration credentials, and related tooling (collectively, the "Partner Integration Services"). It supplements and forms part of the CondoHQ Terms of Service. In the event of a conflict between this Agreement and the Terms of Service with respect to the Partner Integration Services, this Agreement controls.
Acceptance of this Agreement is recorded per Property against the Customer legal entity identified at acceptance. A change in property management alone does not require re-acceptance; re-acceptance is required only when the Customer legal entity or data controller for the Property changes.
2. Definitions
Partner
"Partner" means a third-party vendor, service provider, system, or endpoint that the Customer configures to receive data from, or request data through, the Partner Integration Services.
Connection
"Connection" means a Property-scoped integration configuration linking the Property to a Partner, including its authorized data scopes, direction, credentials, and webhook endpoints.
Data Scopes
"Data Scopes" means the specific, field-level categories of Property and resident data that the Customer authorizes CondoHQ to disclose to a Partner through a Connection.
Credentials
"Credentials" means API keys, webhook signing secrets, and other authentication material issued for a Connection.
Customer Vendor
"Customer Vendor" means a Partner selected and engaged by the Customer under the Customer's own vendor relationship, including any custom webhook endpoint operated by or for the Customer.
3. Roles: Customer controls, CondoHQ transmits
The Customer is the data controller for all data disclosed to Partners through the Partner Integration Services. CondoHQ acts solely as a processor and service provider that transmits data to Partners on the Customer's documented instructions, as expressed through the Connections, Data Scopes, and configuration choices made by the Customer's authorized administrators.
CondoHQ does not select Partners on the Customer's behalf, does not determine the purposes for which Partners process disclosed data, and does not control Partner systems. The Customer is solely responsible for its selection of Partners, for its legal relationship with each Partner, and for ensuring it has a lawful basis for each disclosure it configures.
For Customer Vendors and custom webhook endpoints, the Customer is solely responsible for the security, availability, and data handling practices of the receiving system. CondoHQ's responsibility ends upon delivery of data to the endpoint or credential the Customer configured.
CondoHQ is responsible only for transmitting data to the configured endpoint or responding to authenticated API requests in accordance with this Agreement. CondoHQ does not warrant or verify that a Partner receives, stores, processes, interprets, or acts upon transmitted data correctly or at all.
Once Customer Data has been disclosed to a Partner in accordance with the Customer's instructions, CondoHQ is not responsible for the Partner's subsequent collection, use, disclosure, retention, security, or deletion of that data.
4. Property ownership and management transitions
Connections, Credentials, and integration audit history belong to the Property, not to any property management company engaged by the Property. A change in property management does not automatically transfer, revoke, or recreate Connections or Credentials.
Access to configure integrations is governed by property roles. Personnel who lose their property roles immediately lose the ability to configure integrations. Incoming management personnel gain configuration access only when granted appropriate property roles.
This Agreement remains in effect through management transitions. A new acceptance is required only when the Customer legal entity or controller for the Property changes.
5. Data scopes, authorization, and non-inheritance
Each Connection discloses only the data permitted by the Data Scopes the Customer's authorized administrator has expressly granted. Before a Connection becomes active, and on every scope change, CondoHQ presents a data preview describing the categories and fields of data that may be shared, and requires an explicit authorization acknowledgment.
The Customer is solely responsible for determining which Data Scopes are appropriate for each Partner and bears all responsibility for any disclosure resulting from the scopes it authorizes.
Data Scopes never inherit. Granting a scope today does not grant any future scope, expanded field list, or new data category. New scopes introduced by CondoHQ require explicit, additional authorization by the Customer before any additional data is disclosed on an existing Connection.
Connections declare an explicit direction. Webhook-only Connections receive events pushed by CondoHQ and are not issued API keys. API-only Connections may request data within their granted scopes and do not require webhook endpoints. The Customer may configure either or both directions per Connection.
6. Credentials and security
Credentials are issued per Connection and bound to a single Property. The Customer must ensure Partners protect Credentials as confidential secrets, must not share Credentials across Partners or properties, and must promptly revoke or rotate Credentials suspected of compromise.
CondoHQ supports configurable credential rotation policies, including automatic expiry with advance warning and an overlap window during rotation. Emergency revocation is available at all times and takes effect immediately.
Webhook deliveries are signed. Partners must verify webhook signatures and must not rely on network source addresses alone. CondoHQ does not guarantee stable outbound IP addresses for webhook delivery on the standard service tier; static egress addressing is available only as a separately agreed enterprise option.
Test credentials operate exclusively against synthetic sandbox data. Test credentials never access live resident data. Synthetic sandbox data is illustrative only and is not intended to match the Customer's production configuration; successful operation against sandbox data does not warrant correct operation against live data.
7. Webhook delivery semantics
Webhook delivery is at-least-once. CondoHQ may deliver the same logical event more than once, and exactly-once delivery is not guaranteed. Partners must deduplicate using the unique event identifier included in every delivery.
Event ordering is guaranteed only within a single aggregate (a single logical record within the Property), using the sequence number included in each event. No ordering is guaranteed across different aggregates or event types.
Failed deliveries are retried for transient failures using exponential backoff for a bounded period. Deliveries rejected by the Partner endpoint with terminal client errors are not retried. Repeated failures may cause a Connection to be marked failing and delivery to be paused until the Customer or Partner remediates the endpoint.
8. API compatibility and change management
Within a given major API version, CondoHQ maintains behavioral compatibility: existing endpoint semantics, permission requirements, pagination behavior, and machine-readable error codes remain stable. New functionality is delivered additively through new endpoints, fields, scopes, and event types.
Partners must tolerate additive change, including new fields and new enumeration values, without failure. Breaking changes are introduced only through a new API version or event version.
CondoHQ provides a minimum of ninety (90) days' notice before removing or breaking a generally available endpoint, field, or webhook payload version, except where immediate change is required to address a security emergency, in which case CondoHQ will use commercially reasonable efforts to notify affected customers within twenty-four (24) hours.
Resource identifiers exposed by the Partner API are permanent. Identifiers are never recycled or reassigned to different logical resources, and Partners may safely store them indefinitely as stable references.
9. Availability
The Partner Integration Services are provided without an uptime service level agreement or service credits. Planned maintenance may temporarily affect API availability and webhook delivery and will be announced when practicable. Emergency maintenance may occur without prior notice.
Webhook delivery resumes automatically after maintenance or interruption; queued events persist and are retried under the retry policy. Partners consuming the API should implement retries for transient server errors and use cursor-based synchronization to recover from gaps.
CondoHQ is not responsible for interruptions caused by Internet failures, cloud provider outages, DNS failures, certificate issues, third-party service interruptions, or other events outside CondoHQ's reasonable control.
Operational notices are provided for informational purposes only and may not identify every incident or service degradation.
10. Partner incident notification
Where CondoHQ maintains an approved-partner relationship with a Partner, the Partner is required to notify CondoHQ within forty-eight (48) hours of a confirmed security incident or personal data breach affecting data transmitted through the Partner Integration Services. CondoHQ will use commercially reasonable efforts to acknowledge such reports within twenty-four (24) hours and to notify affected customers through operational notices and email.
For Customer Vendors and custom webhook endpoints, incident notification obligations are governed by the Customer's own agreement with the Partner. The Customer is responsible for imposing appropriate breach notification obligations on its vendors.
11. Audit, transparency, and exports
CondoHQ records integration configuration changes, credential lifecycle events, kill switch activations, scope authorizations, API requests, and webhook delivery attempts in audit logs scoped to the Property.
Authorized Customer administrators may export audit bundles for the Property. Export bundles include a manifest with cryptographic hashes of the included files and a CondoHQ signature, allowing the Customer to demonstrate bundle integrity to boards, auditors, and regulators.
12. Suspension and kill switches
The Customer may at any time disable an individual credential, suspend a Connection, or pause all integrations for the Property. CondoHQ may suspend a Connection, a Partner, or an integration template platform-wide where reasonably necessary to protect the security or integrity of the Services, customer data, or residents, including in response to a compromised Partner.
Kill switch activations are recorded in the audit log and notified to Property administrators. Suspension pauses data transmission but does not by itself terminate this Agreement or delete configuration.
CondoHQ has no obligation to approve, maintain, continue supporting, certify, or make available any Partner, Connection, integration template, API endpoint, webhook event, or Partner Integration Service. CondoHQ may decline, suspend, modify, or discontinue any integration where reasonably necessary for security, legal, operational, commercial, or technical reasons, subject to the change management commitments in this Agreement.
13. Revocation and data deletion
Revoking a Connection is terminal: all Credentials for the Connection are invalidated immediately, webhook delivery stops, and pending deliveries are cancelled. Upon revocation CondoHQ generates a revocation certificate recording the Connection, the scopes that were granted, the Credentials revoked, and the revocation actor and time.
CondoHQ does not control data already delivered to a Partner and cannot delete data from Partner systems. As controller, the Customer is responsible for requesting deletion from the Partner in accordance with the Customer's agreement with that Partner. CondoHQ provides tooling for the Customer to record the Partner's deletion confirmation for accountability purposes.
Revocation or termination of a Connection does not affect CondoHQ's retention of audit records, request logs, delivery logs, or other records retained pursuant to this Agreement or applicable law.
14. Data retention
CondoHQ retains integration processing logs as follows: Partner API request logs and webhook delivery logs are retained for ninety (90) days in active systems and up to one (1) year in archival storage; administrative audit records, including scope authorizations, kill switch activations, revocations, and agreement acceptances, are retained for seven (7) years; completed outbound event records are purged thirty (30) days after successful delivery.
Request and delivery logs contain operational metadata and do not store full response bodies containing resident personal information. The Customer may export audit bundles before scheduled purges.
15. Customer responsibilities
The Customer is responsible for:
- selecting Partners and maintaining appropriate contractual, privacy, and security terms with each Partner;
- ensuring a lawful basis for every disclosure configured through the Partner Integration Services, including any required notices to residents;
- granting integration configuration access only to appropriate personnel and keeping property roles current;
- reviewing granted Data Scopes periodically, including acting on least-privilege warnings surfaced by CondoHQ;
- periodically reviewing active Connections and promptly revoking Connections that are no longer required or that are associated with discontinued Partners;
- maintaining the security of Partner endpoints and requiring Partners to verify webhook signatures;
- requesting deletion of disclosed data from Partners upon revocation or termination of the Partner relationship; and
- notifying CondoHQ promptly of any suspected compromise of Credentials or of a Partner receiving data through the Partner Integration Services.
The Customer represents that it has authority to authorize each Partner to receive the data disclosed through the Partner Integration Services.
CondoHQ provides an editable resident notice text generator as a convenience tool. Use of the generator does not constitute legal advice, and CondoHQ does not capture or manage resident consent on the Customer's behalf. CondoHQ makes no representation that use of the generated notice satisfies any legal, regulatory, or contractual disclosure obligation applicable to the Customer.
16. Disclaimers and liability
The Partner Integration Services are provided on an "as is" and "as available" basis. CondoHQ disclaims all responsibility for the acts, omissions, security practices, and data handling of Partners, including Customer Vendors and custom webhook endpoints. The warranty disclaimers, limitations of liability, and indemnification provisions of the Terms of Service apply to the Partner Integration Services.
CondoHQ does not warrant documentation, software, APIs, SDKs, or other materials supplied by any Partner.
Documentation, examples, sample code, and integration guidance provided by CondoHQ are provided for convenience only and do not modify this Agreement.
17. Indemnification
The Customer will defend, indemnify, and hold harmless CondoHQ, its affiliates, and their respective officers, directors, employees, and agents (the "CondoHQ Indemnitees") from and against any third-party claim, demand, action, or proceeding, and all resulting liabilities, damages, settlements, penalties, fines, costs, and expenses (including reasonable legal fees), arising out of or relating to:
- any Partner the Customer connects to, or provides access through, the Partner Integration Services, including the Partner's acts, omissions, security practices, or handling of disclosed data;
- any disclosure of data resulting from the Connections, Data Scopes, or Credentials the Customer configures or authorizes, including claims by residents or other data subjects;
- the Customer's failure to maintain a lawful basis, required consent, or required notice for a disclosure the Customer configured;
- any dispute between the Customer and a Partner, including under the Customer's own agreement with that Partner; or
- the Customer's breach of this Agreement, including any misrepresentation of authority at acceptance.
CondoHQ will notify the Customer promptly of any claim subject to indemnification, provided that any failure or delay in notification relieves the Customer of its obligations only to the extent the Customer is materially prejudiced by it. The Customer may not settle any claim in a manner that imposes any obligation, admission, or liability on a CondoHQ Indemnitee without CondoHQ's prior written consent. CondoHQ may participate in the defense of any claim with counsel of its own choosing at its own expense.
The obligations in this section are in addition to, and do not limit, the indemnification provisions of the Terms of Service, and survive revocation of any Connection and termination of this Agreement.
18. Term and termination
This Agreement takes effect upon acceptance and remains in effect while partner integrations are enabled for the Property. CondoHQ may update this Agreement in accordance with the change process in the Terms of Service; material changes will be presented for re-acceptance before continued configuration of new Connections.
Upon termination of the Customer's CondoHQ subscription for the Property, all Connections are revoked and the revocation and retention provisions of this Agreement apply.
19. Contact
Questions about this Agreement or the Partner Integration Services may be directed to CondoHQ support through the contact methods listed in the Terms of Service.
CondoHQ