Effective: March 25, 2015
Thank you for your interest in the Alaska Airlines application programming interfaces (“APIs”) accessible through https://developer.alaskaair.com (the “API Portal”). The APIs and API Portal are provided by Alaska Airlines, Inc. (referred to here as “Alaska Airlines”, “we”, “our”, or “us”), located at 19300 International Blvd., Seattle, WA 98188, United States.
When capitalized here, the following words have defined meanings:
o Definition: The entity that Alaska Airlines authorizes to access the API Portal and one more APIs. Organizations can access the API Portal and APIs only through Developers. The Organization is identified as the Organization in its Lead Developer’s initial registration.
o Example: The operator of a fare comparison website that will display fare information received from an API.
o Definition: An entity or individual that accesses or seeks access to the API Portal or an API for or on behalf of an Organization. The Developer may be internal or external to the Organization.
o Examples: A coder employed by the website or by an external application development company hired by the website operator.
• “Development Company”
o Definition: The employer of a Developer. This may or may not be the same as the Organization.
o Examples of the Development Company: The fare comparison website, or an application development company it has hired.
• “Lead Developer”
o Definition: This is the Developer that initially requests authorization for an Organization to access the API Portal (i.e., the first Developer associated with an Organization), or another Developer later designated by Alaska Airlines as the Lead Developer of the Organization.
o Examples: The fare comparison website’s internal head of software development, or a coder employed by an external software development company.
License to You
The APIs are owned by Alaska Airlines and are licensed to you on a worldwide (except as limited below), non-exclusive, non-sublicenseable, revocable basis on the terms and conditions set forth herein. All rights not expressly granted to you are reserved by Alaska Airlines.
Access is granted to the APIs through our issuance of an API Key to a Developer with a Developer Account. In his or her work for a particular Organization, a Developer may create only a single Developer Account. (To access the APIs or API Portal for a different Organization, the Developer must open a separate Developer Account associated with the other Organization.) To open a Developer Account, the individual must provide accurate identification, contact, and other information required as part of the registration process. You warrant that any such registration information will be accurate and agree to keep it up to date. If approved, a Developer Account will be granted the appropriate access to our API Portal, subject to the API Documents. Once a Developer has a Developer Account, the Developer can submit a registration for an Organization’s application. If approved, the Organization will be issued an API Key unique to that application. Each Developer Account will be assigned to an Organization. The first Developer Account to be approved for an Organization will become the Lead Developer and default owner of the Organization. As the owner of an Organization, the Lead Developer will have access to view all Developer Accounts associated with the organization as well as all applications of the Organization that have been successfully registered and issued an API Key. As the owner, the Lead Developer must submit an invitation to any other individuals requesting a Developer Account, at which point they will similarly be subject to the approval process.
Each of the software components that constitute the APIs and any associated documentation is a “commercial item” as that term is defined at 48 C.F.R. 2.101 (Jan. 2001), consisting of “commercial computer software” and “commercial computer software documentation” as those terms are used in 48 C.F.R. 12.212 (Nov. 2007). Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4, all U.S. Government end users acquire the API and any associated documentation with only those rights set forth herein.
You shall not:
a. Use the APIs in any manner or for any purpose that violates any law or any person’s rights, such as privacy rights or intellectual property rights;
b. Use the APIs in, or represent the portions of your Application that depend on the APIs as being suitable for, emergencies, situations where human life or property may be at stake, or other mission-critical operations (and you acknowledge that the APIs are not fault-tolerant or designed for such purposes and that their failure in such cases could lead to death, personal injury, or severe damage for which we are not responsible);
c. Sell, lease, share, transfer, or sublicense the APIs or access or access codes thereto (such as the API Key);
d. Reverse engineer or attempt to extract the source code from the APIs or any related software, except to the extent that this restriction is expressly prohibited by applicable law;
e. Use the APIs as part of an Application that disparages us or any of our products or services, or that is misleading, defamatory, libelous, obscene or otherwise objectionable to us as determined by us in our sole discretion;
f. Use the APIs in a manner that exceeds reasonable request volume, constitutes excessive or abusive usage, or otherwise fails to comply or is inconsistent with any part of the API Documents, as determined by Alaska Airlines in its sole discretion; orUse the APIs in a manner that violates (i) an agreement that you or your employer may have with Alaska Airlines or its parents or affiliates or (ii) other rules or conditions that Alaska Airlines may have imposed on you, such as in connection with an employment or contractor relationship. Your Application must contain effective technical controls that ensure it provides flight availability and pricing information from the APIs — if at all — only in response to bona fide searches by authorized individuals seeking information relevant to a specific potential travel plan and not to a user seeking bulk access (whether through a single request or multiple requests) to all or a portion of such data.
End User Agreement
You shall require all end users of your Application to agree to an enforceable end-user agreement that is protective of us and contains at least the following terms:
a. The Organization, and not Alaska Airlines, is responsible for the Application;
b. The APIs are provided as-is, without any warranties, and we expressly disclaim all implied or express warranties, including the implied warranties of merchantability, accuracy, fitness for a particular purpose and non-infringement;
c. A prohibition against modifying or creating derivative works of any APIs or any portion of Alaska Airlines code included as part of your Application;
d. A prohibition against decompiling, reverse engineering, disassembling, and otherwise reducing the APIs or any portion of Alaska Airlines code included as part of your Application to a human-perceivable form, to the full extent allowed by law;
e. A provision indicating that Alaska Airlines owns the APIs;
f. A disclaimer of indirect, special, incidental, punitive, and consequential damages;
g. A complete and accurate disclosure to end users of the privacy practices and policy applicable to your Application;
h. Any notice legally required to enable us to collect, use, disclose and otherwise handle information you provide to us through the APIs as described in our then-current Alaska Airlines Online Privacy Notice and Alaska Airlines Mexico Privacy Notice; and
i. Such other terms as may be required by us for a specific Application.
Your end-user agreement need not mention Alaska Airlines by name if you use alternate language to effectively convey the same points.
The following provisions apply to you if obtain from the APIs or provide to us through the APIs any “Personal Information,” defined as any information relating to an identified or identifiable individual, such as name, postal address, email address, telephone number, date of birth, Mileage Plan number (including in tokenized form), MyAccount password (including in tokenized form), account number, personal identification number, driver’s license number, gender, individual travel information such as flight details or boarding passes, payment card information, health or medical information, or any other unique identifier or one or more factors specific to an individual’s physical, physiological, mental, economic or social identity, whether or not such information is encrypted:
a. You must “Process” (as defined below) the Personal Information only in accordance with law. “Process” or “Processing” refer to any operation or set of operations performed upon Personal Information, whether or not by automatic means, such as creating, collecting, procuring, obtaining, accessing, recording, organizing, storing, adapting, altering, retrieving, consulting, using, disclosing, displaying or destroying the information.
b. Prior to accessing or otherwise Processing an individual’s Personal Information, you must:
i. provide to the individual with an accurate, comprehensive, clear and conspicuous notice of your contemplated Processing of such information, including (i) a listing of the categories of Personal Information you will access and otherwise Process, (ii) a list of the purposes for which you will Process the Personal Information, (iii) if not completely obvious from the context of your Application, a listing the categories of Personal Information you will store, (iv) a listing of the categories of persons to whom you may disclose the Personal Information (for an Application that discloses Personal Information to Alaska Airlines, this listing must be broad enough to include Alaska Airlines) (v) the Organization’s contact information for use by individuals to make privacy-related inquiries or requests, and (vi) any other information legally required to be provided to such individual; and
ii. obtain the individual’s express consent to such Processing.
c. You will not use the Personal Information for direct marketing purposes unless you have secured a standalone prior express written consent from both us and from the individual to whom you will direct the marketing. “Direct marketing purposes” includes any activity qualifying as a direct marketing purpose under Cal. Civ. Code § 1798.83.
d. You may not disclose Personal Information to any person other than us without the prior express written consent from both us and the individual to whom the Personal Information pertains.
e. You will collect only the minimum amount of Personal Information necessary.
f. You may not disclose anonymized or aggregated Personal Information (e.g., the percentage of Mileage Program members who have a particular trait) to any person without our prior express written consent.
g. You may not use the Personal Information in a manner that is inconsistent with the Alaska Airlines Online Privacy Notice or Alaska Airlines Mexico Privacy Notice, and you may not use the information in a manner that would cause Alaska Airlines to be in violation of such notices.
h. You may not store passwords at any time, in any form. Passwords may be used only for processing authorized transactions and obtaining identity tokens for authorized use.
i. You must delete an individual’s Personal Information from your records (i) upon that individual’s request, (ii) if the individual closes his or her account through which you provided a connection to our APIs, (iii) when you no longer need the Personal Information for the purpose for which you collected it, (iv) in any other situation in which the individual would otherwise be surprised to learn that you had retained the Personal Information or (v) at our request.
a. Your networks, operating system, web servers, routers, databases, and other computer systems that support or are connected with your Application or the data you gather from the APIs (collectively, “System” or “Systems”) must be properly configured to Internet industry standards, as required to securely operate your Application. If you do not completely control any aspect of the Systems, you will use all control or influence that you have over such Systems, and you will not architect or select Systems in a manner to avoid the foregoing obligation. An example of architecting in an unacceptable manner would be if you select a server operated by a vendor with substandard security practices, so that you could contend that you do not control such server, in an effort to avoid having to select an acceptable server. To protect the Systems and the data you gather from the API, you will develop, maintain and implement a comprehensive written information security program that complies with applicable law. Your information security program shall include appropriate administrative, technical, physical, organizational and operational safeguards and other security measures designed to (i) ensure the security and confidentiality of Personal Information you Process in connection with the APIs; (ii) protect against any anticipated threats or hazards to the security and integrity of the Personal Information; and (iii) protect against any actual or suspected unauthorized access to or loss, use, disclosure, acquisition or other Processing of the Personal Information (hereinafter “Information Security Incident”).
b. Reporting. You shall immediately inform us in writing of any Information Security Incident of which you become aware, but in no case longer than 24 hours after you become aware of the Information Security Incident. Such notice shall be sent to ITS.Service.Center@AlaskaAir.com and shall summarize in reasonable detail the effect on Alaska Airlines, if known, of the Information Security Incident and the corrective action taken or to be taken by you. You will promptly take all necessary and advisable corrective actions, and you will cooperate fully with us in all reasonable and lawful efforts to prevent, mitigate or rectify such Information Security Incident. The content of any filings, communications, notices, press releases or reports related to any Information Security Incident must be approved by us prior to any publication or other communication thereof.
c. Access Control to Systems. To the extent you have control or influence over the Systems, you will log (in a time and date-stamped fashion) all instances of access to the Systems. You will encrypt the password and username files for the Systems that store or process any Alaska Airlines Personal Information you access. Passwords must be unique, unintuitive, and changed often. You will minimize access to and use of the login credentials. Wherever possible, commands that require additional privileges should be securely logged (with time and date) to enable a complete audit trail of activities. When an individual terminates his or her employment with you or transitions to a role in which access is no longer necessary, his or her login credentials must be terminated immediately.
d. Security Reviews. Alaska Airlines will have the right, at its own expense, to inspect and review, or to have an independent third party that is not your competitor inspect and review, your compliance with these security provisions. You will (at your own expense) correct any security flaws detected by such a review as soon as possible. You will then promptly certify to Alaska Airlines in writing that the security flaw has been corrected, along with a description of the corrective action(s) taken. Alaska Airlines will give you 48 hours’ notice before conducting such a review, and may conduct no more than four reviews annually, plus one review per Information Security Incident you experience. Any such review will be conducted during regular business hours in such a manner as not to interfere with normal business activities. If a review reveals a material breach of any of these security provisions, you will reimburse Alaska Airlines for the reasonable costs of the review.
e. Contact and Cooperation. Each Developer (or the name of the relevant security contact provided to Alaska Airlines when you applied for your Developer Account) must be reachable at all times for security questions or concerns. You can change this name or contact at https://developer.alaskaair.com.
Upon our suspension of your use of any aspect of the APIs, in whole or in part, for any reason: (i) fees will continue to accrue for any aspect of the APIs that is still in use by you, notwithstanding the suspension; (ii) you remain liable for all fees, charges and any other obligations you have incurred through the date of suspension with respect to the APIs; and (iii) all of your rights with respect to the suspended aspect of the APIs will be terminated during the period of the suspension.
Following a suspension or termination, you may able to take advantage of any generally available post-termination assistance we may elect to make available with respect to the APIs, if any. We may also endeavor to provide you with unique post-suspension or post-termination assistance, but we shall be under no obligation to do so. Your right to take advantage of any such assistance, whether generally made available with respect to the APIs or made available uniquely to you, shall be conditioned upon your acceptance of and compliance with any fees and terms we specify for such assistance to you.
Alaska Airlines Rights
By passing any content or information to us through the APIs, you give us a perpetual, irrevocable, worldwide, unrestricted, royalty-free, exclusive and fully sublicensable license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display, distribute and otherwise Process such content or information. You agree that this license includes a right for Alaska Airlines to make such content available to third parties, and to otherwise Process relevant information as set forth in the Alaska Airlines Online Privacy Notice and Alaska Airlines Mexico Privacy Notice. Before you submit content to our APIs, you will ensure that you have the necessary rights (including any necessary consent from your end users) to grant us the license described in this paragraph.
If you submit feedback, ideas, concepts, know-how or other materials to us in connection with the APIs, you grant us a perpetual, irrevocable, worldwide, unrestricted, royalty-free, nonexclusive and fully sublicensable right to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute and display such feedback and ideas throughout the world in any media. You understand and acknowledge that we may be independently creating applications, content and other products or services that may be similar to or competitive with your Application and its content, and nothing in the API Documents will be construed as restricting or preventing us from creating and fully exploiting such applications, content and other items, without any obligation to you. We reserve the right to: (i) act as a developer of products or services related to your Application and (ii) appoint third parties as developers or systems integrators who may offer products or services that compete with your Application.
"Brand Features" is defined as the trade names, trademarks, service marks, logos, domain names, and other distinctive brand features of each party (and, with respect to Alaska Airlines, those of its affiliate Horizon Air Industries, Inc.). Except where expressly stated, these terms do not grant either party any right, title, or interest in or to the other party's Brand Features. All use by you of Alaska Airlines’ Brand Features (including any goodwill associated therewith) will inure to the benefit of Alaska Airlines (or, with respect to Brand Features associated with Horizon Air Industries, Inc., to Horizon Air Industries, Inc.).
You will not make any statement regarding your use of an APIs that suggests partnership with, sponsorship by or endorsement by Alaska Airlines without Alaska Airlines’ prior written approval, which may be withheld in Alaska Airlines’ sole discretion.
In the course of promoting, marketing, or demonstrating the APIs and the associated Alaska Airlines products and services, Alaska Airlines may produce and distribute depictions, including screenshots, video, or other content from your Application, and may use your company name and logo, Application name and your other Brand Features. You grant us all necessary rights for the above purposes in all media on a worldwide, sublicenseable, nonexclusive basis; this grant of rights is irrevocable, but if you terminate your license to use the APIs, we will use reasonable efforts to prevent our future references to your Brand Features and Application from incorrectly indicating that your use of the APIs is ongoing.
Certain Representations and Warranties
You represent and warrant that:
b. You are not located in or a national or resident of any country that is subject to U.S. trade sanctions; and
c. You are not a person or entity on the U.S. Treasury Department’s list of Specially Designated Nationals and Blocked Persons or acting on behalf of any person or entity on such list.
Monitoring and Audit Generally
We may monitor the use of the APIs to ensure quality, improve our products and services, and verify your compliance with these terms. You will not interfere with such monitoring. We may use any technical means to overcome such interference.
We reserve the right to investigate any Application for compliance with these terms. Such investigations may include our accessing, using and analyzing your Application. You consent to any such investigation.
Disclaimer of Warranty
THE APIS ARE PROVIDED “AS IS” WITH NO WARRANTY, EXPRESS OR IMPLIED, OF ANY KIND, AND WE EXPRESSLY DISCLAIM ANY AND ALL WARRANTIES AND CONDITIONS, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AVAILABILITY, SECURITY, TITLE, AND NON-INFRINGEMENT. SOME ASPECTS OF THE APIS ARE EXPERIMENTAL AND HAVE NOT BEEN TESTED IN ANY MANNER, AS WILL BE THE CASE FOR CERTAIN FORTHCOMING API FEATURES. WE DO NOT REPRESENT, WARRANT OR MAKE ANY CONDITION THAT THE APIS ARE FREE OF INACCURACIES, ERRORS, BUGS, OR INTERRUPTIONS, OR IS RELIABLE, ACCURATE, COMPLETE, OR OTHERWISE VALID. YOUR USE OF THE APIS IS AT YOUR OWN DISCRETION AND RISK, AND YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE THAT RESULTS FROM USE OF THE APIS, INCLUDING FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM US WILL CREATE ANY WARRANTY OR CONDITION NOT EXPRESSLY STATED IN THESE TERMS.
Limitation of Liability
Release and Waiver
To the maximum extent permitted by applicable law, you hereby release and waive all claims against Alaska Airlines, and its parents, subsidiaries, affiliates, officers, agents, licensors, co-branders or other partners, and employees from any and all liability for claims, damages of any kind, costs and expenses (including litigation costs and attorneys' fees) of every kind and nature, arising from or in any way related to your use of the APIs. You understand that any fact relating to any matter covered by this release may be found to be other than now believed to be true and you accept and assume the risk of such possible differences in fact. In addition, you expressly waive and relinquish any and all rights and benefits you may have under any other state or federal statute or common law principle of similar effect, to the fullest extent permitted by law.
Hold Harmless and Indemnity
To the maximum extent permitted by applicable law, you agree to hold harmless and indemnify Alaska Airlines and its parents, subsidiaries, affiliates, officers, agents, licensors, co-branders or other partners, and employees from and against any third-party claim arising from or in any way related to your use of the APIs (including your Application), including any liability or expense arising from all claims, losses, damages of every kind, suits, judgments, litigation costs and attorneys' fees, of every kind and nature. We will use good faith efforts to provide you with written notice of such claim, suit or action.
The parties will attempt to settle all Disputes through good faith negotiations. If those attempts fail to resolve the Dispute within thirty (30) days of the date of initial demand for negotiation, then the parties shall try in good faith to settle the Dispute by mediation conducted in Seattle, Washington under the Commercial Mediation Rules of the American Arbitration Association (“AAA”). Each party shall bear its own expenses; the Parties shall equally share the filing and other administrative fees of the AAA and the expenses of the mediator. The Parties shall be represented at the mediation by representatives having final settlement authority over the matter in dispute.
Any Disputes not finally resolved at the mediation level shall be settled by binding arbitration in accordance with the then current Commercial Arbitration Rules of the American AAA by one neutral arbitrator, by arbitration conducted in Seattle, Washington. The arbitrator shall not have the power to award damages in excess of actual damages, such as punitive damages. The Federal Arbitration Act, 9 U.S.C. Sections 1 to 14, shall govern the interpretation and enforcement of this dispute resolution provision. Any decision shall be in accordance with the law and the evidence of record, and shall be promptly rendered in writing.
Disputes relating to either infringement, unauthorized use or misuse of a party’s trademarks, or other intellectual property, a violation of which would cause that party irreparable harm for which damages would be inadequate, shall be exempt from the dispute resolution processes described in this provision to the extent necessary to seek preliminary injunctive or other judicial relief in a court of competent jurisdiction.
Changes to this Dispute Resolution section will become effective on the 60th day after we post the revised version and will apply only prospectively (i.e., only to claims arising on or after the 60th day).