XOPOZ API

This API endpoint (api.tiritix.com/xopoz) is a proprietary, non-public service interface operated by Tiritix exclusively for authorized client applications. Access is granted solely under the terms of a duly executed Application Programming Interface License Agreement (the “Agreement”).

No implicit or explicit right of access is conferred by the availability of this endpoint. The mere technical reachability of this service does not constitute an invitation to interact, test, probe, or consume any of its resources.

This system processes, transmits, and stores real-time and historical geolocation data of natural persons, classified as high-sensitivity personal data under applicable data protection law. Pursuant to GDPR Recital 75, location data is expressly recognized as information whose unauthorized disclosure may cause significant economic or social disadvantage to the data subjects concerned.

Geolocation data processed by this service includes, but is not limited to: precise GPS coordinates (latitude/longitude), device movement trajectories, positional timestamps, speed vectors, and team-contextual location history. Such data is capable of revealing:

• Home address, workplace, and habitual places of residence of identified individuals
• Patterns of daily life, travel habits, and recurring behavioural routines
• Attendance at religious, political, medical, or other sensitive establishments
• Real-time physical whereabouts of individuals, creating direct personal safety risks
• Social and professional associations through co-location and team membership analysis

The ePrivacy Directive (2002/58/EC), Article 9, imposes specific obligations regarding the processing of location data, requiring explicit consent and purpose limitation. A Data Protection Impact Assessment (DPIA) pursuant to GDPR Article 35 has been conducted for this processing activity, confirming the high-risk nature of the data and the necessity of enhanced technical and organizational safeguards.

Without prior written authorization from Tiritix, the following activities are strictly prohibited and may give rise to civil and criminal liability:

• Accessing, querying, or invoking any API endpoint, whether authenticated or unauthenticated
• Conducting security assessments, vulnerability scans, penetration tests, or fuzz testing of any kind
• Attempting to enumerate, catalogue, reverse-engineer, or reconstruct the API schema, routes, or data models
• Intercepting, recording, replaying, or tampering with API traffic via proxy, man-in-the-middle, or packet inspection tools
• Automated scraping, crawling, harvesting, or systematic extraction of data from any response
• Attempting credential stuffing, brute-force authentication, token forgery, or session hijacking
• Any interaction that degrades, disrupts, or impairs the availability or performance of this service

Unauthorized access to this system is prosecutable under the following statutes and regulatory instruments, without limitation:

• Regulation (EU) 2016/679 — General Data Protection Regulation (GDPR), Articles 5, 6, 32, and 83, governing the lawful processing and protection of personal data
• Directive 2013/40/EU — Directive on attacks against information systems, Articles 3–8, criminalizing unauthorized access and system interference
• German Federal Data Protection Act (BDSG) — §42, imposing criminal penalties of up to 3 years imprisonment for unauthorized processing of personal data for commercial purposes; §43 administrative fines for negligent violations. Germany enforces the strictest interpretation of GDPR among EU Member States
• German Criminal Code (StGB) — §202a (data espionage), §202b (interception of data), §202c (preparation of data espionage), §303a (data tampering) — each carrying custodial sentences of up to 3 years, with aggravated penalties where geolocation data of natural persons is involved
• Computer Fraud and Abuse Act (CFAA) — 18 U.S.C. § 1030, applicable to unauthorized access originating from or transiting through United States infrastructure
• Convention on Cybercrime (Budapest Convention) — Articles 2–6, providing international framework for prosecution of computer-related offences across signatory states

This notice and any dispute arising from unauthorized access shall be governed exclusively by the laws specified below. Tiritix reserves the right to pursue legal proceedings in any competent jurisdiction where the unauthorized activity originated, transited, or produced effects.

All interactions with this system are logged, monitored, and retained in accordance with our data retention policy and applicable legal requirements. Metadata collected includes, but is not limited to: source IP addresses, request timestamps (UTC), HTTP methods, URI paths, request headers, TLS fingerprints, and response codes.

Log data is preserved in tamper-evident storage and may be disclosed to law enforcement authorities, regulatory bodies, or legal counsel in connection with any investigation or proceeding arising from unauthorized access.

Authorized use of this API requires execution of an API License Agreement and issuance of valid client credentials by Tiritix. For licensing inquiries, partnership proposals, or to report a security vulnerability through our responsible disclosure program, contact:

Tiritix — Legal & Compliance Department
xopoz@tiritix.com