2 comments

[ 4.7 ms ] story [ 14.3 ms ] thread
When processing end-user PII data (I see email address combined with IP address) you need a privacy policy. When registering the website owner doesn't seem to have to agree to a terms-of-service governing the processing, so who owns the data isn't specified.

The API seems to return HTML documents on error, e.g. curl https://tuemilio.com/api/v1/lists" when not authenticated.

The API has X-RateLimit-Limit headers. Those aren't explained in the documentation.