BreachAware® API Terms OF SERVICE

BREACHAWARE® API TERMS OF SERVICE OCTBOBER2021 v2.24

By accessing or using our APIs, you are agreeing to the terms below. Collectively, we refer to the terms below, any additional terms, terms within the accompanying API documentation, and any applicable policies and guidelines as the "Terms." You agree to comply with the Terms and that the Terms control your relationship with us.

  1. ACCESS TO API's
    1. Accepting the Terms

      You may not use the APIs and may not accept the Terms if

      • you are not of legal age to form a binding contract with BreachAware, or
      • you are a person barred from using or receiving the APIs under the applicable laws of the United Kingdom or other countries including the country in which you are resident or from which you use the APIs.
    2. Entity Level Acceptance
      • If you are using the APIs on behalf of an entity, you represent and warrant that you have authority to bind that entity to the Terms and by accepting the Terms, you are doing so on behalf of that entity (and all references to "you" in the Terms refer to that entity).
    3. Registration

      To begin using the APIs,

      • you must first sign-in to BreachAware using your corporate or partner account username and password.
      • You may be required to provide certain information (such as identification or contact details) as part of the registration process for the APIs, or as part of your continued use of the APIs.
      • Any registration information you give to BreachAware will always be accurate and up to date and you'll inform us promptly of any updates.

    4. Access Credentials
      • Once you have successfully met the requirements for a particular API, you will be given Access Credentials for your Application.
      • “Access Credentials” means the necessary security keys, secrets, tokens, and other credentials to access the applicable APIs.
      • Access Credentials enable us to associate your API activity with your Application.
      • All activities that occur using your Access Credentials are your responsibility.
      • Keep your Access Credentials secret. Do not sell, share, transfer, or sublicense them to any other party other than your employees or independent contractors in accordance with these terms.
      • Do not try to circumvent them and do not require your customers to obtain their own Access Credentials to use your Application (for example, in an attempt to circumvent call limits).
    5. API License

      Subject to your compliance with these Terms,

      • we grant you a limited, non-exclusive, non-sublicensable, non-transferable, non-assignable license under BreachAware’s intellectual property rights during the duration
      • to use the APIs to develop, test, operate and support your Application;
      • to allow access to your integration of the APIs within your Application to end customers of your Application; and
      • to display the data accessed through the APIs within your Application. You have no right to distribute or allow access to the stand-alone APIs.
  2. USING OUR APIs AND DATA
    1. Your End Users

      You will require your end customers to comply with (and not knowingly enable them to violate) applicable law, regulation, and the Terms.

    2. Compliance with Law, Third Party Rights, and other BreachAware Terms of Service
      • You will comply with all applicable law, regulation, and third party rights (including without limitation laws regarding the import or export of data or software, privacy, and local laws).
      • You will not use the APIs to encourage or promote illegal activity or violation of third party rights. You will not violate any other terms of service with BreachAware
    3. Permitted Access
      • You will only access (or attempt to access) an API by the means described in the documentation of that API.
      • Your use of any of our APIs in your Application must comply with the technical documentation, usage guidelines, call volume limits, and other documentation made available to you.
    4. Excluded uses of the APIs

      In addition to the other terms and conditions in these Terms, you must never do any of the following under these Terms:

      • Use the APIs in any Application that includes adult content, promotes gambling, involves the sale of tobacco or alcohol to persons under 21 years of age, or otherwise violates any applicable law or regulation; or
      • Use the APIs to retrieve Content that is then aggregated with third party data in such a way that an end user cannot attribute the Content to BreachAware (i.e. aggregated search results).
    5. API Limitations
      • BreachAware sets and enforces limits on your use of the APIs (e.g. limiting the number of API requests that you may make or the number of customers you may serve), in our sole discretion.
      • You agree to, and will not attempt to circumvent, such limitations documented with each API.
      • If you would like to use any API beyond these limits, you must obtain BreachAware's express consent (and BreachAware may decline such request or condition acceptance on your agreement to additional terms and/or charges for that use).
      • To seek such approval, contact the relevant BreachAware Service team for information.
    6. Non-Exclusivity
      • The Terms are non-exclusive.
      • You acknowledge that BreachAware may develop products or services that may compete with the Application or any other products or services.
    7. No Storing Any Data
      • You must not capture, copy or store any data or any information expressed by the data (such as hashed or transformed data), except to the extent permitted by these Terms.
      • You must store all data in a manner which enables you to identify, segregate and selectively delete such data.
      • The data must not be stored in a data repository that would enable any third party access (other than the customer to which it relates).
    8. Retrieval of Data
      • When data relating to a customer is obtained through the APIs, you may not expose that data to other customers or to third parties without explicit opt-in consent from that customer.
    9. Delete for Breach
      • You must immediately delete all data if we terminate your use of the APIs for breach of these Terms, except when doing so would cause you to violate any law or obligation imposed by a governmental authority.
    10. Prohibitions on Data

      Unless expressly permitted by the data owner or by applicable law, you will not, and will not permit your end customers or others acting on your behalf to, do the following with content returned from the APIs:

      • Scrape, build databases, or otherwise create permanent copies of such content, or keep cached copies longer than permitted by the cache header;
      • Copy, translate, modify, create a derivative work of, sell, lease, lend, convey, distribute, publicly display, or sublicense to any third party;
      • Misrepresent the source or ownership; or
      • Remove, obscure, or alter any copyright, trademark, or other proprietary rights notices; or falsify or delete any author attributions, legal notices, or other labels of the origin or source of material.
  3. SAFETY AND ABUSE MONITORING
    1. Your User Agreement and Privacy Policy
      • You will comply with all applicable privacy laws and regulations including those applying to PII.
      • Your Application must include your own user agreement and privacy policy. Your user agreement and privacy policy must be prominently identified or located where customers download or access your Application.
      • Your privacy practices must meet applicable legal standards and accurately disclose the collection, use, storage and sharing of data.

      If your Application is an enterprise application,

      • you must enter into customer agreements with your enterprise customers that describe how you will be accessing BreachAware data on the customer’s behalf.
      • You must promptly notify us of any breaches of your user agreement or privacy policy that impact or may impact customers. Your privacy policy must be at least as stringent as BreachAware’s.
    2. Customer Consent

      Before obtaining data for customers, you must obtain their legally valid consent which, at a minimum, shall include:

      • verified authority to access data on behalf of a domain owner and
      • to only use the data for the detection and prevention of crime; as part of a system of risk management.
      • The consent must be freely given (in accordance with applicable law) and given by a statement or a clear affirmative action.
    3. Applications and Monitoring
      • here APIs are designed to help you enhance your applications.
      • YOU AGREE THAT BREACHAWARE MAY MONITOR USE OF THE APIS TO ENSURE QUALITY, IMPROVE BREACHAWARE PRODUCTS AND SERVICES, AND VERIFY YOUR COMPLIANCE WITH THE TERMS.
      • You will provide us with up to two full-feature customer account-level instances to access your Application (and/or other materials relating to your use of the APIs and/or the data) as reasonably requested by us to verify your compliance with these Terms (including, in particular, your security and privacy obligations under these Terms).
      • You also agree to assist BreachAware in verifying your compliance with these Terms by providing us with information about your Application and storage of data, which may include access to your Application and other materials or Systems related to your use of the APIs. If you do not demonstrate full compliance with these Terms, as determined in our sole discretion, we may restrict or terminate your access to the APIs.
    4. Requirement for Security Measures
      • Your network, operating system and the software of your web servers, databases, and computer systems (collectively, “Systems”) must be properly configured to securely operate your Application and process data.
    5. Customer Security
      • You will use commercially reasonable efforts to protect user information collected by your Application, including personally identifiable information ("PII"), from unauthorised access or use and will promptly report to your customers any unauthorised access or use of such information to the extent required by applicable law.
  4. GENERAL RESTRICTIONS
    1. API Restrictions

      When using the APIs, you may not (or allow those acting on your behalf to):
      a. Sublicense an API for use by a third party. Consequently, you will not create an Application that functions substantially the same as the APIs and offer it for use by third parties.
      b. Distribute or allow third parties access to any stand-alone API.
      c. Perform an action with the intent of introducing to BreachAware products and services any viruses, worms, defects, Trojan horses, malware, or any items of a destructive nature.
      d. Interfere with or disrupt the APIs or the servers or networks providing the APIs.
      e. Try to exceed or circumvent limitations on API calls and use. This includes creating multiple Applications for identical, or largely similar, usage.
      f. Copy, adapt, reformat, reverse-engineer, disassemble, decompile, decipher, translate or otherwise modify any API, Access Credential, Data or other information or service from BreachAware, through automated or other means.
      g. Defame, abuse, harass, stalk, or threaten others.
      h. Make any statements or use any API or data in a manner that expresses or implies that you, your Application or your use of the data is sponsored or endorsed by BreachAware (e.g., you must not state or in any way imply that BreachAware has “verified” or “confirmed” the veracity of any data).
      i. Promote or facilitate unlawful online gambling or disruptive commercial messages or advertisements.
      j. Use the APIs for any activities where the use or failure of the APIs could lead to death, personal injury, or environmental damage (such as the operation of nuclear facilities, air traffic control, or life support systems).
      k. Use Content in any manner that facilitates government surveillance (either directly or as a contractor for a government entity).
      l. Remove, obscure, or alter any BreachAware terms of service or any links to or notices of those terms.
      m. Access, store, display, or facilitate the transfer of any BreachAware data obtained through the following methods: scraping, crawling, spidering or using any other technology or software to access BreachAware content outside the APIs (such data, collectively, “Non-Official Content”). This restriction applies (1) whether the Non-Official Content was obtained directly or indirectly through a third party, such as a customer or third party developer, and (2) whether or not the Non-Official Content is stored or displayed in the Application or some other resource, product or service.

  5. BRAND FEATURES; ATTRIBUTION
    1. Brand Features
      • "Brand Features" is defined as the trade names, trademarks, service marks, logos, domain names, and other distinctive brand features of each party.
      • Except where expressly stated, the Terms do not grant either party any right, title, or interest in or to the other party's Brand Features.
      • All use by you of BreachAware's Brand Features (including any goodwill associated therewith) will inure to the benefit of BreachAware.
    2. Attribution
      • You agree to display any attribution(s) required by BreachAware as described in the documentation for the API.
      • BreachAware hereby grants to you a limited, non-exclusive, non-sublicensable, non-transferable, non-assignable license while the Terms are in effect to display BreachAware's Brand Features for the purpose of promoting or advertising that you use the APIs. You must only use the BreachAware Brand Features in accordance with the Terms and for the purpose of fulfilling your obligations under this Section. You understand and agree that BreachAware has the sole discretion to determine whether your attribution(s) and use of BreachAware's Brand Features are in accordance with the above requirements and guidelines.
    3. Publicity
      • You will not make any statement regarding your use of an API which suggests partnership with, sponsorship by, or endorsement by BreachAware without BreachAware's prior written approval.
      • You grant us a limited, non-exclusive, non-assignable, non-sublicensable, and non-transferable license during the Duration to display your trade names, trademarks, service marks, logos and domain names (collectively, “Your Brand Features”) to promote or advertise your use of the APIs in your Application. Any good will in Your Brand Features resulting from our use will inure solely to you.
      • We may, without your consent, publicly refer to you, orally or in writing, as a licensee of the APIs and/or user of the Content. We may also publish your name and logo (with or without a link to your Application) on our Services, in press releases, and in promotional materials without additional consent or notice to you.
  6. OWNERSHIP
    1. All Rights Reserved

      As between the parties, we own all rights, title, and interest in and to the

      • APIs, and all elements, components, and executables of the APIs,
      • data;
      • services; and
      • Our Brand Features and subject to the foregoing, you own all rights, title, and interest in and to the Application and Your Brand Features. Except to the limited extent expressly provided in these Terms, neither party grants, nor shall the other party acquire, any right, title or interest (including any implied license) in or to any property of the first party under these Terms. All rights not expressly granted in these Terms are withheld.
    2. License to Your Application
      • For the Duration you grant us a paid-up, royalty-free, non-exclusive, worldwide, irrevocable right and license, under all of your intellectual property rights, to use, perform, and display your Application and its content for purposes of marketing, demonstrating, and answering inquiries.
    3. Feedback
      • Either party may from time to time elect, in its sole discretion, to provide suggestions, comments, improvements, ideas or other feedback to the other party related to the other party’s products and services. Feedback is provided on an “as is” basis with no warranties of any kind and the receiving party will have a royalty-free, worldwide, sub-licenseable, transferable, non-exclusive, perpetual and irrevocable right and license to use Feedback. Each party agrees not to provide Feedback that it knows is subject to any intellectual property claim by a third party or any license terms which would require products or services derived from that Feedback to be licensed to or from, or shared with, any third party.
  7. TERMINATION
    1. Termination
      • You may stop using our APIs at any time with 30 days notice.
      • Further, if you want to terminate the Terms, you must provide BreachAware with prior written notice and upon termination, cease your use of the applicable APIs.
      • BreachAware reserves the right to terminate the Terms with you or discontinue the APIs or any portion or feature or your access thereto for any reason and at any time without liability or other obligation to you.
    2. Your Obligations Post-Termination

      Upon any termination of the Terms or discontinuation of your access to an API, you will immediately stop using the API, cease all use of the BreachAware Brand Features, and delete any cached or stored content that was permitted. BreachAware may independently communicate with any account owner whose account(s) are associated with your Application to provide notice of the termination of your right to use an API.

    3. Surviving Provisions

      When the Terms come to an end, those terms that by their nature are intended to continue indefinitely will continue to apply.

  8. LIABILITY FOR OUR APIs
    1. WARRANTIES
      • EXCEPT AS EXPRESSLY SET OUT IN THE TERMS, NEITHER BREACHAWARE NOR ITS SUPPLIERS OR DISTRIBUTORS MAKE ANY SPECIFIC PROMISES ABOUT THE APIS. FOR EXAMPLE, WE DON'T MAKE ANY COMMITMENTS ABOUT THE DATA ACCESSED THROUGH THE APIS, THE SPECIFIC FUNCTIONS OF THE APIS, OR THEIR RELIABILITY, AVAILABILITY, OR ABILITY TO MEET YOUR NEEDS. WE PROVIDE THE APIS "AS IS".
      • SOME JURISDICTIONS PROVIDE FOR CERTAIN WARRANTIES, LIKE THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. EXCEPT AS EXPRESSLY PROVIDED FOR IN THE TERMS, TO THE EXTENT PERMITTED BY LAW, WE EXCLUDE ALL WARRANTIES, GUARANTEES, CONDITIONS, REPRESENTATIONS, AND UNDERTAKINGS.
    2. LIMITATION OF LIABILITY
      • WHEN PERMITTED BY LAW, BREACHAWARE, AND BREACHAWARE'S SUPPLIERS AND DISTRIBUTORS, WILL NOT BE RESPONSIBLE FOR LOST PROFITS, REVENUES, OR DATA; FINANCIAL LOSSES; OR INDIRECT, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES.
      • TO THE EXTENT PERMITTED BY LAW, THE TOTAL LIABILITY OF BREACHAWARE, AND ITS SUPPLIERS AND DISTRIBUTORS, FOR ANY CLAIM UNDER THE TERMS, INCLUDING FOR ANY IMPLIED WARRANTIES, IS LIMITED TO THE AMOUNT YOU PAID US TO USE THE APPLICABLE APIS (OR, IF WE CHOOSE, TO SUPPLYING YOU THE APIS AGAIN) DURING THE SIX MONTHS PRIOR TO THE EVENT GIVING RISE TO THE LIABILITY.
      • IN ALL CASES, BREACHAWARE, AND ITS SUPPLIERS AND DISTRIBUTORS, WILL NOT BE LIABLE FOR ANY EXPENSE, LOSS, OR DAMAGE THAT IS NOT REASONABLY FORESEEABLE.
    3. Indemnification

      Unless prohibited by applicable law, if you are a business, you will defend and indemnify BreachAware, and its affiliates, directors, officers, employees, and users, against all liabilities, damages, losses, costs, fees (including legal fees), and expenses relating to any allegation or third-party legal proceeding to the extent arising from: i) your misuse or your end user's misuse of the APIs; ii) your violation or your end user's violation of the Terms; or iii) any content or data routed into or used with the APIs by you, those acting on your behalf, or your end users.

These Terms and all matters arising from it shall be governed by and construed in accordance with laws of England and Wales. Each party to these Terms waives any defence of lack of personal jurisdiction in such courts.