1.1 - Order Terms; Effective Date
1.2 - API Access and Use
API Usage Parameters. Partner may use the API (including without limitation any data and information obtained therefrom) solely in accordance with the usage parameters set forth in the applicable Order. Without limiting the foregoing:
Qualified Partner Services. Partner may only use the API (including any data and information obtained therefrom) for purposes of implementing and providing the specific Partner services specified in the Order and in any event only services that Partner provides to its customers, users and clients generally in the ordinary course of Partner’s business (“Qualified Partner Services”).
Qualified Users. Partner may only use the API (including any data and information obtained therefrom) for purposes of implementing and providing Qualified Partner Services to Partner’s customers, users and clients that meet the following criteria: (i) they are also customers, users or clients of Tratta whose data is contained within Tratta’s Services, (ii) they are listed or described in the Order, if applicable, and (ii) they have been given all notices and provided all consents required for their associated data and information to be provided to and obtained by Partner through and using the API (“Qualified Users”).
Qualified Data. Partner may access, upload, retrieve or otherwise obtain only that data and information from, through or using the API that meets the following criteria: (i) such data and information is described or listed in the Order, if applicable, (ii) such data and information is tied to a Qualified User receiving Qualified Partner Services from Partner, (iii) such data and information is required for Partner to provide the Qualified Partner Services to such Qualified User, and (iv) such data and information falls within the scope of any required notices and consents given to and obtained from such Qualified User (“Qualified Data”).
New Partner services, users and data may be added to any list of Qualified Partner Services, Qualified Users and/or Qualified Data in the Order if applicable (without limiting the other qualifications and requirements above), upon reasonable written request from Partner, subject to Tratta’s prior written approval in its discretion on a case-by-case basis.
1.3 - API Restrictions
In addition to those restrictions and limitations applicable to the Services in general under the Terms of Service, when using the API, you will (and will ensure that your personnel and service providers will):
only use the API to implement and provide Qualified Partner Services to Qualified Users;
not use or access API or other Services in order to monitor the availability, performance, or functionality of the API or other Service or any portion thereof or for any similar benchmarking purposes;
not remove or destroy any copyright notices, proprietary markings or confidentiality notices placed upon, contained within or associated with the API;
not engage in any activity that interferes with, disrupts, harms, damages, or accesses in an unauthorized manner the servers, security, networks, data, applications or other properties or services of the API, other Services or any third party.
not circumvent any technological measures intended to prevent direct database access or otherwise limit or restrict use of or access through the API, or manufacture tools or products to that effect;
not request, access, download, retrieve or otherwise obtain more than the minimum amount of Qualified Data from or through the API needed to operate and provide the Qualified Partner Services to Qualified Users.
not, except as authorized by Tratta in writing, substantially replicate products or services offered by Tratta or any Tratta Related Entity, including the Tratta API. Subject to the preceding sentence and the parties' other rights and obligations under the Terms (including confidentiality obligations and any restrictions on use of data), each party agrees that the other party may develop and publish Applications that are similar to or otherwise compete with such party's Applications;
not develop an Application whose primary purpose is to migrate Qualified Users off of Tratta;
not modify, translate, reverse engineer, disassemble, reconstruct, decompile, copy, or create derivative works of the Tratta API, any data obtained therefrom, the Services, or any aspect or portion thereof, except to the extent that this restriction is expressly prohibited by applicable law.
1.4 - Additional API Limits
Tratta may set and enforce additional limits on your use of the API (e.g., limiting the number of requests that you may make or the number of Qualified Users you may serve), in Tratta’s discretion upon prior written notice or as publicly posted by Tratta on its website (or as otherwise specified in an Order). You agree to, and will not attempt to circumvent such limitations. If you would like to use the API beyond these limits, you must obtain Tratta’s prior written consent.
1.5 - Update Implementation
Tratta reserves the right to require Partner to install or update certain portions of the API software, if any, in order to continue using the API and the associated Services. You acknowledge that Tratta may make updates to the API from time to time, and at its sole discretion. You must implement and use the most current version of the API made available to you by Tratta and to make any changes to your Qualified Partner Services that are required as a result of any such updates, at your sole cost and expense.
1.6 - Service Providers
1.7 - Terms of Service Applicability
For the avoidance of doubt, the API and its access and use shall constitute a “Service” under Tratta’s Terms of Service as incorporated herein, and references to “Customer” in the Terms of Services shall refer to you, the Partner.
Data and Information Security
2.1 - API Data
2.2 - Partner Data
Any data or information downloaded, submitted or provided by or for Partner to Tratta or Tratta’s software through or using the API (other than any API Data) will remain the property of Partner and/or its third party licensors and customers and shall constitute and be treated as “Materials” under and in accordance with the Terms of Service.
2.3 - Data Rules, Restrictions and Compliance
Legal Compliance. You will, and will ensure that your employees, agents and service providers will, comply with all applicable local, state, provincial, national or international laws or regulations, and policies of regulatory bodies or agencies, including without limitation, to the extent applicable: (i) the California Consumer Privacy Act of 2018; (ii) the European Union General Data Protection Regulation (Regulation 2016/679); (iii) the ePrivacy Directive (Directive 2002/58/EC) or any local or European law implementing or replacing the same; (iv) the Canadian Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5); (v) the Federal Trade Commission Act of 1914 (15 U.S.C. § 43); (vi) the Gramm-Leach-Bliley Act and (vii) the Children’s Online Privacy Protection Act (15 U.S.C. § 6501-6505) or any regulations implemented pursuant thereto.
Breach Notification. Partner shall promptly notify Tratta in writing of any actual or suspected breach or compromise (or other unauthorized use or disclosure) of any API Data (a “Data Breach”) immediately upon, but no later than twenty-four (24) hours of, becoming aware of such occurrence. Upon learning of the Data Breach, at your own cost, you will: (A) promptly remedy the Data Breach to prevent any further loss or unauthorized use or disclosure of API Data; (B) investigate the incident; (C) take reasonable actions to mitigate any future anticipated harm to Tratta or Qualified Users; and (D) promptly answer questions from Tratta relating to the Data Breach, regularly communicate the progress of your investigation to Tratta and cooperate to provide Tratta with any additional requested information in a timely manner.
2.4 - Data Security
Partner shall take all organizational and technical measures necessary to ensure sufficient protection of, and prevent unauthorized use, destruction, modification, access or disclosure of, the API Data. To the extent reasonably possible, all API Data shall be stored and transferred in encrypted and/or pseudonymized form. Partner’s networks, operating system and software of your web servers, routers, databases, and computer systems involved in the Qualified Partner Services (collectively, “Partner System”) must be properly configured to Internet industry standards so as to securely operate the Qualified Partner Services and protect against unauthorized access to, disclosure or use of any API Data. With respect to any aspect of the Partner System you do not fully control, you will use all reasonable efforts to comply with the foregoing. You must diligently and promptly correct any security deficiency, and disconnect immediately any known or suspected intrusions or intruder.
2.2 - Audits and Monitoring