logo
Legal Hub

Abnormal Security API Terms of Service

Effective August 23rd 2023

Abnormal Security Corporation API Terms of Service

Thank you for developing with Abnormal!
By accessing or using Abnormal APIs, including within a software application, website, tool, service, or product you create for use by or offer to Customer(s) (the "Application"), you are agreeing to these terms of service and to comply with any accompanying documentation that applies to your use of the Abnormal APIs ("API Terms") with Abnormal Security Corporation ("Abnormal", "we", "us", or "our"). You represent and warrant to us that you have the authority to accept these API Terms on behalf of yourself, a company, other entity, and/or Customer, as applicable. We may change, amend or terminate these API Terms at any time. Use of the Abnormal APIs after any change or amendment means you agree to the new API Terms. If you do not agree to the new API Terms or if we terminate these API Terms, you must stop using the Abnormal APIs.

1. Defined Terms

a) "Abnormal APIs" means (i) any form of machine accessible application programming interface that Abnormal makes available which provides access to an Abnormal Offering, including all associated tools, elements, components and executables therein, (ii) any Abnormal sample code that enables interactions with a Abnormal Offering, and (iii) documentation that Abnormal makes available to help enable your access to the Abnormal APIs.
b) "Access Credentials" means the necessary security keys, secrets, tokens, and other credentials to access the Abnormal APIs.
c) "Customer(s)" means the licensee of an Abnormal online service ("Abnormal Offering") and if the licensee is an organization, includes their administrators and end users. Customer also includes any individuals or entities that are authorized by Customer to access or use the Abnormal APIs or to create an Application on Customer’s behalf.

2. Scope and Application Registration

a) These API Terms govern your use of Abnormal APIs except if you have entered into another agreement with Abnormal that expressly supersedes these API Terms and governs your use of specific Abnormal APIs.
b) Registration for the Application may be required pursuant to documentation. If registration is required, you must register the Application with Abnormal. Your registration must be accurate and kept up-to-date by you at all times. Once you have successfully registered an Application, access credentials will be given for the Application.
c) Access Credentials will be granted to Customers that desire access to the Abnormal APIs.
The Access Credentials enable us to associate Customer use of the Abnormal APIs or Application use of the Abnormal APIs. All activities that occur using the Access Credentials are the responsibility of the party that are issued the Access Credentials, whether you or a Customer. Access Credentials are non-transferable and non-assignable. Keep them secret. Do not try to circumvent them.

3. Abnormal APIs License and Guidelines

a) Abnormal APIs License. Subject to compliance with all of the API Terms, Abnormal grants you a limited, non-exclusive, non-assignable, non-transferable, revocable license to use the Abnormal APIs to develop, test, and support the Application, and allow Customer(s) to use the integration of the Abnormal APIs within the Application. You may use the Abnormal APIs only as expressly permitted in these API Terms. Violation of these API Terms may result in the suspension or termination of your use of the Abnormal APIs.
b) Abnormal APIs Guidelines. You may NOT:
  1. Use the Abnormal APIs in a way that could impair, harm or damage Abnormal, the Abnormal APIs, any Abnormal Offering, or anyone else’s use of the Abnormal APIs or any Abnormal Offerings;
  2. Use the Abnormal APIs to disrupt, interfere with, or attempt to gain unauthorized access to services, servers, devices, or networks connected to or which can be accessed via the Abnormal APIs;
  3. Use the Abnormal APIs, or any information accessed or obtained using the Abnormal APIs, for the purpose of migrating Customer(s) away from an Abnormal Offering, except as expressly permitted by Abnormal pursuant to a duly executed written agreement;
  4. Scrape, build databases or otherwise create copies of any data accessed or obtained using the Abnormal APIs, except as necessary to enable the intended usage scenario for the Application;
  5. Request from the Abnormal APIs more than the minimum amount of data, or more than the minimum permissions to the types of data, that the Application needs for Customer(s) to use the intended functionality of the Application;
  6. Use an unreasonable amount of bandwidth, or adversely impact the stability of the Abnormal APIs or the behavior of other apps using the Abnormal APIs;
  7. Attempt to circumvent the limitations Abnormal sets on use of the Abnormal APIs. Abnormal sets and enforces limits on use of the Abnormal APIs (e.g., limiting the number of API requests that you may make or the number of users you may serve), in its sole discretion;
  8. Use Abnormal APIs in any manner that works around any technical limitations of the Abnormal APIs or of the accessed Abnormal Offering, or reverse engineer, decompile or disassemble the Abnormal APIs or an Abnormal Offering, except and only to the extent that applicable law expressly permits, despite this limitation;
  9. Use the Abnormal APIs, or any data obtained using the Abnormal APIs, to conduct performance testing of an Abnormal Offering unless expressly permitted by Abnormal pursuant to a duly executed written agreement;
  10. Use the Abnormal APIs, or any data obtained using the Abnormal APIs, to identify, exploit or publicly disclose any potential security vulnerabilities;
  11. Request, use or make available any data obtained using the Abnormal APIs outside any permissions expressly granted by Customer(s) in connection with using the Application;
  12. Use or transfer any data accessed or obtained using the Abnormal APIs, including any data aggregated, anonymized or derived from that data (collectively the "Abnormal APIs Data") for advertising or marketing purposes including (i) targeting ads, or (ii) serving ads. For purposes of clarity, this prohibition on using Abnormal APIs Data for advertising or marketing purposes does not extend to using other data, such as (i) the number of users of the Application, (ii) a user identifier you independently receive from a user (e.g., an email address you receive when a user enrolls to use the Application, a device identifier, or an advertising identifier), or (iii) a product or service identifier that identifies an Abnormal Offering;
  13. Make the Application available for use in a manner that circumvents the need for Customer to obtain a valid license to the Abnormal Offering accessed through the Abnormal APIs;
  14. Redistribute or resell, or sublicense access to, the Abnormal APIs, any data obtained using the Abnormal APIs, or any other Abnormal Offering accessed through the Abnormal APIs; or
  15. Misrepresent expressly, by omission, or implication, the need for Customer to obtain a valid license to the Abnormal Offering that is accessed through the Abnormal APIs;
  16. Falsify or alter any unique referral identifier in, or assigned to an Application, or otherwise obscure or alter the source of queries coming from an Application to hide a violation of this agreement; or
  17. Use the Abnormal APIs or allow any user to use the Application in a way that violates applicable law, including but not limited to:
    1. Illegal activities, such as child pornography, gambling, piracy, violating copyright, trademark or other intellectual property laws.
    2. Intending to exploit minors in any way.
    3. Accessing or authorizing anyone to access the Abnormal APIs from an embargoed country as prohibited by the U.S. government.
    4. Threatening, stalking, defaming, defrauding, degrading, victimizing or intimidating anyone for any reason.
    5. Violating applicable privacy laws and regulations.
  18. Use the Abnormal APIs in a way that could create, in Abnormal's sole discretion and judgment, an unreasonable security or privacy risk.

4. Security

You warrant that the Application has been developed to operate with Abnormal API content in a secure manner. The network, operating system and the software of your servers, databases, and computer systems (collectively, "Systems") must be properly configured to securely operate the Application and store content collected through the Application (including the Abnormal API content). The Application must use reasonable security measures to protect the private data of Customer(s).
We may use technology to detect, prevent or limit the impact of any issues caused by the Application (before, after, or instead of suspension of your access). This may include, for example, (i) filtering to stop spam, (ii) performing security or privacy monitoring regarding scraping, denial of service attacks, user impersonation, application impersonation, or illicit consent grant(s), or (iii) limiting or terminating your or Customer access to the Abnormal APIs.
You will permit Abnormal reasonable access to the Application for purposes of monitoring compliance with these API Terms. You will respond to any questions by Abnormal about your compliance with these API Terms.
Without limiting the foregoing, upon request by Abnormal, you will provide us (or an independent auditor acting on our behalf) with a full-feature client account-level instances to access the Application (and/or other materials relating to your use of the Abnormal APIs) as reasonably requested by us to verify your compliance with these API Terms (including, in particular, your security and privacy obligations under these API Terms).
We may restrict or terminate access to the APIs or perform an audit (including by hiring an independent auditor acting on our behalf) of the Application if you fail to provide adequate information and materials (including a full-featured instance of the Application) to verify your compliance with these API Terms.
You must have a process to respond to any vulnerabilities in the Application, and in the case of any vulnerabilities related to the Application's connection to the Abnormal APIs discovered by you or reported to you by a third party, you agree that you will provide vulnerability details to the Abnormal Security Security Team, (security@abnormalsecurity.com).
In the event of a data breach by you resulting from any aspect of the Abnormal APIs involving the Application or any data collected through the Application, you will promptly contact the Abnormal Security Security Team (security@abnormalsecurity.com) and provide details of the data breach. You agree to refrain from making public statements (e.g., press, blogs, social media, bulletin boards, etc.) without prior written and express permission from Abnormal in each instance as it relates to the Abnormal APIs.
The rights and requirements of this section -- 4. Security -- will survive for five (5) years following any termination of these API Terms.

5. Your Compliance with Applicable Privacy and Data Protection Laws

You must comply with all laws and regulations applicable to your use of the data accessed through the Abnormal APIs, including without limitation laws related to privacy, biometric data, data protection and confidentiality of communications. Use of the Abnormal APIs is conditioned upon implementing and maintaining appropriate protections and measures for your service and the Application, and that includes your responsibility to the data obtained through the use of the Abnormal APIs. For the data obtained through the Abnormal APIs, you must:
a) obtain all necessary consents before processing data and obtain additional consent if the processing changes ("Data Access Consents");
b) In the event you're storing data locally, ensure that data is kept up to date and implement corrections, restrictions to data, or the deletion of data as reflected in the data obtained through your use of the Abnormal APIs;
c) implement proper retention and deletion policies, including deleting all data when a user abandons the Application, uninstalls the Application, or closes or abandons its account with you;
d) maintain and comply with a written statement made available to Customer(s) that describes your privacy practices regarding data and information that you collect and use ("Your Privacy Statement"), and that statement must be as protective as the Abnormal Security Privacy Policy; and
e) When the Application allows end users to sign in with an Abnormal account and Abnormal is not providing the user interface for the sign in, your Privacy Statement must provide a link to the Abnormal Security Privacy Policy, or such other location(s) as we may specify from time to time, with a clear indication that Customer and end users can go to the Abnormal site(s) to revoke Data Access Consents at any time. If Customer or its end users must take additional steps to disable the Application's access to Customer or end user data, then Your Privacy Statement must clearly indicate to Customer and end users the additional steps required to disable access.
Nothing in the Agreement shall be construed as creating a joint controller or processor-subprocessor relationship between you and Abnormal.

6. Changes to the Abnormal APIs and API Terms

WE MAY CHANGE OR DISCONTINUE THE AVAILABILITY OF SOME OR ALL OF THE ABNORMAL APIs AT ANY TIME FOR ANY REASON WITH OR WITHOUT NOTICE. Such changes may include, without limitation, removing or limiting access to specific API(s), breaking changes, requiring fees or setting and enforcing limits on your use of additions to the Abnormal APIs. We may also impose limits on certain features and services or restrict your access to some or all of the Abnormal APIs. We may release subsequent versions of the Abnormal APIs and require that you use those subsequent versions, at your sole cost and expense. It is your responsibility to monitor for any Abnormal APIs changes that may impact the Application.
Any version of the Abnormal APIs designated as "preview", "pre-release" or "beta" ("Preview API"), may not work in the same way as a final version. We may change or not release a final or commercial version of a Preview API in our sole discretion.
WE MAY MODIFY THESE API TERMS AT ANY TIME, WITH OR WITHOUT PRIOR NOTICE TO YOU. YOUR CONTINUED USE OF THE ABNORMAL APIs FOLLOWING THE RELEASE OF A SUBSEQUENT VERSION OF THESE API TERMS WILL BE DEEMED YOUR ACCEPTANCE OF ANY MODIFICATIONS TO THESE API TERMS.

7. Feedback

If you give feedback about the Abnormal APIs to Abnormal, you give to Abnormal, without charge, the right to use, share and commercialize your feedback in any way and for any purpose. You will not give feedback that is subject to a license that requires Abnormal to license its software or documentation to third parties because Abnormal includes your feedback in them. These rights survive these API Terms.

8. Confidentiality

You may be given access to certain non-public information, software, and specifications relating to the Abnormal APIs ("Confidential Information"), which is confidential and proprietary to Abnormal. You may use Confidential Information only as necessary in exercising your rights granted under these API Terms. You may not disclose any Confidential Information to any third party without the prior written consent of Abnormal. You agree that you will protect any Confidential Information from unauthorized use, access, or disclosure in the same manner that you would use to protect your own confidential and proprietary information.

9. Disclaimer of Warranties, Limitation of Liability and Indemnity

a) Disclaimer of Warranties.
WE MAKE NO WARRANTIES, EXPRESS OR IMPLIED, GUARANTEES OR CONDITIONS WITH RESPECT TO YOUR USE OF THE ABNORMAL APIs. YOU UNDERSTAND THAT USE OF THE ABNORMAL APIs IS AT YOUR OWN RISK AND THAT WE PROVIDE THE ABNORMAL APIs ON AN "AS IS" BASIS "WITH ALL FAULTS" AND "AS AVAILABLE" TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAW, WE EXCLUDE ANY IMPLIED WARRANTIES, INCLUDING FOR MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, WORKMANLIKE EFFORT, TITLE AND NON-INFRINGEMENT. YOU MAY HAVE CERTAIN RIGHTS UNDER YOUR LOCAL LAW.
NOTHING IN THESE API TERMS ARE INTENDED TO AFFECT THOSE RIGHTS, IF THEY ARE APPLICABLE. WE DO NOT GUARANTEE THE ABNORMAL APIs WILL FUNCTION WITHOUT INTERRUPTION OR ERRORS. IN PARTICULAR, THE OPERATION OF THE ABNORMAL APIs MAY BE INTERRUPTED DUE TO MAINTENANCE, UPDATES, OR SYSTEM OR NETWORK FAILURES. WE DISCLAIM ALL LIABILITY FOR DAMAGES CAUSED BY ANY SUCH INTERRUPTION, ERRORS, OR THAT DATA LOSS WILL NOT OCCUR.
b) Limitation of Liability.
IF YOU HAVE ANY BASIS FOR RECOVERING DAMAGES (INCLUDING BREACH OF THESE API TERMS), YOU AGREE THAT YOUR EXCLUSIVE REMEDY IS TO RECOVER, FROM ABNORMAL OR ANY AFFILIATES, RESELLERS, DISTRIBUTORS, SUPPLIERS (AND RESPECTIVE EMPLOYEES, SHAREHOLDERS, OR DIRECTORS) AND VENDORS, ONLY DIRECT DAMAGES UP TO USD $5.00 COLLECTIVELY. YOU CAN'T RECOVER ANY OTHER DAMAGES OR LOSSES, INCLUDING, WITHOUT LIMITATION, DIRECT, CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT, INCIDENTAL, OR PUNITIVE. These limitations and exclusions apply even if this remedy doesn't fully compensate you for any losses or fails of its essential purpose or if we knew or should have known about the possibility of the damages. To the maximum extent permitted by law, these limitations and exclusions apply to any claims related to these API Terms or your use of the Abnormal APIs.
c) Indemnification.
You will defend, hold harmless, and indemnify Abnormal from any claim or action brought by a third party, including all damages, liabilities, costs and expenses, and reasonable attorney fees, to the extent resulting from, alleged to have resulted from, or in connection with your breach of the obligations herein or infringement of Abnormal's or a third party's intellectual property.
d) No Injunctive Relief.
In no event shall you seek or be entitled to rescission, injunctive or other equitable relief, or to enjoin or restrain the operation of the Abnormal APIs, content or other material used or displayed through the current Abnormal website or successor site.
e) No Third-Party Beneficiaries.
There are no third-party beneficiaries to this Agreement.

10. Termination

a) We may suspend or immediately terminate these API Terms, any rights granted herein, and/or your license to the Abnormal APIs, in our sole discretion at any time, for any reason. You may terminate these API Terms at any time by ceasing your access to the Abnormal APIs.
b) Upon termination, all licenses granted herein immediately expire and you must cease use of the Abnormal APIs. You must also comply with Customer and its users instructions to return or delete any data accessed or obtained through the Abnormal APIs, unless expressly permitted by Abnormal or prohibited by law. Neither party will be liable to the other for any damages resulting solely from termination of these API Terms.

11. General Terms

a) Applicable Law. California state law governs the interpretation of these API Terms and applies to claims for breach of it, regardless of conflict of laws principles. The laws of the state where you live govern all other claims, including claims under state consumer protection laws, unfair competition laws, and in tort.
b) Support. Because the Abnormal APIs are provided "as is," we may not provide support services for them. You are solely responsible for the quality of the Application and providing support for the Application.
c) Assignment and Delegation. You may not assign or delegate any rights or obligations under these API Terms, including in connection with a change of control. Any purported assignment and delegation shall be ineffective. We may freely assign or delegate all rights and obligations under these API Terms, fully or partially without notice to you.
d) Reservation of Rights. All rights not expressly granted herein are reserved by Abnormal. You acknowledge that all intellectual property rights within the Abnormal APIs, Abnormal Offerings, Abnormal Confidential Information and any other Abnormal technology remain the property of Abnormal and nothing within these API Terms will act to transfer any of these intellectual property rights to you.
e) Abnormal and you are independent contractors. Nothing in this Agreement shall be construed as creating an employer-employee relationship, processor-subprocessor relationship, a partnership, or a joint venture between the parties.
f) No Waiver. Either party's failure to act with respect to a breach of these API Terms does not waive either party's right to act with respect to that breach or subsequent similar or other breaches.
g) Survival. Sections of these API Terms that, by their terms, require performance after the termination or expiration of these API Terms will survive, such as, for example, the rights and requirements of Section 4. Security.
h) Modifications. We may modify these API Terms at any time with or without individual notice to you. Any modifications will be effective upon your continued use of the Abnormal APIs.
i) Entire Agreement. These API Terms and any documents incorporated into these API Terms by reference, constitute the entire agreement between you and us regarding the Abnormal APIs and supersede all prior agreements and understandings, whether written or oral, or whether established by custom, practice, policy or precedent, with respect to the subject matter of these API Terms. If any provision of these API Terms is found to be illegal, void, or unenforceable, the unenforceable provision will be modified so as to render it enforceable to the maximum extent possible.