API Policy

Subscribe to Subprocessor Updates

Thank you! Your submission has been received! 🎉
Something went wrong while submitting the form.


Subprocessing Activities



Cloud-based Marketing Automation Solution

United States

Amazon Web Services

Cloud Service Provider

United States


Cloud-based Analytics Tool

United States


Cloud Based Connector and Data Centralization Services

United States

Mandrill / Mailchimp

Cloud-based Customer Support Services

United States

Microsoft Azure

Cloud Service Provider

United States

MongoDB, Inc

Cloud database Service Production Database

United States

Salesforce Cloud

Cloud-based Customer Support Services

United States

Twilio Inc, dba “Segment”

Customer Data Platform

United States

Last updated: Mar 29, 2023

This API Policy applies to all Customers and their Developers and other Authorized Users who use our APIs. Any capitalized terms that are not defined in this API Policy have the meaning ascribed to such terms elsewhere in the “Agreement” (either the Terms of Service or Main Services Agreement, as applicable to each Customer).


Our APIs are an important part of making Mural Services useful for our Customers, Developers and Authorized Users. By providing access to the Services through our APIs, we are trusting you to not abuse that privilege and to use our APIs safely and securely. This API Policy is designed to help you understand what uses of our APIs will be permitted and what will not.


Mural takes privacy and data protection very seriously, and we expect you to as well. You gain no independent rights to the Services, Materials or any Mural intellectual property simply by virtue of using our APIs (collectively “Mural data”). Similarly, you gain no independent rights to any Customer Content and/or Customer Personal Data (collectively “Customer Data”) simply by virtue of using our APIs. In addition, all users of our APIs are prohibited from:

  • Renting or selling Mural data or Customer Data with third parties under any circumstances;
  • Exploiting Mural data or Customer Data to create consumer profiles;
  • Combining Mural data or Customer Data with data, content or other information gathered from other sources for any purposes unrelated to the intended use of the API;
  • Exploiting Mural data or Customer Data for surveillance purposes, or allowing or assisting any entity to conduct surveillance or obtain Mural data or Customer Data using your access to our APIs; or
  • Otherwise exploiting Mural data or Customer Data in a way not approved by Mural or customers (as applicable).


Mural takes security seriously, and we expect you to as well. All users of our APIs are prohibited from:

  • Accessing our APIs in any manner that damages, breaks, circumvents, degrades or compromises the security of our Services in any way, or that otherwise poses a security vulnerability;
  • Accessing our APIs in any manner that tests the vulnerability of our systems or networks;
  • Providing access to the Services in any fraudulent or unauthorized way, including bypassing or circumventing our protocols and access controls;
  • Using unpublished APIs; or
  • Transmitting any viruses or other malicious code that may damage, compromise, degrade the Services, or surreptitiously intercept or expropriate any Mural data or Customer Data from the Services.

If the event of an actual or potential security incident that involves your use of our APIs or any Mural data or Customer Data, you must inform us immediately at: security@mural.co.


You must respect our business as we respect yours. We expect you to behave in accordance with appropriate and accepted business conduct. As part of good business practices, you are prohibited from:

  • Circumventing our intended limitations (including without limitation any pricing, features and access structures);
  • Attempting to use our APIs in a manner that exceeds rate limits, or constitutes excessive or abusive usage;
  • Using any Mural data or Customer Data in any advertisements or for purposes of targeting advertisements or contacting Mural customers or their Authorized Users;
  • Sub-licensing distributing or allowing access to the Mural APIs to anyone else;
  • Attempting to reverse engineer or otherwise derive Confidential Information in or from the Services;
  • Accessing our APIs or documentation in violation of any law or regulation;
  • Accessing or using our APIs or documentation to replicate or compete with the Services;
  • Infringing upon any Mural intellectual property rights in connection with your Integration, including without limitation, using our trademarks or brand assets in violation of our brand guidelines and trademark guidelines;
  • Including advertising, including display ads, within the Integration experience or Mural Services; or
  • Implying a Mural endorsement, certification, affiliation or partnership (unless you have explicit written permission from Mural to do so).


As detailed in the Developer Addendum, every Public App must be useful, appropriate, respect data subject privacy rights, and provide a generally great user experience. The purpose of the Public App, and the expectations for using it, must be clear and transparent. Every Public App must include usage instructions and customer support information, including a contact for customer support. You must keep your Public App updated and provide timely and accurate support. In addition, Developers are prohibited from creating Public Apps that:

  • Degrade or compromise performance of the Services;
  • Create poor experiences that do not add value to Mural customers or users in a work setting, or that detract from the overall utility of the Services and the overall Integration ecosystem;
  • Encourage installers to circumvent or interfere with their own workplace and employer policies; or
  • Include misleading and/or deceptive statements about functionality, performance, origin, security, or data use.