API Policy

Last Updated: Sept 20, 2022

This API Policy applies to all Customers and their Developers and other Authorized Users who use our APIs, and comprises part of the Mural Terms of Service. Any capitalized terms that are not defined in this API Policy have the meaning ascribed to such terms elsewhere in our Terms of Service.

INTRODUCTION

Our APIs are an important part of making Mural useful for our Customers, Developers and Authorized Users. By providing access to the Services through our APIs, we are trusting you to not abuse that privilege and to use our APIs safely and securely. This API Policy is designed to help you understand what uses of our APIs will be permitted and what will not. 

DATA PROTECTION

Mural takes privacy and data protection very seriously, and we expect you to as well. As stated in our Terms of Service, you gain no independent rights to the Services, or to any Content, personal information, or other data to which you may have access through your use of our APIs (collectively “Data”), simply by virtue of using our APIs. In addition, all users of our APIs are prohibited from:

• Renting or selling Data with third parties under any circumstances;
• Exploiting Data to create consumer profiles;
• Combining Data with data, content or other information gathered from other sources for any purposes unrelated to the intended use of the API;
• Exploiting Data for surveillance purposes, or allowing or assisting any entity to conduct surveillance or obtain Data using your access to our APIs; or
• Otherwise exploiting Data in a way not approved by Mural. 

SECURITY

Mural takes security seriously, and we expect you to as well. As stated in our Terms of Service, Customers must implement their own appropriate administrative, technical, physical, and organizational measures to prevent a Security Incident. In addition, all users of our APIs are prohibited from:

• Accessing our APIs in any manner that damages, breaks, circumvents, degrades or compromises the security of our Services in any way, or that otherwise poses a security vulnerability;
• Accessing our APIs in any manner that tests the vulnerability of our systems or networks;
• Providing access to the Services in any fraudulent or unauthorized way, including bypassing or circumventing our protocols and access controls;
• Using unpublished APIs; or
• Transmitting any viruses or other malicious code that may damage, compromise, degrade the Services, or surreptitiously intercept or expropriate any data, Content or information from the Services.

If the event of an actual or potential Security Incident that involves your use of our APIs or any Data, you must inform us immediately at: security@mural.co. 

RESPECT OUR BUSINESS AND PROPERTY

You must respect our business as we respect yours. We expect you to behave in accordance with appropriate and accepted business conduct. As part of good business practices, you are prohibited from:

• Circumventing Mural's intended limitations (including without limitation any pricing, features and access structures); 
• Attempting to use our APIs in a manner that exceeds rate limits, or constitutes excessive or abusive usage;
• Using any Data in any advertisements or for purposes of targeting advertisements or contacting Mural Customers or their Authorized Users;
• Sub-licensing, distributing or allowing access to the Mural APIs to anyone else;
• Attempting to reverse engineer or otherwise derive Confidential Information in or from the Services;
• Accessing our APIs or documentation in violation of any law or regulation;
• Accessing or using our APIs or documentation to replicate or compete with the Services;
• Infringing upon any Mural intellectual property rights in connection with your Integration, including without limitation, using our trademarks or brand assets in violation of our brand guidelines and trademark guidelines;
• Including advertising, including display ads, within the Integration experience or Mural Services; or
• Implying a Mural endorsement, certification, affiliation or partnership (unless you have explicit written permission from Mural to do so).

PUBLIC APPS

As detailed in the Developer Addendum, every Public App must be useful, appropriate, respect data subject privacy rights, and provide a generally great user experience. The purpose of the Public App, and the expectations for using it, must be clear and transparent. Every Public App must include usage instructions and customer support information, including a contact for customer support. You must keep your Public App updated and provide timely and accurate support. In addition, Developers are prohibited from creating Public Apps that:

• Degrade or compromise performance of the Services;
• Create poor experiences that do not add value to Mural customers or users in a work setting, or that detract from the overall utility of the Services and the overall Integration ecosystem;
• Encourage installers to circumvent or interfere with their own workplace and employer policies; or
• Include misleading and/or deceptive statements about functionality, performance, origin, security, or data use.