IDEALS API SPECIFIC TERMS OF USE | Ideals Virtual Data Room
Get price

Request sent. We will email your data room access link shortly. Your Account Manager will contact you to discuss your project.

Get price

IDEALS API SPECIFIC TERMS OF USE

Effective Date: July 1 2025

1. Introduction

These API Terms of Use (“Terms”) govern your access to and use of the API functionality provided by Ideals. The API is part of the Solution and is made available to clients on an eligible subscription plan as an optional paid add-on. The accompanying technical documentation for the API, including implementation guidelines and usage constraints, is available at https://gateway.idealsvdr.com/api-docs. The Client is responsible for ensuring that its integration adheres to the practices outlined therein.

These Terms form a binding part of the Terms and Conditions of Services available at https://www.idealsvdr.com/terms-and-conditions/

The use of the API may involve the transfer of personal data. Clients are solely responsible for ensuring that such transfers comply with applicable data protection laws and any geographic or jurisdictional constraints selected during Data Room setup.

2. License and Permitted Use

Subject to the Client’s continued compliance with these Terms and the Terms and Conditions of Services, Ideals grants a limited, revocable, non-exclusive, non-transferable, and non-sublicensable license to use the API during the term of the Agreement for the sole purpose of developing, testing, supporting, and using software integrations with the Solution. The Client may use the API to enable its systems or applications to interact with the Solution, provided such use remains within the scope of this license. This license does not grant any rights to distribute, sublicense, or otherwise expose the API or the Solution via API to third parties.

The Client is expressly prohibited from: 

  1. using the API in a manner that degrades or harms the Solution; 
  2. posing a security vulnerability to clients or Data Room Participants; 
  3. testing the vulnerability of the Solution or networks without written authorization; 
  4. reverse engineering or deriving source code, trade secrets, or know-how of the API or the Solution; 
  5. using the API in a manner that exceeds rate limits or constitutes excessive or abusive usage;
  6. using the API to build or offer commercial products or services based on the Solution, or charge any incremental or premium fees for accessing the Solution via its integration.
  7. using the API to transfer data in a manner that breaches data protection laws and the geographic restrictions selected when creating the Data Room.

3. Access Limits and API Key Management

The number of API calls permitted is not limited by default but may be restricted by Ideals at any time at its sole discretion or as governed by the Delivery Order. 

The creation, management, and revocation of API keys are reserved for a Corporate Account Owner and assigned Corporate Account Managers. Each API key is linked to a specific Corporate Account and inherits the associated Corporate Account Owner’s, Corporate Account Managers’, and Data Room Participant permissions. 

API Key revocation does not remove the user who assigned this API Key from the Corporate Account or Data Room; such actions must be performed through the Corporate Account or Data Room interface.

Every integration developed using the API requires a secret key (the part generated by the user API key through the Solution interface in the Corporate Account), and the Client is responsible for ensuring the secure handling and restricted access to such keys. A Corporate Account Owner and assigned Corporate Account Managers are solely responsible for the safe and secure storage of their secret key, which must not be exposed publicly or stored in insecure environments.

4. Security and Compliance

The Client is responsible for ensuring that its integration is secure and adheres to industry-standard data protection practices. All actions conducted through the API are logged under the Corporate Account Participant’s credentials associated with the respective API Key. The Client must ensure that its API usage does not infringe on any applicable laws or third-party rights and that it does not result in unauthorized data access, transmission of malicious content, or disruption of services.

The Client is responsible for ensuring that no viruses, malware, or malicious scripts are transmitted through its integrations.

The Client must not use bots or web scrapers to retrieve or index any part of the Solution or collect data of Data Room Participants for unauthorized purposes.

The Client should implement validation on all data inputs to prevent injection attacks and review API responses to ensure no sensitive information is unintentionally exposed. Access to API resources should be verified through trusted sources; usage of third-party mirrors or repositories is not permitted without prior approval.

Where the API is used to transmit or export data, the Client is responsible for implementing appropriate data encryption and ensuring compliance with applicable export control, privacy, and data localisation regulations.

5. PII Data Export and Jurisdictional Responsibility

The Client acknowledges and agrees that any transfer of personal data (including personal data of Data Room Participants) conducted via the API to a location outside the geographic area selected during Data Room setup is performed at the Client’s sole risk and responsibility.

Ideals shall not be held liable for any unauthorised or non-compliant transfer of personal data initiated through the Client’s API integration. The Client must ensure that all API-driven data transfers are lawful, transparent, and based on an appropriate legal basis under applicable data protection regulations (e.g., GDPR, CPRA, PIPL, etc.).

The Client shall indemnify and hold harmless Ideals against any claims, penalties, losses, or liabilities arising from such data exports.

6. Monitoring and Enforcement

Ideals may monitor API usage and enforce rate limits to maintain platform stability. Should the Client exceed its usage allocation or misuse the API, Ideals reserves the right to notify the Client of the violation via email or another communication method, or suspend or disable access to the API in whole or part.

The Client is encouraged to implement internal controls to track and alert on abnormal API activity. Persistent misuse may result in permanent suspension of access.

7. Third-Party Integrations

Where the Client applications integrate with third-party services or APIs, the Client is solely responsible for complying with the relevant third-party terms. Ideals disclaims any responsibility for issues arising from the use of third-party APIs or vulnerabilities introduced through insecure integrations. 

Clients must also verify that their use of third-party integrations does not result in unauthorised international data transfers or exposure of personal data in violation of the selected Data Room location settings.

8. API Updates and Modifications

Ideals may provide updates, upgrades, modifications, or new versions of the API from time to time, but is under no obligation to do so. When new versions are released, Ideals will make commercially reasonable efforts to support the previous version for a reasonable period. 

The Client must promptly report any errors or bugs it encounters, and Ideals will make reasonable efforts to correct such issues in future releases.

9. Final Provisions

All other matters not expressly addressed in these Terms are governed by the Terms and Conditions of Services. In the event of any inconsistency between these Terms and the Terms and Conditions of Services or Delivery Order, the latter documents shall prevail. 

For legal questions regarding these API Terms, please contact  legal@idealscorp.com. For all other API-related inquiries or technical issues, please reach out to support@idealsvdr.com.