Get price
Get price

Request sent. We will email your data room access link shortly. Your Account Manager will contact you to discuss your project.

Get price

IDEALS API SPECIFIC TERMS OF USE

Effective Date: May 4 2026

1. Introduction

These API Terms of Use (“Terms“) govern your access to and use of the API provided by Ideals. The API is part of the Solution and is made available to Clients on an eligible subscription plan as an optional paid add-on. The accompanying technical documentation, including implementation guidelines and usage constraints, is available at https://gateway.idealsvdr.com/api-docs. The Client is responsible for ensuring that its integration adheres to the practices outlined therein.

These Terms form a binding part of the Terms and Conditions of Services available at https://www.idealsvdr.com/terms-and-conditions/ (“Terms and Conditions of Services“). In the event of any inconsistency or conflict between these Terms and the Terms and Conditions of Services or any applicable Delivery Order, the Terms and Conditions of Services and the Delivery Order shall prevail.

For the avoidance of doubt, the API may be made available through direct programmatic access, MCP-based connectivity, OAuth-based connectors, and similar integration interfaces offered by Ideals from time to time. Such interfaces operate as access layers to the Solution and do not expand the underlying permissions, access rights, or restrictions otherwise applicable to the relevant Client account or authorised user.

The use of the API may involve the transfer of personal data. Clients are solely responsible for ensuring that such transfers comply with applicable data protection laws and any geographic or jurisdictional constraints selected during Data Room setup.

2. Definitions

In addition to the defined terms set out in the Terms and Conditions of Services, the following definitions apply to these Terms. Capitalised terms not otherwise defined herein bear the meanings given to them in the Terms and Conditions of Services.

“API” means the application programming interface provided by Ideals, including all access methods, protocols, and interfaces made available by Ideals from time to time through which the Client or its systems may programmatically interact with the Solution, including without limitation REST APIs, the Model Context Protocol (MCP), OAuth-based connectors, bearer token-authenticated endpoints, and any other current or future integration interface offered by Ideals.

“AI System” means any artificial intelligence model, large language model, machine learning system, robotic process automation tool, autonomous or semi-autonomous decision-making system, scripted automation, or other programmatic process that initiates or executes API calls without real-time, contemporaneous human input at the moment of each individual call.

“Automated Agent” means an instance of an AI System configured to interact with the API on behalf of a Client or any of its users, whether operating fully autonomously or in a semi-automated mode.

“Integration” means any software application, tool, connector, plugin, workflow, or programmatic configuration — including direct API integrations developed by the Client, connections established via MCP Servers, third-party AI agents, and automation platforms — that uses or routes calls to the API, whether or not it incorporates an AI System or Automated Agent.

“Intermediary” means any natural person or legal entity, other than the Client itself, that operates infrastructure through which API calls are routed or executed on the Client’s behalf, including MCP Servers.

“MCP Server” means a server or service implementing the Model Context Protocol or a functionally equivalent inter-system communication standard, used to route, mediate, or orchestrate API calls between an AI System, Automated Agent, or other Integration and the Solution.

3. License and Permitted Use

Subject to the Client’s continued compliance with these Terms and the Terms and Conditions of Services, Ideals grants a limited, revocable, non-exclusive, non-transferable, and non-sublicensable licence to use the API during the term of the Agreement for the sole purpose of developing, testing, supporting, and using software integrations with the Solution. This licence extends to usage conducted through Integrations, Automated Agents, and MCP Servers, subject to the authorization framework in Section 6. This licence does not grant any rights to distribute, sublicense, or otherwise expose the API or the Solution via API to third parties.

The Client may permit Corporate Account Participants and Data Room Participants to use Integrations enabled through the API, and may enable Integrations with compatible third-party software, automation tools, or AI agents, provided that in each case: (a) a Corporate Account Owner or Corporate Account Manager, or other authorised administrative role has first approved and enabled the relevant Integration in accordance with Section 6; and (b) all use complies with these Terms, the Agreement, and applicable law.

Any use of the API, including through MCP Servers, Automated Agents, connectors, or other Integrations, shall remain subject to the same underlying feature, document, project, group, role, and user permissions that would apply if the relevant action were performed directly through the Solution by the same authorised user. No Integration, Automated Agent, or Intermediary may be used to obtain broader access than that otherwise granted within the Solution.

The Client is expressly prohibited from:

  • using the API in a manner that degrades or harms the Solution;
  • posing a security vulnerability to Clients or Data Room Participants;
  • testing the vulnerability of the Solution or networks without written authorisation;
  • reverse engineering or deriving source code, trade secrets, or know-how of the API or the Solution;
  • using the API in a manner that exceeds rate limits or constitutes excessive or abusive usage, including usage generated by Automated Agents or MCP Servers;
  • using the API to build or offer commercial products or services based on the Solution, or charging any incremental or premium fees for accessing the Solution via its integration;
  • using the API to transfer data in a manner that breaches data protection laws and the geographic restrictions selected when creating the Data Room;
  • using the API in a manner that bypasses, circumvents, or attempts to expand the permissions, access restrictions, or enablement controls configured within the Solution;
  • using the API through an Integration or Automated Agent for any purpose that would itself be prohibited if performed directly by a human user;
  • using the API to engage in autonomous or automated execution of high-risk actions — including execution of legal documents, financial transactions, or actions involving special categories of personal data — without human review and approval prior to execution;
  • deploying an Automated Agent or Integration capable of self-modifying its authorisation scope, escalating its own permissions, or acquiring API credentials beyond those originally issued.

4. Access Credentials, Authentication and Management

The number of API calls permitted is not limited by default but may be restricted by Ideals at any time at its sole discretion or as governed by the Delivery Order.

Access to the API may be authenticated using API keys, OAuth credentials, bearer tokens, or such other authentication methods as Ideals may make available from time to time. The creation, management, revocation, and use of all credentials remain subject to the permissions and administrative controls available in the Solution.

The creation, management, and revocation of API keys are reserved for a Corporate Account Owner and assigned Corporate Account Managers. Each API key is linked to a specific Corporate Account and inherits the associated Corporate Account Owner’s, Corporate Account Managers’, and Data Room Participant permissions. API Key revocation does not remove the user who assigned this API Key from the Corporate Account or Data Room; such actions must be performed through the Corporate Account or Data Room interface.

Every integration developed using the API requires a secret key, and the Client is responsible for ensuring its secure handling and restricted access. A Corporate Account Owner and assigned Corporate Account Managers are solely responsible for the safe and secure storage of their secret key. All API credentials — including those used by Automated Agents, MCP Servers, or other Integrations — must not be embedded in client-side or publicly accessible code, configuration files, or repositories, and must be rotated at regular intervals or immediately upon any suspected compromise.

The Client must not use an Integration, MCP Server, or Automated Agent to impersonate another user, mask or misrepresent the identity of the system initiating an API call, use credentials belonging to one Corporate Account to act upon another, or proxy API calls in a manner that conceals the true source of the request from Ideals’ monitoring systems.

5. AI, Automated Use and Intermediaries

5.1 Permitted Automated Use. AI Systems and Automated Agents are permitted API consumers under these Terms, provided that: (a) their use has been approved and enabled by a Corporate Account Owner or Corporate Account Manager in accordance with Section 6; (b) they operate exclusively within the permission scope assigned to them; and (c) the Client has implemented appropriate controls to monitor, limit, and where necessary terminate their activity.

5.2 Human Oversight. The Client shall ensure that human oversight is maintained over all Automated Agent activity that could result in creation, modification, deletion, or export of Client Data; changes to Data Room Participant permissions; transmission of personal data outside the Data Room’s configured geographic location; or any other action that, if erroneous, would be difficult or impossible to reverse. For such actions, the Client must implement controls requiring human review and confirmation before execution, unless a Corporate Account Owner or Corporate Account Manager has conducted and documented a risk assessment justifying a fully automated workflow for that specific use case.

5.3 Intermediaries. The Client may route API calls through MCP Servers or other Intermediaries as part of an Integration. All such usage is deemed the Client’s own usage. The Client is solely responsible for ensuring that any Intermediary: (a) complies with these Terms as if it were the Client; (b) does not introduce security vulnerabilities or compliance exposures; and (c) handles all data in accordance with applicable data protection law. Where the Client uses a third-party Intermediary, it must conduct appropriate due diligence, ensure the Intermediary is contractually bound to comply with data protection and security requirements consistent with these Terms, and ensure that no unauthorised international data transfers result. Ideals accepts no responsibility for acts or omissions of any Intermediary.

5.4 No Warranty; Liability. Ideals makes no representation or warranty regarding the accuracy, completeness, reliability, legality, or fitness for purpose of any action taken by an Automated Agent or AI System through the API, or any output, result, or decision produced by or through such systems, including outputs of third-party AI agents. The Client assumes full responsibility for reviewing and validating all such outputs and any actions taken on that basis. Ideals shall not be liable for any loss or damage arising from AI-initiated or automated API usage. All such liability is governed by the limitations and exclusions in the Terms and Conditions of Services.

6. Authorization and Consent Framework

6.1 Corporate Account Owner and Manager Approval. No Integration may be used under the Client’s Corporate Account unless and until a Corporate Account Owner or Corporate Account Manager has explicitly approved and enabled it through the in-product mechanism provided by Ideals. Such approval constitutes the Client’s consent, at the applicable corporate account, project, group, role, or user scope made available by the Solution, to: (a) the scope of API access and permissions the Integration will exercise; (b) any data access, transfer, or processing it is configured to perform; and (c) its use by Corporate Account Participants and Data Room Participants within the Corporate Account.

6.2 User-Level Invocation. A Corporate Account Participant’s or Data Room Participant’s act of invoking an enabled Integration constitutes that user’s acknowledgment that the Integration, including through an Automated Agent or MCP Server, may act on that user’s behalf within the approved scope and within that user’s assigned permissions. Any resulting action shall be deemed an action of that user and of the Client for purposes of these Terms A one-time in-product disclosure at enrollment is sufficient to satisfy this requirement.

6.3 Ideals In-Product Mechanism. Ideals shall provide an in-product mechanism through which Corporate Account Owners and Corporate Account Managers may enable and disable Integrations and through which a log of approvals and user invocations is maintained. The availability of this mechanism does not transfer to Ideals any responsibility for the quality of approval decisions or for actions taken by Integrations once enabled.

6.4 Client Responsibility and Prohibited Scope Expansion. The Client is liable to Ideals for all actions taken by its Corporate Account Owners, Corporate Account Managers, Corporate Account Participants, and Data Room Participants in connection with Integrations, as if taken by the Client itself. An Integration may not be configured or modified to exercise permissions beyond those approved at the time of enabling. Any attempted or actual scope expansion — whether by the Integration, an Automated Agent, or a user — shall constitute a material breach of these Terms.

7. Security and Compliance

The Client is responsible for ensuring that its integration is secure and adheres to industry-standard data protection practices. All actions conducted through the API are logged under the Corporate Account Participant’s credentials associated with the respective API Key. The Client must ensure that its API usage does not infringe on any applicable laws or third-party rights and does not result in unauthorised data access, transmission of malicious content, or disruption of services. This includes any Integration with third-party AI agents, connectors, or automation platforms.

Where the Client uses the API with third-party AI providers or AI-enabled tools, the Client is solely responsible for assessing the appropriateness of such use, including in light of data sensitivity, user permissions, and the terms, privacy practices, retention settings, and security controls of the applicable third-party provider. The Client is responsible for determining whether such Integrations should be enabled for particular users, groups, or Corporate Accounts, and for ensuring those users are appropriately instructed on their secure and lawful use. Where an authorised user uses a third-party AI agent or connector through the API, any resulting actions within the scope of that user’s permissions shall be deemed actions of the Client and that user. Ideals does not control, and shall not be responsible for, any processing, storage, retention, or model training performed by third-party AI providers once data is transmitted to them at the Client’s direction.

The Client is responsible for ensuring that no viruses, malware, or malicious scripts are transmitted through its integrations. The Client must not use bots or web scrapers to retrieve or index any part of the Solution or collect data of Data Room Participants for unauthorised purposes. The Client should implement validation on all data inputs to prevent injection attacks and ensure no sensitive information is unintentionally exposed through API responses. Any security vulnerability discovered in an Integration that could affect the Solution or other Clients must be reported to Ideals promptly at security@idealscorp.com.

Where the API is used to transmit or export data, the Client is responsible for implementing appropriate data encryption and ensuring compliance with applicable export control, privacy, and data localisation regulations.

8. Data Usage and AI Training Restrictions

8.1 Absolute Prohibition on AI Training. The Client is strictly prohibited from using any data retrieved, accessed, exported, or derived via the API — including any output, response, metadata, or derivative dataset generated from such data (“API-Retrieved Data“) — to train, fine-tune, develop, benchmark, evaluate, or otherwise improve any AI System, machine learning model, or automated decision-making system, whether for internal use or for supply to third parties. This prohibition applies regardless of whether the API-Retrieved Data is anonymised, aggregated, pseudonymised, or otherwise transformed prior to use.

8.2 Permitted Use and Retention. API-Retrieved Data may be used solely for: (a) operating the Client’s permitted Integration with the Solution; (b) the Client’s own internal business activities in connection with the Project; and (c) compliance with applicable law. The Client must not retain API-Retrieved Data beyond the periods specified in the Terms and Conditions of Services for the retention of Client Data, and must promptly delete or destroy all API-Retrieved Data upon expiration or termination of the Agreement. Outputs generated by an Automated Agent from API-Retrieved Data are subject to the same restrictions and may not be used to train or improve any AI System.

9. PII Data Export, Jurisdictional Responsibility and Data Protection

The Client acknowledges and agrees that any transfer of personal data (including personal data of Data Room Participants) conducted via the API to a location outside the geographic area selected during Data Room setup is performed at the Client’s sole risk and responsibility. This includes transfers resulting from use of third-party AI agents, connector platforms, or external services through the API, and applies equally where initiated by an authorised Corporate Account Participant or Data Room Participant within their assigned permissions. The Client acknowledges that enabling a third-party AI agent or external connector to access data via the API may constitute an onward transfer or disclosure of personal data, and the Client is solely responsible for ensuring such use is lawful and appropriately authorised.

Ideals shall not be held liable for any unauthorised or non-compliant transfer of personal data initiated through the Client’s API integration. The Client must ensure that all API-driven data transfers are lawful, transparent, and based on an appropriate legal basis under applicable data protection regulations (e.g., GDPR, CPRA, PIPL). The Client shall indemnify and hold harmless Ideals against any claims, penalties, losses, or liabilities arising from such data exports.

As between Ideals and the Client, the Client acts as the data controller in respect of all personal data processed through the API, and Ideals acts as data processor to the extent it processes such data on the Client’s behalf. Where the Client enables an Integration that causes personal data to be transmitted to a third-party Intermediary or external AI System, the Client assumes sole responsibility for ensuring that the resulting processing is lawful and that appropriate data processing arrangements are in place with that third party. Where an Integration produces automated decisions with significant effects on individuals, the Client is solely responsible for compliance with all applicable legal requirements governing such processing, including any obligation to provide a human review mechanism or obtain explicit consent. Where an Integration causes personal data to be transferred to a jurisdiction other than the one selected in the Data Room setup, the Client must ensure that a lawful transfer mechanism is in place prior to enabling that Integration.

10. Third-Party Integrations, Monitoring and Updates 

Where the Client uses the API with third-party services, AI agents, connectors, or automation platforms, the Client is solely responsible for complying with the relevant third-party terms and evaluating their suitability. Ideals disclaims responsibility for issues arising from such third-party services, including vulnerabilities, errors, retention practices, or model behaviour. The Client is solely responsible for enabling or disabling such Integrations within the administrative controls made available by Ideals, and for determining whether they should be permitted at Corporate Account, project, group, or user level. The Client acknowledges that third-party Integrations or AI agents may be used by Corporate Account Participants and Data Room Participants where enabled by a Corporate Account Owner or Corporate Account Manager, and the Client remains responsible for those decisions and their consequences. Clients must verify that use of third-party integrations does not result in unauthorised international data transfers or exposure of personal data in violation of Section 9 and the selected Data Room location settings.

Unless Ideals expressly agrees otherwise in writing, Ideals is not a party to and assumes no responsibility under any terms, privacy notices, processing terms, retention settings, or other contractual arrangements imposed by any third-party AI provider, connector provider, automation platform, or intermediary used by the Client.

Ideals may monitor API usage and enforce rate limits to maintain platform stability. The Client must implement throttling and back-off mechanisms in all Integrations to prevent rate-limit violations. Ideals reserves the right to apply stricter rate limits to traffic it identifies as generated by Automated Agents without prior notice where such traffic poses a risk to platform stability. Should the Client exceed its usage allocation or misuse the API, Ideals reserves the right to notify the Client and suspend or disable access in whole or in part. Persistent misuse may result in permanent suspension of access.

Ideals may provide updates, upgrades, or new versions of the API from time to time but is under no obligation to do so, and will make commercially reasonable efforts to support previous versions for a reasonable period. The Client must promptly report any errors or bugs encountered. Where an API update modifies authentication requirements, endpoint structures, or permission scopes in a manner that affects enabled Integrations, the Client is responsible for updating those Integrations to remain compliant.

11. Final Provisions

Where the API is accessed or used by Corporate Account Participants or Data Room Participants, such use shall also remain subject to the applicable user Terms of Use and other platform rules accepted by such users. In the event of conflict, Ideals may enforce both these Terms and the applicable user Terms of Use to the extent relevant to the circumstances.

All other matters not expressly addressed in these Terms are governed by the Terms and Conditions of Services. In the event of any inconsistency between these Terms and the Terms and Conditions of Services or Delivery Order, the latter documents shall prevail.

For legal questions regarding these API Terms, please contact legal@idealscorp.com. For all other API-related inquiries or technical issues, please reach out to support@idealsvdr.com.