PayPal License Program
Last Update: Jul 19, 2009
PayPal Inc.
API License Agreement
IMPORTANT - READ CAREFULLY: This API License Agreement ("Agreement") is a contract between you, as Licensee ("You" or "Licensee") and PayPal, Inc. and applies to your use of the PayPal™ payment service and any related products and services available through www.paypal.com (collectively the "Service"). If you do not agree to be bound by the terms and conditions of this Agreement, please do not use or access our Services. In this Agreement, "you" or "your" means any person or entity using the Service ("Users"). Unless otherwise stated, "PayPal," "we" or "our" will refer collectively to PayPal, Inc. and its subsidiaries including PayPal Asset Management Inc. This Agreement is effective as of the date you first access, download or use the API, or clicks the Acceptance button below ("Effective Date"), until the time it is terminated, either by PayPal or by you. This Agreement incorporates the PayPal User Agreement by reference, whose terms also govern your use of the PayPal Service.
INSTALLING, COPYING OR OTHERWISE USING THE PAYPAL API CONSTITUTES YOUR AGREEMENT TO BE BOUND BY ALL OF THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, YOU ARE NOT AUTHORIZED TO USE, DOWNLOAD OR INSTALL THE PAYPAL API.
AGREEMENT
- Licenses and Restrictions
1.1 API License. Subject to the terms and conditions of this Agreement, PayPal hereby grants to you a non-exclusive, non-transferable, non-sublicense-able, limited license to use the Application Programming Interface ("API License") solely in accordance with this Agreement. You may do the following under this API License:
Access the PayPal transaction database ("Database") and use API certificate only in the manner provided by PayPal;
Use the API as often and as many times as necessary to conduct your business;
Query the Database, execute transactions and retrieve therefrom transaction information necessary to facilitate the Permitted Use provided for in this Section or additional uses as added by mutual addendum; such information stored and/or retrieved in the Database (but exclusive of your information not accessed by the API) is defined as "PayPal Content" or "Content";
Make limited copies of the PayPal Content (e.g., transaction amount, shipping information, etc.) only as necessary to perform an activity constituting Permitted Use under this Agreement; provided, however, You shall destroy such copies following performance of relevant obligation (e.g., fulfillment of PayPal transaction); and
Abide by the terms of PayPal's User Agreement, Acceptable Use and Privacy Policies;
Any combination of subsections (a)-(e) above shall be deemed "Permitted Use." Permitted Use is subject to all restrictions identified herein. PayPal shall provide to you a confidential identification code specific to you, Certificate, and User ID that shall permit you to use the API. The User ID is the property of PayPal and may be immediately revoked or terminated by PayPal if you share the same with any third party (other than Third Party Service Providers from you), if compromised by a third party, or if you use or access the Program, Content or Database in any way not expressly permitted or granted under this Agreement. A "Third Party Service Provider" is any third party service provider who is reasonably needed to undertake the Permitted Use of this Agreement and who is subject to all restrictions herein, including confidentiality provisions at least as restrictive as those set forth in Section 10 ("Confidential Information").
1.2 General License Conditions and Restrictions. You shall neither use the Database or the Program in any way not expressly permitted or granted under this Agreement, nor use any alternative means such as robots, spiders, scraping or other technology to access, query, or use www.PayPal.com, or any other web site owned or operated by PayPal or any of its affiliates or subsidiaries including eBay Inc. (the "PayPal Site"), Database, Content, or Program to obtain any information, other than as provided by PayPal to you pursuant to this Agreement. You may not distribute, facilitate, enable or allow access or linking to the PayPal Content or Database from any location or source other than your Site. You shall not permit or enable third parties to copy or obtain PayPal Content from your Site in any unauthorized manner including, but not limited to, the use of using robots, spiders, scraping or any other technology. Following expiration or termination of this Agreement, you shall not use (or facilitate use of) any alternative means such as robots, spiders, scraping or other technology to access, query, or use the PayPal Site, Database, Content, or Program to obtain any information.
1.3 Restrictions and Conditions on Use. You agree that you shall not use the Program, Database, or PayPal Content, or permit same to be used in any manner, whether directly or indirectly, that would (i) permit the disclosure of the Program, Database, or the PayPal Content (other than PayPal Content authorized by this Agreement to be Publicly Displayed as defined hereunder), to, or the use of the Program, Database, or the PayPal Content by, anyone other than your employees or Third Party Service Providers, or (ii) enable the Program to be used in any location other than your Site (unless PayPal otherwise has agreed in writing in advance). A "PayPal User" is defined as any party who has a PayPal member account.
Specific Prohibitions: Notwithstanding anything contrary in this Agreement, you are specifically prohibited from doing any of the following:
You shall not sell, transfer, sublicense, or disclose your User ID to any third party (other than Third Party Service Providers);
You shall not sell, transfer, sublicense and/or assign any interest in the PayPal Content;
You shall not collect personally identifiable information of any PayPal User without that user's express permission or in violation of PayPal's User Agreement, Acceptable Use Policy and Privacy Policies;
You shall not transmit, facilitate, enable or otherwise provide the PayPal Content or the Program to any third parties not expressly authorized by this Agreement;
You shall not modify, decompile or otherwise alter the Program; and
You shall not commercialize (i.e., sell, rent, or lease), copy, store or cache the PayPal Content, other than for the purposes allowed by this Agreement, or use or access the Database, Content or the Program in a manner inconsistent with the terms of this Agreement.
Certification. Your use of the PayPal Content and participation in the Program is dependent upon the certification by PayPal or an independent third party designated by PayPal of your technology in accordance with the security and stability guidelines and the display and use of the Program and PayPal Content in accordance with this Agreement ("Certification"). You shall be responsible for all costs associated with Certification and any modification necessary to meet the Certification criteria. Future modifications of your Site, use or display of the PayPal Content or Program are subject to re-Certification. Failure by you to obtain and maintain Certification is cause for immediate termination of this Agreement.
1.4 Display of PayPal Content. You may only display the PayPal Content in accordance with the following guidelines:
All rules applicable to PayPal Content disclosed in the PayPal User agreement apply to your use and display of the PayPal Content;
You shall not under any circumstances display or cause another to display specific PayPal User information in a Public Display; provided however, You may provide specific PayPal User information to the PayPal User for Private Display for such PayPal User. "Public Display" is defined as the display of the PayPal Content to anyone other than the owner, originator, creator, or developer of such content. "Private Display" is defined as the display of the PayPal Content to a particular PayPal User relating only to such PayPal User's PayPal activities;
1.5 Prohibited Functions. Unless otherwise stated, all new PayPal User registrations on items shall take place on the PayPal Site and cannot be done through the API. In addition, all PayPal User preferences, registration preferences, and privacy preferences shall be set by the PayPal User directly on the PayPal Site; You shall not enable PayPal Users to set preferences on your Site
- User Data.
2.1 Collection Limitations. You agree that any Customer Information (defined below) gathered by you shall be limited to information reasonably necessary to perform your obligations under this Agreement or activities permitted under this Agreement. You shall neither use, nor permit any third party to use (except Third Party Service Providers) Customer Information for any purpose other than in accordance with this Agreement. You shall not collect and/or store: (i) any information (whether automatically or manually) from PayPal Users without their express permission and shall provide an opt-out method for all PayPal Users desiring you to stop using such Customer Information, or (ii) user IDs and passwords or other data from PayPal Users. You agree that you shall be liable and responsible to PayPal, and you agree to indemnify PayPal for any breach of this Section 2 by any Third Party Service Provider. "Customer Information" is defined as any PayPal User or customer information that is included in the PayPal Content regarding PayPal Users and their activities, or PayPal User information that you gather from the PayPal User, or receive from PayPal regarding PayPal Users and their activities.
2.2 Use Subject to Privacy Policy. You shall not use the Database, Content, Program, or Customer Information to communicate with PayPal Users or to send or facilitate the sending of unsolicited communications of any type. You shall not solicit or facilitate the solicitation by any third party of PayPal Users as a result of their status as PayPal Users or members. Without limiting the foregoing, you must also only use the Database, Program and Customer Information in a manner consistent with your own Privacy Policy, which must conform with industry practice and be at least as protective as the PayPal Privacy Policy, available on the PayPal website at www.paypal.com.
2.3 Certain Disclosures Not Permitted. You shall not sell, rent, lease or otherwise disclose the Customer Information.
- Content and Intellectual Property Licenses.
3.1 Content and IP Ownership Except as otherwise provided in this Agreement, as between PayPal and You, PayPal retains all rights, title and interest in and to all intellectual property rights (including without limitation all patent, trademark, copyright, trade dress, trade secrets, database rights and all other intellectual property rights) embodied in or associated with the Program, PayPal Content, PayPal Site and any and all PayPal services, technology and any content created or derived there from. There are no implied licenses under this Agreement, and any rights not expressly granted to you hereunder are reserved by PayPal or its suppliers. You shall not take any action inconsistent with PayPal's ownership of the Program, and/or PayPal Content. You shall not exceed the scope of the licenses granted hereunder.
3.2 Limits on Sublicensing. All license rights (under any applicable intellectual property right) granted herein are not sublicenseable, transferable or assignable, except as otherwise provided herein.
3.3 Logo Ownership PayPal owns all of its trademarks. Use of the PayPal Logo is governed by the PayPal User Agreement.
- Uptime. PayPal does not guarantee that the PayPal Site or the PayPal Content shall be available twenty-four hours a day.
- Term and Termination.
5.1 PayPal may terminate this Agreement at any time upon advance notice based on its reasonable discretion.
5.2 Survival. The following Sections of the Agreement shall survive any termination of this Agreement: the following sections under Section 1.2 ("General License Conditions and Restrictions"), Section 1.3 ("Restrictions and Conditions of Use"), Section 2 ("User Data Collection Restrictions"), Section 3 ("Content and Intellectual Property Licenses"), Section 5.2 ("Survival"), Section 8 ("Representations and Warranties"), Section 9 ("Confidential Information"), Section 10 ("Limitation of Liability"), Section 11 ("Indemnification"), and Section 12 ("General").
5.3 Effects of Termination. Upon termination of this Agreement, your User ID shall be revoked and all licenses granted hereunder shall terminate unless such licenses are expressly stated as surviving; provided further, you shall provide proof to PayPal of the destruction of any PayPal Content or Customer Information within three (3) days of such expiration or termination.
- Security and Stability. You acknowledge that it is in the best interests of both parties that PayPal maintains a secure and stable environment; to that end, PayPal reserves the right to change the method of access to the Program, Database and/or PayPal Content at any time. You also agree that, in the event of degradation or instability of PayPal's system or an emergency, PayPal may, in its sole discretion, temporarily suspend your access to the Program, Database and/or PayPal Content under this Agreement in order to minimize threats to and protect the operational stability and security of the PayPal system. Your continued access to the Program, Database and PayPal Content is subject to your compliance with the Security Standards attached hereto as Exhibit A.
- Disclaimer of PayPal Warranties. ACCESS TO THE DATABASE AND YOUR USE OF THE API IS PROVIDED HEREUNDER ON AN "AS IS" BASIS WITHOUT WARRANTY OF ANY KIND. EXCEPT AS EXPRESSLY STATED HEREIN, PAYPAL DISCLAIMS ALL WARRANTIES AND CONDITIONS, EXPRESS, IMPLIED OR STATUTORY, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. PAYPAL DOES NOT REPRESENT OR WARRANT THAT THE PAYPAL SITE SHALL OPERATE SECURELY OR WITHOUT INTERRUPTION. You acknowledge that you have not entered into this Agreement in reliance upon any warranty or representation.
- Representations and Warranties. You represent and warrant that you shall at all times comply with all laws and regulations applicable to your products and/or services, related promotional activities and its performance under this Agreement.
Confidential Information.
9.1 Confidential Information. Confidential Information Defined. PayPal's "Confidential Information" is defined as any confidential or proprietary information which is disclosed to you in a writing marked "Confidential" or, if disclosed orally, is identified as confidential at the time of disclosure and is subsequently reduced to a writing marked "Confidential" and delivered to the other party within ten (10) days of disclosure, or disclosed through the API. The terms of this Agreement, PayPal Content, Database, Services, Technology, the Program, your User ID, and Customer Information (including user IDs, passwords, and any account information) shall be deemed Confidential Information regardless of whether marked "Confidential."
9.2 Licensee Obligations. You shall hold PayPal's Confidential Information in confidence and shall not disclose such Confidential Information to third parties nor use PayPal's Confidential Information for any purpose other than as required to perform under this Agreement. Where Confidential Information is required to be disclosed by a court, government agency, regulatory requirement, or similar disclosure requirement, you shall immediately notify PayPal upon learning of the existence or likely existence of such requirement and shall use reasonable efforts to avoid such disclosure and, if necessary, use reasonable efforts to obtain confidential treatment or protection by order of any disclosed Confidential Information. Notwithstanding any contrary provision in Section 12.6 ("Notice"), notification to PayPal under this Section 10.2 should be provided by personal delivery on a same day or overnight basis, overnight courier, confirmed facsimile, or confirmed e-mail. Your obligations hereunder shall survive the termination of this Agreement for a period of three (3) years.
9.3 Return of Confidential Information Upon Termination. Upon termination of this Agreement, you shall return to PayPal within three (3) days all Confidential Information and all documents or media containing any such Confidential Information and any and all copies or extracts thereof.
9.4 Competitive or Similar Materials. Notwithstanding the foregoing, in no event shall PayPal be precluded from discussing, reviewing, developing for itself, having developed, acquiring, licensing or developing for third parties, as well as marketing and/or distributing, materials which are competitive with your products and/or services (collectively, "your Products"), irrespective of their similarity to current Products or your Products that may be developed hereafter.
- Limitation of Liability. PAYPAL SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES OR LOST PROFITS (HOWEVER ARISING, INCLUDING NEGLIGENCE, BREACH OF CONTRACT, BREACH OF WARRANTY, OR ANY OTHER FORM OF ACTION) ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, EVEN IF PAYPAL IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
- Indemnification. You shall indemnify PayPal against any and all claims, losses, liabilities, costs and expenses, including reasonable attorneys' fees (collectively, "Claims") which PayPal may incur as a result of any third party actions arising from or relating to: (1) Your or Third Party Service Provider's use of the Program, the PayPal Content, Database, Services or Technology in excess of the rights granted hereunder or (2) Content, Database, Technology, or Services provided by You or others on your behalf.
- General.
12.1 Governing Law; Venue. This Agreement shall be construed in accordance with and governed exclusively by the laws of the State of California applicable to agreements made among California residents and to be performed wholly within such jurisdiction, regardless of such parties' actual domiciles. You agree that any cause of action arising under this Agreement shall be brought exclusively in a court in Santa Clara County, CA.
12.2 Publicity. You shall not make any public statement regarding the terms of this Agreement, any aspect thereof, or the Program without PayPal's prior written approval which may be withheld at its sole discretion.
12.3 Independent Contractors. This Agreement does not create, and nothing contained in this Agreement shall be deemed to establish, a joint venture between the parties, or the relationship of employer-employee, partners, principal-agent or the like.
12.4 Assignment. You may not assign its rights nor delegate its duties hereunder without PayPal's prior written consent, which may be withheld at its sole discretion.
12.5 Severability. If any provision herein is held to be invalid or unenforceable for any reason, the remaining provisions shall continue in full force without being impaired or invalidated in any way.
12.6 Notice. Any notice under this Agreement shall be in writing and delivered by personal delivery, overnight courier, confirmed facsimile, confirmed e-mail, or certified or registered mail, return receipt requested, and shall be deemed given upon personal delivery, one (1) day after deposit with an overnight courier, five (5) days after deposit in the mail, or upon confirmation of receipt of facsimile or e mail. Notices shall be sent to a party at its address set forth above or such other address as that party may specify in writing pursuant to this Section 13.6, or to the email address you provide ("Notice").
12.7 Entire Agreement; Waiver. This Agreement sets forth the entire understanding and agreement of the parties regarding the Program, and supersedes any and all oral or written agreements or understandings between the parties, as to the Program, except to the extent that it incorporates PayPal's User Agreement, Privacy and Acceptable Use Policies as described herein. The waiver of a breach of any provision of this Agreement shall not operate or be interpreted as a waiver of any other or subsequent breach.
EXHIBIT A
SECURITY STANDARDS
Security Incidents and Response.
1.1 Security Breach. For purposes of this Exhibit, a "Security Breach" is defined as a breach of security of your systems or site where PayPal's data or materials containing Personally Identifiable Information, including but not limited to PayPal Users' IDs or passwords, (collectively, "PII") have been acquired by an unauthorized person or you or PayPal reasonably believes that such a breach of security may have occurred.
1.2 Notification and Timing. Notwithstanding any other legal obligations you may have, you agree to immediately notify PayPal in writing upon your discovery of a Security Breach. In accordance with your obligations under this Section, you will use commercially reasonable efforts to notify PayPal of the Security Breach no more than thirty (30) minutes after detection. Under no circumstances will more than one (1) hour pass between your detecting a Security Breach and PayPal being notified.
1.3 Notification Format. Pursuant to this Exhibit, your notification of a Security Breach will take the form of an email, to privacybreach@ebay.com, in which you will provide the following information: problem statement, expected resolution time, and contact information of a representative that the PayPal can contact to obtain incident updates.
1.4 PayPal Environment Isolation. You will either immediately disable functionality of the application or isolate and safeguard PayPal data should a security issue be identified pursuant to this Exhibit. PayPal reserves the right to require you to isolate its databases, servers, and/or networks if it appears that PayPal customer information is being compromised by the Security Breach.
1.5 Audit after an Incident. If a Security Breach occurs involving your facility or your systems, PayPal may suspend or terminate your access to PayPal and may conduct a security audit over the infrastructure and related security controls designated by you to be used in provision of Services under the Agreement.
1.6 PayPal Results and Your Response. PayPal will provide you with detailed results of any audit performed by PayPal pursuant to this Section. You will be granted thirty (30) days to resolve any issues identified by PayPal through an audit. Once identified issues have been resolved, PayPal may conduct a security audit to ensure completion of the resolution. Your failure to resolve issues identified through audits as set forth above may be deemed by PayPal to be a material breach of the Agreement resulting in PayPal terminating the Agreement without penalty or other termination charge to PayPal.
- Security Requirements.
2.1 Physical Security. You will only locate the infrastructure designated by you to be used in provision of the Services under the Agreement in a physically secure facility.
2.2 Firewalls. You will deploy reasonably appropriate firewall technology in operation of your site.
2.3 Transfer and Storage of PayPal Data. When PayPal PII Data is transferred between networks pursuant to the Agreement, it will be encrypted.
2.4 Authorized Access. During the term of the Agreement, PayPal PII Data will only be handled by a defined and authorized group of your personnel.
2.5 Event Monitoring. Any of your systems that communicate with PayPal's API or stores PayPal Content must log access events (i.e., logons and logoffs), along with the time of day and the associated User ID. These logs should be kept for at least sixty (60) days. In the event of unauthorized access to PayPal's systems via your systems, PayPal reserves the right to audit these event logs as part of its investigation.
2.6 Data Deletion and Destruction. Once the Agreement terminates or expires, or PayPal data is no longer required for the purposes of the Agreement, PayPal data will be immediately removed from the your environment. Prior to disposal or reuse, all media used to store PayPal data will be cleaned using industry best practices or destroyed.
- Cryptography.
3.1 Proprietary Encryption. When using encryption, pursuant to this Exhibit, you will use only industry recognized cryptography algorithms. Encryption algorithms will be of sufficient strength to equate to 128-bit TripleDES. Hashing functions will be either SHA-1 or MD-5.
3.2 Cryptographic Technologies. Connections to your site utilizing the internet will be protected using any of the following cryptographic technologies: IPSec, SSL, SSH/SCP, PGP, or other technologies that provide, substantially similar levels of security, as reasonably determined by you.