Fair Usage and Acceptable Use Policy
This document sets out the expectations placed upon prospective and live Technical Integrators (TIs) as they interface with our Integration Points, Freemium Sandboxes and associated Web Services.
TIs are required to use the services provided in a considerate manner so as to minimise their impact on other users of the system whilst obtaining the services they need. and to detail potential remedial action by ESS Ltd (ESS) to ensure a performant shared environment.
FAIR USAGE and ACCEPTABLE USE POLICY
1 Aims of this Policy
1.1 This Policy covers the entirety of ESS’s development and live integration services and related systems and technology, as well as ESS’s websites such as the SDK and its configuration website and support website (“Services”). It further covers all of the information and content made available by or on behalf of ESS through any of those Services, as well as directly to the ESS Technical Integrator.
1.2 Our aim is for our Freemium Sandbox and Commercial Partner development environment to be a safe, pleasant and productive working environment. ESS Technical Integrators are an important part of making ESS products valuable to our joint customers. We welcome Technical Integrators of all levels and encourage you to build Applications and services that read and write data from our products. By “Application,” we mean any software application, functionality, website, product or service that you create that is designed to use ESS’s Live Integration Points.
1.2.1 During the development phase, ESS Technical Integrators are required to comply with this Fair Usage and Acceptable Use Policy while using Freemium Sandboxes. Once your Application is ready for a live Integration you will be required to enter into an ESS Technical Integrator Agreement and be bound by the terms of that Agreement. The Agreement will set out various obligations on you as an ESS Technical Integrator, including your compliance with this Policy for your continued use of our Freemium Sandbox, or the use of our Commercial Partner development environment and for effecting and maintaining live integrations.
1.3 Any Technical Integrator making use of Development Integration Points and Development Data Sources, excluding the use of Freemium Sandboxes will be required to enter into an ESS Technical Integrator Agreement. The Agreement will set out various obligations on ESS and the Technical Integrator, including compliance with this Policy.
1.4 Privacy, safety and a high-quality User experience are very important, and this Policy is designed with those goals in mind. We do not cover specific integrations in this Policy, but we aim to give guidance to you as ESS Technical Integrators so that you understand what we consider to be fair and acceptable use of our Services. To protect Users and our Services, we reserve the right to take any action we deem necessary if you or your Application violates the letter or spirit of this Policy.
1.5 By “User” we mean any “Authorised User” that has signed up to our Services through our Commercial Partner registration process, including anyone who interact with your Application directly or indirectly through our Services or whose Data is exposed to or used by your Application directly or indirectly through our Services. By “Data” we mean data, information or content uploaded, posted, transmitted or otherwise made available by Users via our Services, including messages, files, comments, profile information, metadata and token data.
1.6 We take the security of Data very seriously, and you must ensure that as well your Data that your network and the operating system and software of your web servers, databases, and computer systems are properly configured to securely operate your Application and store Data. Data must be stored and served using strong encryption. In addition, you (and your Authorised Users), and your Applications, are prohibited at all times from:
1.6.1 Degrading or compromising security of our Services or systems in any way
1.6.2 Providing access to ESS’s Services or systems in any fraudulent or unauthorised way, including bypassing or circumventing ESS’s recognised integration points, protocols and access controls
1.6.3 Using unpublished ESS APIs
1.6.4 Using direct calls to ESS Data stores that bypass defined ESS integration points
1.6.5 Copying and distributing ESS Data Stores or Software including component parts such as but not limited to Dynamic Link Libraries (DLLs)
1.6.6 Publishing misleading and/or deceptive statements about you, or your Application’s or service’s functionality, performance, origin or Data use
1.6.7 Transmitting any viruses or other code that may damage, detrimentally interfere with, surreptitiously intercept or expropriate any system or Data
1.6.8 Attempting to reverse engineer or otherwise derive source code, trade secrets, or any other intellectual property in the ESS Services, including its integration points or any portion thereof
1.6.9 In addition, you (and your Authorised Users) must, in relation to our development environments:
1.6.10 Not use them in such a way that, in the opinion of ESS, is likely to do any of the above.
1.6.11 Not use them to an extent that its usage is beyond what can reasonably be deemed fair. Including but not limited to:
(a) Calling data more often than necessary for the data type, data use and anticipated frequency of data update
(b) Calling for data sets that are larger than the necessary data load. The use of change tracked and time bound calls are encouraged.
(c) Operate in an overly inefficient manner. ESS will from time to time provide efficiency notices to Technical Integrators. Technical Integrators who receive feedback from the SIMS Partner Team in regard to significant inefficiencies in their Integration are expected to engage with the SIMS Partner Team and make commercially reasonable efforts to increase the efficiency of their integration within 4 months. Failure to engage or act on the feedback be considered a breach of this Policy.
1.6.12 Not load, or attempt to load, any test data that has not been provided by ESS without the prior agreement of ESS (Ask – ess-partnersupport@parentpay.com).
1.6.13 Not load, or attempt to load, any personal data.
2 Data Privacy
2.1 If you offer your Application for use by others outside your organisation, you must maintain a user agreement or contract and privacy policy for your Application or service, which is provided to ESS for display on the ESS sites through which Users authorise Data transfers between your Application and our applicable Services. Your privacy policy must meet applicable legal standards and describe the collection, use, storage and sharing of personal data in clear, understandable and accurate terms.
3 Data Breach
3.1 If Data is breached, exposed, exploited, or otherwise compromised through your Application or company, you must inform all affected Users and ESS immediately via ess-partnersupport@parentpay.com.
3.2 Violations of this Policy may result in the removal of your Applications from the Application Tiles Store, loss of integrations point access (in the development environment and to live integrations) through token revocation or other means, suspension of other Services granted to you and your Authorised Users, User notifications (to data controllers) of Data Breaches and/or the removal or suspension of rights under this Policy, legal action or any other action deemed necessary by ESS. If requested, you must provide us with proof of compliance with this Policy. If you violate this Policy, we may or may not provide notice before taking action depending on the severity of our concerns. Please note that we may periodically audit our development environments and live integrations.
3.3 This Policy will change as the ESS integration points grow and evolve. Please check back regularly for updates. We may use your email address or a notice through our Services to communicate any material changes to this Policy.
3.4 Use of ESS’s integration points, and associated configuration, documentation and development environments is governed by the following restrictions:
ESS Technical Integrators and their Authorised Users must:
3.4.1 not access ESS’s integration points or documentation in violation of any law or regulation;
3.4.2 not access ESS’s integration points in any manner that:
(a) compromises, breaks or circumvents any of our technical processes or security measures associated with our Services,
(b) poses a security vulnerability to our customers or Users of our Services, or
(c) tests the vulnerability of our systems or networks;
(d) access our integration points or documentation in order to replicate or compete with our all or any part of our Services;
3.4.3 not attempt to reverse engineer or otherwise derive source code, trade secrets, or know-how of our APIs or our Services; or
3.4.4 not attempt to use our APIs in a manner that exceeds rate limits, or constitutes excessive or abusive usage.
3.5 By accessing and using our Services, you are deemed to confirm on your own behalf and on behalf of each of your Authorised Users that when you/they access and use our Services that you/they:
3.5.1 Accept responsibility for the security of all credentials provided to access our Commercial Partner Portal any part of the service.
3.5.2 Accept responsibility for the security of all credentials, keys and secrets provided to access the integration points.
3.5.3 Accept responsibility for all calls made to the integration points using credentials provided for that purpose.
3.5.4 Accept that that all calls to integration points are monitored and are attributable to the requestor.
3.5.5 Agree to ESS contacting you/them using the details provided on registration for the Commercial Partner Portal with regard to the use of and performance of the Commercial Partner Portal and any APIs that they are integrating with.
3.5.6 Understand that prior to being able to access live data of one of our customers (stored in ESS Data Source) for the purpose of integrating one or more of your Applications purchased by that customer that you must: have entered into ESS Technical Integrator Agreement with us; have in place an appropriate customer contract and an appropriate data processing agreement with the customer; notify ESS of the proposed integration; input all required details into our configuration site; and provide all other information (and take all other actions) that ESS reasonably requires in respect of the proposed integration.
We want to help you to ensure that your live integrations are successful and recommend that you contact us prior to advertising an integration is available or entering into any documentation with your customers so that you are fully aware of the rights you will acquire under ESS Technical Integrator Agreement (and restrictions on those rights) and the data processing activities involved. Our Technical Integrator team can be contacted by mailing SIMSpartnermanagement@parentpay.com
For Freemium Sandboxes in addition to the above policy.
The ‘Applicant’ for services is either:
- An individual who is responsible for any service usage
- An individual who is registering for and on behalf of a corporate entity or public entity on their behalf and with the authority of the entity named.
ESS will provide:
- Non-exclusive read only system(s) for shared use
- Options for exclusive use instance of SIMS service(s).
- Access to various web portals which provide:
- Keys and secrets for access to data within SIMS systems
- Documentation for calls to obtain data from SIMS Systems
- Other Documentation / Guidance.
To access the service(s) you confirm on behalf of you and your agents that you/they:
- Accept responsibility for the security of all credentials provided to access this application.
- Accept responsibility for all calls made to the service using credentials provided under this application.
- Accept that that all calls are monitored and are attributable to the requestor.
- Agree to ESS contacting them using the details provided with regard to the use of and performance of the system
- Understand this service is unsupported and unwarranted. The provision of any systems FOC does not constitute any entitlement to support beyond access to documentation made publicly available. Options are provided for paid support services which are subject to formal support agreements.
- Agree that any data entered in to demonstration systems will be compliant with relevant legislation i.e. it will be fictitious and will not be details of any real persons.
- Understand that a further process is required prior to being able to access live data for schools. Access to development resources is not in itself a guarantee that access will be provided to live schools data.
ESS reserves the right to suspend or terminate access to the SIMS Cloud APIs if in ESS’s reasonable opinion:
- Use is likely to degrades services for other users of the development system
- Usage exceeds what can be reasonably deemed fair
- Attempts or appears to attempt to load test without prior agreement of ESS Ltd (Ask - ESS-PartnerSupport@parentpay.com)
- Any attempt is made to subvert or reverse engineer Parentpay / ESS systems, e.g. Denial of service attacks.
- Any breach of the terms and conditions has occurred.
Failure to adhere to terms and conditions of use may prevent the use of our cloud services by integrators.
In case of dispute English Law applies and applicants accept the jurisdiction of English courts. ESS Ltd reserves all rights.
Contact details: Please email partner.management@parentpay.com or phone 01234-838080 and ask for the partner services manager.