Policies

Developer Terms & Conditions

Last Updated: August 7, 2024

These Narmi Developer Terms & Conditions (the “Agreement”) constitute a binding contract by and between Narmi Inc. a Delaware corporation (“Narmi”), and you (“Developer”). This Agreement governs Developer’s use of the API and Narmi Materials. Narmi and Developer are referred to herein individually as a “Party”, and together, collectively, the “Parties”.

BY ACCESSING OR USING THE API OR NARMI MATERIALS, YOU (A) ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTAND THIS AGREEMENT; (B) REPRESENT AND WARRANT THAT YOU HAVE THE RIGHT, POWER, AND AUTHORITY TO ENTER INTO THIS AGREEMENT; AND (C) ACCEPT THIS AGREEMENT AND AGREE THAT YOU ARE LEGALLY BOUND BY ITS TERMS. IF YOU DO NOT ACCEPT THESE TERMS, YOU MAY NOT ACCESS OR USE THE API OR NARMI MATERIALS.

  1. DEFINITIONS
  1. “API” means any application programming interface(s) of Narmi including any related software, executable code, services, accounts, tokens, webhooks, or associated information.
  2. “Client” means a duly licensed and regulated financial institution that is a customer of Narmi.
  3. Client Vendor Agreement” means a duly executed agreement between Developer and Client that has not expired or otherwise terminated; and (b) in order to fulfill its obligations to Client under such agreement, Developer must integrate with Narmi pursuant to this Agreement.
  4. “Data Recipient” means any Developer client, customer, or other third-party entity (excluding Users) that has entered into a written agreement with Developer, pursuant to which such client, customer, or entity is provided User Data by Developer.
  5. “De-identified Data” means User Data and information that has been Anonymized and aggregated with similar data and information to the extent that the original User Data and information is no longer reasonably attributable to Narmi or to any specific User. “Anonymized” for purposes of this definition, means the process of removing from data all information that identifies, provides a reasonable basis to identify, or could reasonably be anticipated to identify, when taken in the aggregate, a specific individual. For the avoidance of doubt, Anonymized data cannot reasonably be re-identified or de-anonymized, and does not include any form of personally identifiable information.
  6. “End User Vendor” means Developer in the case that Developer intends to access the Narmi API to develop products and/or services for End Users of Clients. For purposes of this Agreement, where Client is the Developer, relevant terms applicable to the End User Vendor shall apply.
  7. End User Vendor Agreement” means a duly executed agreement between Developer and a particular End User that has not expired or otherwise terminated; and (b) in order to fulfill its obligations to End User under such agreement, Developer must integrate with Narmi pursuant to this Agreement.
  8. “Intellectual Property Rights” means all intellectual property rights throughout the world, including copyrights, patents, trademarks, trade secrets, inventions (whether or not patentable), know-how, authors’ rights, rights of attribution, moral rights, other proprietary rights, and all applications and rights to apply for registration or protection of such rights.
  9. “NAF” means the Narmi Application Framework designed to allow Developers to embed applications directly into the Narmi Platform (each application, a “NAF App”). Clients may add, remove, or update NAF Apps from within the Narmi Admin Platform.
  10. “Narmi Materials” means all materials given to Developer by Narmi for Developer’s use in accessing the Tools and/or User Data, and any and all data and information relating to Narmi’s products, business, operations, employees, contractors, systems, interfaces, integrations, reports, data outputs, customizations, configurations, and other materials created or developed by Narmi.  For the avoidance of doubt, Narmi Materials do not include User Data.
  11. “Tools” means the API and the NAF.
  12. “User” means an individual or entity, including a Client or any of its end users (“End User”), who is an account holder of Narmi or a Client and who has also authorized Developer or a Data Recipient to access its User Data retrieved from the Tools.
  13. “User Account Credentials” means usernames, online identifiers (“IDs”), or other user IDs; passwords, passcodes, and/or personal identification number (“PIN”) codes; challenge question and answer pairs; biometric identifiers; and/or other authentication information provided to Developer by a User for the purpose of allowing Developer to access a website and/or application of Narmi on behalf of such User.
  14. “User Data” means any User Account Credentials and, to the extent accessed by Developer through the Tools, any transaction data, account information, and/or personally identifiable information associated with a User.  Where User Data is referenced herein with respect to the rights and obligations of Developer or the disclosures and permissions related to User Data of a particular User, the User Data referenced shall be limited to: (a) in the case that Developer is an End User Vendor, the User Data of each End User subject to an End User Vendor Agreement; and (b) in the case that Developer is a Client Vendor, the User Data of each such Client and its relevant End Users.
  1. DATA ACCESS
    1. Access Rights. Subject to the terms of this Agreement, Narmi will permit Developer, and Developer agrees, to use and access the Tools solely in order for Developer to collect User Data as authorized by each respective User in accordance with Section 3, and only in its capacity as a Client Vendor or End User Vendor. Developer will not access or collect, or attempt to access or collect, any User Data through any Narmi websites or systems other than the Tools and will only access or collect User Data from Narmi through the Tools as permitted under the Agreement.
    2. Prohibited Uses. Developer will not use the Tools or collected User Data from the Tools (i) to perform, encourage, or promote any activity that is illegal or to otherwise knowingly violate the rights of a third party, or (ii) in a way that could reasonably be expected to cause harm to Narmi’s reputation, or (iii) in a way that could reasonably be expected to interfere with or adversely affect the proper functioning of the Tools. Developer will not and will not authorize any third party to use the Tools for any purpose or in any manner other than expressly permitted in this Agreement, or modify, decompile, reverse engineer, alter, tamper with, or create derivative works of the Tools. Developer shall not sell, exploit, or commercialize any User Data, except to provide services as authorized in a Client Vendor Agreement or End User Vendor Agreement and as permitted by this Agreement and applicable laws.  
    3. De-identified Data. Unless granted express authority to do so in a Client Vendor Agreement or End User Vendor Agreement, a Developer that is a Client Vendor or End User Vendor (respectively) shall have no right to anonymize or aggregate User Data, or to collect, examine, extract, model, manipulate, aggregate, collate, analyze, create analysis using, reproduce, and otherwise use such De-identified Data for Developer’s business purposes.  
    4. Narmi Activities. Developer agrees that Narmi may monitor, record, and/or review any access to the Tools at any time and without notice to Developer and Narmi may store and otherwise process business contact information of Developer personnel, for example, name, business telephone, address, email, and/or user ID, but solely for the purpose of exercising its rights or fulfilling its obligations hereunder. Developer waives any right or claims of privacy (express or implied) with respect to all such activities. Developer acknowledges that Narmi intends to, and that Developer will, cooperate fully with any government authorities, including law enforcement or judicial investigations, regarding any access to the Tools or any Narmi Materials or User Data. This cooperation may include disclosure of the identities of, and the information transmitted or received by, persons accessing the Tools.
    5. Developer Systems. Developer is responsible for all systems (including software, hardware and connectivity) and tools that Developer uses to access the Tools or collect or access User Data through the Tools (“Developer Access Systems”). Developer will ensure that all Developer Access Systems include up-to-date anti-virus and security software that meets industry best practices. Developer will also take such other steps as are consistent with industry best practices to guard against unauthorized access to the Tools or User Data.
    6. Scope of Access.
      1. Prior to accessing, retrieving or processing any User Data, Developer shall first, either directly, through Client, or through a Data Recipient, secure the express consent of the applicable User to such access, retrieval, or processing of the User Data. At no time will Developer seek to access or retain more User Data than is reasonably necessary to provide each User with a Developer service or Data Recipient service in which that User has enrolled. In the event that Developer accesses or gathers User Data from the Tools in excess of what is reasonably necessary to provide such Developer or Data Recipient service(s), then Developer will promptly delete and destroy such User Data. Developer specifically agrees that it will not use any NPI in any manner prohibited by Title V of the Gramm-Leach-Bliley Act of 1999.
      2. Pursuant to the terms of this Agreement and then only to the extent permitted by a User and by applicable laws, Developer may (i) use User Data to provide such User with any Developer service(s) and (ii) share User Data with a Developer contractor or Data Recipient solely in support of Developer or Data Recipient providing a service to such User. Developer will require that all Developer contractors that process User Data are subject to written agreements with Developer with terms and obligations consistent with the terms and obligations of the Agreement. 
      3. Developer will only store and host Narmi Materials and User Data from locations within the United States. Any change to the location of the storage or hosting of Narmi Materials or User Data to outside of the United States must be approved in advance by Narmi in writing.  
      4. Without limiting Narmi’s other rights, Developer agrees that Narmi may create and display interactive tools for Users that allow the Users to view and manage consents and disclosures for Developer and/or other entities with access to the Tools. Developer hereby agrees to allow Narmi to use the name and logo of Developer, Data Recipients (to the extent Developer has the contractual right to grant such permission), and Developer services for the purposes of managing consent and disclosures activity. Narmi hereby agrees to allow Developer and Data Recipients to use the Narmi’s name in its privacy disclosures only in the event such specificity is required under applicable privacy laws. Developer shall obtain the appropriate rights and licenses from individual Clients prior to using their names and marks for the purpose of providing End Users with the ability to link their accounts for access to User Data using the API.
    7. Access Fees. As of the Effective Date, Narmi will not charge Developer an access fee or other fees for access to the API and User Data. In the event that Narmi elects to charge a fee for such access at a later date, Narmi will provide at least thirty (30) days notice to Developer, and such notice shall include the circumstances under which Narmi may charge, and the amount of such fees for Developer’s access to the API and User Data. Each Party will bear its own expenses incurred in performing its obligations under the Agreement, unless otherwise agreed by the Parties.
    8. Data Recipients
      1. Before providing User Data from the API to a Data Recipient, Developer and such Data Recipient will enter into a written agreement (a “Data Recipient Agreement”) requiring that the Data Recipient comply in all material respects with terms and conditions at least as protective as those in the following sections of the Agreement: Section 2.6 (Scope of Access); Section 3 (User Disclosure and Consent); Section 4.2 (Exit Rights); Section 4.3 (Suspension Rights); Section 6.4 (Developer Personnel); Section 6.8 (Audits); and Section 7.1 (Disclaimers). 
      2. In addition to the requirements in Section 2.8.1, for any Data Recipient that (i) is provided User Data by Developer, and (ii) is not a financial institution that is subject to examination by a federal or state government authority for legal compliance with applicable privacy regulations and data security protections, the Data Recipient Agreement will also require such Data Recipient to comply in all material respects with terms and conditions at least as protective as those in the following sections of the Agreement: Section 6.5 (Control and Oversight); Section 6.6 (Data Safeguards); Section 6.7 (Breach of Security) (except that notice under such Section 7.7.1 will be provided to Developer, not Narmi); and Section 6.9 (Security Reviews and Assessments).
  2. USER DISCLOSURE AND CONSENT 
    1. Client Vendor Disclosures. Each Developer that is a Client Vendor will ensure in each Client Vendor Agreement that Client is responsible for any and all disclosures to and permissions from End Users with respect to User Data relevant to each Developer service or Data Recipient service. Where a Client Vendor does not obtain assurances from Client that such obligations sit with Client, such Client Vendor shall be responsible for the disclosures and permissions set forth in Section 3.2 as though Developer were an End User Vendor.
    2. End User Vendor Disclosures. Each Developer that is an End User Vendor shall provide and/or, to the extent applicable, ensure that any Data Recipients shall provide clear and conspicuous disclosures to Users or prospective Users (which may be included in an applicable privacy notice) that comply with all applicable laws and that describe how User Data is collected, accessed, stored and used, including with respect to De-identified Data and any other derivatives, compilations, or combinations of User Data. Where End User Vendor is not a Client, End User Vendor terms also must state that End User Vendor is acting independently with respect to End User Vendor services, and not as an agent of Narmi or Client. If Developer or Data Recipients are required by applicable privacy regulations to provide a privacy notice to Users in connection with a Developer service, then Developer will, or will require Data Recipients to, comply with such privacy notice and privacy regulations, including all obligations to deliver privacy notices and restrictions on the sharing and reuse of User Data or other personal information, and, as applicable, provide sufficient functionality so that Narmi may comply with all applicable data privacy and security laws, rules and regulations.
    3. Customer Service. Developer is responsible for managing any disputes or issues raised by a User relating to Developer’s services. Narmi or its Client with the contractual relationship with User has the right to engage with the User directly regarding any issues and complaints relating to the access of User Data and Narmi has the right to terminate access to any User Data at any time to address a User issue or complaint; provided, that, Developer will remain responsible for any unauthorized access or use of User Data in the possession and control of Developer. 
  3. TERM, TERMINATION AND SUSPENSION
    1. Term. The term of the Agreement (“Term”) begins on the date Developer first accesses the API or Developer Materials and ends when terminated in accordance with the terms of the Agreement. Either Party may terminate the Agreement for convenience and without cause at any time by giving the other Party at least 30 days’ prior written notice designating the termination date. Either Party may terminate the Agreement with immediate effect upon notice to the other party based upon good faith belief that continued participation in the Agreement will result in a violation of any applicable law or adversely impact compliance with a law (including regulatory guidelines or requirements), or if there is a security breach. 
    2. Exit Rights. Upon termination of the Agreement, Developer will, at Narmi’s election, either delete and destroy or deliver to Narmi all Narmi Materials and Confidential Information received from Narmi; and Narmi will, at Developer’s election, either delete and destroy or deliver to Developer all Confidential Information received from Developer.
    3. Suspension Rights. Narmi has the right to suspend Developer’s access, in whole or in part, to the API (including for a particular Developer service or Data Recipient), for the following reason(s): (i) Narmi’s good-faith belief that Developer and/or a Data Recipient is acting in an unauthorized manner with respect to its access to the API; (ii) a User requests that Narmi no longer permit Developer or a Data Recipient to access its User Data (such suspension will only be applied to the requesting User); or (iii) Narmi’s good-faith belief that there is an imminent and material risk of a security breach with respect to the API or a Developer Access System. Narmi will provide Developer with notice of the suspension, including a description of the scope of the suspension and the reasons for the suspension. Narmi will provide advance notice of the suspension, if and as possible, provided, that, in the event there is a security breach or another significant incident compromising the confidentiality and/or integrity of the API, the Narmi Platform, or User Data, Narmi may suspend access to the User Data or API immediately without prior notice. Upon notice of suspension, Developer will immediately: (i) cease attempting to access User Data through the API; (ii) comply with Narmi’s reasonable requests to assist Narmi in remediating and preventing further harm or loss (which assistance shall be provided at Narmi’s sole cost and expense, except where such suspension is made necessary by an act or omission of Developer); and (iii) have the right to terminate this Agreement upon notice to Narmi. The Parties will work together to remediate the reason for any suspension.
  4. DATA AND PROPRIETARY RIGHTS
    1. Systems and Resources. Narmi perpetually owns all right, title, and interest in and to, together with any and all Intellectual Property Rights, inherent in and appurtenant to the API, the Narmi Platform, and Narmi Materials. Developer will only use Narmi Materials as expressly permitted by the terms of the Agreement, and only in connection with the specific purpose for which Narmi provides such Narmi Materials to Developer. Developer perpetually owns all right, title, and interest in and to, together with any and all Intellectual Property Rights, inherent in and appurtenant to Developer Access Systems, and Developer services.
    2. Adverse Claims. Developer will promptly notify Narmi in writing upon becoming aware of any threat, or the filing of any action, suit, or proceeding, against Developer (a) alleging infringement, misappropriation, or other violation of any Intellectual Property Rights related to the API and/or Developer Access Systems, or (b) in which an adverse decision would reasonably be expected to have a material adverse effect on Developer’s ability to comply with its obligations under this Agreement. 
    3. Trademarks. Developer grants Narmi a limited, royalty-free, revocable, non-exclusive license to use its tradenames, trademarks, servicemarks, logos and other approved designations (collectively, "Marks") to develop materials for marketing, distribution, public relations, and general promotion of Developer’s services developed using the Tools; provided that such Developer services are intended to be made generally available to Clients. Developer further agrees that: (a) Developer will use Narmi’s Marks in strict accordance with any guidelines for the use of such Marks as provided by Narmi from time to time in advance and in writing, (b) Developer will not alter any such Marks and will use only exact reproductions thereof as supplied by Narmi, and (c) at Developer’s request, all depictions of such Marks which Developer intends to use will be submitted to Narmi for prior approval. Except as permitted in this Agreement, Developer will not issue any public media releases, public announcements, or public disclosures relating to the Agreement or publicly use Narmi’s Marks, including in promotional or marketing material, without the Narmi’s prior written consent; provided that nothing in this Section 5.3 will restrict any disclosure required by Law.  Developer agrees that Developer’s use of any Narmi Marks must be approved by Narmi in writing. Under all circumstances, the party ("Using Party") using the Marks of the other party (“Owning Party") agrees that (i) as between the Parties, all rights in and to such Marks are owned by the Owning Party, (ii) the Using Party will do nothing inconsistent with such ownership, and (iii) all uses of such Marks, including all associated goodwill, will inure to the sole benefit of and be on behalf of the Owning Party. 
    4. Other Terms. Except as specifically provided in the Agreement, Narmi does not grant to Developer any right or license, express or implied, in any Narmi Materials or any other Intellectual Property Rights of Narmi. Except as specifically provided in the Agreement, Developer does not grant to Narmi, either itself or on behalf of any Data Recipient, any right or license, express or implied, in any Developer Intellectual Property Rights, Developer Access Systems, or Developer service.
  5. CONFIDENTIALITY AND DATA SECURITY
    1. Definitions. “Confidential Information” means information that is disclosed by a Party in connection with the Agreement that is not generally known to the public and, at the time of disclosure, is identified as, or would reasonably be understood by the receiving Party to be, proprietary or confidential. Subject to the foregoing, with respect to each Party, Confidential Information includes but is not limited to: (a) business plans, strategies and analyses, and sales and marketing information; (b) financial information; (c) business processes, methods, and models; (d) employee, consumer, customer, business partner, and supplier information; (e) product and service specifications; (f) the non-public records compiled in connection with enforcement responsibilities, reports of examination, supervisory correspondence, investigatory files, and internal memoranda; and (g) the terms of this Agreement. Narmi Materials and the API are Confidential Information of Narmi. Developer Access Systems (and related Developer documentation) are Confidential Information of Developer. User Data shall be considered the Confidential Information of Narmi.
    2. Obligations. Each Party will treat all Confidential Information of the other Party as confidential and will disclose such Confidential Information only to those contractors and individuals within their organizations with a reasonable need to know (provided that such contractors and individuals are bound by the confidentiality obligations no less protective than those set forth in the Agreement). Each Party will use at least the same degree of care to prevent unauthorized use and disclosure of the Confidential Information of the other Party as it employs to avoid unauthorized use, disclosure, publication, or dissemination of its own information of a similar nature, but in no event less than a reasonable standard of care. A Party may disclose Confidential Information of the other Party to advisors, auditors, and other representatives only when necessary to perform, assess, or interpret such Party’s obligations under the Agreement, and subject to such third party agreeing to confidentiality obligations substantially equivalent to those set forth in the Agreement, where (a) the use of such an entity is authorized under the Agreement or such disclosure is reasonably necessary to or otherwise occurs in that third party's scope of responsibility and (b) the disclosure is in accordance with the Agreement. Neither Party will (i) make any use or copies of the Confidential Information of the other except as necessary to perform its obligations under the Agreement, (ii) acquire any right in or assert any lien against the Confidential Information of the other, or (iii) refuse for any reason (including a default or material breach of the Agreement by the other Party) to promptly provide the other Party's Confidential Information (including all copies thereof) to the other Party if requested in writing to do so. Upon the expiration or termination for any reason of the Agreement and the concomitant completion of a Party's obligations under the Agreement, each Party will (except as otherwise provided for in the Agreement) return or delete and destroy all documentation in any medium that contains, refers to, or relates to the other Party's Confidential Information, and retain no copies (other than required by law) within 30 days of agreement expiration or 15 days of agreement termination. Both Parties must regularly audit and review their respective information security policies and procedures to ensure their continued effectiveness and determine whether adjustments are necessary in light of circumstances including changes in technology, customer information systems, or threats or hazards to Confidential Information. Notwithstanding anything to the contrary set forth elsewhere in the Agreement, each Party will be permitted to (1) identify the other Party by name, and (2) disclose the existence of the Agreement and the terms and conditions of the Agreement to its advisors, auditors, and other representatives. To the extent legally permitted, a Party will notify the other Party of any actual or threatened requirement of law to disclose Confidential Information promptly upon receiving actual knowledge thereof and will cooperate with the other Party’s reasonable, lawful efforts to resist, limit, or delay disclosure.
    3. Exceptions. The obligations of confidentiality in this Section 6 will not apply to any information that (a) a Party rightfully has in its possession when disclosed to it, free of obligation to the other Party to maintain its confidentiality; (b) a Party independently develops without access to the other Party’s Confidential Information, as demonstrated by such Party’s written records; (c) is or becomes known to the public other than by breach of the Agreement; or (d) is rightfully received by a Party from a third party without the obligation of confidentiality. Any combination of Confidential Information disclosed with information not so classified will not be deemed to be within one of the foregoing exclusions merely because individual portions of such combination are free of any confidentiality obligation or are separately known in the public domain. 
    4. Developer Personnel. No Developer employee, contractor, or other related party will be deemed an employee, contractor, or joint venturer of Narmi as a result of or in connection with the Agreement. Developer represents that it maintains comprehensive hiring policies and procedures and, through its hiring policies and procedures, including background checks, it endeavors to hire the best candidates with appropriate character, disposition, and honesty. Developer will not knowingly permit any employee, contractor, or other individual to have access to the API, Narmi Materials, or User Data who has been convicted of a crime involving theft, fraud, money laundering, breach of fiduciary duty, or other financial crime. 
    5. Control and Oversight. During the Term, Developer will:
      1. Establish and maintain industry standard governance and risk assessment processes with respect to the control of Confidential Information. A security awareness program must be in place or implemented that communicates security policies to all Developer employees, contractors, or other persons having access to Confidential Information. 
      2. Use strong, industry-standard encryption of Confidential Information transmitted over public networks (e.g., Internet, non-dedicated leased lines) and backup copies residing at off-site storage facilities in a separate location.
      3. Develop quality assurance and internal controls, including implementing tools and methodologies, aimed to ensure that User Data and personal information is accessed in a secure manner consistent with industry best practices and in compliance with applicable laws, User consents, and the terms of the Agreement. Without limiting the foregoing, Developer will (i) maintain a strong control environment in day-to-day operations in accordance with industry standards for any environments that host, access, process, or store Narmi Materials or User Data; (ii) develop and execute a process to ensure that internal control self-assessments are performed at least annually with respect to any environments that host, access, process, or store Narmi Materials or User Data and report the outcomes of such self-assessments to Narmi upon request; and (iii) maintain an internal audit function sufficient to monitor the processes and systems used by Developer (e.g., perform audits, track control measures, communicate status to management, drive corrective action) and that supports audit requirements of the Agreement. 
    6. Data Safeguards.
      1. Developer will establish and maintain an information security program designed to safeguard against the unauthorized disclosure, destruction, loss, or alteration of Narmi Materials or User Data in the possession of Developer. Developer will not access nor attempt to access Narmi Materials or User Data to which it is not entitled or for which User consent has not been given or has been withdrawn. Without limiting the foregoing, Developer will institute security measures consistent with best practices in the financial services industry to guard against the unauthorized access, alteration, destruction, or loss of Narmi Materials or User Data.
      2. Developer will only transfer (including internal transfers that occur beyond the internal firewalls of Developer or a Data Recipient) Narmi Materials and User Data in a secure and confidential manner, including, at a minimum, encrypting the data or through establishing a virtual private network with Narmi in a manner as approved by Narmi.
      3. Developer’s information security program will be consistent with the generally accepted industry standards, including “Generally Accepted Principles and Practices for Securing Information and Technology Systems” (GAPPs) issued by the National Institute of Standards & Technology (NIST) and the ISO 27000 series unless otherwise agreed to by Narmi. 
      4. Developer and Developer contractors processing User Data will use a real-time intrusion detection system on all Developer Access Systems. Developer will actively monitor the intrusion detection system for activities that correspond to attempts at breaking the security of Developer Access Systems. Along with the deployment of such a real-time intrusion detection system, Developer and Developer contractors processing User Data will adopt and follow operational procedures to disable the source of any perceived attack and escalation procedures to notify Developer security groups for follow-up action.
    7. Breach of Security.
      1. In the event Developer, a Developer contractor, or a Data Recipient discovers or is notified of a security breach relating to the Confidential Information of Narmi or User Data (i) Developer will promptly notify Narmi, within no more than twenty-four (24) hours, (ii) Developer will notify the affected individuals in accordance with notice requirements under applicable law, (iii) Developer will, or will require any applicable Data Recipient to, immediately investigate and remediate the cause and effects of the breach or potential breach, and (iv) Developer will provide Narmi with assurance satisfactory to Narmi that such breach or potential breach is not reasonably likely to reoccur.
      2. The Parties agree to reasonably cooperate with each other during the investigation of a security breach, including the delay of remediation, and as otherwise required by law enforcement. Narmi has the right to participate in any security investigation relating to Confidential Information of Narmi or Narmi systems. 
    8. Audits. No more frequently than annually during the Term (unless required by applicable law), Narmi, at Narmi’s sole cost and expense and through independent third-party auditors reasonably acceptable to Developer (“Auditors”), shall have the right, but not the obligation, to audit, review, and inspect applicable records and systems of Developer for the sole and exclusive purpose of confirming Developer’s compliance with its obligations under the Agreement. Narmi will provide Developer with no less than sixty (60) days’ advance written notice of any audit, review, or inspection. Developer will reasonably cooperate in any such audit, review, or inspection that Narmi may undertake. During the Term, Developer will, in connection with an audit performed pursuant to this Section 6.8:
      1. Make applicable records, as well as external audit opinions, external audit letters, external audit statements, and external audit reports relating to use of the APIs, access to User Data, and performance of its obligations under the Agreement, including access activities, available for inspection by Auditors. 
      2. Give Auditors reasonable access, during regular business hours, to Developer personnel and representatives. 
      3. Allow Narmi and its representatives to review documents evidencing that informed and explicit consent from Users has been properly obtained and is in place, and that proper disclosures have been provided, according to the terms of this Agreement.
      4. Not be required to disclose or make available to Narmi or any Auditor any source code or other proprietary technology of Developer.
    9. Security Reviews and Assessments.
      1. As part of the audit described in Section 6.8, Auditors may conduct on-site security reviews and assessments, vulnerability testing, and disaster recovery testing for any technology, including Developer Access Systems, hosting, storing or processing User Data or Narmi Materials, and otherwise audit the operations of Developer for compliance with this Agreement. If vulnerabilities are identified, Developer will: (i) promptly document and, within formally established timelines, implement a mutually agreed upon remediation plan; and (ii) upon Narmi’s request, provide Narmi with the status of the implementation. 
      2. At least annually, Developer will (i) have a certified independent public accounting firm or another independent, certified, industry-recognized third party conduct a review and provide a full attestation and report under SOC 2 Type II (or a successor or replacement thereof) or, if a SOC 2 Type II attestation and report is not an available option, then a review and certification reasonably satisfactory to Narmi to demonstrate compliance with systems and operational controls, in each case, including a review of all key systems and operational controls used in connection with any User Data or Narmi Materials; and (ii) conduct and provide a full report of an independent network and application penetration test. Developer will provide all findings from these attestations, reviews, and tests to Narmi upon receipt; provided that any findings, reports, or other documentation or information provided to Narmi hereunder shall be and remain the Confidential Information of Developer. Developer will use commercially reasonable efforts to implement the recommendations set forth in such attestations, reviews, and reports, and, upon Narmi’s request, provide Narmi with the status of the implementation.
  6. LIABILITY.
    1. DISCLAIMERS. DEVELOPER UNDERSTANDS AND AGREES THAT, EXCEPT AS OTHERWISE SET FORTH HEREIN, ALL USE AND ACCESS TO THE API IS PROVIDED “AS IS” WITHOUT ANY REPRESENTATION OR WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INTERFERENCE. FURTHER, NARMI EXPRESSLY DISCLAIMS ANY TYPE OF REPRESENTATION OR WARRANTY REGARDING THE AVAILABILITY OR RESPONSE TIME OF THE API OR USER DATA OR THAT ACCESS TO THE API OR USER DATA WILL BE UNINTERRUPTED; AND EXPRESSLY DISCLAIMS THE COMPLETENESS, AND CURRENCY OF USER DATA. 
    2. LIABILITY. EXCEPT WITH RESPECT TO DEVELOPER’S (I) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREUNDER, OR (II) GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, NEITHER PARTY, NOR THEIR RESPECTIVE AGENTS, EMPLOYEES, REPRESENTATIVES, AND AFFILIATES, IS OR SHALL BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, PUNITIVE, OR SPECIAL DAMAGES, INCLUDING LOST PROFITS OR LOST REVENUES, ARISING FROM OR RELATED TO THIS AGREEMENT, REGARDLESS OF THE FORM OF THE ACTION OR THE THEORY OF RECOVERY, EVEN IF THAT PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF THOSE DAMAGES. NOTWITHSTANDING THE FOREGOING, AND EXCEPT WITH RESPECT TO NARMI’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, NARMI’S ENTIRE LIABILITY TO DEVELOPER FOR ALL DAMAGES, LOSSES, INDEMNITY EXPENSES, CAUSES OF ACTION, OR LIABILITY OF ANY TYPE OR KIND SHALL NOT, UNDER ANY CIRCUMSTANCES, EXCEED $1,000.
  1. Mutual Representations and Warranties. Each Party represents, warrants, and covenants that as of the Effective Date and throughout the Term: (a) the Party's execution, delivery, and performance of the Agreement: (i) have been authorized by all necessary corporate action, (ii) do not violate the terms of any law or privacy regulation to which such Party is subject or the terms of any material agreement to which such Party or any of its assets may be subject, and (iii) except as expressly set forth in the Agreement, are not subject to the consent or approval of any third party; (b) the Agreement is the valid and binding obligation of the representing Party, enforceable against such Party in accordance with its terms; (c) such Party is not subject to any pending or threatened litigation or governmental action that could interfere with such Party's performance of its obligations hereunder; (d) such Party will render its obligations under the Agreement with promptness and diligence and will execute them in a professional, competent, and workmanlike manner, in accordance with the terms of the Agreement; (e) such Party will perform its responsibilities under the Agreement in a manner that does not infringe, or constitute an infringement or misappropriation of, the patent, copyright, trademark, trade secret or other proprietary rights of a third party; (f) such Party will use commercially reasonable efforts to prevent the introduction or proliferation of any computer virus or other malicious code into any computer or network system used in connection with the API or the Agreement and will mitigate and remediate the cause and effects of such computer virus or other malicious code should it be introduced by such Party; and (g) such Party will comply with all applicable rules and regulations of the Fair Credit Reporting Act 15 U.S.C. §1681 (“FCRA”), if applicable, and will notify the other Party, as legally permitted and practicable, of any regulatory investigation initiated by any regulator with jurisdiction over such Party involving FCRA. Developer agrees that it will notify Narmi if Developer determines that it has become subject to FCRA.
  2. Indemnification. Each Party (the “Indemnifying Party”) will indemnify, defend (subject to Section 7.5), and hold harmless the other Party and their representatives, successors, and permitted assigns from and against any and all claims made by any third party and all related losses, including expenses, damages, costs, liabilities, and reasonable attorneys' fees and expenses (such losses collectively, “Losses”), to the extent such claims or Losses arise out of or relate to the following: (a) any grossly negligent act or omission or willful misconduct by the Indemnifying Party or any material breach in a representation, covenant, or obligation of such Indemnifying Party included in this Agreement; (b) any use, transmission, access, disclosure, sale, distribution, display, storage, loss, or security breach of any Confidential Information of the other Party or User Data by the Indemnifying Party in violation of this Agreement; and (c) any actual or alleged infringement, violation, or misappropriation of the Intellectual Property Rights of any third person with respect to the services provided by, and/or the resources, materials, work product, software, equipment or other assets used or provided by, the Indemnifying Party in connection with this Agreement or the API.
  3. Indemnification Procedures. Each indemnified Party (the “Indemnified Party”) will provide the Indemnifying Party with prompt written notice of any claim, demand, or action for which the Indemnified Party is seeking or may seek indemnification hereunder (provided that the failure of the Indemnified Party to promptly notify the Indemnifying Party hereunder will not relieve the Indemnifying Party of any liability with respect to the claim, except to the extent the Indemnifying Party demonstrates that it is prejudiced by such failure). The Indemnifying Party will keep the Indemnified Party fully informed concerning the status of any litigation, negotiations, or settlements of any such claim, demand, or action. The Indemnified Party will be entitled, at its own expense, to participate in any such litigation, negotiations, and settlements with counsel of its own choosing. The Indemnifying Party will not have the right to settle any claim without the prior written consent of such Indemnified Party. Notwithstanding the foregoing, if a government authority brings a claim against an Indemnified Party that is the subject of the indemnities in Section 7, such Indemnified Party will have the right to assume control of the defense of any such claim and the Indemnifying Party will reimburse the Indemnified Party for all reasonable costs of defense.  The Indemnifying Party will cooperate, at its own cost, in all reasonable respects with the Indemnified Party and its attorneys in the investigation, trial, and defense of such claim and any appeal arising therefrom and may participate in such defense at its own cost. 
  1. MISCELLANEOUS PROVISIONS
    1. Survival. The following terms will survive after the expiration or termination of the Agreement: Section 1 (Definitions), Section 3.2 (Customer Service), Section 4.2 (Exit Rights), Section 6.1 (Definitions), Section 6.2 (Obligations), Section 6.3 (Exceptions), Section 7.1 (Disclaimers), Section 7.2 (Liability), Section 7.4 (Indemnification), Section 7.5 (Indemnification Procedures) and this Section 8 (Miscellaneous Provisions), as well as any other terms that expressly or by their nature contemplate performance after such expiration or termination.
    2. Relationship of the Parties. For the purposes of this Agreement, the Parties are independent contractors and the Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the Parties. Neither Party is authorized under the Agreement to bind the other with respect to any other person or entity. Nothing in the Agreement will confer any rights upon any person other than the Parties and their respective successors and permitted assigns. 
    3. Assignment. Neither Party may assign or transfer this Agreement (in whole or in part), or any of obligations hereunder, without the prior written consent of the other Party, which consent will not be unreasonably withheld or delayed; provided, however, that either Party may assign this Agreement and its rights and obligations hereunder upon notice to the other Party but without obtaining consent, to (i) a successor in interest to substantially all of such Party’s business to which this Agreement relates or (ii) to any affiliate entity, provided that the other Party may terminate this Agreement by providing written notice to such Party within ten (10) days of receiving notice of such assignment. All of the terms of the Agreement will be binding upon and will inure to the benefit of each Party’s successors and permitted assigns. Any assignment, delegation, or transfer in violation of this provision will be void and without legal effect.
    4. Dispute Resolution. If a dispute arises out of or in connection with the Agreement, the disputing Party may request a meeting to resolve the dispute. Should the Parties not be able to resolve the dispute within 30 days after the meeting first being requested, then either Party may commence any court or other formal proceedings. Nothing in the Agreement will prevent either Party from taking such action as it deems appropriate (including any application to a relevant court) for injunctive or other emergency or interim relief. 
    5. Governing Law; Jurisdiction. The Agreement is governed by and will be construed in accordance with the Laws of the State of New York and the United States. The Parties hereby agree to the exclusive jurisdiction of the courts of the State of New York in New York City for the purposes of any action or proceeding brought by either of them in connection with the Agreement. The Parties agree that the foregoing will preclude the jurisdiction and application of any other forum and Law. In any action relating to the Agreement, each of the Parties irrevocably waives the right to trial by jury.
    6. Equitable Relief. The violation of the provisions of Section 6.2 may cause immediate and irreparable harm to each Party for which money damages may not constitute an adequate remedy at Law. Therefore, in the event of a breach or threatened breach of said provisions by Narmi or Developer, the Party not in breach or not threatening to breach will have the right to seek, in any court of competent jurisdiction, an injunction to restrain said breach or threatened breach, without posting any bond or other security. 
    7. Notices. Any notices to Narmi must be sent to our headquarters address available at www.narmi.com, and must be delivered either in person, by certified or registered mail, return receipt requested and postage prepaid, or by recognized overnight courier service, and are deemed given upon receipt by us. Notwithstanding the foregoing, you hereby consent to receiving electronic communications from us. Developer agrees that any notices, agreements, disclosures, or other communications that we send to you electronically will satisfy any legal communication requirements, including that such communications be in writing.
    8. Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement shall remain in full force and effect. 
    9. Counterparts. The Agreement may be executed in any number of counterparts and/or by facsimile or other electronic means agreed to by the Parties, each of which will be deemed an original, but all of which taken together will constitute one single agreement between the Parties, and will become effective when one or more such counterparts have been signed by each of the Parties and delivered to the other Party. 
    10. Waiver and Cumulative Remedies. No failure or delay by either Party in exercising any right under this Agreement shall constitute a waiver of that right. Other than as expressly stated herein, the remedies provided herein are in addition to, and not exclusive of, any other remedies of a Party at law or in equity. Any waiver of the provisions of this Agreement or of a Party’s rights or remedies under this Agreement must be in writing and signed by the waiving Party to be effective. No claim or action arising out of this Agreement may be asserted by either Party more than one (1) year after the date on which such Party has actual knowledge of the material facts upon which the claim or action is based; such limitation shall not extend any applicable statute of limitations. 
    11. Entire Agreement. This Agreement, including all exhibits and addenda hereto, constitutes the entire agreement between the Parties and supersedes all prior and contemporaneous agreements, proposals, or representations, written or oral, concerning its subject matter. The Parties are not relying and have not relied on any representations or warranties whatsoever regarding the subject matter of this Agreement, express or implied, except for the representations and warranties set forth in this Agreement. No modification, amendment, or waiver of any provision of this Agreement shall be effective unless in writing and signed by the Party against whom the modification, amendment, or waiver is to be asserted. To the extent of any conflict or inconsistency between the provisions of the body of this Agreement and any exhibit or addendum hereto, the terms of such exhibit or addendum shall prevail No other rights are granted hereunder except as expressly set forth in the Agreement.
    12. Modifications. You acknowledge and agree that we have the right, in our sole discretion, to modify this Agreement from time to time. You shall be notified of modifications through notifications or posts on www.narmi.com. You will be responsible for reviewing and becoming familiar with any such modifications.
Join the teamAbout Narmi
Products
Our Approach
Consumer Digital Banking
Business Digital Banking
Consumer Account Opening
Business Account Opening
Admin Platform
Narmi Functions
Open Platform
AppXchange
Narmi API
Company
About
Careers
Press
Resource Hub
What's New?
Contact Us
Developer Resources
Account Opening API Documentation
Public API Documentation
Admin API Documentation
ESB Documentation
Direct Line
(718) 509 9671
Narmi Inc.
3 East 28th St. Floor 12
New York, NY 10016
Privacy
Security
Website Terms & Conditions
© 2024 Narmi. All rights reserved.