These Chronicle API Terms & Conditions (“API Terms”) govern Partner’s access to and use of the Chronicle API. These API Terms are entered into between Chronicle Legal, Inc. (“Chronicle,” “we,” “us”) and the entity agreeing to these API Terms (“Partner,” “you”). By accessing or using the API, Partner agrees to these API Terms.

If Partner has a separate signed integration or partnership agreement with Chronicle, that agreement will control in the event of conflict.

1. Definitions

1.1 “API” means Chronicle’s application programming interfaces, endpoints, developer documentation, and related tools and materials made available by Chronicle.

1.2 “Chronicle Data” means any data, content, documents, metadata, derived outputs, or other information accessed, retrieved, transmitted, or otherwise obtained through the API, including data relating to Chronicle customers and their clients/cases.

1.3 “Customer” means an organization that subscribes to Chronicle’s services.

1.4 “Customer End User” means a user authorized by a Customer to access Chronicle services.

1.5 “Client Portal” means any product feature or interface that enables a Customer’s end-clients/claimants (or other third parties) to view, download, interact with, or otherwise access information relating to their matter.

1.6 “Integration” means Partner’s software application, service, connector, or product functionality that interoperates with the API.

1.7 “ERE” means Electronic Records Express (and/or analogous SSA submission and retrieval mechanisms), including related case/document workflows.

2. License Grant and Scope

2.1 License. Subject to these API Terms, Chronicle grants Partner a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to access and use the API solely to develop, test, and operate the Integration for mutually-approved use cases.

2.2 Restrictions. Partner may only use the API:

• for authorized Customers,

• for internal business-to-business workflows for those Customers, and

• as expressly permitted by Chronicle.

2.3 No Ownership Transfer. The API and Chronicle Data remain the property of Chronicle and/or applicable Customers. No rights are granted except as explicitly stated.

3. Acceptable Use; Prohibited Conduct

Partner shall not (and shall not permit anyone to):

3.1 Reverse Engineering / Circumvention.

• reverse engineer, disassemble, or attempt to derive source code, underlying ideas, or algorithms of the API or Chronicle platform;

• bypass any access controls, usage limits, authentication, or other technical restrictions;

• scrape, crawl, or use automated methods outside approved endpoints.

3.2 Malicious Use.

• use the API in any way that is malicious, abusive, illegal, deceptive, or harmful;

• introduce malware, code, or systems intended to compromise confidentiality/integrity/availability;

• test vulnerability or perform penetration testing without Chronicle’s written authorization.

3.3 Competitive Use / Restricted Use Case (Key Restriction).
Partner may not use the API or Chronicle Data (directly or indirectly) to:

• build, enable, support, or improve a product or feature that provides an ERE case management dashboard, ERE document management dashboard, or any substantially similar case/document workflow dashboard that competes with Chronicle; or

• display Chronicle Data in any Client Portal, including any interface accessible by a Customer’s end-clients, claimants, or other third parties.

This restriction applies whether the dashboard/portal is branded as Partner, white-labeled, embedded, or otherwise provided.

3.4 Data Exploitation.

• use Chronicle Data to train machine learning models except with Chronicle’s explicit written approval;

• sell, license, rent, or otherwise monetize Chronicle Data;

• use Chronicle Data to identify Customers for marketing, solicitation, or lead generation.

3.5 Impersonation.

• impersonate Chronicle or represent the Integration as endorsed by Chronicle except as approved in writing.

4. Security and Compliance

4.1 Security Program. Partner shall maintain an information security program consistent with industry standards, including:

• access controls and least-privilege,

• audit logging for access to Chronicle Data,

• encryption in transit (TLS 1.2+) and encryption at rest,

• secure storage of API keys and secrets,

• regular patching and vulnerability management.

4.2 Breach Notification. Partner will notify Chronicle without undue delay (and in any event within 48 hours) after discovering any actual or suspected:

• unauthorized access to API credentials,

• unauthorized access to Chronicle Data,

• security incident affecting Chronicle Data.

Partner will provide ongoing updates and cooperate with investigation and remediation.

4.3 Personnel Controls. Partner will ensure all personnel with access to Chronicle Data are bound by confidentiality obligations at least as protective as these API Terms.

4.4 Compliance with Laws. Partner shall comply with all applicable laws and regulations relating to privacy, data security, and use of the API.

5. Data Handling; Confidentiality

5.1 Confidential Information. The API, documentation, and Chronicle Data are “Confidential Information.”

5.2 Use Limitation. Partner may use Confidential Information only as necessary to operate the Integration for authorized Customers.

5.3 No Disclosure. Partner shall not disclose Confidential Information to any third party except:

• to its contractors under written confidentiality obligations, and only as necessary for the Integration, or

• as required by law (with prompt notice to Chronicle unless prohibited).

5.4 Data Retention. Partner shall retain Chronicle Data only as long as necessary to provide the Integration and must delete Chronicle Data promptly upon:

• Chronicle’s request,

• Customer termination,

• termination of these API Terms.

6. API Credentials and Access

6.1 Credentials. Partner is responsible for safeguarding API keys, tokens, and credentials.

6.2 No Sharing. Partner may not share credentials outside its organization.

6.3 Rate Limits. Partner must comply with all rate limits and usage restrictions. Chronicle may throttle or suspend access to protect service integrity.

7. Service Availability; Changes

7.1 Availability. Chronicle will use commercially reasonable efforts to make the API available but does not guarantee uninterrupted operation.

7.2 Changes. Chronicle may modify or discontinue the API (or parts of it) and will use reasonable efforts to provide notice of breaking changes.

8. Audit and Verification

8.1 Compliance Verification. Chronicle may request written certification of Partner’s compliance with these API Terms.

8.2 Audit Rights. Upon reasonable notice, Chronicle may audit Partner’s controls and use of the API (including security posture and access logs) to verify compliance, limited to information relevant to the API and Chronicle Data.

9. Intellectual Property

9.1 Chronicle IP. Chronicle retains all rights in the API, documentation, and Chronicle platform.

9.2 Feedback. Partner may provide feedback. Chronicle may use feedback without restriction and without obligation.

10. Term; Termination

10.1 Term. These API Terms begin on the Effective Date and remain in effect until terminated.

10.2 Termination for Convenience. Chronicle may terminate API access at any time with notice.

10.3 Immediate Suspension/Termination. Chronicle may immediately suspend or terminate access if Partner:

• violates these API Terms (including the competitive/restricted use clause),

• poses a security risk,

• misuses Chronicle Data.

10.4 Effect of Termination.

• Partner must immediately stop using the API

• delete Chronicle Data in its possession/control (unless legally required to retain)

• certify deletion upon request

11. Disclaimers

THE API AND CHRONICLE DATA ARE PROVIDED “AS IS” AND “AS AVAILABLE.” CHRONICLE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

12. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

• CHRONICLE WILL NOT BE LIABLE FOR INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, OR PUNITIVE DAMAGES.

• CHRONICLE’S TOTAL LIABILITY ARISING OUT OF OR RELATING TO THESE API TERMS WILL NOT EXCEED THE AMOUNTS PAID BY PARTNER TO CHRONICLE FOR API ACCESS IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM (OR $1,000 IF NONE).

13. Indemnification

Partner will defend, indemnify, and hold harmless Chronicle and its officers, directors, employees, and agents from any third-party claims arising out of:

• Partner’s Integration,

• Partner’s breach of these API Terms,

• Partner’s violation of law,

• Partner’s misuse of Chronicle Data.

14. Miscellaneous

14.1 Assignment. Partner may not assign these API Terms without Chronicle’s prior written consent.

14.2 Governing Law. [Delaware / California] law governs, without regard to conflicts.

14.3 Entire Agreement. These API Terms constitute the entire agreement regarding API usage.

14.4 Severability. If any provision is unenforceable, the remainder will remain in effect.

14.5 No Waiver. Failure to enforce any provision is not a waiver.

14.6 Relationship. The parties are independent contractors.

Exhibit A — Security Requirements

Partner must implement:

• encryption in transit TLS 1.2+

• encryption at rest for Chronicle Data

• logging of all reads/writes/export events

• role-based access controls

• MFA for administrative accounts

• annual penetration testing or vulnerability scanning

• incident response plan with defined escalation