API Agreement

Last Updated: 10 August 2025

Welcome to the Chartopia API.
Our API enables developers to build creative tools, integrations, and applications that extend the Chartopia experience. To protect our users and ensure a reliable platform, all use of the Chartopia API is subject to this API Agreement alongside the Chartopia Terms of Service, Privacy Policy and Data Processing Agreement.

NOTE Stability
Although officially released, the API is a work in progress and changes will be frequent and potentially breaking; there will be no notice period for breaking changes. By using the Chartopia API, you acknowledge its unstable nature.

By accessing or using the Chartopia API, you agree to comply with this Agreement and associated policies.

Scope and Definitions
- API: The Chartopia application programming interface, documentation, SDKs, webhooks, and related services.
- Developer: You, the individual or entity accessing or using the API.
- End-User: Any user whose data or actions are accessed or impacted through your use of the API.

1. Access and Authentication

  • API Keys: Each Developer must register for a Chartopia account to obtain an API key. Keys are personal, non-transferable, and must be kept confidential.
    • Sharing keys between individuals or services is prohibited.
    • Keys must be rotated immediately if compromised.
    • Keys must not be exposed in client-side or public code.
  • Responsibility: Developers are responsible for all activity occurring under their keys.
  • Rate Limits: Requests are limited per application and per user. Default limits are documented in the API Quick Start Guide. Chartopia may modify rate limits at any time to maintain platform stability, including temporary throttling or blocking of requests.

2. Acceptable Use

Permitted Use:
- Access and display user-authorized Chartopia data in your app or service.
- Build integrations that enrich the Chartopia user experience.
- Analyze aggregated and anonymized data for research or reporting.

Prohibited Use:
- Exceed rate limits or circumvent authentication measures.
- Replicate or compete with core Chartopia services without prior written permission.
- Cache, store, or resell Chartopia data without explicit end-user consent.
- Collect or process Chartopia data to build advertising profiles, conduct surveillance, or otherwise exploit user data in a harmful way.
- Falsely suggest a partnership, endorsement, or affiliation with your app or service.
- Scrape the Chartopia website or services instead of using the API.
- Reverse engineer, decompile, or attempt to extract source code from the API.
- Use automated or stress-testing tools without permission.
- Use the API in violation of any applicable laws or regulations.

3. User Data and Privacy

  • Consent: Developers must not access a user's private data without explicit consent. End-users must have access to a privacy policy explaining how their Chartopia data is used.
  • Deletion: User data must be deleted when requested, or when no longer strictly necessary for your service. Deletion must occur within 30 days of request unless otherwise required by law.
  • Storage: User data must be stored securely and encrypted both at rest and in transit.
  • Sharing: Chartopia user data may not be shared with third parties without clear, informed end-user consent.
  • Compliance: Developers must comply with all applicable data protection laws, including GDPR if applicable. See Section 8 for GDPR-specific obligations.

4. Monetization and Commercial Use

  • Free Tier: The API offers a free tier for personal and non-commercial projects, subject to standard rate limits. Chartopia may revoke free-tier access at its sole discretion.
  • Commercial Use: Any use of the API in paid products, services, or monetized apps (including ads, subscriptions, or resale of data) requires an approved commercial API agreement with Chartopia.
  • Resale Restrictions: API access may not be sold or sublicensed.
  • Premium Access: Paid plans offer higher rate limits, priority access, and additional features. Contact us for details.
  • Auditing: Chartopia may audit applications to verify compliance with commercial and policy obligations.

5. Branding and Attribution

  • Developers must not use the Chartopia name, logos, or trademarks without prior written approval.
  • When displaying Chartopia content, attribution must be clear, visible, and proximate to the content, indicating it is sourced from Chartopia.
  • Developers may not imply partnership, sponsorship, or endorsement unless expressly permitted.

6. Security Requirements

  • All API communications must use HTTPS (TLS 1.2 or higher).
  • Developers must promptly remediate identified security vulnerabilities, and in any event within 30 days.
  • Suspected unauthorized access must be reported immediately via contact form.
  • Developers must not introduce malware, viruses, or security exploits into the API ecosystem.
  • Failure to adhere to security requirements may result in temporary suspension or termination.

7. Rate Limiting and Fair Use

  • Standard rate limits apply; these may vary by endpoint and account type (free vs. paid).
  • Chartopia reserves the right to adjust limits or suspend access if abuse, suspicious activity, or excessive usage (>10x rate limit) is detected.
  • Sustained usage above free tier thresholds requires upgrading to a paid plan.
  • Requests may be throttled or blocked without prior notice.

8. GDPR and Data Protection Compliance

If personal data of individuals in the EU/EEA or UK is processed, Developers must comply with GDPR and applicable privacy laws.

Developer Responsibilities:
- Maintain a valid lawful basis for processing (e.g., user consent).
- Minimize data collection to what is necessary.
- Assist Chartopia in responding to user rights requests (access, rectification, erasure, restriction, portability, objection).
- Do not store personal data longer than necessary.
- Encrypt data at rest and in transit.
- Notify Chartopia within 72 hours of any personal data breach.
- Maintain records of processing activities where legally required.

Chartopia's Role:
- Chartopia is the data controller for user personal data.
- Chartopia's processing on behalf of Developers is governed by a separate Data Processing Agreement (DPA).
- Personal data may be transferred outside the EU with GDPR-compliant safeguards (e.g., Standard Contractual Clauses).

9. Enforcement and Termination

  • Monitoring and Audits: Chartopia may monitor API usage and audit logs to verify compliance. Developers must cooperate with reasonable compliance checks.
  • Suspension or Limitation: Chartopia may suspend, throttle, or restrict API access (in whole or in part) if a Developer's use:
    • Violates this Agreement.
    • Threatens the security, integrity, or availability of Chartopia services.
    • Causes harm to Chartopia users or infrastructure.
  • Termination for Cause: Chartopia may terminate this Agreement immediately, without notice, for material breaches, including violations of data protection, security, or acceptable use provisions.
  • Termination for Convenience: Chartopia may terminate this Agreement at any time for convenience, with [30] days' notice where reasonably practicable.
  • Developer Termination: Developers may terminate this Agreement by ceasing use of the API and deleting all associated credentials and Chartopia data.
  • Survival: Obligations related to confidentiality, data protection, liability, indemnity, and cooperation with authorities survive termination.

10. Liability and Disclaimer

  • Use at Your Own Risk: The API is provided “as is” without warranties.
  • No Guarantee: Chartopia does not warrant that the API will be error-free, uninterrupted, secure, or meet your requirements.
  • Developer Responsibility: Developers are solely responsible for their applications' operation, security, and compliance.
  • Indemnification: Developers agree to indemnify and hold Chartopia harmless for any claims arising from API use or violations.
  • Limitation of Liability: Chartopia's total liability shall not exceed amounts paid for API access in the prior 12 months.
  • Exclusion of Certain Damages: Chartopia is not liable for indirect, incidental, or consequential damages, including lost profits or data.

11. Data Retention and Cooperation with Authorities

Upon account termination or deletion, Chartopia will retain minimal records necessary for legal, compliance, and security purposes:

  • Investigate potential violations of this Agreement or the DPA.
  • Comply with legal or regulatory obligations.
  • Establish, exercise, or defend legal claims.
  • Respond to valid requests from law enforcement or data protection authorities.

Retained records may include:
- Developer account identifier (e.g., email, API key history)
- Relevant API usage logs
- DPA acceptance records
- Related correspondence

No unrelated personal data will be retained. Retained data is stored securely and deleted when no longer needed, and no later than 7 years.

12. Changes to This Agreement

Chartopia may update this Agreement from time to time. Continued use of the API after changes constitutes acceptance of the updated terms. Developers should periodically review the Agreement for updates.

13. Contact Us

For questions about this API Agreement, contact us via our contact form.