TERMS OF SERVICE
ELECTRONIC INVOICING API
1. DEFINITIONS
Within these Terms of Service, the following terms shall have the meaning indicated below:
- "Provider": refers to C.I.R. 2000 snc, with registered office at via Amalsunta 6, Ravenna, with VAT number IT01180680397, provider of the Invoicetronic Electronic Invoicing API Service.
- "Client": refers to the natural or legal person who signs this contract for the use of the Service.
- "Service": refers to the Invoicetronic Electronic Invoicing API service provided by the Provider, which allows the Client to transmit, receive, and manage notifications from the Electronic Invoice Exchange System in compliance with current legislation.
- "API": refers to the Application Programming Interface made available by the Provider to allow integration of the Service with the Client's IT systems.
- "Access Credentials": refers to the username, password, and ApiKey provided to the Client for access to the Service.
- "Client Data": refers to any data or information uploaded, transmitted, or processed by the Client through the Service.
- "Transaction": means an invoice sending, receiving, or validation.
- "Applicable Regulations": refers to all laws, regulations, and provisions applicable to electronic invoicing, including tax regulations and provisions on the protection of personal data.
2. SUBJECT OF THE CONTRACT
2.1 These Terms of Service govern the provision of the Invoicetronic Electronic Invoicing API Service by the Provider to the Client.
2.2 By accepting these Terms of Service, the Provider grants the Client the non-exclusive, non-transferable, and limited right to access and use the Service for its electronic invoicing needs, in compliance with the Applicable Regulations.
2.3 Annexes A-B-C-D-E-F constitute an integral part of the Terms of Service relating to the Electronic Invoicing API (hereinafter "Main Contract") and govern the relationship between the Client and the Provider. In case of discrepancy between the Main Contract and one or more of the Annexes, what is indicated in the annexes shall always prevail.
3. ACTIVATION AND DURATION
3.1 The Service will be activated at the time of subscription by providing the Client with the ApiKeys for the Sandbox and the ApiKey for the production environment. The use of the Sandbox is free. To use the production environment, the Client must have purchased transactions. 3.2 This contract has an unlimited duration and may be terminated by either party at any time, by the Provider with 90 days' notice, by the Client without notice. In case of termination by the Client, any remaining transactions and/or electronic signatures will not be refunded, while in case of termination by the Provider, any remaining transactions and/or electronic signatures will be refunded, unless the termination was made for violations of this Contract.
4. SERVICE USAGE METHODS
4.1 The Client will use the Service exclusively for the electronic invoicing needs of itself or its clients, in compliance with the Applicable Regulations and the technical instructions provided by the Provider.
4.2 The Client will receive the Access Credentials necessary for the use of the Service and will be responsible for their proper storage and use.
4.3 The Client undertakes not to share the Access Credentials with unauthorized third parties and to promptly communicate to the Provider any unauthorized use of them.
4.4 The Service is available 24 hours a day, 7 days a week, except for interruptions for scheduled maintenance, which will be communicated to the Client with at least five days' notice, or for force majeure.
5. CLIENT OBLIGATIONS
5.1 The Client undertakes to: a) Use the Service in compliance with the Applicable Regulations and these Terms of Service; b) Provide accurate, complete, and truthful data for the transmission of electronic invoices; c) Not use the Service for illegal or fraudulent purposes; d) Not interfere with the functioning of the Service or attempt to access the Service with methods different from those indicated by the Provider; e) Respect the usage limits of the Service defined in Annex A;
5.2 The Client is responsible for the adequacy of the Service with respect to its needs and for the correct integration of the Service with its IT systems.
6. PROVIDER OBLIGATIONS
6.1 The Provider undertakes to: a) Provide the Service in compliance with these Terms of Service and the Applicable Regulations; b) Guarantee the availability of the Service according to the service levels defined in Annex B; c) Implement appropriate security measures to protect Client Data; d) Provide technical assistance according to the methods defined in Annex C; e) Promptly communicate to the Client any regulatory changes that may affect the use of the Service; f) Update the Service to keep it compliant with the Applicable Regulations.
7. FEES AND PAYMENT METHODS
7.1 For the use of the Service, the Client will pay the Provider the fees indicated in Annex D.
7.4 The Provider reserves the right to modify the fees with at least 90 days' notice.
8. INTELLECTUAL PROPERTY
8.1 All intellectual property rights relating to the Service are and remain the exclusive property of the Provider or its licensors.
8.2 The Client does not acquire any rights to the software, applications, or databases used by the Provider for the provision of the Service, except for the limited right of use provided for in these Terms of Service.
8.3 The Client retains all rights to its own data and content uploaded or processed through the Service.
9. LIMITATIONS OF LIABILITY
9.1 The Provider shall not be liable for: a) Any damages resulting from improper use of the Service by the Client; b) The correctness of the data provided by the Client present in the electronic invoices; c) Any sanctions or consequences resulting from the violation of the Applicable Regulations by the Client; d) Any interruptions or malfunctions of the Service due to force majeure or events not directly attributable to the Provider; e) Any indirect, consequential, or incidental losses or damages suffered by the Client in relation to the use of the Service.
9.2 The total liability of the Provider for any damage resulting from the execution of this contract shall not in any case exceed the amount paid by the Client in the last invoice issued relating to the Service.
10. PROTECTION OF PERSONAL DATA
10.1 The Provider will process the Client's personal data in compliance with the applicable regulations on the protection of personal data and the privacy policy available at https://invoicetronic.com/privacy/.
10.2 With reference to personal data of third parties processed by the Provider on behalf of the Client within the scope of the provision of the Service, the Client acts as the data controller and the Provider as the data processor.
10.3 The terms and conditions of the processing of personal data by the Provider as data processor are defined in the personal data processing agreement attached to these Terms of Service (Annex E).
11. CONFIDENTIALITY
11.1 Each party undertakes to keep confidential all confidential information received from the other party within the execution of this contract.
11.2 Confidential information is considered to be all technical, commercial, or other information not publicly available relating to the Service or to the activity of each party.
11.3 The obligation of confidentiality does not apply to information that: a) Is already in the public domain or becomes so for causes not attributable to the receiving party; b) Is already legitimately in the possession of the receiving party before its communication; c) Must be disclosed in compliance with a legal obligation or an order of the authority.
12. SUSPENSION AND TERMINATION
12.1 The Provider reserves the right to temporarily or permanently suspend access to the Service in case of: a) Use of the Service in violation of these Terms of Service or the Applicable Regulations; b) Need for urgent unscheduled maintenance interventions; c) Request of the judicial or administrative authority.
12.2 Each party may terminate this contract with immediate effect in case of serious breach by the other party, by written communication.
13. EFFECTS OF TERMINATION
13.1 In case of termination of the contract for any cause: a) The Client will immediately cease to use the Service; b) The Provider will deactivate the Client's Access Credentials; c) The Client will remain responsible for all fees accrued up to the date of termination; d) The Provider will retain the Client's Data for a maximum period of 90 days, during which they will be available to the Client according to the methods defined in Annex F.
14. MODIFICATIONS TO THE TERMS OF SERVICE
14.1 The Provider reserves the right to modify these Terms of Service with at least 90 days' notice, by communication to the Client.
14.2 In case of substantial modifications, the Client will have the right to withdraw from the contract with refund of any remaining transactions and/or electronic signatures.
14.3 Continued use of the Service after the communication of the modifications will constitute acceptance of the same by the Client.
15. GENERAL PROVISIONS
15.1 These Terms of Service constitute the entire agreement between the parties in relation to the subject of the contract and replace any previous agreement or understanding, written or verbal, between the parties.
15.2 The possible invalidity or ineffectiveness of one or more clauses of these Terms of Service will not prejudice the validity and effectiveness of the remaining clauses.
15.3 The non-exercise of a right or a faculty provided for in these Terms of Service cannot be interpreted as a waiver of such right or faculty.
15.4 The Client may not assign or transfer to third parties the rights and obligations deriving from these Terms of Service without the prior written consent of the Provider.
15.5 Any communication relating to these Terms of Service must be made in writing and sent to the addresses indicated in the introduction or to different addresses subsequently communicated by the parties.
16. APPLICABLE LAW AND COMPETENT COURT
16.1 These Terms of Service are governed by Italian law.
16.2 For any dispute relating to the interpretation, execution, or termination of these Terms of Service, the Court of Ravenna shall have exclusive jurisdiction.
ANNEX A: SERVICE USAGE LIMITS
1. API CALL LIMITS
- Maximum number of API calls:
- 100,000 per day
- Maximum size of invoice files (XML + attachments): 5 MB per file
2. TECHNICAL LIMITS
2.1 Supported formats
- Supported input formats: JSON, XML, P7M
- Supported output formats: JSON
2.2 Size and complexity
- Maximum request size: 26.8 MB
- Pagination limit: 200 elements
2.3 Rate limiting
- Maximum frequency of API calls
- 100 per second
- 2,000 per minute
- In case of exceeding the maximum frequency for the time window, the excess requests will be rejected.
3. DATA RETENTION
3.1 Retention period
- Received and transmitted invoices will be stored on the Provider's systems for a period of 2 years
- API call logs will be stored for a period of 15 days
- Webhook notification logs will be stored for a period of 15 days
- Outcome notifications relating to transmitted invoices will be stored for a period of 2 years
3.2 Backup
- The Provider will make daily backups of data relating to generated and transmitted invoices
- Backups will be kept for a period of not less than 10 days
4. USAGE LIMITATIONS
4.1 It is forbidden to use the Service to:
- Generate invoices with untruthful or inaccurate data
- Perform reverse engineering operations on the APIs
- Share access credentials with third parties not authorized by the Provider
- Use automated systems to perform unauthorized load tests
- Attempt to circumvent the usage limits defined in this Annex
4.2 The Client is required to:
- Communicate to the Provider with adequate notice any expected usage peaks
- Implement error and retry management mechanisms in their integrations
ANNEX B: SERVICE LEVEL AGREEMENT (SLA)
1. SERVICE AVAILABILITY
1.1 Availability commitment
The Provider undertakes to guarantee the following levels of Service availability, calculated on a monthly basis of 99.5%.
1.2 Calculation method
- Availability is calculated as a percentage of the total time in which the Service is available in a calendar month.
- The Service is considered "unavailable" when it is unable to receive, process, or respond to API requests for causes attributable to the Provider.
- The following are not considered periods of unavailability:
- Scheduled interruptions communicated with at least 72 hours' notice
- Interruptions due to force majeure
- Interruptions due to problems in the Client's infrastructures
- Interruptions due to improper use of the Service by the Client
2. RESPONSE TIMES
2.1 Guaranteed response times
The Provider undertakes to guarantee the following average response times for API calls, measured from the moment of receiving the request to the moment of sending the response:
| Operation | Average response time | Maximum response time |
|---|---|---|
| Authentication | < 300 ms | 2 seconds |
| Invoice sending | < 2 seconds | 10 seconds |
| Invoice sending with signature | < 4 seconds | 15 seconds |
| Invoice validation | < 1 second | 3 seconds |
| Invoice search | < 2 seconds | 5 seconds |
| Invoice/notification download | < 1 second | 8 seconds |
2.2 Distribution of response times
- 95% of requests must be completed within the guaranteed average response time
- 99% of requests must be completed within the guaranteed maximum response time
3. INCIDENT MANAGEMENT
3.1 Incident classification
Incidents are classified according to the following severity levels:
| Level | Description | Impact |
|---|---|---|
| Critical | Service completely unavailable or severely compromised | Impossibility to use the Service |
| High | Main functionalities of the Service compromised | Significant degradation of the Service |
| Medium | Secondary functionalities of the Service compromised | Limited degradation of the Service |
| Low | Minor problems that do not compromise the functionality of the Service | Minimal or no operational impact |
3.2 Response and resolution times
The Provider undertakes to respect the following incident acknowledgment and resolution times:
| Level | Maximum acknowledgment time | Target resolution time |
|---|---|---|
| Critical | 30 minutes | 4 hours |
| High | 2 hours | 8 hours |
| Medium | 8 hours | 24 hours |
| Low | 24 hours | 72 hours |
4. SCHEDULED MAINTENANCE
4.1 Standard maintenance windows
- Scheduled maintenance activities will preferably be performed in the following time windows:
- Monday to Friday: from 22:00 to 06:00 CET/CEST
- Saturday: from 20:00 to 08:00 CET/CEST
- Sunday: from 06:00 to 20:00 CET/CEST
4.2 Communications
- Standard scheduled maintenance activities will be communicated with at least 72 hours' notice
- Urgent maintenance activities will be communicated with at least 24 hours' notice
5. MONITORING AND REPORTING
5.1 Monitoring
- The Service is monitored 24/7/365
- Monitoring includes checks of availability and correct functioning of the APIs
6. DISASTER RECOVERY
6.1 Recovery objectives
In case of disaster, the Provider undertakes to respect the following objectives: - RPO (Recovery Point Objective): 24 hours - RTO (Recovery Time Objective): 24 hours
7. TECHNICAL SUPPORT
The details relating to technical support are specified in Annex C of this contract.
8. PERIODIC REVIEW
The service levels defined in this Annex will be subject to annual review. Any changes will be communicated to the Client with at least 30 days' notice.
ANNEX C: TECHNICAL ASSISTANCE METHODS
1. SUPPORT CHANNELS
- Support email: info@invoicetronic.com
- Availability: Monday-Friday, 9:00-18:00 CET/CEST (excluding national holidays)
- Maximum first response time: 8 working hours
- Online documentation: Access to documentation and API reference
- FAQ: Access to frequently asked questions
2. SERVICE HOURS AND COVERAGE
2.1 Standard hours
- Monday-Friday, 9:00-18:00 CET/CEST (excluding national holidays)
2.2 Holidays
- The support service is not available during Italian national holidays.
3. CLIENT RESPONSIBILITIES
To facilitate effective problem resolution, the Client is required to: - Provide complete and accurate information when opening a support request - Designate competent technical personnel as a point of contact - Respond promptly to requests for additional information - Test proposed solutions in a timely manner - Keep contact information of authorized users updated - Implement the good practices recommended in the documentation
4. SUPPORT LIMITATIONS
Technical support does not include: - Custom development of integrations or solutions - In-depth training on the electronic invoicing system - Tax or legal advice - Support for third-party systems - Resolution of problems caused by unauthorized modifications
Such services can be provided at the discretion of the Provider separately through specific agreements and at the rates agreed for each request.
ANNEX D: FEES
1. APPLIED PRICE LIST
1.1 API Transactions
| Transactions | Unit price | Total |
|---|---|---|
| 1,000 | € 0.100 | € 100.00 |
| 5,000 | € 0.055 | € 275.00 |
| 20,000 | € 0.040 | € 800.00 |
| 50,000 | € 0.025 | € 1,250.00 |
| 100,000 | € 0.020 | € 2,000.00 |
1.2 Signatures
| Signatures | Unit price | Total |
|---|---|---|
| 2,500 | € 0.020 | € 50.00 |
| 5,000 | € 0.020 | € 100.00 |
| 20,000 | € 0.020 | € 400.00 |
| 50,000 | € 0.020 | € 1,000.00 |
| 100,000 | € 0.020 | € 2,000.00 |
1.3 VAT
All prices are indicated excluding statutory VAT
2. TEST AND DEVELOPMENT ENVIRONMENT
The Sandbox test and development environment is completely free from the moment of activation to termination and provides simulated feeding of received invoices (receive) and notifications for sent invoices (update).
3. PAYMENT METHODS
3.1 Accepted payment methods
- Corporate credit card
- SEPA direct debit (only for recurring fees)
3.2 Payment terms
- Advance payment and invoicing
- Consultations and additional services will be paid and invoiced in advance with the methods indicated above.
3.3 Failed payments
- € 50.00 + VAT will be charged for each management of failed or delayed payment
4. FEE ADJUSTMENTS
4.1 Variations
The Provider reserves the right to modify the fees with at least 30 days' notice. Transactions and signatures already purchased will not be subject to adjustments.
5. INVOICING
5.1 Invoicing methods
- All invoices will be issued in electronic format
- Invoices will be sent to the PEC address or to the SDI recipient code provided by the Client
ANNEX E
PERSONAL DATA PROCESSING AGREEMENT
(pursuant to Article 28 of EU Regulation 2016/679)
1. INTRODUCTION
1.1 This Personal Data Processing Agreement (hereinafter "Agreement") is an integral part of the Terms of Service relating to the Electronic Invoicing API (hereinafter "Main Contract") and governs the relationship between the Client, as Data Controller (hereinafter "Controller"), and C.I.R. 2000 snc, as Data Processor (hereinafter "Processor"), with reference to the processing of personal data carried out by the Processor on behalf of the Controller within the scope of the execution of the Main Contract.
1.2 The terms used in this Agreement have the same meaning as attributed to them in EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data (hereinafter "GDPR") and in Legislative Decree 196/2003, as amended by Legislative Decree 101/2018 (hereinafter "Privacy Code").
2. SUBJECT
2.1 With this Agreement, the Controller appoints the Processor as data processor pursuant to Article 28 of the GDPR, entrusting it with the task of carrying out, on behalf of the Controller, the personal data processing operations necessary for the execution of the Main Contract.
2.2 The Processor accepts the appointment and undertakes to process personal data on behalf of the Controller in compliance with the instructions given by the Controller, this Agreement, the GDPR, and the applicable personal data protection legislation.
3. NATURE AND PURPOSE OF PROCESSING
3.1 The Processor will process personal data exclusively for the execution of the Main Contract and, in particular, to allow the Controller to generate, transmit, and manage electronic invoices in accordance with current legislation.
3.2 The processing operations that the Processor may perform on personal data include: collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, erasure or destruction.
4. TYPE OF PERSONAL DATA AND CATEGORIES OF DATA SUBJECTS
4.1 In executing the Main Contract, the Processor may process the following types of personal data: a) Personal and identification data (name, surname, tax code, VAT number, address, etc.) of customers, suppliers, employees, and collaborators of the Controller; b) Contact data (telephone number, email address, etc.) of customers, suppliers, employees, and collaborators of the Controller; c) Tax and accounting data necessary for electronic invoicing; d) Any other personal data necessary for the execution of the Main Contract and communicated by the Controller to the Processor.
4.2 The categories of data subjects whose personal data may be processed by the Processor are: a) Customers of the Controller; b) Suppliers of the Controller; c) Employees and collaborators of the Controller; d) Any other categories of data subjects whose data are necessary for the execution of the Main Contract.
5. OBLIGATIONS OF THE PROCESSOR
5.1 The Processor undertakes to: a) Process personal data only on documented instructions from the Controller, including in case of transfer of personal data to a third country or an international organization, unless required by Union or national law to which the Processor is subject; in such a case, the Processor shall inform the Controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest; b) Ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; c) Implement all security measures required pursuant to Article 32 of the GDPR; d) Respect the conditions referred to in paragraphs 2 and 4 of Article 28 of the GDPR for engaging another processor (sub-processor); e) Assist the Controller, taking into account the nature of processing, by appropriate technical and organizational measures, insofar as this is possible, in fulfilling the Controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR; f) Assist the Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to the Processor; g) At the choice of the Controller, delete or return all the personal data after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State law requires storage of the personal data; h) Make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.
6. GENERAL AUTHORIZATION FOR THE APPOINTMENT OF SUB-PROCESSORS
6.1 The Controller authorizes the Processor to engage sub-processors for carrying out specific processing activities on behalf of the Controller, subject to prior communication to the Controller of the identity of the sub-processors and the processing activities entrusted to them.
6.2 The Processor shall inform the Controller of any intended changes concerning the addition or replacement of other sub-processors, thereby giving the Controller the opportunity to object to such changes.
6.3 The Processor shall impose on sub-processors, by means of a written contract, the same data protection obligations as set out in this Agreement. Where the sub-processor fails to fulfill its data protection obligations, the Processor shall remain fully liable to the Controller for the performance of the sub-processor's obligations.
7. SECURITY MEASURES
7.1 The Processor declares and guarantees that it has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
7.2 The security measures implemented by the Processor include, among others: a) The pseudonymization and encryption of personal data, where applicable; b) The ability to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services; c) The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; d) A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
7.3 The Processor undertakes to periodically review and update the security measures implemented, in light of technological developments and industry best practices.
8. PERSONAL DATA BREACH (DATA BREACH)
8.1 The Processor undertakes to inform the Controller, without undue delay and in any event within 24 hours of discovery, of any personal data breaches (data breach) that could pose a risk to the rights and freedoms of natural persons.
8.2 The communication to the Controller shall contain at least the following information: a) Description of the nature of the personal data breach including, where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned; b) Name and contact details of the data protection officer or other contact point where more information can be obtained; c) Description of the likely consequences of the personal data breach; d) Description of the measures taken or proposed to be taken to address the personal data breach and, where appropriate, measures to mitigate its possible adverse effects.
8.3 The Processor undertakes to document any personal data breach, comprising the facts relating to the breach, its effects, and the remedial action taken.
9. DATA PROTECTION IMPACT ASSESSMENT (DPIA)
9.1 The Processor undertakes to provide the Controller with all necessary assistance in carrying out data protection impact assessments (DPIA) and in any prior consultations with the supervisory authority, in the cases provided for by Articles 35 and 36 of the GDPR.
10. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
10.1 The Processor shall not transfer personal data to a third country or an international organization, unless such transfer is required by Union or national law to which the Processor is subject or has been expressly authorized by the Controller and takes place in compliance with the conditions established by Chapter V of the GDPR.
11. LIABILITY
12.1 The Processor shall be liable for damage caused by processing only where it has not complied with obligations of the GDPR specifically directed to processors or where it has acted outside or contrary to lawful instructions of the Controller.
12.2 The Processor shall be exempt from liability if it proves that it is not in any way responsible for the event giving rise to the damage.
12. DURATION AND TERMINATION
13.1 This Agreement has the same duration as the Main Contract and will automatically terminate at the end of the same.
13.2 In the event of termination, for any reason, of this Agreement, the Processor shall, at the choice of the Controller, delete or return all personal data to the Controller and delete existing copies, unless Union or Member State law requires storage of the personal data.
13. FINAL PROVISIONS
14.1 This Agreement, together with its attachments, forms an integral part of the Main Contract and replaces any previous agreement between the parties regarding personal data protection.
14.2 Any amendment to this Agreement must be made in writing and signed by both parties.
14.3 In the event of a conflict between the provisions of this Agreement and those of the Main Contract, the provisions of this Agreement shall prevail with regard to aspects relating to personal data protection.
14.4 For anything not expressly provided for in this Agreement, reference is made to the provisions of the GDPR and the applicable legislation on personal data protection.
ANNEX F
DATA RETURN METHODS
1. DATA RETENTION DURING THE CONTRACTUAL RELATIONSHIP
1.1 During the period of validity of the Main Contract, the Provider will retain the Client's Data in its IT systems, in compliance with the Applicable Regulations and with the security and backup policies described in Annex A at point 3 (DATA RETENTION).
1.2 The Client may at any time access its data and download it using the functionalities available in the Service, according to the technical methods specified in the Service documentation.
2. DATA RETENTION AFTER THE TERMINATION OF THE CONTRACT
2.1 In case of termination of the Main Contract for any cause (expiry, withdrawal, termination), the Provider will continue to retain the Client's Data as per point 2 (hereinafter "Retention Period").
2.2 If the Applicable Regulations impose on the Provider the retention of certain Client's Data for longer periods (for example, for fiscal, tax, or administrative purposes), the Provider will retain exclusively such Data for the minimum period required by law, adopting appropriate technical and organizational measures to ensure their security and confidentiality.
2.3 Export via API
a) The Provider will keep the Client's API credentials active during the Retention Period, allowing the Client to retrieve its Data through specific API calls;
b) The Provider may apply reasonable limitations to the volume and frequency of API calls during the export process, in order to ensure the stability and performance of its systems.
c) The Client may request the deletion of the data before the end of the Retention Period, the Provider will proceed within the technical time necessary for deletion and will certify to the client via email the completion of the operation.