API Terms of Use

Last updated: December 18, 2025

These terms govern your use of the MIR API as a partner. By using the API, you agree to these terms and commit to using reputation data ethically and in accordance with user privacy expectations.

1. Definitions

"MIR" refers to My Internet Reputation, operated by phpMyDEV, LLC.

"Partner" refers to any organization or individual approved to use the MIR API.

"User" refers to individuals whose reputation data is stored in the MIR system.

"Reputation Signals" refers to verified events and data points associated with a user.

"Verified" means confirmed by the submitting partner through their own systems and processes (e.g., completed transactions, confirmed deliveries, authenticated user actions).

"API" refers to the MIR application programming interface and related services.

2. API Access

2.1 Registration

To use the API, you must register as a partner and receive approval. Registration requires accurate information about your organization and intended use case.

2.2 API Keys

Your API key is confidential. You must:

• Keep your API key secure and never share it publicly
• Not embed API keys in client-side code or public repositories
• Immediately notify MIR if your key is compromised
• Use only one active API key per approved application

2.3 Rate Limits

API access is subject to rate limits based on your partner tier. Default limits are 1,000 requests per hour. Exceeding limits may result in temporary throttling or suspension.

3. Acceptable Use

3.1 Permitted Uses

Users link their own accounts to MIR. You may only interact with users who have linked their account to your platform.

• Querying reputation signals to inform trust decisions on your platform
• Submitting verified events that occurred on your platform
• Displaying reputation information to users about themselves
• Using aggregated, anonymized data for analytics

3.2 Prohibited Uses

You must NOT use the API to:

• Automatically deny service based solely on MIR history data
• Share or sell reputation data to third parties
• Build shadow profiles or track users without their knowledge
• Discriminate based on protected characteristics
• Harass, stalk, or harm individuals
• Submit false, misleading, or unverified events
• Circumvent rate limits or access controls
• Attempt to infer or reverse-engineer MIR's internal signal aggregation, weighting, or tiering logic
• Aggregate data to re-identify anonymized users
• Use reputation data for purposes unrelated to your approved use case

4. Data Handling

4.1 Privacy Obligations

When handling reputation data, you must:

• Comply with applicable privacy laws in your jurisdiction
• Collect only data necessary for your stated purpose
• Automatically delete cached MIR data within 24 hours
• Respect that users can unlink their accounts and delete their MIR profile at any time without partner involvement
• Maintain appropriate security measures

4.2 Event Submission Standards

Events you submit to MIR must be:

• Accurate: Based on verified, factual occurrences
• Relevant: Related to trust and reputation
• Timely: Submitted within 30 days of occurrence
• Complete: Including required metadata

4.3 Cached Data Retention

Partners may temporarily store MIR query responses or reputation data solely to support immediate product functionality. Any such stored data must be automatically deleted within 24 hours of receipt, except for non-identifying audit records or decisions derived from such data. You must delete all MIR data upon termination of your partnership.

5. User Rights

MIR users have fundamental rights that you must respect:

• Transparency: Users can see what signals exist about them
• Dispute: Users can challenge inaccurate information
• Export: Users can download their data
• Deletion: Users can request account deletion

If a user disputes an event you submitted, you must respond to MIR's inquiry within 7 business days with supporting documentation.

6. Security Requirements

You must implement reasonable security measures including:

• Encrypted transmission (HTTPS/TLS 1.2+)
• Secure storage of any cached data
• Access controls limiting who can query the API
• Logging and monitoring for unauthorized access
• Incident response procedures

You must notify MIR within 48 hours of discovering any security incident involving MIR data.

7. Service Availability

MIR strives for high availability but does not guarantee uninterrupted service. We may:

• Perform scheduled maintenance with advance notice
• Implement emergency changes without notice
• Modify API endpoints with reasonable deprecation periods
• Suspend access for investigation of policy violations

8. Termination

8.1 By You

You may terminate your partnership at any time by discontinuing API use and notifying MIR. You must delete all cached MIR data upon termination.

8.2 By MIR

We may suspend or terminate your access:

• Immediately for serious violations (fraud, abuse, security incidents)
• With 30 days notice for other policy violations
• With 90 days notice for material business or operational reasons

9. Liability

MIR provides reputation signals "as is" without warranty. We are not liable for:

• Decisions you make based on reputation data
• Inaccurate information submitted by other partners
• Service interruptions or data loss
• Indirect, consequential, or punitive damages

MIR does not assess legality, morality, or trustworthiness. We do not make eligibility determinations.

Your use of MIR data is at your own risk. You agree to indemnify MIR against claims arising from your use of the API.

10. Changes to Terms

We may update these terms with notice. Continued use after changes take effect constitutes acceptance. Material changes will be communicated via email to registered partners.

11. Contact

For questions about these terms:

• Legal: legal@myinternetreputation.org
• General: hello@myinternetreputation.org
• Contact form: /contact

12. Governing Law

These terms are governed by the laws of the State of Arizona, without regard to conflict of law principles.