Thank you for using the Power BI application programming interface (API). The Power BI API together with any updates, revisions, substitutions, and any copies made by or for you, are referred to in these terms of service as the Microsoft “Power BI API”. This is an agreement between you and Microsoft Corporation (“Microsoft”). Sometimes Microsoft is referred to as “we,” “us” or “our”. By using the Power BI API, you agree to these terms of service (the “API Terms”) and the Power BI Service Agreement or other agreements, as may be applicable, (together the “Agreement”) governing the use of Power BI and accompanying applications (“Power BI Service”). In the event of any inconsistency between these API Terms and the Agreement, these API Terms control.

Microsoft reserves the right to update and change, from time to time, these API Terms or any documents incorporated by reference. Microsoft may change these API Terms by posting a new version. Use of the Power BI API after such change constitutes acceptance of such changes.

Please note that we do not provide warranties for the Power BI API. The API Terms also limit our liability. These terms are in sections 10 and 11 and we ask you to read them carefully.

1. Access to the Power BI API.

In order to use the Power BI API, you must have a Power BI subscription and register your application in Azure Active Directory. Your service must provide the client ID supplied by Azure Active Directory, as described in the Power BI API documentation, and Microsoft will block requests with invalid client IDs. Microsoft shall have sole and complete control over the Power BI data and format.

Microsoft shall have the right, in its sole discretion, to reject any request to use the Power BI API at any time and for any reason. Microsoft shall not be liable to you for damages of any sort resulting from its decision to reject such a request.

2. Licensed Uses and Restrictions.

The Power BI API is owned by Microsoft and is licensed to you on a worldwide (except as limited below), non-exclusive, non-sublicenseable basis on the terms and conditions set forth herein. These API Terms define the legal use of the Power BI API, all updates, revisions, substitutions, and any copies of the Power BI API made by or for you. All rights not expressly granted to you are reserved by Microsoft.

a. License. Subject to the terms and restrictions set forth in these API Terms, Microsoft grants you a non-exclusive, non-sublicensable, right to use the Power BI API to develop, test, distribute and support your application.

b. Branding. You may not use Power BI branding or logos without express written consent from Microsoft.

c. Rate Limits and Data Fields Restrictions. You understand that there is a rate limit and a restriction to the data fields displayed per application or service utilizing the Power BI API and you agree that you shall comply with that rate limit and restrictions to the data fields at all times. The rate limits and restrictions are described in the Power BI API Documentation, available at dev.PowerBI.com. These rate limits and restrictions are subject to change from time to time at Microsoft’s sole discretion, effective immediately upon posting. Microsoft may, in its sole discretion, limit the: (i) rate at which the service, or any subset of it, may be called, (ii) the amount of storage made available to each service account, and/or (iii) the length of individual content segments that may be uploaded to, or served from, the service (all of the foregoing being forms of “Throttling”). Microsoft may perform this Throttling globally across the entire Power BI API, per end user, or on any other basis. You will not take steps to circumvent any technical measures we may put in place to enforce Throttling, and you understand and agree that programmatic methods intended to subvert rate limiting (including maintaining a cache of the data) are considered a violation of these API Terms.

d. Modifications. Microsoft reserves the right to release subsequent versions of the Power BI API and to require you to obtain and use the most recent version. If a modification is unacceptable to you, please stop using the Power BI API. If you continue to access the Power BI API, you will be deemed to have accepted the modifications.

e. Limitations and Conditions of the service. We may use technology or other means to protect the Power BI API, protect our customers, or stop you from breaching these API Terms. These means may include, for example, filtering to stop spam or increase security. These means may hinder or break your use of the Power BI API, and you may not work around or attempt to thwart or disable any of these technical or other means.

3. Proprietary Rights

a. Microsoft Rights. For purposes of the API Terms, “Intellectual Property Rights” shall mean any and all rights existing from time to time under patent law, copyright law, semiconductor chip protection law, moral rights law, trade secret law, trademark law, unfair competition law, publicity rights law, privacy rights law, and any and all other proprietary rights, and any and all applications, renewals, extensions and restorations thereof, now or hereafter in force and effect worldwide. As between you and Microsoft, you acknowledge that Microsoft or its licensors own all right, title and interest, including without limitation all Intellectual Property Rights, in and to the Power BI API and all output of the Power BI API (excluding any software components developed by you which do not themselves incorporate the Power BI API or any output or executables of the Power BI API) and that you shall not acquire any right, title, or interest in or to the Power BI API, except as expressly set forth in the API Terms.

b. Attribution; Legal Notices. The images provided to you through the Power BI API may contain the trade names, trademarks, service marks, logos, domain names, and other distinctive brand features of Microsoft and its partners. You may not delete or in any manner alter these trade names, trademarks, service marks, logos, domain names, and other distinctive brand features. You agree to maintain, and not to remove, modify, obscure or alter, any links or notices appearing on any image provided through the Service. You acknowledge and agree that these Legal Notices supplement the API Terms for the Power BI API.

c. Digital Millennium Copyright Act. It is Microsoft’s policy to respond to notices of alleged infringement that comply with the Digital Millennium Copyright Act (“DMCA”). For directions and more information, please see the DMCA Notice section of the TOU.

4. Code of Conduct

You agree that you are responsible for your own conduct and content while using the Power BI API and for any consequences thereof. You agree to use the Power BI API only for purposes that are legal, proper, and in accordance with these API Terms and any applicable policies or guidelines.

a. Appropriate conduct. In using the Power BI API and developing applications, you must:

  • Obey the law;
  • Obey any codes of conduct or other notices we provide;
  • Keep any service account password secret;
  • Promptly notify us if you learn of a security breach related to the Power BI Service and the Power BI API.

b. Prohibited uses. In using the Power BI API and developing applications, you will not:

  • defame, abuse, harass, stalk, threaten or otherwise violate the legal rights (such as rights of privacy and publicity) of others;
  • upload, post, email or transmit or otherwise make available any inappropriate, defamatory, infringing, obscene, or unlawful content;
  • upload, post, email or transmit or otherwise make available any content that infringes any patent, trademark, copyright, trade secret or other proprietary right of any party, unless you are the owner of the rights or have the permission of the owner to post such content;
  • upload, post, email or transmit or otherwise make available messages that promote pyramid schemes, chain letters or disruptive commercial messages or advertisements, or anything else prohibited by law, these API Terms or any applicable policies or guidelines;
  • use the Power BI API in connection with or to promote any products, services, or materials that constitute, promote or are used primarily for the purpose of dealing in: spyware, adware, or other malicious programs or code;
  • download any file posted by another that you know, or reasonably should know, that cannot be legally distributed in such manner;
  • impersonate another person or entity, or falsify or delete any author attributions, legal or other proper notices or proprietary designations or labels of the origin or source of software or other material;
  • restrict or inhibit any other user from using and enjoying access to Power BI API;
  • use Power BI API for any illegal or unauthorized purpose;
  • remove any copyright, trademark or other proprietary rights notices contained in or on Power BI API;
  • interfere with or disrupt Power BI API or servers or networks connected to Power BI services, or disobey any requirements, procedures, policies or regulations of networks connected to Power BI API;
  • use any robot, spider, site search/retrieval application in relation to Power BI API or collect information about users for any unauthorized purpose;
  • submit content that falsely expresses or implies that such content is sponsored or endorsed by Microsoft;
  • create user accounts by automated means or under false or fraudulent pretenses, or obtain or attempt to obtain multiple keys for the Power BI API;
  • promote or provide instructional information about illegal activities or promote physical harm or injury against any group or individual; or
  • transmit any viruses, worms, defects, Trojan horses, or any items of a destructive nature.
  • sell, lease, share, transfer, or sublicense the Power BI API or access codes thereto, whether for direct commercial or monetary gain or otherwise, without Microsoft’s prior, express, written permission; or
  • use the Power BI API in a manner that exceeds reasonable request volume, constitutes excessive or abusive usage, or otherwise fails to comply or is inconsistent with any part of the Power BI API documentation located within dev.PowerBI.com as determined by Microsoft in its sole discretion;
  • request data on behalf of one user in order to show, display, transmit, or deliver such data to other users.

The immediately preceding prohibited uses are by way of example, and not as a limitation. Microsoft reserves the right, in its sole discretion, to determine whether your use of the Power BI API is in accordance with these API Terms.

5. Privacy.

All access to, and use of, the Power BI API is subject to the Power BI Privacy Statement, which is available here (which may be updated from time to time).  Nothing in these API Terms provide for the collection or transfer of any personally identifiable information of internet users between the parties.  You must maintain a prominent online privacy policy for your websites and applications that access the Power BI API.  This privacy policy, at a minimum, must include a full, accurate, and clear disclosure regarding the placement, use, and reading of cookies and related technologies, and your collection and use of data in relation to activity by users of your websites and applications.

6. User Authentication and Security.

Microsoft takes end user security and privacy very seriously, and you agree to give us all necessary assistance for the operation of your Application in compliance with these API Terms and any applicable laws.

a. Securing User Consent. You are solely responsible for securing clear, express consent from the user, granting you permission to access such user’s Power BI account, including if applicable, retrieving user-specific information, or writing information to such user’s account. You will strictly comply with the scope of express consent they granted you when accessing such user’s Power BI account.

b. Contact and Cooperation. You (or the contacts that you have registered in Azure Active Directory along with your application) must be reachable at all times for security questions or concerns. You can change this name or contact by updating your tenant information in Azure Active Directory.

c. Virus Precautions. All materials, including software and documents, that you provide to Microsoft, must be checked with up-to-date Internet industry standard antivirus and anti-worm software, and be determined to be virus-free and worm-free. Any data provided to Microsoft must not contain harmful scripts or code.

d. Industry Standards. Your networks, operating system and software for web server(s), routers, databases, and computer systems (“Systems”) must be properly configured to Internet industry standards, as required to securely operate your Application. If you do not completely control any aspect of the System, you will use all control or influence that you have over such Systems and/or selection of Systems, and you will not architect or select Systems in a manner as to avoid the foregoing obligation. An example of an unacceptable server is one that operates as an open proxy. An example of architecting in an unacceptable manner would be to select a server operated by a vendor with substandard security practices, so that you could contend that you do not control such server, in order to avoid having to select an acceptable server.

e. Reporting. You must promptly report any security deficiencies in, or intrusions to, your Systems that you discover to Microsoft in writing via email to devpbi@microsoft.com. You will work with Microsoft to immediately correct any security deficiency, and will disconnect immediately any intrusions or intruder. In the event of any such security deficiency or intrusion, you will make no public statements (i.e. press, blogs, bulletin boards, etc.) without prior written and express permission from Microsoft in each instance.

f. Control Access to Systems. To the extent you have control or influence over the Systems, you will log (in a time and date-stamped fashion) all instances of access to the Systems. You will encrypt the password and username files for the Systems that store or process any Power BI user data that you are permitted by Microsoft to access. Passwords must be unique, unintuitive, and changed often. You will minimize access to and use of the passwords. Wherever possible, commands which require additional privileges should be securely logged (with time and date) to enable a complete audit trail of activities. When an individual terminates his or her employment with you, his or her passwords and access password facilities must be terminated immediately.

g. Security Reviews. Microsoft will have the right, but is not obligated to, at its own expense to have an independent third party, inspect and review your compliance with these security provisions. You will (at your own expense) correct any security flaws detected by such a review as soon as possible. You will then promptly certify to Microsoft in writing that the security flaw has been corrected, along with a description of the corrective action(s) taken. Microsoft will give you 48 hours’ notice before conducting such a review. Any such review will be conducted during regular business hours in such a manner as not to interfere with normal business activities. If a review reveals a material breach of any of these security provisions, you will reimburse Microsoft for the reasonable costs of the review.

h. You are also required to comply with the requirements and documentation described in the Security Requirements and Documentation attached as Exhibit A to these API Terms.

7. Support and Availability.

Microsoft may elect to provide you with support or modifications for the Power BI API (collectively, “Support”), in its sole discretion. Microsoft may change, suspend, or discontinue any aspect of the Power BI API at any time, including the availability of the Power BI API. Microsoft may also impose limits on certain features and services or restrict your access to parts or all of the Power BI API or the Power BI Web site without notice or liability.

8. Fees and Payments.

Microsoft reserves the right to charge fees for future use of, or access to, the Power BI API in Microsoft’s sole discretion. If Microsoft decides to charge for the Power BI API, such charges will be disclosed to you by prior written notice.

9. Disclaimer of Any Warranty.

THE POWER BI API IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITH NO WARRANTY, EXPRESS OR IMPLIED, OF ANY KIND. MICROSOFT EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES AND CONDITIONS, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AVAILABILITY, SECURITY, TITLE AND NON-INFRINGEMENT.

MICROSOFT DOES NOT REPRESENT OR WARRANT THAT THE POWER BI API IS FREE OF INACCURACIES, ERRORS, BUGS, OR INTERRUPTIONS, OR IS RELIABLE, ACCURATE, COMPLETE, OR OTHERWISE VALID. MICROSOFT MAKES NO WARRANTY THAT (i) THE POWER BI API WILL MEET YOUR REQUIREMENTS, (ii) THE ACCESS TO POWER BI API SERVICE WILL BE UNINTERRUPTED, (iii) THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE POWER BI API WILL BE ACCURATE OR RELIABLE, (iv) THE QUALITY OF ANY PRODUCTS, SERVICES, INFORMATION, OR OTHER MATERIAL OBTAINED BY YOU THROUGH THE POWER BI API WILL MEET YOUR EXPECTATIONS, AND (v) ANY ERRORS IN THE POWER BI API WILL BE CORRECTED.

YOUR USE OF THE POWER BI API IS AT YOUR OWN DISCRETION AND RISK, AND YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE THAT RESULTS FROM THE USE OF POWER BI API.

10. Limitation of Liability.

NOTWITHSTANDING ANY OTHER PROVISION CONTAINED IN THESE API TERMS, MICROSOFT’S MAXIMUM AGGREGATE LIABILITY TO YOU FOR ANY AND ALL CLAIMS ARISING OUT OF OR IN CONNECTION WITH THESE API TERMS, ITS TERMINATION, OR EXPIRATION, WHETHER SUCH LIABILITY ARISES FROM ANY CLAIM BASED UPON CONTRACT, WARRANTY, TORT, FAILURE OF ESSENTIAL PURPOSE, TRADE USAGE, OR OTHERWISE, WILL IN NO CASE EXCEED THE USD $10.00. YOU CAN'T RECOVER ANY OTHER DAMAGES OR LOSSES, INCLUDING, WITHOUT LIMITATION, CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT, INCIDENTAL, OR PUNITIVE. THESE LIMITATIONS AND EXCLUSIONS APPLY IF THIS REMEDY DOESN'T FULLY COMPENSATE YOU FOR ANY LOSSES OR FAILS OF ITS ESSENTIAL PURPOSE OR IF WE KNEW OR SHOULD HAVE KNOWN ABOUT THE POSSIBILITY OF THE DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY LAW, THESE LIMITATIONS AND EXCLUSIONS APPLY TO ANYTHING RELATED TO THESE API TERMS SUCH AS LOSS OF CONTENT; ANY VIRUS AFFECTING YOUR USE OF THE POWER BI API; DELAYS OR FAILURES IN STARTING OR COMPLETING TRANSMISSIONS OR TRANSACTIONS; CLAIMS FOR BREACH OF CONTRACT, WARRANTY, GUARANTEE, OR CONDITION; STRICT LIABILITY, NEGLIGENCE, MISREPRESENTATION, OR OMISSION; OR OTHER TORT; VIOLATION OF STATUTE OR REGULATION; OR UNJUST ENRICHMENT. SOME OR ALL OF THESE LIMITATIONS OR EXCLUSIONS MAY NOT APPLY TO YOU IF YOUR STATE, PROVINCE, OR COUNTRY DOESN'T ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL, CONSEQUENTIAL, OR OTHER DAMAGES.

11. Indemnification.

You will indemnify and hold Microsoft (and its directors, officers, affiliates, and agents) harmless from, and against, any and all loss, liability, and expense (including reasonable attorneys’ fees and costs) suffered or incurred by reason of any claims, proceedings, or suits based on or arising out of any breach (or alleged breach) by you of this contract, or any part of it, that otherwise relates to your website(s), your application(s), or your use of the Power BI API.  You will be solely responsible for defending any such claim using mutually-agreed counsel, subject to Microsoft’s right to participate with counsel it selects, and you will not publicize any claim or agree to any settlement that imposes any obligation or liability on Microsoft (or its directors, officers, affiliates, and agents) without Microsoft’s prior written consent, such consent provided by Microsoft in its sole discretion.

12. Term/Termination.

These API Terms will become effective upon your first use of the Power BI API and continue until terminated by either party. You may terminate these API Terms by discontinuing use of the Power BI API. Microsoft may terminate these API Terms at any time for any reason. These API Terms terminate automatically if (i) you violate any term of these API Terms or the TOU, (ii) Microsoft publicly posts a written notice of termination on Power BI’s web site, (iii) Microsoft sends a written notice of termination to you, or (iv) Microsoft ceases providing access to the Power BI API to you.  The parties’ obligations under Sections 3, 9, 10, 11, 12, 15, 16, 17, 18 and 19 shall survive termination or expiration of these API Terms for any reason.

13. Assignment.

We may assign this contract, in whole or in part, at any time with or without notice to you. You may not assign this contract, or any part of it, to any other person or party without our prior written consent, which will not be unreasonably withheld. Any attempt by you to do so is void. You may not transfer to anyone else, either temporarily or permanently, any rights to use the Power BI API or any part of the Power BI API.

14. No Third Party Beneficiaries.

This agreement is solely for the benefit of you and Microsoft. It is not for the benefit of any other party, except for permitted successors and assigns under this contract.

15. Severability.

If any court of competent jurisdiction determines that any provision of these API Terms is illegal, invalid or unenforceable, the remaining provisions will remain in full force and effect.

16.  Notices

You consent to Microsoft providing you notifications about the Power BI API or information the law requires us to provide via email to the address that you specified when you signed up for the Power BI API. Notices emailed to you will be deemed given and received when the email is sent. If you don't consent to receive notices electronically, you must stop accessing the Power BI API.

17. No Waiver of Rights by Microsoft.

Microsoft’s failure to exercise or enforce any right or provision of the API Terms shall not constitute a waiver of such right or provision.

18. Governing Law; Jurisdiction.

The laws of the State of Washington govern these API Terms. If federal jurisdiction exists, the parties consent to exclusive jurisdiction and venue in the federal courts in King County, Washington. If not, the parties consent to exclusive jurisdiction and venue in the Superior Court of King County, Washington. If either Microsoft or you employ attorneys to enforce any rights arising out of or relating to these API Terms, the prevailing party will be entitled to recover its reasonable attorneys’ fees, costs, and other expenses, including the costs and fees incurred on appeal or in a bankruptcy or similar action.

19. Entire Agreement

These API Terms constitute the entire agreement between Microsoft and you with respect to the subject matter hereof.

Exhibit A

Security Requirements and Documentation

Security Requirements:

1. Partner will provide Microsoft with all relevant security documentation (including but not limited to security policy, incident response policy, risk assessment, data classification, code and binary static and dynamic analysis artifacts, pen test results, third party components used, etc.);

2. Provide explicit documentation of Partner use of Power BI customer data (purpose of use, specific Power BI data used, transmission, storage, etc.) and make this available to users;

3. Assert that vulnerabilities identified that could affect Power BI customers will be addressed in a timely manner;

4. Assert that Microsoft is authorized to test the security of third party offerings as coordinated between Microsoft and you;

5. You will only keep data that is necessary to perform their stated purpose, and will delete unnecessary and extra information as appropriate;

6. All Microsoft data will be deleted/destroyed from your systems upon termination of your relationship with Microsoft.

Security Documentation

If retention of Microsoft customer data is deemed required for the integration, the following security documentation will be provided upon request:

1. Description of system architecture (including location, purpose of critical system components, highlight systems that will access Power BI customer data, how Microsoft data is stored, transmitted, etc.)

2. Security certifications or reports (SSAE16, SOC2, ISO27001, etc.)

3. Physical security measures for relevant systems

4. Any third parties involved in system, produce relevant contracts and security information

5. Your access controls model

6. Security specific systems in place (IDS, HIDS, vulnerability scanning)

7. The roles responsible for security (team and management)

8. How are privileged system account credentials protected

9. How access to systems is provisioned, de-provisioned, monitored

10. What employee roles are granted access to relevant systems

11. Any auditing, monitoring and logging in place

12. Application security process (secure development best practices, security testing, etc.)

13. Any procedures for incident response and disaster recovery

14. Process for addressing security patches

15. Process for applying any third party security patches to the system for third party components that are in use

16. How Power BI customer data is protected in storage and in transit when used by the application