Digital.ai Arxan Terms (Digital.ai Flex Point Product)
- Defined Terms.
"Application” shall mean Client’s software application, consisting of a standalone executable program identified by name, listed on the applicable Order. Client may have one or more Applications that each requires an Application Development License.
“Application Development License” means the right of a Client to use the Arxan Software pursuant to the license grant set forth in Section 2.1 and the terms and conditions of the Addendum and the Order.
“Application Production License” is the license granted to Client pursuant to Section 2.2, to use Arxan Software to protect and distribute protections within a specific application.
“Arxan Software” means (i) the computer programming code, Guard Libraries, Tools, and accompanying Documentation, including patches, updates or upgrades (if any), provided by Supplier under the Order, and (ii) all permitted modifications thereto and full or partial copies thereof, whether such modifications or copies are provided by Supplier, derivative works by Supplier or Client, or a third party.
“Development Location” means the specific address of each Client site or facility where the Arxan Software is installed and used or accessed from, as specified in an Order and approved by Supplier.
“End User” means any entity to which Client provides a Target Application for further distribution or such entity’s own use, pursuant to an End User License Agreement.
“End User License Agreement” means a written license agreement in a commercially reasonable form, pursuant to which Client may sublicense to Client’s End Users the Run-Time Modules that are incorporated into a Target Application.
“Guard Libraries” means a collection of the Object Code software modules delivered in an object library form and containing Supplier’s protection technology known as “Guards.”
“Object Code” means computer programming code in the form not readily perceivable by humans and suitable for machine execution without the intervening steps of interpretation or compilation.
“Run-Time Module” means components of Supplier’s protection technology solely in Object Code form, to be incorporated into a Target Application as inseparably incorporated code.
“Source Code” means computer programming code in human readable form that is not suitable for machine execution without the intervening steps of interpretation or compilation.
“Target Application” means an item, computer code, software, device or system developed by Client that contains a Run-Time Module(s) or any portion thereof.
“Threat Event” means a message from a deployed Target Application containing anonymized threat related data from the End User.
“Threat Analytics” means the services provided by Supplier to measure, monitor and report on Threat Events.
“Tools” means the programs and object code provided by Supplier under these Arxan Terms that are intended for Client’s internal use in developing applications and not for incorporation into Target Applications or for distribution.
- License Grants.
2.1 Application Development License. Subject to Client’s compliance with the terms and conditions of the Addendum and the Order, including payment of any applicable fees, Supplier hereby grants to Client, for the term of the applicable Order, a restricted, personal, non-transferable, non-exclusive, revocable (in the event of breach), non-sublicensable, internal-use License to install the Arxan Software, solely for the number of licensed Applications listed in the applicable Order, and on platforms specified in such Order as licensed for such Arxan Software and located at each Development Location listed in the Order, solely to prepare to introduce the applicable Applications into production use pursuant to Section 2.2.
2.2 Production License. Subject to Client’s compliance with the terms and conditions of the Addendum and the Order, including payment of any applicable fees, Supplier hereby grants to Client, for the term of the applicable Order, a restricted, personal, non-transferable, non-exclusive, revocable (in the event of breach), non-sublicensable (other than as set forth in this Section 2.2), fee-bearing license (unless specifically noted otherwise): (i) to reproduce the number of copies of the Run-Time Modules authorized in the Order, solely in Object Code; and (ii) to distribute such copies of the Run-Time Modules to End Users worldwide solely as inseparably embedded content in the Target Application, subject to an End User License Agreement.
- Additional Terms.
3.1 Third Party Target Application Approval. Supplier is not responsible for the acceptance or rejection of Client’s Target Application, which could be subject to third party approval. (e.g., Apple Inc.’s App Store for iOS).
3.2 End User License Agreements. Client shall ensure that each Run-Time Module distributed by Client is accompanied by an End User License Agreement containing terms no less protective of Supplier’s rights in the Arxan Software than those contained in the Prior Agreement (as modified by the Addendum and/or the Order).
3.3 Beta Software. Supplier may offer Client access to beta software that are being provided prior to general release, but Supplier does not make any guarantees that these services will be made generally available (“Beta Software”). Client agrees that the Beta Software may contain bugs, errors and other defects, and use of the Beta Software is at Client’s sole risk. Client acknowledges that its use of Beta Software is on a voluntary and optional basis, and Supplier has no obligation to provide technical support and may discontinue provision of Beta Software at any time in Supplier’s sole discretion and without prior notice to Client. Beta Software are offered “AS-IS”, and to the extent permitted by applicable law, Supplier disclaims any liability, warranties, indemnities, and conditions, whether express, implied, statutory or otherwise. If Client is using Beta Software, Client agrees to receive related correspondence and updates from Supplier, and Client acknowledges that opting out may result in cancellation of Client’s access to the Beta Software. If you provide feedback (“Feedback”) about the Beta Service, you agree that we own any Feedback that you share with us. For the Beta Services only, these Terms supersede any conflicting terms and conditions in the Agreement, but only to the extent necessary to resolve conflict.
3.4 Use On-Site. The Arxan Software may be used only at Client’s premises and only by Customer’s employees and independent contractors at such premises. In each case the Arxan Software may only be used by independent contractors and employees who (a) have a need to know for the purposes of integrating Arxan Software into Client’s Application and are under a suitable written non-disclosure agreement that does not permit disclosure or use except as otherwise permitted; and (c) are engaged on a basis such that, as between Client and such persons or entities performing the services.
3.5 Penetration Testing. Supplier authorizes Client to conduct a penetration test of security vulnerabilities in the Target Application that incorporates the Run Time Modules (“Pen Test”), which may be conducted either directly by Client or by a third party engaged by Client. Client shall notify Supplier in writing of any third party it selects for the Pen Test. Client shall be responsible for any third party fees for the Pen Test. Supplier will receive a copy of the Pen Test results, which shall be deemed the Confidential Information of Supplier.
3.6 Consequences of Expiration or Termination. Upon expiration or termination of the Order, Client may retain one (1) copy of the Run-Time Modules to support existing End Users provided that Client is then current with payments due to Supplier. Solely in the event of a termination of the Order for Supplier’s material breach, Client shall, for a period not to exceed sixty (60) days after the effective date of termination, have the right to sell, pursuant to the terms of the Order and these Arxan Terms, any remaining Target Applications which were in Client’s inventory as of the effective date of the termination, provided that Client continues to pay any applicable fees due to Supplier.
3.7 Reporting. Supplier reserves the right, and Client authorizes Supplier, to remotely gather data on usage of the Arxan Software, including license key numbers, IP addresses or other applicable device identifier (including MAC address or unique device identifier (UDID)), and other relevant information, for billing purposes and to ensure that the Arxan Software is being used in accordance with the terms of the Addendum and the Order. Supplier reserves the right to remedy violations of any of the terms of the Addendum, the Order and these Arxan Terms immediately upon discovery, by charging the then current list price of for the rights being exercised to the payment instrument used to make the original, authorized purchase, or by any other means necessary, including remotely disabling the Arxan Software. Unless otherwise agreed upon, Client agrees that the server(s) on which the Arxan Software will be installed will be connected at all times to the Internet and not to block, electronically or otherwise, the transmission of data required for compliance with the Order and these Arxan Terms. Any blocking of data required for compliance under the Addendum or the Order is a material breach of the Addendum and the Order.
3.8 License Management. The Arxan Software contains license management functionality that enforces the limitations of the applicable licenses and may cause the Arxan Software to cease operating upon expiration or termination of the license. Client shall not circumvent, or attempt to circumvent, any license management, security devices, access logs, or other measures provided in connection with the Arxan Software, or permit or assist any User or any third party to do the same. Client must follow the recommended installation procedures for each Arxan Software product licensed under the Order. Client’s failure to follow the recommended installation procedures is a breach of the Addendum and the Order. It is Client’s responsibility to contact Supplier regarding any potential expiration that Client deems inappropriate. Supplier shall not liable for any damages or costs incurred in connection with expired licenses.
3.9 Consent to End User Collected Data. Client agrees that Supplier may collect and use technical data and related information (including, but not limited to, technical information about Client’s devices, server, system and application software, and peripherals, and device fingerprints) that is gathered periodically to facilitate the provision of software updates, product support, and other services to Client (if any) related to the Arxan Software and to monitor compliance with and determine billing under the Order and these Arxan Terms.
3.10 Utilizing Threat Analytics Service. If Client is processing and utilizing Threat Analytics in-house, and on premise within their Development Location, Client shall provide all data processed to Supplier no later than a week after the Threat Event has been decrypted.
3.11 Threat Events Data Retention. Supplier reserves the right, and Client authorizes Supplier, to purge collected Threat Events thirty (30) days after such data has been received, and in such a manner that the data may be irretrievable. Client agrees that processing, utilization and storage of Threat Events may be limited to a certain amount agreed to by the parties.
3.12 Applicable Laws; Hosting. Client represents and warrants that Client and its End Users’ use of the Arxan Software and/or distribution of any Target Application shall comply with all applicable laws and regulations. Client shall independently determine whether use of the Arxan Software and/or distribution of any Target Application are suitable in light of applicable laws and regulations, including, without limitation, GLBA, HIPAA, and GDPR. Client acknowledges that Supplier shall have no liability in the event that Client utilizes the Arxan Software and/or distributes a Target Application that does not meet the requirements of such applicable laws. If Client or any End User is located in the European Economic Area, Client represents and warrants that it shall obtain all appropriate consents, make all necessary disclosures, and otherwise conform to all applicable laws of the EEA related to any End Users’ personal data collected or otherwise processed by the Software and/or a Target Application.
Last updated August 2020 v1