Terms and Conditions of Use

1. Introduction and Acceptance

These Terms and Conditions ("Terms") govern your access to and use of the APEX Framework Visualiser application and related services ("APEX" or "Service") provided by Decoy Privacy Consultants Ltd. ("Decoy Privacy," "we," "us," or "our"), a company registered in Canada.

By accessing or using APEX, you ("User," "you," or "your") agree to be bound by these Terms. If you are using APEX on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these Terms, and references to "you" shall include both you and that organization.

If you do not agree to these Terms, you must not access or use the Service.

2. Definitions

"APEX" means the APEX Framework Visualiser application, including all features, functionality, content, and associated documentation.

"Framework Content" means the regulatory frameworks, control libraries, standards, and compliance mappings made available through APEX, including but not limited to SOC2, GDPR, HIPAA, ISO 27701, NIST AI RMF, and other governance frameworks.

"User Data" means data, information, and content that you submit, upload, or create while using APEX, including assessments, configurations, customizations, and reports.

"Subscription Period" means the period for which you have purchased or been granted access to APEX.

"Documentation" means any user guides, training materials, and technical documentation provided by us in connection with APEX.

3. License Grant and Restrictions

3.1 License Grant

Subject to your compliance with these Terms and payment of applicable fees, we grant you a limited, non-exclusive, non-transferable, non-sublicensable license to access and use APEX during the Subscription Period solely for your internal business purposes related to governance, risk management, and compliance activities.

3.2 License Restrictions

You shall not, and shall not permit any third party to:

1. Copy, modify, adapt, translate, or create derivative works based on APEX or Framework Content;
2. Reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of APEX;
3. Rent, lease, loan, sell, sublicense, distribute, or otherwise transfer APEX or any rights granted herein;
4. Remove, alter, or obscure any proprietary notices, labels, or marks on APEX;
5. Use APEX to develop a competing product or service;
6. Access APEX to build a product using similar ideas, features, functions, or graphics;
7. Use APEX in any manner that violates applicable laws or regulations;
8. Attempt to gain unauthorized access to any portion of APEX or related systems;
9. Interfere with or disrupt the integrity or performance of APEX;
10. Use automated means to access APEX except as explicitly permitted;
11. Share your login credentials with any third party or allow multiple users to access APEX using a single account unless expressly permitted under your subscription plan.

4. User Accounts and Responsibilities

4.1 Account Registration

To access APEX, you must create an account by providing accurate, current, and complete information. You agree to maintain and promptly update your account information to ensure its accuracy.

4.2 Account Security

You are responsible for maintaining the confidentiality of your account credentials, for all activities that occur under your account, and for notifying us immediately of any unauthorized access or security breach. We reserve the right to suspend or terminate accounts that have been inactive for extended periods or that we reasonably believe have been compromised.

4.3 User Conduct

You agree to use APEX in a professional manner consistent with its intended purpose. You shall not:

• Upload or transmit any malicious code, viruses, or harmful content;
• Use APEX to store or transmit infringing, libelous, or unlawful material;
• Interfere with other users' use and enjoyment of APEX;
• Attempt to probe, scan, or test vulnerabilities in APEX.

5. Intellectual Property Rights

5.1 Our Intellectual Property

APEX, including all software, Framework Content, methodologies (including the APEX methodology), design, structure, organization, documentation, trademarks, logos, and all intellectual property rights therein, is and shall remain the exclusive property of Decoy Privacy Consultants Ltd. and its licensors. The APEX Framework methodology, including its four-level hierarchy (Principles → Capabilities → Requirements → Controls), is proprietary to Decoy Privacy Consultants Ltd.

5.2 Framework Content

Framework Content is provided for informational and operational purposes. While we strive for accuracy, you are responsible for verifying the applicability and interpretation of any Framework Content for your specific use case. Framework Content does not constitute legal advice.

5.3 User Data

You retain all rights, title, and interest in and to your User Data. By using APEX, you grant us a limited license to host, copy, transmit, and display your User Data solely as necessary to provide the Service and as described in our Privacy Policy.

5.4 Feedback

If you provide suggestions, ideas, or feedback about APEX ("Feedback"), you grant us a perpetual, irrevocable, worldwide, royalty-free license to use, modify, and incorporate such Feedback into our products and services without any obligation to you.

6. Fees and Payment

6.1 Subscription Fees

Access to APEX is provided on a subscription basis. Fees are specified in your subscription plan or order form. All fees are exclusive of applicable taxes unless otherwise stated.

6.2 Payment Terms

Payment is due in accordance with the terms specified in your subscription plan. We reserve the right to suspend or terminate your access for non-payment.

6.3 Refund Policy

Subscription fees are non-refundable except as required by applicable law or as expressly stated in your subscription agreement.

6.4 Fee Changes

We reserve the right to modify our fees upon thirty (30) days' notice. Fee changes will apply to subsequent Subscription Periods.

7. Data Protection and Privacy

7.1 Privacy Policy

Our collection, use, and protection of personal data is governed by our Privacy Policy, which is incorporated into these Terms by reference. By using APEX, you consent to our Privacy Policy.

7.2 Data Security

We implement reasonable technical and organizational measures to protect User Data. However, no system is completely secure, and we cannot guarantee absolute security.

7.3 Data Processing

Where applicable, data processing terms shall be governed by a separate Data Processing Agreement (DPA) which incorporates standard contractual clauses as required by applicable data protection laws.

7.4 Data Retention

We will retain User Data during the Subscription Period and for a reasonable period thereafter as necessary for backup, legal compliance, or as specified in your subscription agreement. You may request deletion of your User Data as provided in our Privacy Policy.

8. Service Availability and Modifications

8.1 Service Availability

We strive to maintain APEX availability but do not guarantee uninterrupted or error-free access. APEX may be temporarily unavailable due to maintenance, updates, or circumstances beyond our reasonable control.

8.2 Maintenance and Updates

We reserve the right to perform scheduled and emergency maintenance. We will provide reasonable notice of scheduled maintenance when practical.

8.3 Service Modifications

We may modify, update, or discontinue features of APEX at any time. We will provide reasonable notice of material changes that adversely affect your use of APEX.

8.4 No Service Level Agreement

Unless expressly agreed in a separate Service Level Agreement (SLA), no specific uptime guarantees or service levels are provided under these Terms.

9. Warranties and Disclaimers

9.1 Limited Warranty

We warrant that APEX will perform substantially in accordance with the Documentation during the Subscription Period when used as authorized under these Terms.

9.2 Disclaimer of Warranties

EXCEPT AS EXPRESSLY PROVIDED IN SECTION 9.1, APEX IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, WE DISCLAIM ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO:

• IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT;
• WARRANTIES REGARDING ACCURACY, RELIABILITY, OR COMPLETENESS OF FRAMEWORK CONTENT;
• WARRANTIES THAT APEX WILL MEET YOUR REQUIREMENTS OR BE UNINTERRUPTED, SECURE, OR ERROR-FREE;
• WARRANTIES REGARDING THE RESULTS OBTAINED FROM USE OF APEX.

9.3 No Legal or Compliance Advice

APEX AND FRAMEWORK CONTENT ARE PROVIDED FOR INFORMATIONAL AND OPERATIONAL PURPOSES ONLY AND DO NOT CONSTITUTE LEGAL, COMPLIANCE, OR PROFESSIONAL ADVICE. YOU ARE SOLELY RESPONSIBLE FOR ENSURING YOUR COMPLIANCE WITH APPLICABLE LAWS, REGULATIONS, AND STANDARDS. YOU SHOULD CONSULT WITH QUALIFIED LEGAL AND COMPLIANCE PROFESSIONALS REGARDING YOUR SPECIFIC CIRCUMSTANCES.

10. Limitation of Liability

10.1 Exclusion of Consequential Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL DECOY PRIVACY CONSULTANTS LTD., ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, OR AGENTS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO:

• Loss of profits, revenue, data, or use;
• Business interruption;
• Loss of business opportunity;
• Cost of substitute services;
• Damage to reputation or goodwill;

ARISING OUT OF OR RELATED TO THESE TERMS OR THE USE OR INABILITY TO USE APEX, WHETHER BASED ON CONTRACT, TORT, STRICT LIABILITY, OR OTHER THEORY, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

10.2 Cap on Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, OUR TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS OR APEX SHALL NOT EXCEED THE TOTAL FEES PAID BY YOU TO US FOR APEX DURING THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY.

10.3 Exceptions

The limitations in this Section 10 shall not apply to:

1. Our gross negligence or willful misconduct;
2. Death or personal injury caused by our negligence;
3. Fraud or fraudulent misrepresentation;
4. Our breach of confidentiality obligations;
5. Our indemnification obligations under Section 11;
6. Any liability that cannot be excluded or limited under applicable law.

10.4 Essential Purpose

You acknowledge that these limitations of liability are reasonable and reflect the allocation of risk between the parties. The fees for APEX are based on these limitations, and APEX would not be economically feasible without them.

11. Indemnification

11.1 Your Indemnification

You agree to indemnify, defend, and hold harmless Decoy Privacy Consultants Ltd., its affiliates, and their respective officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising out of or related to:

1. Your breach of these Terms;
2. Your violation of applicable laws or third-party rights;
3. Your User Data;
4. Your use of APEX in a manner not authorized by these Terms;
5. Any claim that your User Data infringes or violates third-party intellectual property rights.

11.2 Our Indemnification

We will indemnify, defend, and hold you harmless from and against any third-party claims that APEX, when used in accordance with these Terms, infringes a valid patent, copyright, or trademark, provided that you:

1. Promptly notify us in writing of the claim;
2. Grant us sole control over the defense and settlement of the claim;
3. Provide reasonable cooperation in the defense of the claim at our expense.

If APEX becomes or is likely to become subject to an infringement claim, we may, at our option:

• Obtain the right for you to continue using APEX;
• Modify APEX to make it non-infringing;
• Replace APEX with a non-infringing alternative;
• Terminate your access and refund pre-paid fees for the unused portion of the Subscription Period.

This Section 11.2 states our entire liability and your exclusive remedy for intellectual property infringement claims.

12. Term and Termination

12.1 Term

These Terms commence when you first access APEX and continue for the duration of your Subscription Period unless earlier terminated as provided herein.

12.2 Termination for Convenience

Either party may terminate these Terms:

1. By providing written notice at least thirty (30) days prior to the end of the current Subscription Period;
2. Immediately upon written notice if the other party materially breaches these Terms and fails to cure such breach within fifteen (15) days of receiving written notice thereof.

12.3 Termination for Cause

We may immediately suspend or terminate your access to APEX if:

1. You fail to pay fees when due;
2. You breach the license restrictions in Section 3.2;
3. Your use of APEX poses a security risk or violates applicable laws;
4. You engage in fraudulent or abusive conduct;
5. We are required to do so by law or regulation.

12.4 Effect of Termination

Upon termination or expiration:

1. Your license to use APEX immediately terminates;
2. You must cease all use of APEX and delete any local copies;
3. We will make your User Data available for export for thirty (30) days, after which we may delete it;
4. Provisions that by their nature should survive (including Sections 5, 9, 10, 11, 12.4, and 14) shall survive termination.

12.5 No Refunds Upon Termination

Except as required by law, we are not obligated to refund fees upon termination for cause or termination by you for convenience.

13. Confidentiality

13.1 Confidential Information

"Confidential Information" means non-public information disclosed by one party ("Disclosing Party") to the other party ("Receiving Party") that is marked as confidential or that reasonably should be understood to be confidential given the nature of the information and circumstances of disclosure.

13.2 Obligations

The Receiving Party shall use Confidential Information only for purposes of exercising rights and performing obligations under these Terms, protect Confidential Information using the same degree of care it uses for its own confidential information (but no less than reasonable care), and not disclose Confidential Information to third parties except to employees, contractors, and advisors who need to know and are bound by confidentiality obligations.

13.3 Exceptions

Confidential Information does not include information that is or becomes publicly available through no breach of these Terms, was rightfully in the Receiving Party's possession prior to disclosure, is independently developed by the Receiving Party without reference to Confidential Information, or is rightfully received from a third party without confidentiality obligations.

13.4 Compelled Disclosure

The Receiving Party may disclose Confidential Information if required by law, provided it gives reasonable advance notice to the Disclosing Party (unless prohibited by law) to allow the Disclosing Party to seek protective measures.

14. General Provisions

14.1 Entire Agreement

These Terms, together with any referenced policies and agreements (including the Privacy Policy and any subscription agreement or order form), constitute the entire agreement between you and Decoy Privacy regarding APEX and supersede all prior agreements and understandings.

14.2 Amendments

We may modify these Terms at any time by posting updated Terms on our website or within APEX. Material changes will be effective upon notice to you or upon your continued use of APEX after the notice period. Your continued use of APEX following notice constitutes acceptance of the modified Terms.

14.3 Governing Law and Jurisdiction

These Terms shall be governed by and construed in accordance with the laws of [Jurisdiction], without regard to its conflict of law provisions. Any disputes arising out of or related to these Terms or APEX shall be subject to the exclusive jurisdiction of the courts of [Jurisdiction], and you consent to personal jurisdiction in such courts.

14.4 Dispute Resolution

Prior to initiating any legal proceedings, the parties agree to attempt to resolve disputes through good faith negotiation for a period of thirty (30) days. [Optional: Include arbitration or mediation provisions if desired]

14.5 Waiver

No waiver of any provision of these Terms shall be deemed or shall constitute a waiver of any other provision, nor shall any waiver constitute a continuing waiver. No failure to exercise or delay in exercising any right or remedy shall constitute a waiver.

14.6 Severability

If any provision of these Terms is found to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable.

14.7 Assignment

You may not assign or transfer these Terms or any rights hereunder without our prior written consent. We may assign these Terms without restriction. Any attempted assignment in violation of this provision is void.

14.8 Force Majeure

Neither party shall be liable for failure or delay in performance due to circumstances beyond its reasonable control, including acts of God, war, terrorism, riots, embargoes, acts of civil or military authorities, fire, floods, accidents, pandemics, strikes, or shortages of transportation, facilities, fuel, energy, labor, or materials.

14.9 Export Compliance

APEX may be subject to export control laws and regulations. You agree to comply with all applicable export and import laws and regulations and warrant that you are not located in, under the control of, or a national or resident of any restricted country.

14.10 Independent Contractors

The parties are independent contractors. These Terms do not create a partnership, franchise, joint venture, agency, or employment relationship between the parties.

14.11 Third-Party Beneficiaries

These Terms do not confer any rights or remedies upon any person or entity other than the parties and their respective successors and permitted assigns.

14.12 Notices

All notices under these Terms must be in writing and sent to the addresses specified in your account or subscription agreement. Notices to us should be sent to:

Decoy Privacy Consultants Ltd.
[Address]
[Email: legal@[domain].com]

Notices will be deemed given:

• When delivered personally;
• When sent by confirmed email;
• Three (3) business days after being sent by registered or certified mail;
• One (1) business day after being sent via overnight courier.

14.13 Language

These Terms are prepared in the English language. In the event of any conflict between an English version and a translation, the English version shall prevail.

14.14 Headings

Section headings are for convenience only and shall not affect the interpretation of these Terms.

15. Contact Information

For questions about these Terms or APEX, please contact us at:

Decoy Privacy Consultants Ltd.
Email: support@decoyprivacy.com
Website: www.decoyprivacy.com