1. Introduction
Secure Code Warrior Limited (“SCW” “we” “us”) provides the Secure Code Warrior API (SCW API) to you on the Terms of Service set out below (SCW API TOS).
The SCW API TOS sets out the rights and obligations that bind both your access to and use of the SCW API.
By accessing or using the SCW Service, you agree to be bound by the SCW API TOS (including the Privacy Collection Notice and Privacy Policy, incorporated here by reference).
By agreement to the SCW API TOS on behalf of a company or other third party, you represent that you have the authority to bind such entity to the SCW API TOS. In this case, the terms “you” or “your” shall also refer to such entity.
2. SCW License
Subject to your compliance with the SCW API TOS, We grant you a limited, non-exclusive, non-assignable, non-transferable, revocable license to access and use the SCW API to develop, test, and support any software application, website, or product, and to integrate the SCW API with your Application. The SCW License is subject to the limitations set out in Sections 3 to 9 below, and you agree that breach of Section 3 gives Us the right to terminate the SCW License immediately and without notice to you.
3. Access to and Use of the SCW API and Secure Code Warrior Data
Your access to and use of the SCW API is subject to the following limitations:
- Reliance on API. Secure Code Warrior reserves the right to make changes to the SCW Service. Where possible, We will provide prior notice of such changes.
- Applicable laws or agreements. You may not access or use the SCW Service in breach of any law or regulation, or rights of any person, including but not limited to intellectual property rights, rights of privacy, or rights of personality, or in any manner inconsistent with the SCW API TOS or any other agreements that you may have with Us.
- Scope of acceptable use. You may not use the SCW Service or any other technology in a manner that accesses or uses any information beyond what Secure Code Warrior allows under the SCW API TOS or the API Documentation; that (i) changes the Secure Code Warrior Service; (ii)breaks or circumvents any of Secure Code Warrior technical, administrative, process or security measures; (iii) disrupts or degrades the performance of the Secure Code Warrior Service or the SCW API; or (iv) tests the vulnerability of Secure Code Warrior systems or networks.
- Malware. You may not transmit any viruses or other computer programming that may damage, detrimentally interfere with, surreptitiously intercept, or expropriate any system or data.
- Reverse engineering. You may not reverse engineer (or attempt to) or otherwise derive source code, trade secrets, or know-how in the SCW API or portion thereof;
- Functionality. You may not access or use the SCW API (or attempt to) to replicate or compete with core products or services offered by Secure Code Warrior. You acknowledge and agree that Secure Code Warrior has or may in the future offer products or services that are similar to your Application, and nothing will prevent Secure Code Warrior from doing so;
- Commercial Use. You may charge a third party for your Application. However, you may not sell, rent, lease, sublicense, redistribute, or syndicate or otherwise make available access to or use of the SCW API to any third party.
- Advertising. You may place advertisements on and around your Application. However, you may not:
i. Place any advertisements within Secure Code Warrior channels, and your advertisements must not resemble or be reasonably likely to confuse or mislead users as being linked to, or endorsed by Us;
ii. Copy, use, reproduce, or otherwise make available SCW Data or any content from Secure Code Warrior in any advertisements or for purposes of targeting advertisements, in your Application or elsewhere; or
iii. Use contact information obtained from Secure Code Warrior (including email addresses) to contact Secure Code Warrior users. - Rate Limits. You will not attempt to exceed or circumvent limitations on access, calls and use of SCW API, or otherwise use the SCW API in a manner that exceeds reasonable request volume, constitutes excessive or abusive usage, or otherwise fails to comply or is inconsistent with any part of this the SCW API TOS or the API Documentation. Our present rate limits are 10 requests per second per IP address, as well as 10 requests per second per session/bearer token.
- Distribution of your Application. You may not distribute, allow access or otherwise make available the SCW API to any person or Third Party other than, if applicable, the company on whose behalf you entered into this SCW API TOS.
4. Use or reproduction of Secure Code Warrior Brand or Marks
You must not use the Secure Code Warrior Brand in any way or by any means, particularly that may suggest, imply or indicate that You, your company or service (or any combination) is endorsed, approved and/ or sponsored by, or in any way associated with Secure Code Warrior without our express prior permission. We also reserve the right to refuse such consent and or impose conditions as we see fit.
5. Storage of Data
- Caching Data. Where Data is cached, and to ensure that you are always accessing the most up-to-date information you should refresh the cache regularly, and at least every 24 hours.
- Secure Storage Measures. All sensitive Data must be encrypted in transit.
- Delete at User Request. You must delete all Data you have collected from a Secure Code Warrior user upon request by that user, and when the Secure Code Warrior user deauthorizes your Application or closes his or her account with you. Similarly, when a team stops using your Application, you should delete all Data obtained from that team. The restrictions of this Section do not apply to Data that Secure Code Warrior users also provide directly to you and that is separately entered or uploaded to you by the user of your Application.
- Deletion at Termination. If we terminate your access to and use of the SCW Services for any reason, then you must permanently delete all Data and any other information that you stored pursuant to your use of the SCW APIs, except where when doing so would cause you to violate any law or obligation imposed by a governmental authority. This provision does not require a Secure Code Warrior user to delete Data stored in Secure Code Warrior if the Secure Code Warrior user is prohibited from accessing the SCW API.
- No Other Storing. You may not copy or store any Data or capture or store any information expressed by the Data (such as hashed or transferred data), except to the extent permitted by the SCW API TOS.
6. Your User Agreement and Privacy Policy
If You offer your Application for use by third parties other than yourself or outside your organisation, you must maintain a user agreement and privacy policy for your Application, which is prominently identified or located where users download or access your Application. Your privacy policy must comply with applicable Privacy laws and regulations and accurately describe the collection, use, storage and sharing of data. You must promptly notify us of any breaches of your user agreement or privacy policy that impact or may impact Secure Code Warrior users.
7. Security Measures
- Protections. The network, operating system and software of your web servers, databases, and computer systems (collectively, “Your Systems”) must be properly configured to securely operate your Application and store Data. Your Application must use reasonable security measures to protect your users’ information. You must not architect or select Your Systems in a manner to avoid the foregoing obligation.
- Reporting. You must promptly report any security deficiencies in, or intrusions to, your Systems to Secure Code Warrior in writing via email to security@securecodewarrior.com or subsequent contact information posted on the Developer Site. This includes any unauthorised access, use, disclosure or destruction of Data. You will work with Secure Code Warrior to immediately correct any security deficiency, and will immediately disconnect any intrusions or intruder. In the event of any security deficiency or intrusion involving the Application, SCW API or Data, you will make no public statements regarding such deficiencies or intrusions (e.g., press, blogs, social media, bulletin boards, etc.) without prior written and express permission from Secure Code Warrior in each instance.
8. Ownership
As between You and Us, we own all rights, title, and interest, including all intellectual property rights, in and to, the (1) SCW API, API Documentation, and all elements and components thereof; (2) Data; (3) Secure Code Warrior Services; (4) Brand Features and (5) Secure Code Warrior trademarks (collectively, the “Secure Code Warrior Materials”). The only exception to this is Data that You have licensed to Secure Code Warrior under the Terms of Service, which governs that Data. Except for the express licenses granted in this SCW API TOS, Secure Code Warrior does not grant you any right, title, or interest in the Secure Code Warrior Materials. You agree to take such actions as Secure Code Warrior may reasonably request to protect Secure Code Warrior rights to the Secure Code Warrior Materials.
9. Term and Termination
- Duration of Terms. The SCW API TOS will take effect from the date you either “click to accept the terms or access the SCW APIs and will continue until terminated as set forth herein.
- Your Right to Terminate. You may terminate the SCW TOS at any time by discontinuing use of our APIs and the Secure Code Warrior Service.
- Suspension; Termination. We may change, suspend or discontinue the SCW API and suspend or terminate your use of the SCW API, the Secure Code Warrior API, and/or Secure Code Warrior Brand at any time and for any reason, without notice. Without limiting the foregoing, we may limit your Application’s access to the SCW API if it, in our sole discretion, may negatively affect the SCW API or our ability to provide the SCW API.
- Effect of Termination. Upon termination of the SCW API TOS:
i. All rights and licenses granted to you will terminate immediately;
ii. You will promptly destroy Documentation and any other Secure Code Warrior information in your possession or control that was received under this SCW API TOS;
iii. Unless we agree otherwise in writing or as stated in the SCW API TOS, you must permanently delete all Data and other information that you stored pursuant to your use of the SCW API. Secure Code Warrior may request that you certify in writing your compliance with this section; and
iv. Secure Code Warrior will make commercially reasonable efforts to remove all references and links to your Application from the SCW API (Secure Code Warrior has no other obligation to delete copies of, references to, or links to your Application). - The following sections of this SCW API TOS shall survive any termination, Sections 3 (“Access to and Use of the SCW API and Secure Code Warrior Data”), 4 (“Use or reproduction of Secure Code Warrior Brand or Marks”), 5(c) (“Delete at User Request”), 5(d) (“Deletion at Termination”), 6 (“Your User Agreement and Privacy Policy”), 7 (“Security Measures”), 8 (“Ownership”), 9 (“Term and Termination”), 10 (“Other Important Terms”), 11 (“Confidentiality”), 12 (“Disclaimer of Warranties; Limitation of Liability; Indemnity”), 13 (“Dispute Resolution”) and 14 (“General Legal Terms”).
10. Other Important Terms
- Legal Representations. You represent and warrant to Secure Code Warrior that, excluding Secure Code Warrior Materials, you have the right to use, reproduce, transmit, copy, publicly display, publicly perform, and distribute your Application, and that use of your Application by Secure Code Warrior and its users will not violate the rights of any third party (e.g., copyright, patent, trademark, privacy, publicity or other proprietary right of any person or entity), or any applicable regulation or law, the laws of any country in which your Application is made available and any applicable export laws.
- Modification of the SCW API TOS. We may change, add to or delete this SCW API TOS or any portion thereof from time to time in our sole discretion. If we make a material change to this SCW API TOS, we will provide you with reasonable notice prior to the changes either by emailing the email address associated with your account or by posting a notice on the Developer Site. You acknowledge that these updates and modifications may adversely impact how you access, use, and communicate with the SCW API. If any change is unacceptable to you, then your only remedy is to cease all access to and use of the SCW API. Your continued access or use of the SCW API will mean that you agree to the updates and modifications.
- Other Applicable Agreements. You and your Application must also comply with the following, which are hereby incorporated by reference:
i. Secure Code Warrior Terms of Service
ii. Secure Code Warrior Privacy Policy
iii. Secure Code Warrior Brand Guidelines (available on request)
In the event of any conflict between the content in this document and the above documents, this document controls your use of the SCW API.
11. Confidentiality
- Each party acknowledges and agrees that it may have access to Confidential Information on the other during the course of accessing and using the SCW API and agrees to keep such information confidential. For the purpose of this clause Confidential Information means any information, maintained in confidence by the disclosing Party, communicated in written or oral form, marked as proprietary, commercial-in-confidence, confidential or otherwise so identified and/ or any information that by its form, nature, content or mode of transmission would, to a reasonable recipient be deemed confidential or proprietary including without limitation, each party, employees, business plans, methods of operation, SCW products and or services including the SCW API the subject of this agreement. Confidential Information includes but is not limited to: (a) certain confidential and/ or proprietary financial, sales and distribution, marketing, research and development, organisational, technical and other business information, policies or practices and or related information; (b) any other information that is disclosed by one Party to the other and which relates to that parties commercial relationships, any actual or potential Users, and other third parties, Customers or Suppliers that either of them is, was or may be in a commercial relationship with.
- For clarity clause 11(a) does not apply to disclosure to:
i. Employees including the parties’ affiliate entities;
ii. Financial or other advisers; and
iii. as may be required by law.
12. Disclaimer of Warranties; Limitation of Liability; Indemnity
- NO WARRANTIES. THE SCW API AND ALL RELATED COMPONENTS AND INFORMATION ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT ANY WARRANTIES OF ANY KIND, AND SECURE CODE WARRIOR EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. YOU ACKNOWLEDGE THAT SECURE CODE WARRIOR DOES NOT WARRANT THAT THE SCW API WILL BE UNINTERRUPTED, TIMELY, SECURE, ERROR-FREE OR VIRUS-FREE, NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SCW API, AND NO INFORMATION, ADVICE OR SERVICES OBTAINED BY YOU FROM SECURE CODE WARRIOR OR THROUGH THE DEVELOPER SITE SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THE SCW API TOS.
- LIMITATION ON LIABILITY. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY (WHETHER IN CONTRACT, TORT, OR OTHERWISE) SHALL SECURE CODE WARRIOR BE LIABLE TO YOU OR ANY THIRD PARTY FOR (A) ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, CONSEQUENTIAL OR PUNITIVE DAMAGES, INCLUDING LOST PROFITS, LOST SALES OR BUSINESS, LOST DATA, OR (B) FOR ANY AMOUNT IN THE AGGREGATE IN EXCESS OF THE FEES ACTUALLY PAID BY YOU IN THE SIX (6) MONTHS PRECEDING THE EVENT GIVING RISE TO YOUR CLAIM OR, IF NO FEES APPLY, ONE HUNDRED ($100) AUSTRALIAN DOLLARS, OR (C) ANY MATTER BEYOND OUR REASONABLE CONTROL. THE PROVISIONS OF THIS SECTION ALLOCATE THE RISKS UNDER THIS TOS BETWEEN THE PARTIES, AND THE PARTIES HAVE RELIED ON THESE LIMITATIONS IN DETERMINING WHETHER TO ENTER INTO THE SCW API TOS. Some jurisdictions do not allow the exclusion of implied warranties or limitation of liability for incidental or consequential damages, which means that some of the above limitations may not apply to you. IN THESE JURISDICTIONS, SECURE CODE WARRIOR LIABILITY WILL BE LIMITED TO THE GREATEST EXTENT PERMITTED BY LAW.
- Indemnity. You agree to defend, hold harmless and indemnify Secure Code Warrior, and its subsidiaries, affiliates, officers, agents, employees, and suppliers, from and against any third party claim arising from or in any way related to your or your users’ use of the Application, SCW API or Data, use of Secure Code Warrior Brand, or violation of the SCW API TOS, including any liability or expense arising from all claims, losses, damages (actual and consequential), suits, judgments, litigation costs and attorneys’ fees, of every kind and nature. In such a case, we will provide you with written notice of such claim, suit, or action.
13. Dispute Resolution
The SCW API TOS and any claim, cause of action or dispute (“Claim”) arising out of or related to this Agreement shall be governed by the laws of England and Wales regardless of your country of origin or where you access the Secure Code Warrior API, and notwithstanding any conflicts of law principles and the United Nations Convention for the International Sale of Goods. You and Secure Code Warrior agree that all Claims arising out of or related to this Agreement must be resolved exclusively in the courts in England and Wales. You and Secure Code Warrior agree to submit to the personal jurisdiction of the courts located within England and Wales – and agree to waive any and all objections to the exercise of jurisdiction over the parties by such courts and to venue in such courts for the purpose of litigating all such Claims. Notwithstanding the above, you agree that Secure Code Warrior shall still be allowed to apply for injunctive remedies (or an equivalent type of urgent legal relief) in any jurisdiction.
14. General Legal Terms
- Severability. If any provision of the SCW API TOS is found to be illegal, void, or unenforceable, the unenforceable provision will be modified so as to render it enforceable to the maximum extent possible in order to effect the intention of the provision; if a term cannot be so modified, it will be severed and the remaining provisions of the SCW TOS will not be affected in any way.
- Language. Where Secure Code Warrior has provided you with a translation of the English language version of the SCW API TOS or any document referenced in the SCW API TOS, you agree that the translation is provided for your convenience only and that the English language versions of any such document, will control.
- Notice and Service of Process. We may notify you via postings on the Developer Site or via the email address associated with your Application or Secure Code Warrior Service account.
- Entire Agreement. The SCW API TOS and any documents incorporated into the SCW API TOS by reference, constitute the entire agreement between you and Secure Code Warrior regarding the SCW API and supersedes all prior agreements and understandings, whether written or oral, or whether established by custom, practice, policy or precedent, with respect to the subject matter of the SCW API TOS.
- No Informal Waivers, Agreements, or Representations. Our failure to act with respect to a breach of the SCW API TOS by you or others does not waive our right to act with respect to that breach or subsequent similar or other breaches. No representations, statements, consents, waivers or other acts or omissions by any Secure Code Warrior affiliate shall be deemed legally binding on any Secure Code Warrior affiliate, unless documented in a physical writing hand signed by a duly appointed officer of Secure Code Warrior.
- Injunctive Relief. In no event shall you seek or be entitled to rescission, injunctive or other equitable relief, or to enjoin or restrain the operation of the Developer Site, the SCW API, any other SCW Products or Services, or other material used or displayed through the Secure Code Warrior Developer Site or any other Secure Code Warrior products or services.
- Assignment and Delegation. You may not assign or delegate any rights or obligations under this the SCW API TOS, including in connection with a change of control. Any purported assignment and delegation shall be ineffective. We may freely assign or delegate all rights and obligations under the SCW API TOS, fully or partially without notice to you. We may also substitute, by way of unilateral novation, effective upon notice to you, Secure Code Warrior Limited. for any third party that assumes our rights and obligations under the SCW API TOS.
- How to Contact Us. If you have questions or comments about the SCW API TOS, or wish to access or use of the SCW API in any way not permitted by the SCW API TOS, please contact us via email on partner@securecodewarrior.com