1. Introduction
Thank you for choosing Bex AI by IriusRisk. We are pleased to provide this Jira plugin (“Bex AI” or “the Plugin”) to support secure software development directly within Jira issues. These Terms and Conditions (“Terms”) govern your installation and use of Bex AI. Please read them carefully, as they establish a legally binding agreement between IriusRisk, S.L., a company registered in Spain (EU VAT: ES-B22341713), with principal offices at Parque Tecnológico Walqa, 22.197– Cuarte (Huesca) - Spain (“IriusRisk,” “we,” “us”), and you, the user (“Subscriber,” “you,” “your”), along with any entity you represent. By installing and using Bex AI, you confirm acceptance of these Terms.
2. License and Scope of Use
IriusRisk grants you a limited, non-exclusive, non-transferable, revocable license to access and use Bex AI solely within Jira for your internal business purposes. Use is limited to your organization’s authorized personnel (“Authorized Users”) and within the scope of the Plugin’s intended functionality for threat modeling.
3. Acceptance and Authority
By installing and using Bex AI, you confirm that you have reviewed and accepted these Terms and possess full authority to bind any legal entity you represent to these Terms. If you do not accept these Terms or do not have the necessary authority, please discontinue your use of Bex AI immediately.
4. Intellectual Property
All intellectual property rights in and to Bex AI, including its design, underlying technology, algorithms, source code, object code, trademarks, and all other proprietary rights, are owned solely by IriusRisk or its licensors. Your use of Bex AI does not transfer any ownership or intellectual property rights to you or any third party. You may not:
- Copy, modify, distribute, display, create derivative works, or otherwise exploit any part of Bex AI, except as expressly permitted in these Terms;
- Attempt to reverse engineer, decompile, disassemble, or otherwise derive the source code or structure of Bex AI, except to the extent permitted by law;
- Remove or obscure any proprietary notices or labels on Bex AI or any documentation provided by IriusRisk;
- Avoid using Bex AI for benchmarking, performance testing, competitive analysis, or developing competing products;
- Use Bex AI in any manner that infringes or misappropriates the intellectual property rights of IriusRisk or any third party.
IriusRisk reserves all rights not expressly granted in these Terms. Any unauthorized use of Bex AI or breach of this section may result in the immediate suspension or termination of your license and may subject you to legal action.
5. Your Rights and Obligations
Your license to use Bex AI carries certain rights and responsibilities, as outlined below:
- Internal business use: You may access and use Bex AI solely for internal purposes related to threat modeling within Jira. All Authorized Users within your organization must comply with these Terms and use the Plugin strictly as intended.
- Technology and security: You are responsible for ensuring a secure environment for accessing Bex AI within Jira, implementing appropriate technical and organizational measures to prevent unauthorized access, and maintaining the confidentiality of any credentials associated with the Plugin.
- Compliance and cooperation: Your use of Bex AI must comply with all applicable laws and regulations, including but not limited to data protection, privacy, and export control laws. You are responsible for providing accurate and complete information necessary for the Plugin’s operation and support. IriusRisk shall not be liable for delays or errors caused by any failure to provide such information or cooperation.
6. Data Security and Data Protection
- Data Security and Compliance: IriusRisk implements industry-standard security measures to protect your data during transmission within Bex AI. As Bex AI operates within Jira’s infrastructure, we cannot guarantee complete security and disclaim liability for unauthorized access resulting from factors outside our control. You are responsible for ensuring that your data and its use within Bex AI comply with applicable laws and do not infringe third-party rights. Bex AI is not designed to process sensitive or regulated data (e.g., health or financial data under GDPR, HIPAA, or CCPA), and any submission of such data is strictly at your own risk.
- Data Processing Roles and Responsibilities: IriusRisk acts as a data processor, with you as the data controller. We process limited personal data (e.g., Jira user IDs) strictly for Bex AI’s functionality and in compliance with our Privacy Policy. You are responsible for obtaining any necessary permissions for the data shared via Jira.
- Subprocessors: To support Bex AI, IriusRisk may engage subprocessors, including OpenAI, under stringent data protection obligations equivalent to those required of IriusRisk.
- Data Retention, Deletion, and Data Subject Rights: IriusRisk retains Your Data only for the duration of each interaction with Bex AI and deletes any residual data upon request unless legally required otherwise. To exercise data protection rights under applicable laws, please contact us at dpo@iriusrisk.com.
- International Data Transfers: Any transfer of data outside the EEA is protected by recognized safeguards, such as Standard Contractual Clauses, to ensure an adequate level of data protection.
7. Warranty and Disclaimers
- Limited Warranty: IriusRisk warrants that Bex AI will function substantially as described, within Jira’s limitations. This limited warranty is exclusive and applies only during active use.
- Disclaimer: Bex AI is provided “as-is” and “as available,” with no additional warranties. IriusRisk and its suppliers disclaim all implied warranties, including those of merchantability, fitness, accuracy, and non-infringement. IriusRisk does not warrant uninterrupted or error-free operation of Bex AI.
- AI-Specific Disclaimer: Given the use of AI technology via OpenAI, IriusRisk does not warrant the accuracy or reliability of Bex AI’s recommendations, which may require independent verification.
8. Indemnification and Limitation of Liability
You agree to indemnify and hold harmless IriusRisk, its affiliates, officers, and agents from claims, damages, or expenses arising out of your use of Bex AI, any breach of these Terms, or any claim that your use infringes third-party rights.
To the fullest extent allowed by law, IriusRisk and its affiliates, officers, directors, and suppliers will not be liable for any indirect, incidental, special, punitive, or consequential damages (such as lost profits or data) arising out of or related to the use of Bex AI.
9. Governing Law
These Terms are governed by Spanish law, and any disputes will be exclusively submitted to the courts of Huesca, Spain.
10. Entire Agreement and Modifications
These Terms represent the entire agreement between you and IriusRisk regarding Bex AI, superseding prior agreements. We reserve the right to modify these Terms, with continued use signifying acceptance.
