Terms and Conditions

Please read these Terms and Conditions ("Terms") carefully before using CISOCHECK software ("Software", "Platform", "we", "us", "our"). By installing, accessing, or using the Software, you agree to be bound by these Terms. If you disagree with any part of these Terms, you may not use the Software.

By installing, deploying, accessing, or using CISOCHECK, you acknowledge that you have read, understood, and agree to be bound by these Terms. If you are using the Software on behalf of an organization, you represent that you have authority to bind that organization to these Terms.

CISOCHECK is security compliance management software designed for self-hosted, virtual private cloud (VPC), or on-premise deployment. The Software helps organizations:

• Upload and manage audit reports (PDF, Word, Excel files)

• Extract findings from audit reports using AI technology (currently in pilot mode)

• Map findings to compliance frameworks and controls

• Manage tasks, evidence, assets, and compliance workflows

• Generate reports and insights

Deployment Model

• The Software is deployed on your infrastructure (VPC, your cloud environment, or on-premise)

• You are responsible for deploying, managing, and operating the Software

• All data processed by the Software remains on your infrastructure

• We do not access, store, or manage your data

License Grant

Subject to these Terms, CISOCHECK grants you a non-exclusive, non-transferable license to use the Software in accordance with your license agreement. This license is limited to deployment on your own infrastructure.

Deployment Responsibility

• You are solely responsible for installing and deploying the Software

• You must ensure your infrastructure meets the system requirements

• You are responsible for maintaining the deployment environment

Supported Deployment Methods

• Virtual Private Cloud (VPC)

• Cloud environments (AWS, Azure, GCP, etc.)

• On-premise infrastructure

• Docker containerized deployments

System Requirements

• Infrastructure capable of running Docker containers

• PostgreSQL database (with pgvector extension)

• Network connectivity (for AI features, if used)

• Sufficient storage and compute resources for your usage

Infrastructure Management

• Provisioning and maintaining infrastructure for the Software

• Database setup, configuration, and maintenance

• Network configuration and security

• System backups and disaster recovery

• Monitoring and maintenance of the deployment

Data Security

• Implementing appropriate security measures for your infrastructure

• Managing access controls and user authentication

• Securing data at rest and in transit on your infrastructure

• Compliance with applicable data protection laws and regulations

Data Management

• Managing and retaining your data in accordance with applicable laws

• Implementing backup and recovery procedures

• Ensuring data integrity and availability

Compliance

• Complying with all applicable laws and regulations

• Ensuring your use of the Software complies with third-party agreements (including AI service provider agreements)

• Maintaining appropriate licenses and permissions

Your Data

• You retain complete ownership of all data processed by the Software (audit reports, findings, tasks, evidence, etc.)

• All data remains on your infrastructure and is not accessed or stored by CISOCHECK

• You are solely responsible for your data and its security

Our Software

• The Software, including its design, features, functionality, and documentation, is owned by CISOCHECK

• Compliance frameworks, controls, and mappings included in the Software may be proprietary or licensed from third parties

• You may not copy, modify, reverse engineer, or distribute the Software except as expressly permitted

No Data Access

• We do not access, view, or process your data

• We do not store or retain your data on our systems

• Data processing occurs entirely within your deployment

Certain features use artificial intelligence, machine learning, or similar technologies ("AI Features"). AI Features are currently used for finding extraction from audit reports and generating embeddings for control matching.

AI Processing

• AI Features may require connection to third-party AI service providers (e.g., OpenAI API)

• You are responsible for configuring and managing your own AI service provider accounts and API keys

• AI processing occurs within your deployment using your API credentials

• You are responsible for entering into separate agreements with AI service providers

• Data sent to AI service providers is subject to their respective privacy policies and terms

AI Output Characteristics

• AI Features may produce inaccurate, incomplete, or unreliable results

• Due to the nature of AI technology, AI-generated outputs may be similar to outputs generated elsewhere

• The same input may produce different outputs at different times

• You are responsible for reviewing and validating all AI-generated outputs before use

• You should not represent AI-generated outputs as human-generated

‍

Future Expansion

• AI Features may be expanded to additional functionality in the future

• You will be notified of significant changes to AI Features through Software updates

No Warranty

• AI Features are provided "as is" without warranty

• We make no guarantees regarding the accuracy, quality, completeness, or truthfulness of AI-generated outputs

• You use AI-generated outputs at your own risk

Software Updates

• We may release updates, patches, or new versions of the Software

• You are responsible for applying updates to your deployment

• Updates may include bug fixes, security patches, or new features

Support Services

• Support services (if provided) are subject to separate agreements

• Support is provided for Software functionality, not for your infrastructure or data management

No Service Level Agreement

• Unless otherwise specified in a separate agreement, we do not provide service level agreements (SLAs) or uptime guarantees

• Software availability depends on your infrastructure management

Software Ownership

• The Software and all intellectual property rights therein are owned by CISOCHECK

• This agreement grants you a license to use the Software, not ownership of the Software

Your Content

• You retain all intellectual property rights in your data and content

• You grant no rights to CISOCHECK regarding your data

Restrictions

• You may not reverse engineer, decompile, or disassemble the Software

• You may not modify or create derivative works of the Software

• You may not remove or alter any proprietary notices or labels on the Software

You agree not to:

• Use the Software for any illegal purpose or in violation of any laws

• Upload malicious code, viruses, or harmful content to the Software

• Attempt to gain unauthorized access to the Software or other systems

• Reverse engineer, decompile, or disassemble the Software

• Use the Software to store or transmit content that infringes on intellectual property rights

• Abuse, harass, or harm other users (if multi-user deployment)

• Overload or disrupt your infrastructure running the Software

• Use automated systems to access the Software without authorization

You are solely responsible for the content you process using the Software.

Software Provided "As Is"

• The Software is provided "as is" and "as available"

• Availability depends on your infrastructure and deployment

• We do not guarantee uninterrupted or error-free operation

Software Modifications

• We reserve the right to modify, suspend, or discontinue features of the Software

• We may release updates that add, modify, or remove functionality

• You are responsible for applying updates to your deployment

Your Deployment

• Software availability, performance, and reliability depend on your infrastructure

• You are responsible for ensuring adequate resources and maintenance

Your Responsibility

• You are responsible for implementing security measures for your deployment

• You are responsible for protecting your data on your infrastructure

• You are responsible for compliance with applicable data protection laws

Our Limitations

• We do not access or manage your data

• We do not control your infrastructure security

• Security of your deployment is your responsibility
‍

For information about minimal data we may collect (if any), see our Privacy Policy.

Software Provided "As Is"

• The Software is provided "as is" and "as available" without warranties of any kind

• We disclaim all warranties, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, and non-infringement

Limitation of Damages

• To the maximum extent permitted by law, CISOCHECK shall not be liable for any indirect, incidental, special, consequential, or punitive damages

• Our total liability for any claims arising from or related to the Software shall not exceed the amount you paid for the Software license in the 12 months preceding the claim

• This limitation applies regardless of the legal theory on which the claim is based‍

Client Infrastructure

• We are not liable for issues arising from your infrastructure, deployment, or data management

• We are not liable for data loss, security breaches, or downtime on your infrastructure

Exceptions

Some jurisdictions do not allow the exclusion of certain warranties or limitation of liability, so some of the above limitations may not apply to you.

You agree to indemnify and hold harmless CISOCHECK, its officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, and expenses (including legal fees) arising out of:

‍

• Your use of the Software

• Your violation of these Terms

• Your violation of any rights of another party

• Your deployment, infrastructure, or data management practices

• Content you process using the Software

Termination by You

• You may stop using the Software at any time

• Uninstalling or ceasing to use the Software terminates your license to use it

• Your data remains on your infrastructure under your control

Termination by Us

• We may terminate your license if you violate these Terms

• We may terminate your license if required by law

Effect of Termination

• Upon termination, your right to use the Software immediately ceases

• You must stop using and remove the Software from your infrastructure

• Your data remains under your control on your infrastructure

• Provisions that by their nature should survive termination will remain in effect

No Data Deletion

• We do not store your data, so no deletion is required from our systems

• You are responsible for managing your data on your infrastructure

These Terms shall be governed by and construed in accordance with the laws of Jurisdiction, without regard to its conflict of law provisions.

Any disputes arising from these Terms or the Software shall be resolved through arbitration, mediation, or courts, as applicable.

We may update these Terms from time to time. If we make material changes, we will notify you through Software updates or other reasonable means. Your continued use of the Software after the effective date of the updated Terms constitutes acceptance of the changes.

If you have questions about these Terms, please contact us at:

Email: info@cisocheck.com

Address: Office 2102, 21st Floor, East Tower, Bahrain Financial Harbour, Manama, Kingdom of Bahrain

Note: These Terms are a legal agreement. Please review them carefully. If you have questions, consult with legal counsel.