Last updated: 09/06/2026
1.1. The terms regulated in this agreement are the only terms applicable to the license over the Software granted by ORBIK CYBERSECURITY S.COOP. (hereinafter, “Orbik” or the “Licensor”) to the Customer.
1.2. Any reference to the Customer’s general or specific purchase terms that may appear in its documents (Purchase Order, emails, published by electronic means, etc.), regardless of when issued, shall in no case bind Orbik and shall not be deemed part of the relationship between Orbik and the Customer, even if Orbik has not expressly rejected them.
1.3. Any waiver and/or amendment to this agreement proposed by the Customer must in all cases be set out in writing and expressly accepted and signed by Orbik. In the event of any discrepancy or conflict between the provisions of this agreement and the Specific Terms agreed with the Customer, the latter shall prevail.
1.4. The Customer declares that: (i) it has been expressly informed that the terms of this agreement govern the relationship between the Parties; (ii) the contents of the Agreement have been individually negotiated between the Parties; (iii) it knows and understands the contents of the Agreement; and (iv) a copy of the Agreement has been made available to it. Accordingly, by accessing or using the Service, the Licensee agrees to be legally bound by the terms and conditions of this agreement. If you do not accept these terms, do not access or use the Service.
Audit: means the procedure by which the Licensor or, where applicable, a third party reviews the Licensee’s use of the License.
Agreement: means this document setting forth the license over the Software and its terms and conditions of use, including its Annexes.
Customer or Licensee: means the legal entity that obtains the right of access to and the license to use the software in SaaS (Software as a Service) mode.
Purpose: means the purpose and use for which the License is granted.
License: means the right of access to and use of the Software granted under this document in favor of the Licensee, as well as the terms and conditions described in the Agreement.
Price: means the price the Licensee must pay the Licensor for the License granted.
Software: means the software composition analysis (SCA) software owned by the Licensor, including all versions, updates, improvements, patches, fixes, technical documentation, user manuals, technology, know-how, and any other intellectual and industrial property rights associated with it. Such software is embodied in myorbik.com, a platform designed to improve the cybersecurity of products through proactive vulnerability monitoring which, by means of continuous analysis, identifies and assesses possible risks in systems, networks, and applications, allowing users to mitigate threats before they pose a significant danger. The Software shall be hosted and run exclusively on the Licensor’s servers (or those of its providers), with the Licensee accessing it via the internet.
Service: means the analysis service described above performed by the Licensor’s Software.
Analyzed Source Code: means any source code, binaries, dependencies, libraries, or software components subjected to analysis by the Software.
Analysis Data: means all reports, metrics, alerts, component inventories (sBOM), and results generated by the Software as a result of the analysis of the Analyzed Source Code.
Territory: means the jurisdictions or states in which the Licensee may exploit the Software under the terms and conditions agreed in the License.
3.1. The purpose of this agreement is to establish the terms and conditions under which the Licensor grants and the Licensee acquires a license to use the Software in SaaS mode together with the corresponding documentation.
3.2. By signing this agreement, the Licensor grants the Licensee a license to use the Software under the following terms:
i. Non-exclusive: the Licensor may exploit the Software itself and also license it to third parties.
ii. For consideration: the Licensee shall pay the Price agreed between the Parties.
iii. Non-transferable: the Licensee may not transfer, assign, or sell the Software.
iv. Non-sublicensable: the Licensee may not grant other licenses, in whole or in part, over the Software to third parties.
v. Comprehensive: the License is granted over all functionalities of the Software.
vi. Territory: the License is granted worldwide, so the Licensee may exploit the Software in any jurisdiction and state.
The License over the Software is granted for the Purpose of managing vulnerabilities in digital products. Through this application, users may register digital assets, manage their software bill of materials (sBOM), and generate detailed reports on their security status.
3.3. In any event, the License granted hereunder must be interpreted restrictively, meaning it is granted solely to satisfy the Licensee’s usage needs and only for its internal business operations. The use of the Software to provide analysis services to third parties or any other commercial exploitation not expressly authorized is strictly prohibited.
3.4. The License is granted for an unlimited number of users belonging to the Licensee’s organization.
4.1. This agreement shall come into force when the Customer indicates its acceptance or remotely accesses or uses the Software, which shall be deemed acceptance of this agreement. However, the specific term and duration of this document shall be governed by the separate agreement executed for that purpose by the Licensor and the Licensee, which shall form an integral part of this agreement. In any event, its validity shall be subject to the maintenance of an active subscription or payment of the corresponding fees.
5.1. The Licensee shall pay the Licensor, as consideration for the License, the amounts determined in the specific agreement signed by both parties in a separate document (hereinafter, the “Price”). The determination of the price, payment frequency, and due dates shall be governed exclusively by the provisions of said agreement.
5.2. Orbik reserves the right to review and update the Price applicable to renewals of the License at the end of each agreed subscription period, notifying the Licensee at least thirty (30) days prior to the renewal date.
5.3. If the Licensee defaults on or fails to pay any amount within the deadlines agreed in the separate document, the Licensor shall be entitled to immediately suspend access to the account and the SaaS License. Such suspension shall not relieve the Licensee of its obligation to pay the fees accrued during the suspension period.
6.1. The obligation to make the Software available shall be deemed fulfilled once the Licensor sends the Licensee the access credentials (username and password) or enables access through a URL.
6.2. The Licensee shall be solely responsible for having the internet connection and hardware necessary to access the Service.
6.3. Service availability: the Licensor shall use commercially reasonable efforts to make the Software available with a monthly uptime of 97%, excluding: (i) notified scheduled maintenance; (ii) failures in infrastructure not owned by Orbik; or (iii) unusual traffic spikes caused by abusive use by the Licensee.
In this regard, the Licensor may temporarily suspend access to the Service, in whole or in part, when reasonably necessary to preserve the security of the Software, the technological infrastructure used to provide it, or other customers, or to prevent or mitigate cybersecurity incidents. The Licensor shall notify the Licensee of such suspension as soon as reasonably possible, considering the circumstances.
7.1. The Licensee may use the Software for the Purpose described in Clause Three and within the limits described therein.
7.2. Except where permitted by law, the Licensee shall refrain from copying the Software, in whole or in part, with or without profit motive, and shall adopt the internal measures necessary to ensure that persons under its control and direction are aware of the protection of the Licensor’s rights.
7.3. The Licensee assumes the following obligations:
i. In general, not to alter, adapt, translate, modify, or create successive or derivative versions of the Software. Reproduction of all or part of the source code is strictly prohibited, except with the Licensor’s prior written authorization.
ii. Not to copy, duplicate, or clone the Software, its object code, or source code, either in whole or in part. The creation of replicas or of their components for any purpose unrelated to the performance of the contracted license is specifically prohibited.
iii. The Licensee is responsible for applying reasonable measures to protect access information, passwords, and other login credentials, and shall notify Orbik of any identified unauthorized use or access.
iv. Not to use the Software together with malicious programs that may affect its proper functioning.
v. Not to use the Software to develop, train, or improve competing products.
vi. Not to sell, rent, lease, sublicense, distribute, or otherwise transfer the Software.
vii. Not to assign the use of the Software to third parties, including companies within the same corporate group, without authorization.
viii. Not to remove, alter, or obscure copyright notices, trademarks, or other intellectual property notices in the Software.
ix. Not to use reverse-engineering techniques, decompile, disassemble, or engage in any activity intended to discover the source code, logical structure, or algorithms of the licensed Software.
x. Not to use the Software to analyze code that is not its own or for which it does not have legal rights, without the Licensor’s express authorization.
xi. Not to provide code analysis services to third parties using the Software or documentation.
7.4. The Licensee’s breach of the License use terms may give rise to termination of the Agreement, without prejudice to compensation for damages caused to the Licensor.
8.1. Maintenance includes bug fixes and critical security patches, as well as updates necessary to ensure the Software’s security, stability, and proper functioning, at no additional cost.
8.2. Maintenance includes technical support in accordance with the applicable support agreement. The Licensor shall provide basic technical support during normal business hours.
8.3. As this is a cloud-based service (SaaS), updates, improvements, and security patches will be implemented centrally and automatically by the Licensor on its own servers. The Licensee accepts that such updates are mandatory to ensure continuity, security, and stability of the service.
8.4. The Licensor reserves the right to modify, add, or remove Software features to improve the service or adapt to new regulations. The Licensee accepts that use of the Service entails adoption of the functional and technical set in force as defined by the Licensor at any given time.
8.5. The Licensor may temporarily suspend access to the Service to carry out technical maintenance or critical updates. Except in urgent cases involving security failures, such interruptions shall be notified with reasonable advance notice and, preferably, carried out during periods of low activity.
8.6. Proper display and operation of updates on the Licensee’s equipment shall depend solely on the Licensee having a stable internet connection and a compatible, up-to-date web browser.
8.7. The SaaS License is granted exclusively for the most recent version of the Software deployed on the platform. Use, access, or maintenance of prior versions shall not be possible. The Licensee acknowledges that access to the Software necessarily implies use of the latest available update, waiving any claim based on the modification or replacement of prior versions.
9.1. In order to verify that the Licensee’s use of the License complies with the terms and conditions set forth in this agreement, the Licensor may carry out audits itself or through a third party.
9.2. Audits may be carried out at any time, upon five (5) business days’ prior notice from the Licensor and, in any case, annually from the effective date of the Agreement.
9.3. The costs arising from the Audits shall be borne by the Licensee.
9.4. If the Audit reveals irregularities or breaches in the use of the License, the Licensor may terminate the Agreement, without prejudice to claiming any damages suffered.
10.1. The Licensee acknowledges that ownership of the intellectual property and, where applicable, industrial property rights in the Software belongs solely and exclusively to the Licensor. The Licensee is expressly prohibited from reproducing, modifying, adapting, creating new versions, assigning, leasing, or carrying out any activity outside what is permitted by this agreement, as provided in Clauses Three and Seven, without the Licensor’s express authorization. The Licensee also undertakes not to disclose the Software, publish it, or otherwise make it available to other persons.
10.2. The Parties undertake to cooperate in the defense of the Software’s intellectual and industrial property rights and against acts of unfair competition that may affect them. In any event, Orbik shall have exclusive control over any legal action, proceeding, or defense strategy arising from such acts, having the final say in decision-making. If third parties, whether natural or legal persons, initiate any judicial or out-of-court action for this reason, the Parties shall immediately notify each other of such actions and cooperate, to the extent possible, during the processing and handling of the action brought.
10.3. Intellectual property rights protect both the Software developed by the Licensor and all data, lists, diagrams, and schematics prepared during the analysis phase, the instruction manual or other support materials, identification symbols, or any partial or total copy made by the Licensor itself or by any other person, the reproduction rights, patents, trademarks, trade secrets, and any others that may arise in performance of this agreement, including any information or documentation that the Licensor may provide to the Licensee.
10.4. Neither Party may use the other Party’s registered trademarks, trade names, or logos without prior written authorization.
10.5. Ownership and Data Processing: The Licensee is the exclusive owner of the Analyzed Source Code and the generated Analysis Data. However, the Licensee grants Orbik a worldwide, non-exclusive, free, temporary, non-transferable, and limited license, solely and exclusively for the purpose of reproducing, hosting, processing, and analyzing such code on the Licensor’s servers (or those of its cloud infrastructure providers) in order to perform the Service and generate the requested Analysis Data. Orbik shall acquire no ownership rights in the Analyzed Source Code.
10.6. Anonymized Metadata: Orbik reserves the right to collect and use metadata and statistical data derived from the use of the Software in fully anonymized form to improve its detection algorithms and the overall security of the system, ensuring that the Customer or its specific projects are never identified.
11.1. Unless expressly stated in this Agreement, the Software and the Service are provided “as is,” excluding any express or implied warranties regarding fitness for a particular purpose, uninterrupted availability, or absence of errors. In this regard, the Licensor does not guarantee the detection of all existing vulnerabilities, nor the absence of errors or inaccuracies in the results obtained. It is solely the Licensee’s responsibility to review, validate, and adopt whatever technical, organizational, or security measures it deems appropriate on the basis of the results provided by the Software.
11.2. Due to the nature of the Software, the Licensor shall only be liable for direct damages caused. In any event, the aggregate maximum compensation shall be limited to the amounts actually paid by the Licensee during the twelve (12) months immediately preceding the event giving rise to the claim. The Licensor’s liability for any indirect, incidental, or consequential damages is expressly excluded, including, without limitation, loss of profits, loss of revenue, loss of business opportunities, loss of reputation, or business interruption.
The limitations and exclusions of liability set forth in this clause shall not apply in cases of willful misconduct or gross negligence by the Licensor, or where such limitation is prohibited by applicable law.
11.3. The Licensor shall also be exempt from liability if the damage results from adaptations or modifications made by the Licensee or by persons other than the Licensor, or from misuse of the Software.
11.4. The Licensor shall not be liable for loss of data where such loss results from actions of the Licensee, third parties unrelated to the Licensor, or causes beyond its reasonable control.
11.5. The Licensor shall likewise not be liable for interruptions of the Service or failures that may cause slowness or poor quality resulting from internet network failures, denial-of-service attacks, force majeure events, or failures of cloud infrastructure providers, provided that Orbik has acted with the reasonably required diligence and has implemented security, continuity, and resilience measures in line with generally accepted industry standards.
11.6. The Licensor shall not be liable for non-performance, delay, or inability to perform its obligations when such circumstances are the result of force majeure or events beyond its reasonable control. For these purposes, this shall include, among others, natural disasters, fires, floods, pandemics, labor disputes, acts or omissions of governmental authorities, armed conflicts, widespread interruptions of telecommunications services or electricity supply, as well as massive and widespread cyberattacks affecting third-party providers or Internet infrastructure. In such cases, the affected obligations shall be suspended for as long as the force majeure condition persists, without any right to compensation.
11.7. The Licensee shall be liable for all damages and losses it may cause to the Licensor, without any limitation other than those provided by law. The Licensee undertakes to indemnify and hold Orbik harmless from all losses or claims arising from a breach of this Agreement, violation of any law or third-party rights, or use of the Software outside the authorized Purpose.
12.1. The License governed by this agreement does not constitute an assignment or sale of the Software to the Licensee, nor of any rights held by the Licensor over it; therefore, except with the Licensor’s express written authorization, the Licensee may not transfer, resell, lease, license, or assign the Software to third parties outside the Agreement.
13.1. The Licensee undertakes not to disclose, assign, or transfer to third parties any information relating to the business, customers, operations, facilities, procedures, methods, transactions, know-how, or any other aspect related to the Software and/or the Licensor’s activity that it may know or become aware of as a result of the performance of this agreement. Likewise, any information related to the subject matter of the Agreement shall also be considered confidential, and in particular the Licensor’s technical aspects, the Software, the application manual, functional and organic analyses, and any other documentation, data, or support material, as well as the Licensor’s own information accessed during the negotiation phase of the Agreement and during its term (hereinafter, the “Confidential Information”).
13.2. Notwithstanding the foregoing, the following shall not be considered Confidential Information: (i) information that is or becomes public domain without breach of this agreement by the Licensee; (ii) information already lawfully in the Licensee’s possession prior to its disclosure by the Licensor; or (iii) information that must be disclosed by operation of law or by requirement of a competent judicial or administrative authority, in which case the Licensee shall notify the Licensor, where legally permitted, so that the latter may take the appropriate defense actions.
13.3. In this regard, the Licensee undertakes to maintain the strictest secrecy and confidentiality regarding the Confidential Information transmitted by the Licensor within the framework of this agreement.
13.4. The Licensee shall inform its personnel and collaborators of the confidentiality obligations established in the Agreement and shall issue all necessary warnings and sign all necessary documents with its personnel and collaborators in order to ensure compliance with such obligations, even after termination of this agreement or after the end of contractual relations with its personnel and/or collaborators.
13.5. The duration of the confidentiality obligation set forth herein is indefinite and shall survive termination of this agreement for any reason.
14.1. As controllers of their respective personal data processing activities, the Parties undertake to comply with the provisions of data protection law and, in particular, with Regulation (EU) 2016/679 of 27 April 2016 (GDPR) and Organic Law 3/2018 of 5 December on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD). The Parties state that the processing of personal data is lawful under Articles 6(1)(b) and 6(1)(f) of the GDPR.
14.2. If, in the performance of the Agreement, either Party requires the processing of personal data for which the other Party is responsible, the corresponding Data Processing Agreement shall be executed in accordance with Article 28(3) of the GDPR.
15.1. This agreement may be terminated, in addition to the legal grounds, for the following reasons:
15.1.1. By mutual agreement of the Parties.
15.1.2. Unilaterally by the Licensor, with prior written notice to the other Party at least three (3) months in advance.
15.1.3. By requirement arising from a competent authority or a regulatory change affecting the legality of the service.
15.1.4. For breach by either Party of the obligations under this agreement and, in particular, for the following causes, which for the purposes of the Agreement are deemed essential:
15.1.4.1. Failure by the Licensee to pay the Price under the terms of Clause Five.
15.1.4.2. Use of the Software outside the Purpose set out in Clause Three.
15.1.4.3. Breach of any of the conditions set out in Clause Three.
15.1.4.4. Breach of the use conditions set out in Clause Seven.
15.1.4.5. Breach of the confidentiality obligations set out in Clause Thirteen.
15.1.4.6. Breach of intellectual property rights and of the provisions of Clause Ten.
The occurrence of any of the causes described in section 15.1.4 shall be grounds for immediate termination of the Agreement, at the request of the other Party by registered letter stating the date and reason for termination, without the need to provide any notice period or pay any compensation.
15.2. In the event of breaches other than those provided for in section 15.1.4 above, the Party seeking to terminate the Agreement on the basis of the other Party’s breach must duly require compliance with the obligation, granting the defaulting Party a period of fifteen (15) calendar days to remedy such breach. If that period elapses without the breach being remedied, the complying Party may exercise the said right of termination, without prejudice to any rights and actions to which it may be entitled by law.
If the breach is incapable of being remedied, the affected Party may directly exercise the right to terminate the Agreement, without the need to first send the aforementioned notice.
15.3. Upon termination of the Agreement, for whatever reason, the Licensee shall immediately lose the right to remote access to the Software, except for the restricted and exclusive access to consult and export its Analysis Data within the period established in the following section.
Following termination (except for non-payment or intellectual property infringement), the Licensee shall have a period of thirty (30) calendar days to export its reports and Analysis Data. Once this period has elapsed, Orbik shall permanently delete the account and its data from the production servers.
15.4. In the event of early termination of the Agreement by mutual agreement, unilateral withdrawal by the Licensee without cause attributable to the Licensor, or termination due to the Licensee’s breach, the Licensee shall not be entitled to any refund of amounts paid as the license Price. Likewise, if periodic payments of the Price have been agreed, any accrued and unpaid amounts due until the end of the current subscription period shall become immediately payable by Orbik.
Only if the Licensee terminates the Agreement due to a serious, uncured breach by the Licensor shall the Licensee be entitled to a prorated refund of the part of the Price corresponding to the paid but unused service period.
16.1. Entire agreement. – This agreement constitutes the only valid agreement between the Parties regarding its subject matter, superseding and rendering null and void any other prior oral or written contracts or agreements reached by the Parties. No amendment or variation of the terms of this agreement shall be effective unless set out in writing and accepted by the Parties. The Licensor may modify this agreement by publishing a new updated version on www.orbik-cybersecurity.com and, where the Licensee has an active subscription, notifying such changes at least 15 days before they take effect by email or by notice within the Software itself. Such modifications may not materially alter the economic balance of the Agreement or the essential rights granted to the Licensee during the current subscription period.
16.2. Partial invalidity. – The invalidity of any of the provisions contained in this agreement shall not affect the effectiveness and validity of the remaining provisions, unless the invalidated provision is essential in light of the spirit of the Agreement. For these purposes, the Parties assume the obligation to agree on a new provision to replace it, the scope of which shall be as similar as possible to that of the invalidated provision.
16.3. Waiver. – If either Party fails, on any occasion or occasions, to require strict and punctual compliance with any of the obligations established in this agreement, this shall not be deemed a waiver of compliance with such obligation(s), nor shall it deprive the said Party of its right to later require strict compliance. Any waiver, to be effective, must be made expressly and in writing, by a legal representative.
16.4. Contact. – For inquiries regarding this agreement, please contact the Licensor at the following addresses:
C/ Goiru 11, 20500, Arrasate-Mondragón (Gipuzkoa)
info@orbik-security.com
16.5. Governing law. – The Parties agree that the validity, interpretation, and performance of this agreement shall be governed by Spanish law.
16.6. Jurisdiction. – For the resolution of any issues that may arise from the interpretation, performance, and/or termination of this agreement, the Parties expressly submit, waiving any other jurisdiction that may apply, to the Courts and Tribunals of Bergara (Gipuzkoa).