diff options
Diffstat (limited to 'contrib/tos/tos.rst')
-rw-r--r-- | contrib/tos/tos.rst | 265 |
1 files changed, 265 insertions, 0 deletions
diff --git a/contrib/tos/tos.rst b/contrib/tos/tos.rst new file mode 100644 index 0000000..4445601 --- /dev/null +++ b/contrib/tos/tos.rst @@ -0,0 +1,265 @@ +Terms Of Service +================ + +Last Updated: 07.09.2021 + +Welcome! Anastasis SARL (“we,” “our,” or “us”) provides a distributed +privacy-preserving backup and recovery service for key material +through our Internet presence (collectively the “Services”). Before +using our Services, please read the Terms of Service (the “Terms” or +the “Agreement”) carefully. + +Overview +-------- + +This section provides a brief summary of the highlights of this +Agreement. Please note that when you accept this Agreement, you are +accepting all of the terms and conditions and not just this +section. We and possibly other third parties provide Internet services +which interact with the Anastasis key backup and recovery +application. When using an application to interact with our Services, +you are agreeing to our Terms, so please read carefully. + + +Highlights: +~~~~~~~~~~~ + + • You are responsible for selecting authentication methods and + policies that are adequate to protect your key material. + Any losses arising from you not being able to satisfy the + selected authentication challenges or third parties being able + successfully pass the challenges are your problem. + • We will store your encrypted key shares and disclose them upon + successful authentication to the best of our ability within the + limitations of the law and our implementation. Our liability will + be limited to the liability limit exposed in the protocol. + • For our Services, we may charge various fees. The specific fee structure + is provided based on the Anastasis protocol and should be shown to you when you + use an application to interact with our services. You agree and understand + that the Anastasis protocol allows for the fee structure to change. + • You agree to not intentionally overwhelm our systems with requests and + follow responsible disclosure if you find security issues in our services. + • We cannot be held accountable for our Services not being available due to + circumstances beyond our control. If we modify or terminate our services, + we will announce this and ensure that you can recover your key material + for at least one year before we completely terminate the Service. + +These terms outline approved uses of our Services. If you have any +questions or comments related to this Agreement, please send us a +message to legal@anastasis.lu. If you do not agree to this Agreement, +you must not use our Services. + + +How you accept this policy +-------------------------- + +By using our API (typically via an Anastasis-enabled application), you +acknowledge that you have read, understood, and agreed to these +Terms. We reserve the right to change these Terms at any time. If you +disagree with the change, you must simply stop using our APIs. Your +continued use of our Services following any such change will signify +your acceptance to be bound by the then current Terms. Please check +the effective date above to determine if there have been any changes +since you have last reviewed these Terms. + +Services +-------- + +We will store your encrypted key shares (and the associated encrypted +recovery policy document) to the best of our ability and within the +limitations of the implementation. We will disclose the key shares only +after the specific authentication challenge has been passed. We will +rate-limit the use of the authentication APIs to limit brute-force +attacks. + +We are not guaranteeing that the authentication procedures are effective. +Other parties may be able to intercept authentication messages, or you +may not be able to receive these messages anymore. You are responsible +for choosing safe authentication methods with sufficient security. + +When using our Services, you agree to not take any action that +intentionally imposes an unreasonable load on our infrastructure. If +you find security problems in our Services, you agree to first report +them to security@anastasis.lu and grant us the right to publish your +report. We warrant that we will ourselves publicly disclose any issues +reported within 1 month, and that we will not prosecute anyone +reporting security issues if they did not exploit the issue beyond a +proof-of-concept, and followed the above responsible disclosure +practice. + + +Fees +---- + +You agree to pay the fees for backup and recovery operations ("Fees") +as defined by us, which we may change from time to time. Your +Anastasis client should obtain and display applicable fees during +backup and recovery. + + +Eligibility +----------- + +To be eligible to use our Services, you must be able to form legally binding +contracts or have the permission of your legal guardian. By using our +Services, you represent and warrant that you meet all eligibility requirements +that we outline in these Terms. + + +Copyrights and trademarks +------------------------- + +The Anastasis software is released under the terms of the GNU Affero +General Public License (GNU AGPLv3+). You have the right to access, +use, and share the Anastasis application, in modified or unmodified +form. However, the Affero GPL is a strong copyleft license, which +means that any derivative works must be distributed under the same +license terms as the original software. If you have any questions, you +should review the GNU AGPL’s full terms and conditions at +https://www.gnu.org/licenses/agpl-3.0.en.html. “Anastasis” itself is +a trademark of Anastasis SARL. You are welcome to use the name in +relation to implementations of the Anastasis protocol, assuming your +use is compatible with an official release from the GNU Project that +is not older than two years. + + +Limitation of liability & disclaimer of warranties +-------------------------------------------------- + +You understand and agree that we have no control over, and no duty to +take any action regarding: Failures, disruptions, errors, or delays in +processing that you may experience while using our Services; The risk +of failure of hardware, software, and Internet connections; The risk +of malicious software being introduced or found in the software +underlying the Anastasis implementation. You release us from all +liability related to any losses, damages, or claims arising from: + +(a) user error such as forgotten security answers or loss of + control over accounts used for authentication; +(b) server failure or data loss; +(d) bugs or other errors in the Anastasis client software; and +(e) any unauthorized third party activities, including, but not limited to, + the use of viruses, phishing, brute forcing, or other means of attack + against the Anastasis client. We make no representations concerning any + Third Party Content contained in or accessed through our Services. + +Any other terms, conditions, warranties, or representations associated with +such content, are solely between you and such organizations and/or +individuals. + +To the fullest extent permitted by applicable law, in no event will we +or any of our officers, directors, representatives, agents, servants, +counsel, employees, consultants, lawyers, and other personnel +authorized to act, acting, or purporting to act on our behalf +(collectively the “Anastasis Parties”) be liable to you under +contract, tort, strict liability, negligence, or any other legal or +equitable theory, for: + +(a) any lost profits, data loss, cost of procurement of substitute goods or + services, or direct, indirect, incidental, special, punitive, compensatory, + or consequential damages of any kind whatsoever resulting from: + + (i) your use of, or conduct in connection with, our services; + (ii) any unauthorized use of your wallet and/or private key due to your + failure to maintain the confidentiality of your wallet; + (iii) any interruption or cessation of transmission to or from the services; or + (iv) any bugs, viruses, trojan horses, or the like that are found in the Taler + Wallet software or that may be transmitted to or through our services by + any third party (regardless of the source of origination), or + +(b) any direct damages. + +These limitations apply regardless of legal theory, whether based on tort, +strict liability, breach of contract, breach of warranty, or any other legal +theory, and whether or not we were advised of the possibility of such +damages. Some jurisdictions do not allow the exclusion or limitation of +liability for consequential or incidental damages, so the above limitation may +not apply to you. + +Our services are provided "as is" and without warranty of any kind. To the +maximum extent permitted by law, we disclaim all representations and +warranties, express or implied, relating to the services and underlying +software or any content on the services, whether provided or owned by us or by +any third party, including without limitation, warranties of merchantability, +fitness for a particular purpose, title, non-infringement, freedom from +computer virus, and any implied warranties arising from course of dealing, +course of performance, or usage in trade, all of which are expressly +disclaimed. In addition, we do not represent or warrant that the content +accessible via the services is accurate, complete, available, current, free of +viruses or other harmful components, or that the results of using the services +will meet your requirements. Some states do not allow the disclaimer of +implied warranties, so the foregoing disclaimers may not apply to you. This +paragraph gives you specific legal rights and you may also have other legal +rights that vary from state to state. + +Indemnity and Time limitation on claims and Termination +------------------------------------------------------- + +To the extent permitted by applicable law, you agree to defend, +indemnify, and hold harmless the Anastasis Parties from and against +any and all claims, damages, obligations, losses, liabilities, costs +or debt, and expenses (including, but not limited to, attorney’s fees) +arising from: (a) your use of and access to the Services; (b) any +feedback or submissions you provide to us concerning the Anastasis +software; (c) your violation of any term of this Agreement; or (d) +your violation of any law, rule, or regulation, or the rights of any +third party. + +You agree that any claim you may have arising out of or related to your +relationship with us must be filed within one year after such claim arises, +otherwise, your claim in permanently barred. + +In the event of termination concerning your use of our Services, your +obligations under this Agreement will still continue. + + +Discontinuance of services and Force majeure +-------------------------------------------- + +We shall not be held liable for any delays, failure in performance, or +interruptions of service which result directly or indirectly from any cause or +condition beyond our reasonable control, including but not limited to: any +delay or failure due to any act of God, act of civil or military authorities, +act of terrorism, civil disturbance, war, strike or other labor dispute, fire, +interruption in telecommunications or Internet services or network provider +services, failure of equipment and/or software, other catastrophe, or any +other occurrence which is beyond our reasonable control and shall not affect +the validity and enforceability of any remaining provisions. + + +Governing law, Waivers, Severability and Assignment +--------------------------------------------------- + +No matter where you’re located, the laws of Luxembourg will govern these +Terms. If any provisions of these Terms are inconsistent with any applicable +law, those provisions will be superseded or modified only to the extent such +provisions are inconsistent. The parties agree to submit to the ordinary +courts in Luxembourg for exclusive jurisdiction of any dispute +arising out of or related to your use of the Services or your breach of these +Terms. + +Our failure to exercise or delay in exercising any right, power, or privilege +under this Agreement shall not operate as a waiver; nor shall any single or +partial exercise of any right, power, or privilege preclude any other or +further exercise thereof. + +You agree that we may assign any of our rights and/or transfer, sub-contract, +or delegate any of our obligations under these Terms. + +If it turns out that any part of this Agreement is invalid, void, or for any +reason unenforceable, that term will be deemed severable and limited or +eliminated to the minimum extent necessary. + +This Agreement sets forth the entire understanding and agreement as to the +subject matter hereof and supersedes any and all prior discussions, +agreements, and understandings of any kind (including, without limitation, any +prior versions of this Agreement) and every nature between us. Except as +provided for above, any modification to this Agreement must be in writing and +must be signed by both parties. + + +Questions or comments +--------------------- + +We welcome comments, questions, concerns, or suggestions. Please send us a +message on our contact page at legal@anastasis.lu. |