diff options
Diffstat (limited to 'contrib/tos/tos.rst')
-rw-r--r-- | contrib/tos/tos.rst | 265 |
1 files changed, 265 insertions, 0 deletions
diff --git a/contrib/tos/tos.rst b/contrib/tos/tos.rst new file mode 100644 index 0000000..4445601 --- /dev/null +++ b/contrib/tos/tos.rst | |||
@@ -0,0 +1,265 @@ | |||
1 | Terms Of Service | ||
2 | ================ | ||
3 | |||
4 | Last Updated: 07.09.2021 | ||
5 | |||
6 | Welcome! Anastasis SARL (“we,” “our,” or “us”) provides a distributed | ||
7 | privacy-preserving backup and recovery service for key material | ||
8 | through our Internet presence (collectively the “Services”). Before | ||
9 | using our Services, please read the Terms of Service (the “Terms” or | ||
10 | the “Agreement”) carefully. | ||
11 | |||
12 | Overview | ||
13 | -------- | ||
14 | |||
15 | This section provides a brief summary of the highlights of this | ||
16 | Agreement. Please note that when you accept this Agreement, you are | ||
17 | accepting all of the terms and conditions and not just this | ||
18 | section. We and possibly other third parties provide Internet services | ||
19 | which interact with the Anastasis key backup and recovery | ||
20 | application. When using an application to interact with our Services, | ||
21 | you are agreeing to our Terms, so please read carefully. | ||
22 | |||
23 | |||
24 | Highlights: | ||
25 | ~~~~~~~~~~~ | ||
26 | |||
27 | • You are responsible for selecting authentication methods and | ||
28 | policies that are adequate to protect your key material. | ||
29 | Any losses arising from you not being able to satisfy the | ||
30 | selected authentication challenges or third parties being able | ||
31 | successfully pass the challenges are your problem. | ||
32 | • We will store your encrypted key shares and disclose them upon | ||
33 | successful authentication to the best of our ability within the | ||
34 | limitations of the law and our implementation. Our liability will | ||
35 | be limited to the liability limit exposed in the protocol. | ||
36 | • For our Services, we may charge various fees. The specific fee structure | ||
37 | is provided based on the Anastasis protocol and should be shown to you when you | ||
38 | use an application to interact with our services. You agree and understand | ||
39 | that the Anastasis protocol allows for the fee structure to change. | ||
40 | • You agree to not intentionally overwhelm our systems with requests and | ||
41 | follow responsible disclosure if you find security issues in our services. | ||
42 | • We cannot be held accountable for our Services not being available due to | ||
43 | circumstances beyond our control. If we modify or terminate our services, | ||
44 | we will announce this and ensure that you can recover your key material | ||
45 | for at least one year before we completely terminate the Service. | ||
46 | |||
47 | These terms outline approved uses of our Services. If you have any | ||
48 | questions or comments related to this Agreement, please send us a | ||
49 | message to legal@anastasis.lu. If you do not agree to this Agreement, | ||
50 | you must not use our Services. | ||
51 | |||
52 | |||
53 | How you accept this policy | ||
54 | -------------------------- | ||
55 | |||
56 | By using our API (typically via an Anastasis-enabled application), you | ||
57 | acknowledge that you have read, understood, and agreed to these | ||
58 | Terms. We reserve the right to change these Terms at any time. If you | ||
59 | disagree with the change, you must simply stop using our APIs. Your | ||
60 | continued use of our Services following any such change will signify | ||
61 | your acceptance to be bound by the then current Terms. Please check | ||
62 | the effective date above to determine if there have been any changes | ||
63 | since you have last reviewed these Terms. | ||
64 | |||
65 | Services | ||
66 | -------- | ||
67 | |||
68 | We will store your encrypted key shares (and the associated encrypted | ||
69 | recovery policy document) to the best of our ability and within the | ||
70 | limitations of the implementation. We will disclose the key shares only | ||
71 | after the specific authentication challenge has been passed. We will | ||
72 | rate-limit the use of the authentication APIs to limit brute-force | ||
73 | attacks. | ||
74 | |||
75 | We are not guaranteeing that the authentication procedures are effective. | ||
76 | Other parties may be able to intercept authentication messages, or you | ||
77 | may not be able to receive these messages anymore. You are responsible | ||
78 | for choosing safe authentication methods with sufficient security. | ||
79 | |||
80 | When using our Services, you agree to not take any action that | ||
81 | intentionally imposes an unreasonable load on our infrastructure. If | ||
82 | you find security problems in our Services, you agree to first report | ||
83 | them to security@anastasis.lu and grant us the right to publish your | ||
84 | report. We warrant that we will ourselves publicly disclose any issues | ||
85 | reported within 1 month, and that we will not prosecute anyone | ||
86 | reporting security issues if they did not exploit the issue beyond a | ||
87 | proof-of-concept, and followed the above responsible disclosure | ||
88 | practice. | ||
89 | |||
90 | |||
91 | Fees | ||
92 | ---- | ||
93 | |||
94 | You agree to pay the fees for backup and recovery operations ("Fees") | ||
95 | as defined by us, which we may change from time to time. Your | ||
96 | Anastasis client should obtain and display applicable fees during | ||
97 | backup and recovery. | ||
98 | |||
99 | |||
100 | Eligibility | ||
101 | ----------- | ||
102 | |||
103 | To be eligible to use our Services, you must be able to form legally binding | ||
104 | contracts or have the permission of your legal guardian. By using our | ||
105 | Services, you represent and warrant that you meet all eligibility requirements | ||
106 | that we outline in these Terms. | ||
107 | |||
108 | |||
109 | Copyrights and trademarks | ||
110 | ------------------------- | ||
111 | |||
112 | The Anastasis software is released under the terms of the GNU Affero | ||
113 | General Public License (GNU AGPLv3+). You have the right to access, | ||
114 | use, and share the Anastasis application, in modified or unmodified | ||
115 | form. However, the Affero GPL is a strong copyleft license, which | ||
116 | means that any derivative works must be distributed under the same | ||
117 | license terms as the original software. If you have any questions, you | ||
118 | should review the GNU AGPL’s full terms and conditions at | ||
119 | https://www.gnu.org/licenses/agpl-3.0.en.html. “Anastasis” itself is | ||
120 | a trademark of Anastasis SARL. You are welcome to use the name in | ||
121 | relation to implementations of the Anastasis protocol, assuming your | ||
122 | use is compatible with an official release from the GNU Project that | ||
123 | is not older than two years. | ||
124 | |||
125 | |||
126 | Limitation of liability & disclaimer of warranties | ||
127 | -------------------------------------------------- | ||
128 | |||
129 | You understand and agree that we have no control over, and no duty to | ||
130 | take any action regarding: Failures, disruptions, errors, or delays in | ||
131 | processing that you may experience while using our Services; The risk | ||
132 | of failure of hardware, software, and Internet connections; The risk | ||
133 | of malicious software being introduced or found in the software | ||
134 | underlying the Anastasis implementation. You release us from all | ||
135 | liability related to any losses, damages, or claims arising from: | ||
136 | |||
137 | (a) user error such as forgotten security answers or loss of | ||
138 | control over accounts used for authentication; | ||
139 | (b) server failure or data loss; | ||
140 | (d) bugs or other errors in the Anastasis client software; and | ||
141 | (e) any unauthorized third party activities, including, but not limited to, | ||
142 | the use of viruses, phishing, brute forcing, or other means of attack | ||
143 | against the Anastasis client. We make no representations concerning any | ||
144 | Third Party Content contained in or accessed through our Services. | ||
145 | |||
146 | Any other terms, conditions, warranties, or representations associated with | ||
147 | such content, are solely between you and such organizations and/or | ||
148 | individuals. | ||
149 | |||
150 | To the fullest extent permitted by applicable law, in no event will we | ||
151 | or any of our officers, directors, representatives, agents, servants, | ||
152 | counsel, employees, consultants, lawyers, and other personnel | ||
153 | authorized to act, acting, or purporting to act on our behalf | ||
154 | (collectively the “Anastasis Parties”) be liable to you under | ||
155 | contract, tort, strict liability, negligence, or any other legal or | ||
156 | equitable theory, for: | ||
157 | |||
158 | (a) any lost profits, data loss, cost of procurement of substitute goods or | ||
159 | services, or direct, indirect, incidental, special, punitive, compensatory, | ||
160 | or consequential damages of any kind whatsoever resulting from: | ||
161 | |||
162 | (i) your use of, or conduct in connection with, our services; | ||
163 | (ii) any unauthorized use of your wallet and/or private key due to your | ||
164 | failure to maintain the confidentiality of your wallet; | ||
165 | (iii) any interruption or cessation of transmission to or from the services; or | ||
166 | (iv) any bugs, viruses, trojan horses, or the like that are found in the Taler | ||
167 | Wallet software or that may be transmitted to or through our services by | ||
168 | any third party (regardless of the source of origination), or | ||
169 | |||
170 | (b) any direct damages. | ||
171 | |||
172 | These limitations apply regardless of legal theory, whether based on tort, | ||
173 | strict liability, breach of contract, breach of warranty, or any other legal | ||
174 | theory, and whether or not we were advised of the possibility of such | ||
175 | damages. Some jurisdictions do not allow the exclusion or limitation of | ||
176 | liability for consequential or incidental damages, so the above limitation may | ||
177 | not apply to you. | ||
178 | |||
179 | Our services are provided "as is" and without warranty of any kind. To the | ||
180 | maximum extent permitted by law, we disclaim all representations and | ||
181 | warranties, express or implied, relating to the services and underlying | ||
182 | software or any content on the services, whether provided or owned by us or by | ||
183 | any third party, including without limitation, warranties of merchantability, | ||
184 | fitness for a particular purpose, title, non-infringement, freedom from | ||
185 | computer virus, and any implied warranties arising from course of dealing, | ||
186 | course of performance, or usage in trade, all of which are expressly | ||
187 | disclaimed. In addition, we do not represent or warrant that the content | ||
188 | accessible via the services is accurate, complete, available, current, free of | ||
189 | viruses or other harmful components, or that the results of using the services | ||
190 | will meet your requirements. Some states do not allow the disclaimer of | ||
191 | implied warranties, so the foregoing disclaimers may not apply to you. This | ||
192 | paragraph gives you specific legal rights and you may also have other legal | ||
193 | rights that vary from state to state. | ||
194 | |||
195 | Indemnity and Time limitation on claims and Termination | ||
196 | ------------------------------------------------------- | ||
197 | |||
198 | To the extent permitted by applicable law, you agree to defend, | ||
199 | indemnify, and hold harmless the Anastasis Parties from and against | ||
200 | any and all claims, damages, obligations, losses, liabilities, costs | ||
201 | or debt, and expenses (including, but not limited to, attorney’s fees) | ||
202 | arising from: (a) your use of and access to the Services; (b) any | ||
203 | feedback or submissions you provide to us concerning the Anastasis | ||
204 | software; (c) your violation of any term of this Agreement; or (d) | ||
205 | your violation of any law, rule, or regulation, or the rights of any | ||
206 | third party. | ||
207 | |||
208 | You agree that any claim you may have arising out of or related to your | ||
209 | relationship with us must be filed within one year after such claim arises, | ||
210 | otherwise, your claim in permanently barred. | ||
211 | |||
212 | In the event of termination concerning your use of our Services, your | ||
213 | obligations under this Agreement will still continue. | ||
214 | |||
215 | |||
216 | Discontinuance of services and Force majeure | ||
217 | -------------------------------------------- | ||
218 | |||
219 | We shall not be held liable for any delays, failure in performance, or | ||
220 | interruptions of service which result directly or indirectly from any cause or | ||
221 | condition beyond our reasonable control, including but not limited to: any | ||
222 | delay or failure due to any act of God, act of civil or military authorities, | ||
223 | act of terrorism, civil disturbance, war, strike or other labor dispute, fire, | ||
224 | interruption in telecommunications or Internet services or network provider | ||
225 | services, failure of equipment and/or software, other catastrophe, or any | ||
226 | other occurrence which is beyond our reasonable control and shall not affect | ||
227 | the validity and enforceability of any remaining provisions. | ||
228 | |||
229 | |||
230 | Governing law, Waivers, Severability and Assignment | ||
231 | --------------------------------------------------- | ||
232 | |||
233 | No matter where you’re located, the laws of Luxembourg will govern these | ||
234 | Terms. If any provisions of these Terms are inconsistent with any applicable | ||
235 | law, those provisions will be superseded or modified only to the extent such | ||
236 | provisions are inconsistent. The parties agree to submit to the ordinary | ||
237 | courts in Luxembourg for exclusive jurisdiction of any dispute | ||
238 | arising out of or related to your use of the Services or your breach of these | ||
239 | Terms. | ||
240 | |||
241 | Our failure to exercise or delay in exercising any right, power, or privilege | ||
242 | under this Agreement shall not operate as a waiver; nor shall any single or | ||
243 | partial exercise of any right, power, or privilege preclude any other or | ||
244 | further exercise thereof. | ||
245 | |||
246 | You agree that we may assign any of our rights and/or transfer, sub-contract, | ||
247 | or delegate any of our obligations under these Terms. | ||
248 | |||
249 | If it turns out that any part of this Agreement is invalid, void, or for any | ||
250 | reason unenforceable, that term will be deemed severable and limited or | ||
251 | eliminated to the minimum extent necessary. | ||
252 | |||
253 | This Agreement sets forth the entire understanding and agreement as to the | ||
254 | subject matter hereof and supersedes any and all prior discussions, | ||
255 | agreements, and understandings of any kind (including, without limitation, any | ||
256 | prior versions of this Agreement) and every nature between us. Except as | ||
257 | provided for above, any modification to this Agreement must be in writing and | ||
258 | must be signed by both parties. | ||
259 | |||
260 | |||
261 | Questions or comments | ||
262 | --------------------- | ||
263 | |||
264 | We welcome comments, questions, concerns, or suggestions. Please send us a | ||
265 | message on our contact page at legal@anastasis.lu. | ||