aboutsummaryrefslogtreecommitdiff
path: root/contrib/tos/tos.rst
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/tos/tos.rst')
-rw-r--r--contrib/tos/tos.rst265
1 files changed, 265 insertions, 0 deletions
diff --git a/contrib/tos/tos.rst b/contrib/tos/tos.rst
new file mode 100644
index 0000000..4445601
--- /dev/null
+++ b/contrib/tos/tos.rst
@@ -0,0 +1,265 @@
1Terms Of Service
2================
3
4Last Updated: 07.09.2021
5
6Welcome! Anastasis SARL (“we,” “our,” or “us”) provides a distributed
7privacy-preserving backup and recovery service for key material
8through our Internet presence (collectively the “Services”). Before
9using our Services, please read the Terms of Service (the “Terms” or
10the “Agreement”) carefully.
11
12Overview
13--------
14
15This section provides a brief summary of the highlights of this
16Agreement. Please note that when you accept this Agreement, you are
17accepting all of the terms and conditions and not just this
18section. We and possibly other third parties provide Internet services
19which interact with the Anastasis key backup and recovery
20application. When using an application to interact with our Services,
21you are agreeing to our Terms, so please read carefully.
22
23
24Highlights:
25~~~~~~~~~~~
26
27 • You are responsible for selecting authentication methods and
28 policies that are adequate to protect your key material.
29 Any losses arising from you not being able to satisfy the
30 selected authentication challenges or third parties being able
31 successfully pass the challenges are your problem.
32 • We will store your encrypted key shares and disclose them upon
33 successful authentication to the best of our ability within the
34 limitations of the law and our implementation. Our liability will
35 be limited to the liability limit exposed in the protocol.
36 • For our Services, we may charge various fees. The specific fee structure
37 is provided based on the Anastasis protocol and should be shown to you when you
38 use an application to interact with our services. You agree and understand
39 that the Anastasis protocol allows for the fee structure to change.
40 • You agree to not intentionally overwhelm our systems with requests and
41 follow responsible disclosure if you find security issues in our services.
42 • We cannot be held accountable for our Services not being available due to
43 circumstances beyond our control. If we modify or terminate our services,
44 we will announce this and ensure that you can recover your key material
45 for at least one year before we completely terminate the Service.
46
47These terms outline approved uses of our Services. If you have any
48questions or comments related to this Agreement, please send us a
49message to legal@anastasis.lu. If you do not agree to this Agreement,
50you must not use our Services.
51
52
53How you accept this policy
54--------------------------
55
56By using our API (typically via an Anastasis-enabled application), you
57acknowledge that you have read, understood, and agreed to these
58Terms. We reserve the right to change these Terms at any time. If you
59disagree with the change, you must simply stop using our APIs. Your
60continued use of our Services following any such change will signify
61your acceptance to be bound by the then current Terms. Please check
62the effective date above to determine if there have been any changes
63since you have last reviewed these Terms.
64
65Services
66--------
67
68We will store your encrypted key shares (and the associated encrypted
69recovery policy document) to the best of our ability and within the
70limitations of the implementation. We will disclose the key shares only
71after the specific authentication challenge has been passed. We will
72rate-limit the use of the authentication APIs to limit brute-force
73attacks.
74
75We are not guaranteeing that the authentication procedures are effective.
76Other parties may be able to intercept authentication messages, or you
77may not be able to receive these messages anymore. You are responsible
78for choosing safe authentication methods with sufficient security.
79
80When using our Services, you agree to not take any action that
81intentionally imposes an unreasonable load on our infrastructure. If
82you find security problems in our Services, you agree to first report
83them to security@anastasis.lu and grant us the right to publish your
84report. We warrant that we will ourselves publicly disclose any issues
85reported within 1 month, and that we will not prosecute anyone
86reporting security issues if they did not exploit the issue beyond a
87proof-of-concept, and followed the above responsible disclosure
88practice.
89
90
91Fees
92----
93
94You agree to pay the fees for backup and recovery operations ("Fees")
95as defined by us, which we may change from time to time. Your
96Anastasis client should obtain and display applicable fees during
97backup and recovery.
98
99
100Eligibility
101-----------
102
103To be eligible to use our Services, you must be able to form legally binding
104contracts or have the permission of your legal guardian. By using our
105Services, you represent and warrant that you meet all eligibility requirements
106that we outline in these Terms.
107
108
109Copyrights and trademarks
110-------------------------
111
112The Anastasis software is released under the terms of the GNU Affero
113General Public License (GNU AGPLv3+). You have the right to access,
114use, and share the Anastasis application, in modified or unmodified
115form. However, the Affero GPL is a strong copyleft license, which
116means that any derivative works must be distributed under the same
117license terms as the original software. If you have any questions, you
118should review the GNU AGPL’s full terms and conditions at
119https://www.gnu.org/licenses/agpl-3.0.en.html. “Anastasis” itself is
120a trademark of Anastasis SARL. You are welcome to use the name in
121relation to implementations of the Anastasis protocol, assuming your
122use is compatible with an official release from the GNU Project that
123is not older than two years.
124
125
126Limitation of liability & disclaimer of warranties
127--------------------------------------------------
128
129You understand and agree that we have no control over, and no duty to
130take any action regarding: Failures, disruptions, errors, or delays in
131processing that you may experience while using our Services; The risk
132of failure of hardware, software, and Internet connections; The risk
133of malicious software being introduced or found in the software
134underlying the Anastasis implementation. You release us from all
135liability related to any losses, damages, or claims arising from:
136
137(a) user error such as forgotten security answers or loss of
138 control over accounts used for authentication;
139(b) server failure or data loss;
140(d) bugs or other errors in the Anastasis client software; and
141(e) any unauthorized third party activities, including, but not limited to,
142 the use of viruses, phishing, brute forcing, or other means of attack
143 against the Anastasis client. We make no representations concerning any
144 Third Party Content contained in or accessed through our Services.
145
146Any other terms, conditions, warranties, or representations associated with
147such content, are solely between you and such organizations and/or
148individuals.
149
150To the fullest extent permitted by applicable law, in no event will we
151or any of our officers, directors, representatives, agents, servants,
152counsel, employees, consultants, lawyers, and other personnel
153authorized to act, acting, or purporting to act on our behalf
154(collectively the “Anastasis Parties”) be liable to you under
155contract, tort, strict liability, negligence, or any other legal or
156equitable theory, for:
157
158(a) any lost profits, data loss, cost of procurement of substitute goods or
159 services, or direct, indirect, incidental, special, punitive, compensatory,
160 or consequential damages of any kind whatsoever resulting from:
161
162 (i) your use of, or conduct in connection with, our services;
163 (ii) any unauthorized use of your wallet and/or private key due to your
164 failure to maintain the confidentiality of your wallet;
165 (iii) any interruption or cessation of transmission to or from the services; or
166 (iv) any bugs, viruses, trojan horses, or the like that are found in the Taler
167 Wallet software or that may be transmitted to or through our services by
168 any third party (regardless of the source of origination), or
169
170(b) any direct damages.
171
172These limitations apply regardless of legal theory, whether based on tort,
173strict liability, breach of contract, breach of warranty, or any other legal
174theory, and whether or not we were advised of the possibility of such
175damages. Some jurisdictions do not allow the exclusion or limitation of
176liability for consequential or incidental damages, so the above limitation may
177not apply to you.
178
179Our services are provided "as is" and without warranty of any kind. To the
180maximum extent permitted by law, we disclaim all representations and
181warranties, express or implied, relating to the services and underlying
182software or any content on the services, whether provided or owned by us or by
183any third party, including without limitation, warranties of merchantability,
184fitness for a particular purpose, title, non-infringement, freedom from
185computer virus, and any implied warranties arising from course of dealing,
186course of performance, or usage in trade, all of which are expressly
187disclaimed. In addition, we do not represent or warrant that the content
188accessible via the services is accurate, complete, available, current, free of
189viruses or other harmful components, or that the results of using the services
190will meet your requirements. Some states do not allow the disclaimer of
191implied warranties, so the foregoing disclaimers may not apply to you. This
192paragraph gives you specific legal rights and you may also have other legal
193rights that vary from state to state.
194
195Indemnity and Time limitation on claims and Termination
196-------------------------------------------------------
197
198To the extent permitted by applicable law, you agree to defend,
199indemnify, and hold harmless the Anastasis Parties from and against
200any and all claims, damages, obligations, losses, liabilities, costs
201or debt, and expenses (including, but not limited to, attorney’s fees)
202arising from: (a) your use of and access to the Services; (b) any
203feedback or submissions you provide to us concerning the Anastasis
204software; (c) your violation of any term of this Agreement; or (d)
205your violation of any law, rule, or regulation, or the rights of any
206third party.
207
208You agree that any claim you may have arising out of or related to your
209relationship with us must be filed within one year after such claim arises,
210otherwise, your claim in permanently barred.
211
212In the event of termination concerning your use of our Services, your
213obligations under this Agreement will still continue.
214
215
216Discontinuance of services and Force majeure
217--------------------------------------------
218
219We shall not be held liable for any delays, failure in performance, or
220interruptions of service which result directly or indirectly from any cause or
221condition beyond our reasonable control, including but not limited to: any
222delay or failure due to any act of God, act of civil or military authorities,
223act of terrorism, civil disturbance, war, strike or other labor dispute, fire,
224interruption in telecommunications or Internet services or network provider
225services, failure of equipment and/or software, other catastrophe, or any
226other occurrence which is beyond our reasonable control and shall not affect
227the validity and enforceability of any remaining provisions.
228
229
230Governing law, Waivers, Severability and Assignment
231---------------------------------------------------
232
233No matter where you’re located, the laws of Luxembourg will govern these
234Terms. If any provisions of these Terms are inconsistent with any applicable
235law, those provisions will be superseded or modified only to the extent such
236provisions are inconsistent. The parties agree to submit to the ordinary
237courts in Luxembourg for exclusive jurisdiction of any dispute
238arising out of or related to your use of the Services or your breach of these
239Terms.
240
241Our failure to exercise or delay in exercising any right, power, or privilege
242under this Agreement shall not operate as a waiver; nor shall any single or
243partial exercise of any right, power, or privilege preclude any other or
244further exercise thereof.
245
246You agree that we may assign any of our rights and/or transfer, sub-contract,
247or delegate any of our obligations under these Terms.
248
249If it turns out that any part of this Agreement is invalid, void, or for any
250reason unenforceable, that term will be deemed severable and limited or
251eliminated to the minimum extent necessary.
252
253This Agreement sets forth the entire understanding and agreement as to the
254subject matter hereof and supersedes any and all prior discussions,
255agreements, and understandings of any kind (including, without limitation, any
256prior versions of this Agreement) and every nature between us. Except as
257provided for above, any modification to this Agreement must be in writing and
258must be signed by both parties.
259
260
261Questions or comments
262---------------------
263
264We welcome comments, questions, concerns, or suggestions. Please send us a
265message on our contact page at legal@anastasis.lu.