1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
|
Terms Of Service
****************
Last Updated: 07.09.2021
Welcome! Anastasis SARL (“we,” “our,” or “us”) provides a distributed
privacy-preserving backup and recovery service for key material
through our Internet presence (collectively the “Services”). Before
using our Services, please read the Terms of Service (the “Terms” or
the “Agreement”) carefully.
Overview
========
This section provides a brief summary of the highlights of this
Agreement. Please note that when you accept this Agreement, you are
accepting all of the terms and conditions and not just this section.
We and possibly other third parties provide Internet services which
interact with the Anastasis key backup and recovery application. When
using an application to interact with our Services, you are agreeing
to our Terms, so please read carefully.
Highlights:
-----------
* You are responsible for selecting authentication methods and
policies that are adequate to protect your key material. Any
losses arising from you not being able to satisfy the selected
authentication challenges or third parties being able
successfully pass the challenges are your problem.
* We will store your encrypted key shares and disclose them upon
successful authentication to the best of our ability within the
limitations of the law and our implementation. Our liability will
be limited to the liability limit exposed in the protocol.
* For our Services, we may charge various fees. The specific fee
structure is provided based on the Anastasis protocol and should
be shown to you when you use an application to interact with our
services. You agree and understand that the Anastasis protocol
allows for the fee structure to change.
* You agree to not intentionally overwhelm our systems with
requests and follow responsible disclosure if you find security
issues in our services.
* We cannot be held accountable for our Services not being
available due to circumstances beyond our control. If we modify
or terminate our services, we will announce this and ensure that
you can recover your key material for at least one year before we
completely terminate the Service.
These terms outline approved uses of our Services. If you have any
questions or comments related to this Agreement, please send us a
message to legal@anastasis.lu. If you do not agree to this Agreement,
you must not use our Services.
How you accept this policy
==========================
By using our API (typically via an Anastasis-enabled application), you
acknowledge that you have read, understood, and agreed to these Terms.
We reserve the right to change these Terms at any time. If you
disagree with the change, you must simply stop using our APIs. Your
continued use of our Services following any such change will signify
your acceptance to be bound by the then current Terms. Please check
the effective date above to determine if there have been any changes
since you have last reviewed these Terms.
Services
========
We will store your encrypted key shares (and the associated encrypted
recovery policy document) to the best of our ability and within the
limitations of the implementation. We will disclose the key shares
only after the specific authentication challenge has been passed. We
will rate-limit the use of the authentication APIs to limit brute-
force attacks.
We are not guaranteeing that the authentication procedures are
effective. Other parties may be able to intercept authentication
messages, or you may not be able to receive these messages anymore.
You are responsible for choosing safe authentication methods with
sufficient security.
When using our Services, you agree to not take any action that
intentionally imposes an unreasonable load on our infrastructure. If
you find security problems in our Services, you agree to first report
them to security@anastasis.lu and grant us the right to publish your
report. We warrant that we will ourselves publicly disclose any issues
reported within 1 month, and that we will not prosecute anyone
reporting security issues if they did not exploit the issue beyond a
proof-of-concept, and followed the above responsible disclosure
practice.
Fees
====
You agree to pay the fees for backup and recovery operations ("Fees")
as defined by us, which we may change from time to time. Your
Anastasis client should obtain and display applicable fees during
backup and recovery.
Eligibility
===========
To be eligible to use our Services, you must be able to form legally
binding contracts or have the permission of your legal guardian. By
using our Services, you represent and warrant that you meet all
eligibility requirements that we outline in these Terms.
Copyrights and trademarks
=========================
The Anastasis software is released under the terms of the GNU Affero
General Public License (GNU AGPLv3+). You have the right to access,
use, and share the Anastasis application, in modified or unmodified
form. However, the Affero GPL is a strong copyleft license, which
means that any derivative works must be distributed under the same
license terms as the original software. If you have any questions, you
should review the GNU AGPL’s full terms and conditions at
https://www.gnu.org/licenses/agpl-3.0.en.html. “Anastasis” itself is
a trademark of Anastasis SARL. You are welcome to use the name in
relation to implementations of the Anastasis protocol, assuming your
use is compatible with an official release from the GNU Project that
is not older than two years.
Limitation of liability & disclaimer of warranties
==================================================
You understand and agree that we have no control over, and no duty to
take any action regarding: Failures, disruptions, errors, or delays in
processing that you may experience while using our Services; The risk
of failure of hardware, software, and Internet connections; The risk
of malicious software being introduced or found in the software
underlying the Anastasis implementation. You release us from all
liability related to any losses, damages, or claims arising from:
1. user error such as forgotten security answers or loss of control
over accounts used for authentication;
(b) server failure or data loss; (d) bugs or other errors in the
Anastasis client software; and (e) any unauthorized third party
activities, including, but not limited to,
the use of viruses, phishing, brute forcing, or other means of
attack against the Anastasis client. We make no representations
concerning any Third Party Content contained in or accessed through
our Services.
Any other terms, conditions, warranties, or representations associated
with such content, are solely between you and such organizations
and/or individuals.
To the fullest extent permitted by applicable law, in no event will we
or any of our officers, directors, representatives, agents, servants,
counsel, employees, consultants, lawyers, and other personnel
authorized to act, acting, or purporting to act on our behalf
(collectively the “Anastasis Parties”) be liable to you under
contract, tort, strict liability, negligence, or any other legal or
equitable theory, for:
1. any lost profits, data loss, cost of procurement of substitute
goods or services, or direct, indirect, incidental, special,
punitive, compensatory, or consequential damages of any kind
whatsoever resulting from:
1. your use of, or conduct in connection with, our services;
2. any unauthorized use of your wallet and/or private key due to
your failure to maintain the confidentiality of your wallet;
3. any interruption or cessation of transmission to or from the
services; or
4. any bugs, viruses, trojan horses, or the like that are found in
the Taler Wallet software or that may be transmitted to or
through our services by any third party (regardless of the
source of origination), or
2. any direct damages.
These limitations apply regardless of legal theory, whether based on
tort, strict liability, breach of contract, breach of warranty, or any
other legal theory, and whether or not we were advised of the
possibility of such damages. Some jurisdictions do not allow the
exclusion or limitation of liability for consequential or incidental
damages, so the above limitation may not apply to you.
Our services are provided "as is" and without warranty of any kind. To
the maximum extent permitted by law, we disclaim all representations
and warranties, express or implied, relating to the services and
underlying software or any content on the services, whether provided
or owned by us or by any third party, including without limitation,
warranties of merchantability, fitness for a particular purpose,
title, non-infringement, freedom from computer virus, and any implied
warranties arising from course of dealing, course of performance, or
usage in trade, all of which are expressly disclaimed. In addition, we
do not represent or warrant that the content accessible via the
services is accurate, complete, available, current, free of viruses or
other harmful components, or that the results of using the services
will meet your requirements. Some states do not allow the disclaimer
of implied warranties, so the foregoing disclaimers may not apply to
you. This paragraph gives you specific legal rights and you may also
have other legal rights that vary from state to state.
Indemnity and Time limitation on claims and Termination
=======================================================
To the extent permitted by applicable law, you agree to defend,
indemnify, and hold harmless the Anastasis Parties from and against
any and all claims, damages, obligations, losses, liabilities, costs
or debt, and expenses (including, but not limited to, attorney’s fees)
arising from: (a) your use of and access to the Services; (b) any
feedback or submissions you provide to us concerning the Anastasis
software; (c) your violation of any term of this Agreement; or (d)
your violation of any law, rule, or regulation, or the rights of any
third party.
You agree that any claim you may have arising out of or related to
your relationship with us must be filed within one year after such
claim arises, otherwise, your claim in permanently barred.
In the event of termination concerning your use of our Services, your
obligations under this Agreement will still continue.
Discontinuance of services and Force majeure
============================================
We shall not be held liable for any delays, failure in performance, or
interruptions of service which result directly or indirectly from any
cause or condition beyond our reasonable control, including but not
limited to: any delay or failure due to any act of God, act of civil
or military authorities, act of terrorism, civil disturbance, war,
strike or other labor dispute, fire, interruption in
telecommunications or Internet services or network provider services,
failure of equipment and/or software, other catastrophe, or any other
occurrence which is beyond our reasonable control and shall not affect
the validity and enforceability of any remaining provisions.
Governing law, Waivers, Severability and Assignment
===================================================
No matter where you’re located, the laws of Luxembourg will govern
these Terms. If any provisions of these Terms are inconsistent with
any applicable law, those provisions will be superseded or modified
only to the extent such provisions are inconsistent. The parties agree
to submit to the ordinary courts in Luxembourg for exclusive
jurisdiction of any dispute arising out of or related to your use of
the Services or your breach of these Terms.
Our failure to exercise or delay in exercising any right, power, or
privilege under this Agreement shall not operate as a waiver; nor
shall any single or partial exercise of any right, power, or privilege
preclude any other or further exercise thereof.
You agree that we may assign any of our rights and/or transfer, sub-
contract, or delegate any of our obligations under these Terms.
If it turns out that any part of this Agreement is invalid, void, or
for any reason unenforceable, that term will be deemed severable and
limited or eliminated to the minimum extent necessary.
This Agreement sets forth the entire understanding and agreement as to
the subject matter hereof and supersedes any and all prior
discussions, agreements, and understandings of any kind (including,
without limitation, any prior versions of this Agreement) and every
nature between us. Except as provided for above, any modification to
this Agreement must be in writing and must be signed by both parties.
Questions or comments
=====================
We welcome comments, questions, concerns, or suggestions. Please send
us a message on our contact page at legal@anastasis.lu.
|
