1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
|
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE document PUBLIC "+//IDN docutils.sourceforge.net//DTD Docutils Generic//EN//XML" "http://docutils.sourceforge.net/docs/ref/docutils.dtd">
<!-- Generated by Docutils 0.16 -->
<document source="/research/anastasis/anastasis/contrib/tos/tos.rst">
<section ids="terms-of-service" names="terms\ of\ service">
<title>Terms Of Service</title>
<paragraph>Last Updated: 07.09.2021</paragraph>
<paragraph>Welcome! Anastasis SARL (“we,” “our,” or “us”) provides a distributed
privacy-preserving backup and recovery service for key material
through our Internet presence (collectively the “Services”). Before
using our Services, please read the Terms of Service (the “Terms” or
the “Agreement”) carefully.</paragraph>
<section ids="overview" names="overview">
<title>Overview</title>
<paragraph>This section provides a brief summary of the highlights of this
Agreement. Please note that when you accept this Agreement, you are
accepting all of the terms and conditions and not just this
section. We and possibly other third parties provide Internet services
which interact with the Anastasis key backup and recovery
application. When using an application to interact with our Services,
you are agreeing to our Terms, so please read carefully.</paragraph>
<section ids="highlights" names="highlights:">
<title>Highlights:</title>
<block_quote>
<bullet_list bullet="•">
<list_item>
<paragraph>You are responsible for selecting authentication methods and
policies that are adequate to protect your key material.
Any losses arising from you not being able to satisfy the
selected authentication challenges or third parties being able
successfully pass the challenges are your problem.</paragraph>
</list_item>
<list_item>
<paragraph>We will store your encrypted key shares and disclose them upon
successful authentication to the best of our ability within the
limitations of the law and our implementation. Our liability will
be limited to the liability limit exposed in the protocol.</paragraph>
</list_item>
<list_item>
<paragraph>For our Services, we may charge various fees. The specific fee structure
is provided based on the Anastasis protocol and should be shown to you when you
use an application to interact with our services. You agree and understand
that the Anastasis protocol allows for the fee structure to change.</paragraph>
</list_item>
<list_item>
<paragraph>You agree to not intentionally overwhelm our systems with requests and
follow responsible disclosure if you find security issues in our services.</paragraph>
</list_item>
<list_item>
<paragraph>We cannot be held accountable for our Services not being available due to
circumstances beyond our control. If we modify or terminate our services,
we will announce this and ensure that you can recover your key material
for at least one year before we completely terminate the Service.</paragraph>
</list_item>
</bullet_list>
</block_quote>
<paragraph>These terms outline approved uses of our Services. If you have any
questions or comments related to this Agreement, please send us a
message to <reference refuri="mailto:legal@anastasis.lu">legal@anastasis.lu</reference>. If you do not agree to this Agreement,
you must not use our Services.</paragraph>
</section>
</section>
<section ids="how-you-accept-this-policy" names="how\ you\ accept\ this\ policy">
<title>How you accept this policy</title>
<paragraph>By using our API (typically via an Anastasis-enabled application), you
acknowledge that you have read, understood, and agreed to these
Terms. We reserve the right to change these Terms at any time. If you
disagree with the change, you must simply stop using our APIs. Your
continued use of our Services following any such change will signify
your acceptance to be bound by the then current Terms. Please check
the effective date above to determine if there have been any changes
since you have last reviewed these Terms.</paragraph>
</section>
<section ids="services" names="services">
<title>Services</title>
<paragraph>We will store your encrypted key shares (and the associated encrypted
recovery policy document) to the best of our ability and within the
limitations of the implementation. We will disclose the key shares only
after the specific authentication challenge has been passed. We will
rate-limit the use of the authentication APIs to limit brute-force
attacks.</paragraph>
<paragraph>We are not guaranteeing that the authentication procedures are effective.
Other parties may be able to intercept authentication messages, or you
may not be able to receive these messages anymore. You are responsible
for choosing safe authentication methods with sufficient security.</paragraph>
<paragraph>When using our Services, you agree to not take any action that
intentionally imposes an unreasonable load on our infrastructure. If
you find security problems in our Services, you agree to first report
them to <reference refuri="mailto:security@anastasis.lu">security@anastasis.lu</reference> and grant us the right to publish your
report. We warrant that we will ourselves publicly disclose any issues
reported within 1 month, and that we will not prosecute anyone
reporting security issues if they did not exploit the issue beyond a
proof-of-concept, and followed the above responsible disclosure
practice.</paragraph>
</section>
<section ids="fees" names="fees">
<title>Fees</title>
<paragraph>You agree to pay the fees for backup and recovery operations (“Fees”)
as defined by us, which we may change from time to time. Your
Anastasis client should obtain and display applicable fees during
backup and recovery.</paragraph>
</section>
<section ids="eligibility" names="eligibility">
<title>Eligibility</title>
<paragraph>To be eligible to use our Services, you must be able to form legally binding
contracts or have the permission of your legal guardian. By using our
Services, you represent and warrant that you meet all eligibility requirements
that we outline in these Terms.</paragraph>
</section>
<section ids="copyrights-and-trademarks" names="copyrights\ and\ trademarks">
<title>Copyrights and trademarks</title>
<paragraph>The Anastasis software is released under the terms of the GNU Affero
General Public License (GNU AGPLv3+). You have the right to access,
use, and share the Anastasis application, in modified or unmodified
form. However, the Affero GPL is a strong copyleft license, which
means that any derivative works must be distributed under the same
license terms as the original software. If you have any questions, you
should review the GNU AGPL’s full terms and conditions at
<reference refuri="https://www.gnu.org/licenses/agpl-3.0.en.html">https://www.gnu.org/licenses/agpl-3.0.en.html</reference>. “Anastasis” itself is
a trademark of Anastasis SARL. You are welcome to use the name in
relation to implementations of the Anastasis protocol, assuming your
use is compatible with an official release from the GNU Project that
is not older than two years.</paragraph>
</section>
<section ids="limitation-of-liability-disclaimer-of-warranties" names="limitation\ of\ liability\ &\ disclaimer\ of\ warranties">
<title>Limitation of liability & disclaimer of warranties</title>
<paragraph>You understand and agree that we have no control over, and no duty to
take any action regarding: Failures, disruptions, errors, or delays in
processing that you may experience while using our Services; The risk
of failure of hardware, software, and Internet connections; The risk
of malicious software being introduced or found in the software
underlying the Anastasis implementation. You release us from all
liability related to any losses, damages, or claims arising from:</paragraph>
<enumerated_list enumtype="loweralpha" prefix="(" suffix=")">
<list_item>
<paragraph>user error such as forgotten security answers or loss of
control over accounts used for authentication;</paragraph>
</list_item>
</enumerated_list>
<paragraph>(b) server failure or data loss;
(d) bugs or other errors in the Anastasis client software; and
(e) any unauthorized third party activities, including, but not limited to,</paragraph>
<block_quote>
<paragraph>the use of viruses, phishing, brute forcing, or other means of attack
against the Anastasis client. We make no representations concerning any
Third Party Content contained in or accessed through our Services.</paragraph>
</block_quote>
<paragraph>Any other terms, conditions, warranties, or representations associated with
such content, are solely between you and such organizations and/or
individuals.</paragraph>
<paragraph>To the fullest extent permitted by applicable law, in no event will we
or any of our officers, directors, representatives, agents, servants,
counsel, employees, consultants, lawyers, and other personnel
authorized to act, acting, or purporting to act on our behalf
(collectively the “Anastasis Parties”) be liable to you under
contract, tort, strict liability, negligence, or any other legal or
equitable theory, for:</paragraph>
<enumerated_list enumtype="loweralpha" prefix="(" suffix=")">
<list_item>
<paragraph>any lost profits, data loss, cost of procurement of substitute goods or
services, or direct, indirect, incidental, special, punitive, compensatory,
or consequential damages of any kind whatsoever resulting from:</paragraph>
</list_item>
</enumerated_list>
<block_quote>
<enumerated_list enumtype="lowerroman" prefix="(" suffix=")">
<list_item>
<paragraph>your use of, or conduct in connection with, our services;</paragraph>
</list_item>
<list_item>
<paragraph>any unauthorized use of your wallet and/or private key due to your
failure to maintain the confidentiality of your wallet;</paragraph>
</list_item>
<list_item>
<paragraph>any interruption or cessation of transmission to or from the services; or</paragraph>
</list_item>
<list_item>
<paragraph>any bugs, viruses, trojan horses, or the like that are found in the Taler
Wallet software or that may be transmitted to or through our services by
any third party (regardless of the source of origination), or</paragraph>
</list_item>
</enumerated_list>
</block_quote>
<enumerated_list enumtype="loweralpha" prefix="(" start="2" suffix=")">
<list_item>
<paragraph>any direct damages.</paragraph>
</list_item>
</enumerated_list>
<paragraph>These limitations apply regardless of legal theory, whether based on tort,
strict liability, breach of contract, breach of warranty, or any other legal
theory, and whether or not we were advised of the possibility of such
damages. Some jurisdictions do not allow the exclusion or limitation of
liability for consequential or incidental damages, so the above limitation may
not apply to you.</paragraph>
<paragraph>Our services are provided “as is” and without warranty of any kind. To the
maximum extent permitted by law, we disclaim all representations and
warranties, express or implied, relating to the services and underlying
software or any content on the services, whether provided or owned by us or by
any third party, including without limitation, warranties of merchantability,
fitness for a particular purpose, title, non-infringement, freedom from
computer virus, and any implied warranties arising from course of dealing,
course of performance, or usage in trade, all of which are expressly
disclaimed. In addition, we do not represent or warrant that the content
accessible via the services is accurate, complete, available, current, free of
viruses or other harmful components, or that the results of using the services
will meet your requirements. Some states do not allow the disclaimer of
implied warranties, so the foregoing disclaimers may not apply to you. This
paragraph gives you specific legal rights and you may also have other legal
rights that vary from state to state.</paragraph>
</section>
<section ids="indemnity-and-time-limitation-on-claims-and-termination" names="indemnity\ and\ time\ limitation\ on\ claims\ and\ termination">
<title>Indemnity and Time limitation on claims and Termination</title>
<paragraph>To the extent permitted by applicable law, you agree to defend,
indemnify, and hold harmless the Anastasis Parties from and against
any and all claims, damages, obligations, losses, liabilities, costs
or debt, and expenses (including, but not limited to, attorney’s fees)
arising from: (a) your use of and access to the Services; (b) any
feedback or submissions you provide to us concerning the Anastasis
software; (c) your violation of any term of this Agreement; or (d)
your violation of any law, rule, or regulation, or the rights of any
third party.</paragraph>
<paragraph>You agree that any claim you may have arising out of or related to your
relationship with us must be filed within one year after such claim arises,
otherwise, your claim in permanently barred.</paragraph>
<paragraph>In the event of termination concerning your use of our Services, your
obligations under this Agreement will still continue.</paragraph>
</section>
<section ids="discontinuance-of-services-and-force-majeure" names="discontinuance\ of\ services\ and\ force\ majeure">
<title>Discontinuance of services and Force majeure</title>
<paragraph>We shall not be held liable for any delays, failure in performance, or
interruptions of service which result directly or indirectly from any cause or
condition beyond our reasonable control, including but not limited to: any
delay or failure due to any act of God, act of civil or military authorities,
act of terrorism, civil disturbance, war, strike or other labor dispute, fire,
interruption in telecommunications or Internet services or network provider
services, failure of equipment and/or software, other catastrophe, or any
other occurrence which is beyond our reasonable control and shall not affect
the validity and enforceability of any remaining provisions.</paragraph>
</section>
<section ids="governing-law-waivers-severability-and-assignment" names="governing\ law,\ waivers,\ severability\ and\ assignment">
<title>Governing law, Waivers, Severability and Assignment</title>
<paragraph>No matter where you’re located, the laws of Luxembourg will govern these
Terms. If any provisions of these Terms are inconsistent with any applicable
law, those provisions will be superseded or modified only to the extent such
provisions are inconsistent. The parties agree to submit to the ordinary
courts in Luxembourg for exclusive jurisdiction of any dispute
arising out of or related to your use of the Services or your breach of these
Terms.</paragraph>
<paragraph>Our failure to exercise or delay in exercising any right, power, or privilege
under this Agreement shall not operate as a waiver; nor shall any single or
partial exercise of any right, power, or privilege preclude any other or
further exercise thereof.</paragraph>
<paragraph>You agree that we may assign any of our rights and/or transfer, sub-contract,
or delegate any of our obligations under these Terms.</paragraph>
<paragraph>If it turns out that any part of this Agreement is invalid, void, or for any
reason unenforceable, that term will be deemed severable and limited or
eliminated to the minimum extent necessary.</paragraph>
<paragraph>This Agreement sets forth the entire understanding and agreement as to the
subject matter hereof and supersedes any and all prior discussions,
agreements, and understandings of any kind (including, without limitation, any
prior versions of this Agreement) and every nature between us. Except as
provided for above, any modification to this Agreement must be in writing and
must be signed by both parties.</paragraph>
</section>
<section ids="questions-or-comments" names="questions\ or\ comments">
<title>Questions or comments</title>
<paragraph>We welcome comments, questions, concerns, or suggestions. Please send us a
message on our contact page at <reference refuri="mailto:legal@anastasis.lu">legal@anastasis.lu</reference>.</paragraph>
</section>
</section>
</document>
|
