0.xml (20393B)
1 <?xml version="1.0" encoding="utf-8"?> 2 <!DOCTYPE document PUBLIC "+//IDN docutils.sourceforge.net//DTD Docutils Generic//EN//XML" "http://docutils.sourceforge.net/docs/ref/docutils.dtd"> 3 <!-- Generated by Docutils 0.16 --> 4 <document source="/research/anastasis/anastasis/contrib/tos/tos.rst"> 5 <section ids="terms-of-service" names="terms\ of\ service"> 6 <title>Terms Of Service</title> 7 <paragraph>Last Updated: 07.09.2021</paragraph> 8 <paragraph>Welcome! Anastasis SARL (“we,” “our,” or “us”) provides a distributed 9 privacy-preserving backup and recovery service for key material 10 through our Internet presence (collectively the “Services”). Before 11 using our Services, please read the Terms of Service (the “Terms” or 12 the “Agreement”) carefully.</paragraph> 13 <section ids="overview" names="overview"> 14 <title>Overview</title> 15 <paragraph>This section provides a brief summary of the highlights of this 16 Agreement. Please note that when you accept this Agreement, you are 17 accepting all of the terms and conditions and not just this 18 section. We and possibly other third parties provide Internet services 19 which interact with the Anastasis key backup and recovery 20 application. When using an application to interact with our Services, 21 you are agreeing to our Terms, so please read carefully.</paragraph> 22 <section ids="highlights" names="highlights:"> 23 <title>Highlights:</title> 24 <block_quote> 25 <bullet_list bullet="•"> 26 <list_item> 27 <paragraph>You are responsible for selecting authentication methods and 28 policies that are adequate to protect your key material. 29 Any losses arising from you not being able to satisfy the 30 selected authentication challenges or third parties being able 31 successfully pass the challenges are your problem.</paragraph> 32 </list_item> 33 <list_item> 34 <paragraph>We will store your encrypted key shares and disclose them upon 35 successful authentication to the best of our ability within the 36 limitations of the law and our implementation. Our liability will 37 be limited to the liability limit exposed in the protocol.</paragraph> 38 </list_item> 39 <list_item> 40 <paragraph>For our Services, we may charge various fees. The specific fee structure 41 is provided based on the Anastasis protocol and should be shown to you when you 42 use an application to interact with our services. You agree and understand 43 that the Anastasis protocol allows for the fee structure to change.</paragraph> 44 </list_item> 45 <list_item> 46 <paragraph>You agree to not intentionally overwhelm our systems with requests and 47 follow responsible disclosure if you find security issues in our services.</paragraph> 48 </list_item> 49 <list_item> 50 <paragraph>We cannot be held accountable for our Services not being available due to 51 circumstances beyond our control. If we modify or terminate our services, 52 we will announce this and ensure that you can recover your key material 53 for at least one year before we completely terminate the Service.</paragraph> 54 </list_item> 55 </bullet_list> 56 </block_quote> 57 <paragraph>These terms outline approved uses of our Services. If you have any 58 questions or comments related to this Agreement, please send us a 59 message to <reference refuri="mailto:legal@anastasis.lu">legal@anastasis.lu</reference>. If you do not agree to this Agreement, 60 you must not use our Services.</paragraph> 61 </section> 62 </section> 63 <section ids="how-you-accept-this-policy" names="how\ you\ accept\ this\ policy"> 64 <title>How you accept this policy</title> 65 <paragraph>By using our API (typically via an Anastasis-enabled application), you 66 acknowledge that you have read, understood, and agreed to these 67 Terms. We reserve the right to change these Terms at any time. If you 68 disagree with the change, you must simply stop using our APIs. Your 69 continued use of our Services following any such change will signify 70 your acceptance to be bound by the then current Terms. Please check 71 the effective date above to determine if there have been any changes 72 since you have last reviewed these Terms.</paragraph> 73 </section> 74 <section ids="services" names="services"> 75 <title>Services</title> 76 <paragraph>We will store your encrypted key shares (and the associated encrypted 77 recovery policy document) to the best of our ability and within the 78 limitations of the implementation. We will disclose the key shares only 79 after the specific authentication challenge has been passed. We will 80 rate-limit the use of the authentication APIs to limit brute-force 81 attacks.</paragraph> 82 <paragraph>We are not guaranteeing that the authentication procedures are effective. 83 Other parties may be able to intercept authentication messages, or you 84 may not be able to receive these messages anymore. You are responsible 85 for choosing safe authentication methods with sufficient security.</paragraph> 86 <paragraph>When using our Services, you agree to not take any action that 87 intentionally imposes an unreasonable load on our infrastructure. If 88 you find security problems in our Services, you agree to first report 89 them to <reference refuri="mailto:security@anastasis.lu">security@anastasis.lu</reference> and grant us the right to publish your 90 report. We warrant that we will ourselves publicly disclose any issues 91 reported within 1 month, and that we will not prosecute anyone 92 reporting security issues if they did not exploit the issue beyond a 93 proof-of-concept, and followed the above responsible disclosure 94 practice.</paragraph> 95 </section> 96 <section ids="fees" names="fees"> 97 <title>Fees</title> 98 <paragraph>You agree to pay the fees for backup and recovery operations (“Fees”) 99 as defined by us, which we may change from time to time. Your 100 Anastasis client should obtain and display applicable fees during 101 backup and recovery.</paragraph> 102 </section> 103 <section ids="eligibility" names="eligibility"> 104 <title>Eligibility</title> 105 <paragraph>To be eligible to use our Services, you must be able to form legally binding 106 contracts or have the permission of your legal guardian. By using our 107 Services, you represent and warrant that you meet all eligibility requirements 108 that we outline in these Terms.</paragraph> 109 </section> 110 <section ids="copyrights-and-trademarks" names="copyrights\ and\ trademarks"> 111 <title>Copyrights and trademarks</title> 112 <paragraph>The Anastasis software is released under the terms of the GNU Affero 113 General Public License (GNU AGPLv3+). You have the right to access, 114 use, and share the Anastasis application, in modified or unmodified 115 form. However, the Affero GPL is a strong copyleft license, which 116 means that any derivative works must be distributed under the same 117 license terms as the original software. If you have any questions, you 118 should review the GNU AGPL’s full terms and conditions at 119 <reference refuri="https://www.gnu.org/licenses/agpl-3.0.en.html">https://www.gnu.org/licenses/agpl-3.0.en.html</reference>. “Anastasis” itself is 120 a trademark of Anastasis SARL. You are welcome to use the name in 121 relation to implementations of the Anastasis protocol, assuming your 122 use is compatible with an official release from the GNU Project that 123 is not older than two years.</paragraph> 124 </section> 125 <section ids="limitation-of-liability-disclaimer-of-warranties" names="limitation\ of\ liability\ &\ disclaimer\ of\ warranties"> 126 <title>Limitation of liability & disclaimer of warranties</title> 127 <paragraph>You understand and agree that we have no control over, and no duty to 128 take any action regarding: Failures, disruptions, errors, or delays in 129 processing that you may experience while using our Services; The risk 130 of failure of hardware, software, and Internet connections; The risk 131 of malicious software being introduced or found in the software 132 underlying the Anastasis implementation. You release us from all 133 liability related to any losses, damages, or claims arising from:</paragraph> 134 <enumerated_list enumtype="loweralpha" prefix="(" suffix=")"> 135 <list_item> 136 <paragraph>user error such as forgotten security answers or loss of 137 control over accounts used for authentication;</paragraph> 138 </list_item> 139 </enumerated_list> 140 <paragraph>(b) server failure or data loss; 141 (d) bugs or other errors in the Anastasis client software; and 142 (e) any unauthorized third party activities, including, but not limited to,</paragraph> 143 <block_quote> 144 <paragraph>the use of viruses, phishing, brute forcing, or other means of attack 145 against the Anastasis client. We make no representations concerning any 146 Third Party Content contained in or accessed through our Services.</paragraph> 147 </block_quote> 148 <paragraph>Any other terms, conditions, warranties, or representations associated with 149 such content, are solely between you and such organizations and/or 150 individuals.</paragraph> 151 <paragraph>To the fullest extent permitted by applicable law, in no event will we 152 or any of our officers, directors, representatives, agents, servants, 153 counsel, employees, consultants, lawyers, and other personnel 154 authorized to act, acting, or purporting to act on our behalf 155 (collectively the “Anastasis Parties”) be liable to you under 156 contract, tort, strict liability, negligence, or any other legal or 157 equitable theory, for:</paragraph> 158 <enumerated_list enumtype="loweralpha" prefix="(" suffix=")"> 159 <list_item> 160 <paragraph>any lost profits, data loss, cost of procurement of substitute goods or 161 services, or direct, indirect, incidental, special, punitive, compensatory, 162 or consequential damages of any kind whatsoever resulting from:</paragraph> 163 </list_item> 164 </enumerated_list> 165 <block_quote> 166 <enumerated_list enumtype="lowerroman" prefix="(" suffix=")"> 167 <list_item> 168 <paragraph>your use of, or conduct in connection with, our services;</paragraph> 169 </list_item> 170 <list_item> 171 <paragraph>any unauthorized use of your wallet and/or private key due to your 172 failure to maintain the confidentiality of your wallet;</paragraph> 173 </list_item> 174 <list_item> 175 <paragraph>any interruption or cessation of transmission to or from the services; or</paragraph> 176 </list_item> 177 <list_item> 178 <paragraph>any bugs, viruses, trojan horses, or the like that are found in the Taler 179 Wallet software or that may be transmitted to or through our services by 180 any third party (regardless of the source of origination), or</paragraph> 181 </list_item> 182 </enumerated_list> 183 </block_quote> 184 <enumerated_list enumtype="loweralpha" prefix="(" start="2" suffix=")"> 185 <list_item> 186 <paragraph>any direct damages.</paragraph> 187 </list_item> 188 </enumerated_list> 189 <paragraph>These limitations apply regardless of legal theory, whether based on tort, 190 strict liability, breach of contract, breach of warranty, or any other legal 191 theory, and whether or not we were advised of the possibility of such 192 damages. Some jurisdictions do not allow the exclusion or limitation of 193 liability for consequential or incidental damages, so the above limitation may 194 not apply to you.</paragraph> 195 <paragraph>Our services are provided “as is” and without warranty of any kind. To the 196 maximum extent permitted by law, we disclaim all representations and 197 warranties, express or implied, relating to the services and underlying 198 software or any content on the services, whether provided or owned by us or by 199 any third party, including without limitation, warranties of merchantability, 200 fitness for a particular purpose, title, non-infringement, freedom from 201 computer virus, and any implied warranties arising from course of dealing, 202 course of performance, or usage in trade, all of which are expressly 203 disclaimed. In addition, we do not represent or warrant that the content 204 accessible via the services is accurate, complete, available, current, free of 205 viruses or other harmful components, or that the results of using the services 206 will meet your requirements. Some states do not allow the disclaimer of 207 implied warranties, so the foregoing disclaimers may not apply to you. This 208 paragraph gives you specific legal rights and you may also have other legal 209 rights that vary from state to state.</paragraph> 210 </section> 211 <section ids="indemnity-and-time-limitation-on-claims-and-termination" names="indemnity\ and\ time\ limitation\ on\ claims\ and\ termination"> 212 <title>Indemnity and Time limitation on claims and Termination</title> 213 <paragraph>To the extent permitted by applicable law, you agree to defend, 214 indemnify, and hold harmless the Anastasis Parties from and against 215 any and all claims, damages, obligations, losses, liabilities, costs 216 or debt, and expenses (including, but not limited to, attorney’s fees) 217 arising from: (a) your use of and access to the Services; (b) any 218 feedback or submissions you provide to us concerning the Anastasis 219 software; (c) your violation of any term of this Agreement; or (d) 220 your violation of any law, rule, or regulation, or the rights of any 221 third party.</paragraph> 222 <paragraph>You agree that any claim you may have arising out of or related to your 223 relationship with us must be filed within one year after such claim arises, 224 otherwise, your claim in permanently barred.</paragraph> 225 <paragraph>In the event of termination concerning your use of our Services, your 226 obligations under this Agreement will still continue.</paragraph> 227 </section> 228 <section ids="discontinuance-of-services-and-force-majeure" names="discontinuance\ of\ services\ and\ force\ majeure"> 229 <title>Discontinuance of services and Force majeure</title> 230 <paragraph>We shall not be held liable for any delays, failure in performance, or 231 interruptions of service which result directly or indirectly from any cause or 232 condition beyond our reasonable control, including but not limited to: any 233 delay or failure due to any act of God, act of civil or military authorities, 234 act of terrorism, civil disturbance, war, strike or other labor dispute, fire, 235 interruption in telecommunications or Internet services or network provider 236 services, failure of equipment and/or software, other catastrophe, or any 237 other occurrence which is beyond our reasonable control and shall not affect 238 the validity and enforceability of any remaining provisions.</paragraph> 239 </section> 240 <section ids="governing-law-waivers-severability-and-assignment" names="governing\ law,\ waivers,\ severability\ and\ assignment"> 241 <title>Governing law, Waivers, Severability and Assignment</title> 242 <paragraph>No matter where you’re located, the laws of Luxembourg will govern these 243 Terms. If any provisions of these Terms are inconsistent with any applicable 244 law, those provisions will be superseded or modified only to the extent such 245 provisions are inconsistent. The parties agree to submit to the ordinary 246 courts in Luxembourg for exclusive jurisdiction of any dispute 247 arising out of or related to your use of the Services or your breach of these 248 Terms.</paragraph> 249 <paragraph>Our failure to exercise or delay in exercising any right, power, or privilege 250 under this Agreement shall not operate as a waiver; nor shall any single or 251 partial exercise of any right, power, or privilege preclude any other or 252 further exercise thereof.</paragraph> 253 <paragraph>You agree that we may assign any of our rights and/or transfer, sub-contract, 254 or delegate any of our obligations under these Terms.</paragraph> 255 <paragraph>If it turns out that any part of this Agreement is invalid, void, or for any 256 reason unenforceable, that term will be deemed severable and limited or 257 eliminated to the minimum extent necessary.</paragraph> 258 <paragraph>This Agreement sets forth the entire understanding and agreement as to the 259 subject matter hereof and supersedes any and all prior discussions, 260 agreements, and understandings of any kind (including, without limitation, any 261 prior versions of this Agreement) and every nature between us. Except as 262 provided for above, any modification to this Agreement must be in writing and 263 must be signed by both parties.</paragraph> 264 </section> 265 <section ids="questions-or-comments" names="questions\ or\ comments"> 266 <title>Questions or comments</title> 267 <paragraph>We welcome comments, questions, concerns, or suggestions. Please send us a 268 message on our contact page at <reference refuri="mailto:legal@anastasis.lu">legal@anastasis.lu</reference>.</paragraph> 269 </section> 270 </section> 271 </document>