terms_and_conditions
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
terms_and_conditions [2019/07/25 12:49] – external edit 127.0.0.1 | terms_and_conditions [2021/08/06 12:00] – lucy | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ===== TERMS AND CONDITIONS | + | **TERMS AND CONDITIONS** |
- | + | ||
- | Please download a word copy of the TOS here: {{ :: | + | |
**Payment**\\ | **Payment**\\ | ||
- | Payment | + | Payment |
**Price Validity**\\ | **Price Validity**\\ | ||
- | Prices are valid for 30 days | + | Prices are valid for 60 days |
**Own use of the software**\\ | **Own use of the software**\\ | ||
- | The software allows an unlimited number of recipients for testing and training during the contractual period. There are no restrictions within the software regarding the number of campaigns, domains, customers | + | The software allows an unlimited number of recipients for testing and training during the contractual period |
**Use of the software for third parties**\\ | **Use of the software for third parties**\\ | ||
- | The software can be used during the contractual term to test third-party organizations such as customers, partners | + | The software can be used during the contract period for your own organization This also includes companies in which the customer has a majority shareholding or legally belongs, which the customer controls directly or indirectly or has the power to appoint/ remove a majority of its management. This also includes companies in which the customer has a majority shareholding or legally belongs, which the customer controls directly |
**Delivery of Service/ | **Delivery of Service/ | ||
- | The creation of a license key requires an existing installation. The customer can download the software from our website | + | The creation of a license key requires an existing installation. The customer can download the software from our website at any time free of charge. Lucy Security AG grants access to the licensed functions within a maximum of 5 days after receipt of the order. The customer needs the workstation ID to be delivered to us. This ID is located in the administration area under support/license. |
**Software Warranty**\\ | **Software Warranty**\\ | ||
- | Lucy Security AG warrants that during the use of the Software by the buyer the Software (i) is free from any | + | Lucy Security AG warrants that during the use of the Software by the buyer the Software (i) is free from any virus, malware, spyware or any other software code* that may pose a danger to the buyer and its affiliates’ IT infrastructure, |
- | virus, malware, spyware or any other software code* that may pose a danger to the buyer and its affiliates’ IT | + | |
- | infrastructure, | + | |
- | functionality of the Software), and (iii) does not create any safety risk to the buyer and its affiliates’ IT | + | |
- | environment, | + | |
- | **Minor errors (so called bugs) are being fixed as fast as possible but within | + | **Limitation of Liability**\\ |
- | latest | + | Except in the case of 1) a breach of a right of intellectual property |
- | *The software contains | + | LUCY agrees |
- | responsible | + | |
- | collected results). | + | |
- | In the event of breach of any of the warranties, Lucy Security AG shall fully defend, indemnify and hold the buyer | + | **License period**\\ |
- | and its affiliates harmless from any against any loss, liabilities, damages, claims, costs and expenses. Lucy | + | Each software is licensed for the period specified in the particular order. Unless otherwise specified in the order, the Software License will not be automatically extended beyond the initial term of the Software License. Software support services will be provided for the period specified in each order, or, if no period for support services is specified, support services will be provided for a period of one (1) year from the date of delivery of the software to the Customer Customers provided. Once the commercial license has expired, the LUCY software is automatically available as " |
- | Security AG warrants that all necessary measures*** | + | |
- | by any third party which would pose a safety risk to the buyer’s IT infrastructure | + | |
- | ***It is the buyer’s responsibility | + | **Effect of termination**\\ |
+ | Upon termination of any applicable SOW or Order for any reason, all access rights and licenses granted herein in respect of the affected Order or SOW will cease immediately. The termination or expiration of any order or SOW shall not be deemed termination or expiration of any other order or SOW in effect at the time of termination or expiration, and this Agreement shall continue | ||
+ | |||
+ | **Professional services**\\ | ||
+ | The period of performance for Professional Services begins with the date specified in the applicable order or, as otherwise agreed between the parties in writing, and remains in effect for the duration specified in the applicable order. If the applicable order does not specify a time limit for Professional Services, then professional services commence upon the entry into force of SOW and continue until completed unless otherwise stated herein. | ||
**Data Protection & GDPR**\\ | **Data Protection & GDPR**\\ | ||
- | Lucy Security AG warrants that (i) it complies | + | Lucy Security AG undertakes to comply |
- | writing with the recipient of the data outside of Switzerland.****Excluded is all communication named in this article: https:// | + | |
+ | {{:picture1.jpg?600|}} | ||
+ | |||
+ | To comply with local data protection law, the client is responsible selecting the according LUCY settings. | ||
+ | LUCY Security has committed itself to comply with the GDPR guidelines applicable in the EU. Inquiries and requests regarding the customer' | ||
+ | |||
+ | Within ten (10) business days of the termination of this Agreement or upon Discloser’s written request, LUCY will promptly destroy or return all of Discloser’s Confidential Information in LUCY’s possession or in the possession of any representative of LUCY | ||
- | LUCY Security has committed itself to comply with the GDPR guidelines applicable in the EU. Inquiries and requests regarding the customer' | ||
**Support**\\ | **Support**\\ | ||
- | All support activities related to software bugs are free of charge. The hourly price for support services is $90. Support bills will be created monthly or yearly. All invoices issued hereunder are due and payable within thirty (30) days of the invoice date. Other exceptions: If a WIKI article is not clearly formulated or is outdated, the customer will not be charged for the resulting questions. All other issues will be charged once the support budget included in the according license model is used up. Please ensure that the LUCY software is always up to date with the latest patch before contacting our customer service. Having said all that, the LUCY team aims to be helpful and accommodating at all times, and will do its absolute best to assist the client wherever possible. Examples of issues that are not considered LUCY bugs: | + | All support activities related to software bugs are free of charge. The hourly price for support services is $90. Support bills will be created monthly or yearly. All invoices issued hereunder are due and payable within thirty (30) days of the invoice date. Other exceptions: If a WIKI article is not clearly formulated or is outdated, the customer will not be charged for the resulting questions. All other issues will be charged once the support budget included in the according license model is used up. Please ensure that the LUCY software is always up to date with the latest patch before contacting our customer service. Having said all that, the LUCY team aims to be helpful and accommodating at all times, and will do its absolute best to assist the client wherever possible. Examples of issues that are not considered LUCY bugs: \\ |
+ | • Application or system problems caused by changing anything within the Linux operating system on which LUCY runs.\\ | ||
+ | • Third party SPAM filters blocking mails from LUCY.\\ | ||
+ | • External Mail relays that do not work as expected.\\ | ||
+ | • Proxy settings preventing LUCY to receive updates\\ | ||
+ | • DNS configuration issues caused by DNS entries not made by LUCY. | ||
+ | |||
+ | |||
+ | **Security and Monitoring on LUCY VPS/SaaS environment**\\ | ||
+ | The following information describes the process of installing and supporting a new LUCY server when it is hosted by LUCY. In case of purchasing the SaaS edition, LUCY creates a new server on the infrastructure of LUCY’s prefered provider in the country of the customer' | ||
+ | 1. All LUCY serves have configured Firewall to restrict access to the servers. The access is only allowed for the System Administrator and Support team. If required, access (root) can also be assigned exclusively to the client.\\ | ||
+ | 2. Fail2ban daemon is running for protection from brute-force attacks, it is configured to protect both SSH and Postfix.\\ | ||
+ | 3. Auditd daemon provides the detailed information about all system events, especially information on security violations that allows to take necessary actions. The event information is available in log files stored locally.\\ | ||
+ | 4. Lynis – a flexible tool that is normally executed after installation of a new server and allows to check a new system in the following ways: Security audits, Compliance testing, Penetration testing, Vulnerability detecting & System hardening.\\ | ||
+ | 5. Rkhunter – is executed weekly, it is used to scan the server for rootkits, backdoors and possible local exploits. The scanning results are available in log files stored locally.\\ | ||
+ | 6. Zabbix agent – is used for monitoring processes and hardware on the LUCY server.\\ | ||
+ | 7. Backup script – is used for encrypting LUCY backups and transferring backups to the backup server. If you do not require external backups, we can disable this feature. | ||
+ | |||
+ | Additionally, | ||
+ | Since updating to the new version of LUCY is only possible when all campaigns are stopped, the LUCY software updating process is done manually by the client after publishing a new LUCY version. The update can be done with a click of a button. | ||
+ | |||
+ | **Database Encryption**\\ | ||
+ | LUCY stores all related data in PostgreSQL 9.6 RDBMS. All sensitive information stored in there is encrypted as PostgreSQL is available only for internal connections. There are no configurable options for the DB encryption. | ||
+ | The encryption is mandatory for all data and is performed automatically with the following settings: | ||
+ | • It’s a column-level encryption performed on both the application and DB layers before storing any data in the database. We don’t use TDE (transparent database encryption), | ||
+ | • We mostly perform the encryption/ | ||
+ | • The encryption is performed using AES-256-CBC. | ||
+ | • On demand we can provide a HSM solution, that will allow us to use a HSM-based encryption – in that case the encryption key will be stored on the external hardware module with anti-tampering protection. | ||
+ | |||
- | | + | **Confidentiality Obligations**\\ |
- | * Third party SPAM filters blocking mails from LUCY. | + | For purposes of this Agreement, " |
- | * External Mail relays that do not work as expected. | + | |
- | * Proxy settings preventing LUCY to receive updates | + | |
- | * DNS configuration issues caused | + | |
**Applicable law and dispute resolution**\\ | **Applicable law and dispute resolution**\\ | ||
- | This contract shall be governed by Swiss law. Any dispute arising out of or in connection with | + | This contract shall be governed by Swiss law. Any dispute arising out of or in connection with this contract shall be brought before the competent courts in Zurich. Place of jurisdiction shall be Zurich. Any pre-printed terms and conditions of Lucy Security AG shall be excluded in their entirety and shall not become part of this contract, unless and to the extent that the client has explicitly accepted in writing such general terms and conditions. |
- | this contract shall be brought before the competent courts in Zurich. Place of jurisdiction shall be | + | |
- | Zurich. Any pre-printed terms and conditions of Lucy Security AG shall be excluded in their entirety and shall not become part of this contract, unless and to the extent that the client has explicitly accepted in writing such general terms and conditions. | + | |
terms_and_conditions.txt · Last modified: 2021/09/24 09:02 by lucysecurity