terms_and_conditions
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
terms_and_conditions [2019/12/10 00:12] – lucy | terms_and_conditions [2021/08/06 12:08] – lucy | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ===== TERMS AND CONDITIONS | + | **TERMS AND CONDITIONS** |
**Payment**\\ | **Payment**\\ | ||
- | Payment net 30 days after invoice date | + | Payment net 30 days after invoice date. Invoice is sent after delivery of software/ |
**Price Validity**\\ | **Price Validity**\\ | ||
- | Prices are valid for 60 days | + | Prices are valid for 60 days |
**Own use of the software**\\ | **Own use of the software**\\ | ||
- | The software allows an unlimited number of recipients for testing and training during the contractual period. There are no restrictions within the software regarding the number of campaigns, domains and reports created. Access and use of the LUCY products, services, documentation and related materials are solely authorized for the internal business purposes of the organization in which you are a representative of and only for the duration of the term of your subscription period. | + | The software allows an unlimited number of recipients for testing and training during the contractual period |
**Use of the software for third parties**\\ | **Use of the software for third parties**\\ | ||
- | The software can be used during the contract period for your own organization. This also includes companies in which the customer has a majority shareholding or legally belongs | + | The software can be used during the contract period for your own organization This also includes companies in which the customer has a majority shareholding or legally belongs, which the customer controls directly or indirectly or has the power to appoint/ remove a majority |
**Delivery of Service/ | **Delivery of Service/ | ||
- | The creation of a license key requires an existing installation. The customer can download the software from our website at any time free of charge. Lucy Security AG grants access to the licensed functions within a maximum of 5 days after receipt of the order. The customer needs the workstation ID to be delivered to us. This ID is located in the administration area under support/ | + | The creation of a license key requires an existing installation. The customer can download the software from our website at any time free of charge. Lucy Security AG grants access to the licensed functions within a maximum of 5 days after receipt of the order. The customer needs the workstation ID to be delivered to us. This ID is located in the administration area under support/ |
**Software Warranty**\\ | **Software Warranty**\\ | ||
- | Lucy Security AG warrants that during the use of the Software by the buyer the Software (i) is free from any virus, malware, spyware or any other software code* that may pose a danger to the buyer and its affiliates’ IT infrastructure, | + | Lucy Security AG warrants that during the use of the Software by the buyer the Software (i) is free from any virus, malware, spyware or any other software code* that may pose a danger to the buyer and its affiliates’ IT infrastructure, |
**Limitation of Liability**\\ | **Limitation of Liability**\\ | ||
- | Except in the case of a breach of a right of intellectual property of a party, which results in compensation obligations, | + | Except in the case of 1) a breach of a right of intellectual property of a party which results in compensation obligations |
+ | LUCY agrees to indemnify and hold harmless Customer in relation to any and all claims, liabilities, | ||
**License period**\\ | **License period**\\ | ||
- | Each software is licensed for the period specified in the particular order. Unless otherwise specified in the order, the Software License will not be extended beyond the initial term of the Software License. Software support services will be provided for the period specified in each order, or, if no period for support services is specified, support services will be provided for a period of one (1) year from the date of delivery of the software to the Customer Customers provided. | + | Each software is licensed for the period specified in the particular order. Unless otherwise specified in the order, the Software License will not be automatically |
**Effect of termination**\\ | **Effect of termination**\\ | ||
- | Upon termination of any applicable SOW or Order for any reason, all access rights and licenses granted herein in respect of the affected Order or SOW will cease immediately. The termination or expiration of any order or SOW shall not be deemed termination or expiration of any other order or SOW in effect at the time of termination or expiration, and this Agreement shall continue to apply to such outstanding orders and SOWs until such orders and SOWs have expired or terminated by their own terms or as set forth herein. | + | Upon termination of any applicable SOW or Order for any reason, all access rights and licenses granted herein in respect of the affected Order or SOW will cease immediately. The termination or expiration of any order or SOW shall not be deemed termination or expiration of any other order or SOW in effect at the time of termination or expiration, and this Agreement shall continue to apply to such outstanding orders and SOWs until such orders and SOWs have expired or terminated by their own terms or as set forth herein. |
**Professional services**\\ | **Professional services**\\ | ||
Line 32: | Line 33: | ||
**Data Protection & GDPR**\\ | **Data Protection & GDPR**\\ | ||
- | Lucy Security AG undertakes to comply with applicable data protection rules according to a separate Data Processing Addendum | + | Lucy Security AG undertakes to comply with applicable data protection rules according to a separate Data Processing Addendum to be entered into by the parties. The communication named below is excluded from this Addendum. |
- | + | ||
- | {{:tos.png?nolink&600|}} | + | {{:tos_pic.png?600|}} |
To comply with local data protection law, the client is responsible selecting the according LUCY settings. | To comply with local data protection law, the client is responsible selecting the according LUCY settings. | ||
LUCY Security has committed itself to comply with the GDPR guidelines applicable in the EU. Inquiries and requests regarding the customer' | LUCY Security has committed itself to comply with the GDPR guidelines applicable in the EU. Inquiries and requests regarding the customer' | ||
- | Within ten (10) business days of the termination of this Agreement or upon Discloser’s written request, LUCY will promptly destroy or return all of Discloser’s Confidential Information in LUCY’s possession or in the possession of any representative of LUCY. | + | Within ten (10) business days of the termination of this Agreement or upon Discloser’s written request, LUCY will promptly destroy or return all of Discloser’s Confidential Information in LUCY’s possession or in the possession of any representative of LUCY |
**Support**\\ | **Support**\\ | ||
- | All support activities related to software bugs are free of charge. The hourly price for support services is $90. Support bills will be created monthly or yearly. All invoices issued hereunder are due and payable within thirty (30) days of the invoice date. Other exceptions: If a WIKI article is not clearly formulated or is outdated, the customer will not be charged for the resulting questions. All other issues will be charged once the support budget included in the according license model is used up. Please ensure that the LUCY software is always up to date with the latest patch before contacting our customer service. Having said all that, the LUCY team aims to be helpful and accommodating at all times, and will do its absolute best to assist the client wherever possible. Examples of issues that are not considered LUCY bugs: | + | All support activities related to software bugs are free of charge. The hourly price for support services is $90. Support bills will be created monthly or yearly. All invoices issued hereunder are due and payable within thirty (30) days of the invoice date. Other exceptions: If a WIKI article is not clearly formulated or is outdated, the customer will not be charged for the resulting questions. All other issues will be charged once the support budget included in the according license model is used up. Please ensure that the LUCY software is always up to date with the latest patch before contacting our customer service. Having said all that, the LUCY team aims to be helpful and accommodating at all times, and will do its absolute best to assist the client wherever possible. Examples of issues that are not considered LUCY bugs: \\ |
+ | * Application or system problems caused by changing anything within the Linux operating system on which LUCY runs.\\ | ||
+ | * Third party SPAM filters blocking mails from LUCY.\\ | ||
+ | * External Mail relays that do not work as expected.\\ | ||
+ | * Proxy settings preventing LUCY to receive updates\\ | ||
+ | * DNS configuration issues caused by DNS entries not made by LUCY. | ||
+ | |||
+ | |||
+ | **Security and Monitoring on LUCY VPS/SaaS environment**\\ | ||
+ | The following information describes the process of installing and supporting a new LUCY server when it is hosted by LUCY. In case of purchasing the SaaS edition, LUCY creates a new server on the infrastructure of LUCY’s prefered provider in the country of the customer' | ||
+ | - All LUCY serves have configured Firewall to restrict access to the servers. The access is only allowed for the System Administrator and Support team. If required, access (root) can also be assigned exclusively to the client.\\ | ||
+ | - Fail2ban daemon is running for protection from brute-force attacks, it is configured to protect both SSH and Postfix.\\ | ||
+ | - Auditd daemon provides the detailed information about all system events, especially information on security violations that allows to take necessary actions. The event information is available in log files stored locally.\\ | ||
+ | - Lynis – a flexible tool that is normally executed after installation of a new server and allows to check a new system in the following ways: Security audits, Compliance testing, Penetration testing, Vulnerability detecting & System hardening.\\ | ||
+ | - Rkhunter – is executed weekly, it is used to scan the server for rootkits, backdoors and possible local exploits. The scanning results are available in log files stored locally.\\ | ||
+ | - Zabbix agent – is used for monitoring processes and hardware on the LUCY server.\\ | ||
+ | - Backup script – is used for encrypting LUCY backups and transferring backups to the backup server. If you do not require external backups, we can disable this feature. | ||
+ | |||
+ | Additionally, | ||
+ | Since updating to the new version of LUCY is only possible when all campaigns are stopped, the LUCY software updating process is done manually by the client after publishing a new LUCY version. The update can be done with a click of a button. | ||
+ | |||
+ | **Database Encryption**\\ | ||
+ | LUCY stores all related data in PostgreSQL 9.6 RDBMS. All sensitive information stored in there is encrypted as PostgreSQL is available only for internal connections. There are no configurable options for the DB encryption. | ||
+ | The encryption is mandatory for all data and is performed automatically with the following settings: | ||
+ | * It’s a column-level encryption performed on both the application and DB layers before storing any data in the database. We don’t use TDE (transparent database encryption), | ||
+ | * We mostly perform the encryption/ | ||
+ | * The encryption is performed using AES-256-CBC. | ||
+ | * On demand we can provide a HSM solution, that will allow us to use a HSM-based encryption – in that case the encryption key will be stored on the external hardware module with anti-tampering protection. | ||
+ | * | ||
+ | |||
+ | |||
+ | **Confidentiality Obligations**\\ | ||
+ | For purposes of this Agreement, " | ||
+ | **Applicable law and dispute resolution**\\ | ||
+ | This contract shall be governed by Swiss law. Any dispute arising out of or in connection with this contract shall be brought before the competent courts in Zurich. Place of jurisdiction shall be Zurich. Any pre-printed terms and conditions of Lucy Security AG shall be excluded in their entirety and shall not become part of this contract, unless and to the extent that the client has explicitly accepted in writing such general terms and conditions. | ||
terms_and_conditions.txt · Last modified: 2021/09/24 09:02 by lucysecurity