diff --git a/docs/docs/guides/manage/cloud/support.md b/docs/docs/guides/manage/cloud/support.md index ac69396e26..1d0e91c29a 100644 --- a/docs/docs/guides/manage/cloud/support.md +++ b/docs/docs/guides/manage/cloud/support.md @@ -4,7 +4,7 @@ sidebar_label: Support --- :::note -We describe our [support services](/docs/legal/support-services) and information required in more detail in our legal section. Beware that not all features may be supported by your subscription and consult the [support states](/docs/support/software-release-cycles-support#support-states). +We describe our [support services](/docs/legal/service-description/support-services) and information required in more detail in our legal section. Beware that not all features may be supported by your subscription and consult the [support states](/docs/support/software-release-cycles-support#support-states). ::: In the header you can find a button for the support. diff --git a/docs/docs/guides/overview.mdx b/docs/docs/guides/overview.mdx index e85532398c..3a42374e82 100644 --- a/docs/docs/guides/overview.mdx +++ b/docs/docs/guides/overview.mdx @@ -37,7 +37,7 @@ Choose [ZITADEL self-hosted](/self-hosting/deploy/overview) if you want: Join our [Discord chat](https://zitadel.com/chat) or open a [discussion](https://github.com/zitadel/zitadel/discussions) on Github to get help from the community and the ZITADEL team. -Cloud and enterprise customers can additionally reach us privately via our [support communication channels](/legal/support-services). +Cloud and enterprise customers can additionally reach us privately via our [support communication channels](/legal/service-description/support-services). ## Contribute diff --git a/docs/docs/guides/solution-scenarios/b2c.mdx b/docs/docs/guides/solution-scenarios/b2c.mdx index 167d18d0ce..ce67e46797 100644 --- a/docs/docs/guides/solution-scenarios/b2c.mdx +++ b/docs/docs/guides/solution-scenarios/b2c.mdx @@ -33,7 +33,7 @@ If you are migrating an existing project and you already have an external identi Read our [Management API definitions](/apis/resources/mgmt) for more info. If the users email is not verified or no password is set, a initialization mail will be send. :::info -Requests to the management API are rate limited. Read our [Rate limit Policy](../../legal/rate-limit-policy) for more info. +Requests to the management API are rate limited. Read our [Rate limit Policy](/docs/legal/policies/rate-limit-policy) for more info. ::: ### User Authentication diff --git a/docs/docs/legal/annex-support-services.mdx b/docs/docs/legal/annex-support-services.mdx new file mode 100644 index 0000000000..17f00b7834 --- /dev/null +++ b/docs/docs/legal/annex-support-services.mdx @@ -0,0 +1,68 @@ +--- +title: Annex for ZITADEL Enterprise and Support Services +sidebar_label: Enterprise Agreement +custom_edit_url: null +--- + +Last updated on November 15, 2023 + +This annex of the [Framework Agreement](terms-of-service) describes the commercial support services (**Support Services**, **Enterprise License**, or **Enterprise Agreement**) for units of ZITADEL software products (**Unit**), if not otherwise defined a Unit refers to a is a single, dedicated setup of an application or service covered under an Enterprise agreement. + +The customer relationship (**Framework Agreement** or **The Agreement**) is created by the **Customer** (**"you"**) by accepting a **Purchase Order** (**"PO"**) for the specified Support Services (**Booking**). Jointly you and ZITADEL will be referred to as **the Parties**. The terms of service (**"TOS"**) outlined in this document establish the most important points of this Framework Agreement – independently of the use of any other services. + +### Term + +Coverage under this Agreement will start with Booking of Support Services, for a minimum period of 12 months. +Support Services agreements will automatically renew for additional one-year term upon submission of a purchase order for renewal, unless either you or ZITADEL provides written notice (E-Mail sufficient) of termination of any such term. +Each renewal will be at ZITADEL's then-current rate. +In the event that you accesses ZITADEL Support services in any way after the Agreement has expired or been terminated, you will continue to be bound by this Agreement, which will continue to apply to the services after such expiration or termination. + +### Service review + +If not otherwise agreed, ZITADEL offers a yearly review meeting with you to discuss the service quality and any feedback you might have. We are not required to participate in the meeting after the term has expired. + +## Your obligations + +### Maintenance of units + +You will ensure that units eligible for Support Service are maintained and upgraded frequently. +If you operate units with a release date older than 180 days since our latest stable release, the term is continued but ZITADEL is not required to handle any support request for that unit until the units are upgraded and re-certified. + +### Support Process + +You will ensure to follow the support process, especially provide all required initial information to the issue, as outlined in the [Annex](./service-description/support-services) to this document. + +### Training of support staff + +You will ensure regular training of your support staff. Your support staff must be able to provide the required information for support issues to us, and thus requires access and up-to-date knowledge of the services. + +Initial know-how transfer for the services will be organized in training sessions conducted by us. We can provide knowledge sessions throughout the term to train newly onboarded staff, update your support staff about important updates, or refresh knowledge in specified areas. In case we notice insufficient quality of support requests from Customers, we will propose appropriate training sessions. + +## Financial + +### Lapsed Service Fee + +In case the term of the Support Service contract has expired within 1 to 180 days, you will be required to pay a Lapsed Service fee in addition to purchasing and activating a one-year renewal contract term at the then-current fee and conditions. The renewal term's start date will also be backdated to begin coverage from the service's original expiration date. + +Please contact us for current fees. + +### Recertification Fee + +Recertification of a unit, to be covered under Support Services, is required for: + +* units for which Support Services have been expired for more than 180 days +* units that run a release that is older than 180 days from the products most recent stable release +* requests for support on products and services purchased or supported from non-authorized resellers + +Recertification of a unit requires payment of a Recertification Fee which results in a checkup of the unit by ZITADEL. The unit will be inspected to asses its condition and eligibility for service coverage. + +Please contact us for current fees. + +### Disaster recovery + +You are solely responsible to ensure appropriate backup and disaster recovery of Units managed by you. +Any liability for damages, indirect or direct, in case of data loss is explicitly rejected. + +### Amendments + +We are entitled to unilaterally amend these TOS at any time. The current version is accessible via our website. We will inform you of any amendments via email. These amendments shall be considered as accepted upon booking additional services or at the latest after 30 days. In the case of a rejection on your part we reserve the right to terminate the Framework Agreement. diff --git a/docs/docs/legal/cloud-service-description.md b/docs/docs/legal/cloud-service-description.md deleted file mode 100644 index 573fbeb6ce..0000000000 --- a/docs/docs/legal/cloud-service-description.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: Cloud Service -custom_edit_url: null ---- - -This annex of the [Framework Agreement](terms-of-service) describes the service levels offered by us for our Services. - -## Definitions - -**Monthly quota** means the available usage per measure for one billing period. The quota is reset to zero with the start of a new billing period. - -**Authenticated request** means any request to our API endpoints requiring a valid authorization header. We exclude requests with a server error, discovery endpoints, and endpoints to load UI assets. - -**Action minutes** means execution time, rounded up to 1 second, of custom code execution via a customer defined Action. - -**Adequate Country** means a country or territory recognized as providing an adequate level of protection for Personal Data under an adequacy decision made, from time to time, by (as applicable) (i) the Information Commissioner's Office and/or under applicable UK law (including the UK GDPR), or (ii) the [European Commission under the GDPR](https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). - -## Data location - -Data location refers to a region, consisting of one or many countries or territories, where the customer's data is stored in our database and processed by our systems. - -We can not guarantee that during transit the data will only remain within this region. We take measures, as outlined in our [privacy policy](privacy-policy), to protect your data in transit and in rest. - -The following regions will be available when using our cloud service. This list is for informational purposes and will be updated in due course, please refer to our website for all available regions at this time. - -- **Global**: All available cloud regions offered by our cloud provider -- **Switzerland**: Exclusively on Swiss region -- **GDPR safe countries**: Exclusively [Adequate Countries](https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en) as recognized by the European Commission under the GDPR - -## Backup - -Our backup strategy executes daily full backups and differential backups on much higher frequency. -In a disaster recovery scenario, our goal is to guarantee a recovery point objective (RPO) of 1h, and a higher but similar recovery time objective (RTO). -Under normal operations, RPO and RTO goals are below 1 minute. - -If you you have different requirements we provide you with a flexible approach to backup, restore, and transfer data (f.e. to a self-hosted setup) through our APIs. -Please consult the [migration guides](../guides/migrate/introduction.md) for more information. - -Last revised: June 21, 2023 \ No newline at end of file diff --git a/docs/docs/legal/data-processing-agreement.mdx b/docs/docs/legal/data-processing-agreement.mdx index ebbf162868..63a393605f 100644 --- a/docs/docs/legal/data-processing-agreement.mdx +++ b/docs/docs/legal/data-processing-agreement.mdx @@ -1,12 +1,15 @@ --- title: Data Processing Agreement custom_edit_url: null +custom: + created_at: 2022-07-15 + updated_at: 2023-11-16 --- import PiidTable from './_piid-table.mdx'; -## Background +Last updated on November 15, 2023 -Within the scope of the [**Framework Agreement**](terms-of-service), the **Processor** (CAOS Ltd.) processes **Personal Data** on behalf of the **Customer** (Responsible Party), collectively the **"Parties"**. +Within the scope of the [**Framework Agreement**](terms-of-service), the **Processor** (CAOS Ltd., also **ZITADEL**) processes **Personal Data** on behalf of the **Customer** (Responsible Party), collectively the **"Parties"**. This Annex to the Agreement governs the Parties' data protection obligations in addition to the provisions of the Agreement. @@ -33,11 +36,11 @@ The Processor is responsible for taking appropriate technical and organizational ### Bound by directions -The Processor processes personal data in accordance with its privacy policy (cf. [Privacy Policy](/legal/privacy-policy)) and on the documented directions of the Customer. The initial direction result from the Agreement. Subsequent instructions shall be given either in writing, whereby e-mail shall suffice, or orally with immediate written confirmation. +The Processor processes personal data in accordance with its privacy policy (cf. [Privacy Policy](/legal/policies/privacy-policy)) and on the documented directions of the Customer. The initial direction result from the Agreement. Subsequent instructions shall be given either in writing, whereby e-mail shall suffice, or orally with immediate written confirmation. If the Processor is of the opinion that a direction of the Customer violates the Agreement, the GDPR or other data protection provisions of the EU, EU Member States or Switzerland, it shall inform the Customer thereof and shall be entitled to suspend the Processing until the instruction is withdrawn or confirmed. -### Obligation of the processing persons to confidentiality +### Obligation of the processing persons to confidentiality The Processor shall ensure that the persons authorized to process the Personal Data have committed themselves to confidentiality, unless they are already subject to an appropriate statutory duty of confidentiality. @@ -49,19 +52,41 @@ The technical and organizational security measures are described in more detail ### Involvement of subcontracted processors -A current and complete list of involved and approved sub-processors can be found at [https://zitadel.com/trust/](https://zitadel.com/trust/). +A current and complete [list of involved and approved sub-processors](./subprocessors) can be found in our legal section. -The Processor is entitled to involve additional sub-processors. In this case, the Processor shall inform the Responsible Party about any intended change regarding sub-processors and update the list at . The Customer has the right to object to such changes. If the Parties are unable to reach a mutual agreement within 90 days of receipt of the objection by the Processor, the Customer may terminate the Agreement extraordinarily. +The Processor is entitled to involve additional sub-processors. +In this case, the Processor shall inform the Responsible Party about any intended change regarding sub-processors and update the list of involved an approved sub-processors. +The Customer has the right to object to such changes. +If the Parties are unable to reach a mutual agreement within 30 days of receipt of the objection by the Processor, the Customer may terminate the Agreement extraordinarily. -The Processor obligates itself to impose on all sub-processors, by means of a contract (or in another appropriate manner), the same data protection obligations as are imposed on it by this Annex. In particular, sufficient guarantees shall be provided that the appropriate technical and organizational measures are implemented in such a way that the processing by the sub-processor is carried out in accordance with the legal requirements. If the sub-processor fails to comply with its data protection obligations, the processor shall be liable to the customer for this as for its own conduct. +The Processor obligates itself to impose on all sub-processors, by means of a contract (or in another appropriate manner), the same data protection obligations as are imposed on it by this Annex. +In particular, sufficient guarantees shall be provided that the appropriate technical and organizational measures are implemented in such a way that the processing by the sub-processor is carried out in accordance with the legal requirements. + +Our websites and services may involve processing by third-party sub-processors with country of registration outside of Switzerland or the EU/EAA. +In these cases, we only transfer personal data after we have implemented the legally required measures for this, such as concluding standard contractual clauses on data protection or obtaining the consent of the data subjects. If interested, the documentation on these measures can be obtained from the contact person mentioned above. +The country of registration of a sub-processor may be different from the hosting location of the data. Please refer to the [list of involved and approved sub-processors](./subprocessors) for more details. + +If the sub-processor fails to comply with its data protection obligations, the processor shall be liable to the customer for this as for its own conduct. ### Assistance in responding to requests -The Processor shall support the Customer as far as possible with suitable technical and organizational measures in fulfilling its obligation to respond to requests to exercise the data subject's rights. The parties shall agree separately on the compensation of the Processor for this. +The Processor shall support the Customer as far as possible with suitable technical and organizational measures in fulfilling its obligation to respond to requests to exercise the data subject's rights (**"Data Subject Request"**). +The Processor will promptly notify the Customer if it receives a Data Subject Request. +The Processor will not respond to a Data Subject Request, provided that the Customer agrees the Processor may at its discretion respond to confirm that such request relates to the Customer. +The Customer acknowledges and agrees that the Services include features which will allow the Customer to manage Data Subject Requests directly through the Services without additional assistance from the Processor. +If the Customer does not have the ability to address a Data Subject Request, the Processor will, upon the Customer’s written request, provide reasonable assistance to facilitate the Customer’s response to the Data Subject Request to the extent such assistance is consistent with applicable law; provided that the Customer will be responsible for paying for any costs incurred or fees charged by the Processor for providing such assistance. + +The Processor, unless prohibited from doing so by applicable law, will promptly notify the Customer of any requests from a regulator or any other authority in relation to Personal Data that is being processed on behalf of the Customer, given that request resulted in disclosure of Personal Data to the regulator or any other authority. ### Further support for the customer -The Processor shall, taking into account the nature of the processing and the information available to it, assist the Customer in complying with its obligations in connection with the security of the processing, any notifications of personal data breaches, and any data protection impact assessments. +The Processor shall, taking into account the nature of the processing and the information available to it, assist the Customer in complying with its obligations in connection with the security of the processing, any notifications of [Security Incidents](#security-incidents), and any data protection impact assessments. + +### Security incidents + +The Processor will notify the Customer of any incident, meaning breach of security or other action or inaction leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data covered under this (***Security Incident"**) without undue delay, and will promptly provide the Customer with all reasonable information concerning the Security Incident insofar as it affects the Customer. +If possible, the Processor will promptly implement measures proposed in the notification. +Insofar required the Processor will assist the Customer in notifying any applicable regulatory authority. ### Deletion or destruction after termination @@ -69,7 +94,8 @@ Upon Customer's request, the Processor shall delete personal data received after ### Information and control rights of the customer -The Processor shall provide the Customer with all information necessary to demonstrate compliance with the obligations set forth in this annex. It shall enable and contribute to audits, including inspections, carried out by the Customer or an auditor appointed by the Customer. +The Processor shall provide the Customer with all information necessary to demonstrate compliance with the obligations set forth in this annex or to respond to requests from an applicable supervisory authority, subject to the confidentiality terms in the Framework Agreement. +The Processor shall enable and contribute to audits, including inspections, carried out by the Customer or an auditor appointed by the Customer. The procedure to be followed in the event of directions that are presumed to be unlawful is governed by the section [Bound by directions](#bound-by-directions) of this Appendix. @@ -84,7 +110,7 @@ The following measures for pseudonymization and encryption exist: 1. All communication is encrypted with TLS >1.2 with PFS 2. Critical data is exclusively stored in encrypted form 3. Storage media that store customer data are always encrypted -4. Passwords are irreversibly stored with a hash function (bcrypt) +4. Passwords are irreversibly stored with a hash function 5. Data for web analytics are pseudonymized and do not contain any personal data ### Ensuring certain properties of the systems and services @@ -93,8 +119,10 @@ The following measures for pseudonymization and encryption exist: The following confidentiality measures exist: -1. Implementation of information security policies -2. Implementation of secure authentication policies +1. Information security policies +2. Authentication policies +3. Vendor management policies +4. Technical measures in this annex #### Integrity @@ -135,9 +163,3 @@ The following measures exist for regular review, assessment and evaluation of ef 1. At least annual audit and evaluation of processes within the framework of an information security management system 2. Responsible Disclosure and Bug Bounty policies 3. External audit of system security ("penetration testing") - -## Entry into force - -This agreement is valid from 15.07.2022. - -Last revised: June 14, 2022 diff --git a/docs/docs/legal/onboarding-support.md b/docs/docs/legal/onboarding-support.md deleted file mode 100644 index e9c76ac38e..0000000000 --- a/docs/docs/legal/onboarding-support.md +++ /dev/null @@ -1,87 +0,0 @@ ---- -title: Description of onboarding support services for ZITADEL -sidebar_label: Onboarding support -custom_edit_url: null ---- - -This annex of the [Framework Agreement](terms-of-service) describes the onboarding support services offered by us for our services. - -Last revised: October 12, 2023 - -Our onboarding support should help you, as a new customer, to get a better understanding on how to integrate ZITADEL into your solution, how to tackle the migration, and ensure a highly-available day-to-day operation. - -Onboarding support services can be offered to customers that enter a ZITADEL Cloud or a ZITADEL Enterprise subscription. - -If you intend to use the open source version exclusively then please join our community chat or Github. -Your questions might help other people in the community and will make our project better over time. - -Please [contact us](https://zitadel.com/contact) for a quote and to get started with onboarding support. -Below you will find topics covered and scope of the offered services. - -## Proof of value - -Within a short time-frame, f.e. 3 weeks, we can show the value of using our services and have the ability to establish the proof a of working setup for your most critical use cases. -We may offer to support you during an initial period to evaluate next steps. -Before the start of the period we may ask you to provide a description of your critical use cases and a high-level overview of your planned integration architecture. -During this period you should make sure that you have the necessary resources on your side to complete the proof of value. - -## Onboarding term - -With the onboarding support we provide the initial knowledge transfer to configure and operate ZITADEL. -During the term you will get direct access to our engineering team via [Technical Account Management](./support-services.md#technical-account-manager). -Duration is typically 3 months but this could vary depending on your requirements. - -We offer an onboarding term in combination with ZITADEL Enterprise subscriptions. - -### Topics covered - -Topics of the onboarding term may include: - -- Administration -- DevOps (Operation) -- Architecture -- Integration -- Migration -- Security Best Practices & Go-Live Checkup - -The scope will be tailored to your requirements. - -More details - -- IAM Configuration -- Walk-though all features -- Users / Manuals -- Authentication & Management APIs -- Validation of tokens -- Client integration best-practices -- Event types -- Database schemas and compute models -- Accessing database -- Observability (Logs, Errors, Metrics, Tracing) -- Operations best practices (Deployment, Backup, Networking etc.) -- Check prerequisites and architecture -- Troubleshoot installation and configuration of ZITADEL -- Troubleshoot and configuration connectivity to the database -- Functional testing of the ZITADEL instance - -
- Out of scope - -
- -## Continuous support - -After the onboarding phase has ended we will provide continuous support according to your subscription. -We can provide you with continued access to the technical account management in our Enterprise subscriptions. diff --git a/docs/docs/legal/acceptable-use-policy.md b/docs/docs/legal/policies/acceptable-use-policy.md similarity index 58% rename from docs/docs/legal/acceptable-use-policy.md rename to docs/docs/legal/policies/acceptable-use-policy.md index 5fb99138aa..5af3a37daa 100644 --- a/docs/docs/legal/acceptable-use-policy.md +++ b/docs/docs/legal/policies/acceptable-use-policy.md @@ -3,7 +3,9 @@ title: Acceptable Use Policy custom_edit_url: null --- -This policy is an annex to the [Terms of Service](terms-of-service) and clarifies your obligations while using our Services. +Last updated on November 15, 2023 + +This policy is an annex to the [Terms of Service](../terms-of-service) and clarifies your obligations while using our Services. ## Use @@ -17,13 +19,22 @@ You may not: 4. Attempt to probe, scan, penetrate or test the vulnerability of our Subscription Services, Website, systems, or network or try to circumvent our authentication. Any penetration testing must not be conducted without prior written consent by CAOS. 5. Use any organization or domain name that includes or is confusingly similar with trademarks, or any third parties. CAOS may determine any violation at its sole discretion 6. Collecting any information about our Customers, our Customers users, or our users without the consent of the person identified. This includes phishing, social engineering, scamming, spidering or harvesting information from any Subscription Service or Website +7. Use Actions to run workloads that are unrelated to the Subscription Services and Websites, such as excessively calling unrelated third party services, crypto mining, intentionally long running code -## Fair Use Principle +## Fair use principles -The “fair use” principle applies to the use of our services. We optimize our infrastructure in such a way that sufficient capacity is available to you even during short-term increased demand (“peaks”) and implement mitigation measures such as our [Rate Limit Policy](rate-limit-policy). You are nonetheless required to adhere to reasonable use of our resources in order to avoid negatively affecting the services for other customers. +The “fair use” principle applies to the use of our services. +We optimize our infrastructure in such a way that sufficient capacity is available to you even during short-term increased demand (“peaks”) and implement mitigation measures such as our [Rate Limit Policy](rate-limit-policy). +You are nonetheless required to adhere to reasonable use of our resources in order to avoid negatively affecting the services for other customers. You agree that we may delete any data on our systems or networks, if CAOS believes that this data may corrupt our systems, interfere or may compromise other customers' data. +You agree to adhere to the following fair use limits: + +- [Actions minutes](../service-description/billing.md#action-minutes): A monthly limit of 1'000 Action minutes per instance +- Usage limits that were agreed by both parties in advance for the duration of the term + ## Violations of this policy -We may suspend or terminate your usage of our Services for any violation of this Acceptable Use Policy. You will not be entitled to any Financial Credit or compensation for any interruptions caused by violation of this policy. +We may suspend or terminate your usage of our Services for any violation of this Acceptable Use Policy. +You will not be entitled to any Financial Credit or compensation for any interruptions caused by violation of this policy. diff --git a/docs/docs/legal/policies/account-lockout-policy.md b/docs/docs/legal/policies/account-lockout-policy.md index 12bc9e44ac..a593eac1bc 100644 --- a/docs/docs/legal/policies/account-lockout-policy.md +++ b/docs/docs/legal/policies/account-lockout-policy.md @@ -4,6 +4,8 @@ sidebar_label: Account Lockout Policy custom_edit_url: null --- +Last updated on May 31, 2023 + This policy is an annex to the [Terms of Service](../terms-of-service) that clarifies your obligations and our procedure handling requests where you can't get access to your ZITADEL Cloud services and data. This policy is applicable to situations where we, ZITADEL, need to restore your access for a otherwise available service and not in cases where the services are unavailable. ## Why to do we have this policy? @@ -55,9 +57,3 @@ Please visit the [support page in the customer portal](https://zitadel.cloud/adm Please allow us time to validate your request. Our support will get back to you to request additional information for verification. - -## Entry into force - -This policy is valid from May 31, 2023. - -Last revised May 31, 2023 \ No newline at end of file diff --git a/docs/docs/legal/policies/brand-trademark-policy.md b/docs/docs/legal/policies/brand-trademark-policy.md new file mode 100644 index 0000000000..b6b1c6aaff --- /dev/null +++ b/docs/docs/legal/policies/brand-trademark-policy.md @@ -0,0 +1,45 @@ +--- +title: Use of brands and trademarks +sidebar_label: Brand and Trademark Policy +custom_edit_url: null +--- + +Last updated on November 15, 2023 + +This policy is an annex to the [Terms of Service](../terms-of-service) that clarifies how you may use our brands and trademarks under fair use. + +We reserve the right to object to any use or misuse of brands and trademarks in any jurisdiction worldwide. +If you are unsure about the use of our logos, please contact [legal@zitadel.com](mailto:legal@zitadel.com). + +## Conditions + +ZITADEL's brand assets and trademarks are proprietary assets owned exclusively by us. + +No third party may claim ownership over brand assets and trademarks or brands and trademarks that are confusingly similar. This extends to all trademarks in image, textform, combined image and text, visual, and audio. + +You must not include our brands and trademarks in the name of your product or service wether commercial or non-commercial, this includes, but is not limited to, websites, blogs, informational, advertising, and personal home pages, applications. + +## Spelling + +When referring to ZITADEL, please make sure it is spelled correctly and written in uppercase letters. + +## Logo usage + +When embedding our logo, always use the official version. +You must not alter the logo in any way, and avoid overlapping with other images. + +To ensure the logo is used as intended, we provide specific examples below and reserve the right to object to any use or misuse. + +### Fair use + +- Use in architecture diagrams without implying affiliation or partnership +- Editorial and informational purposes such as blog posts or news articles +- Linking back to our [website](https://zitadel.com), official [repositories](https://github.com/zitadel), or [documentation](https://zitadel.com/docs) +- Indicating that the software is available for use or installation without implying any affiliation or endorsement + +### Not acceptable + +- Using our brands and trademarks, including our logo, or any variations for your own product or services +- Modification of our brands and trademarks +- Integration of our brands and trademarks into your own brands and trademarks +- Suggesting affiliation, endorsement, or partnership without our consent diff --git a/docs/docs/legal/policies/feature-development-policy.md b/docs/docs/legal/policies/feature-development-policy.md index 0b80fc556e..7e94f60508 100644 --- a/docs/docs/legal/policies/feature-development-policy.md +++ b/docs/docs/legal/policies/feature-development-policy.md @@ -3,6 +3,8 @@ title: Feature Development Policy custom_edit_url: null --- +Last updated on September 25, 2023 + This policy clarifies how we handle requests for feature prioritization and development. This policy is applicable to situations where a user wants to prioritize certain features or development for our products and services. ## Why to do we have this policy? @@ -49,9 +51,3 @@ We will send you an invoice and expect payment within the given deadline. Completion means that the agreed scope is available according to the agreed acceptance criteria. You had 14 days to verify the acceptance criteria and report any issues. A feature is considered complete, if the outstanding issues are being solved, or a timeline for resolution of the issues has been mutually agreed, or if we haven't got any response within the last 14 days. - -## Entry into force - -This policy is valid from September 25, 2023. - -Last revised September 25, 2023 diff --git a/docs/docs/legal/privacy-policy.mdx b/docs/docs/legal/policies/privacy-policy.mdx similarity index 98% rename from docs/docs/legal/privacy-policy.mdx rename to docs/docs/legal/policies/privacy-policy.mdx index fda2b1d610..8a392b957e 100644 --- a/docs/docs/legal/privacy-policy.mdx +++ b/docs/docs/legal/policies/privacy-policy.mdx @@ -2,9 +2,9 @@ title: Privacy Policy custom_edit_url: null --- -import PiidTable from './_piid-table.mdx'; +import PiidTable from '../_piid-table.mdx'; -## Introduction +Last updated on November 15, 2023 This privacy policy applies to CAOS Ltd., the websites it operates (including zitadel.ch, zitadel.cloud and zitadel.com) and the services and products it provides (including ZITADEL). This privacy policy describes how we process personal data for the provision of this websites and our products. @@ -86,7 +86,11 @@ The fulfillment of the contract includes in particular, but is not limited to, t ## Disclosure to third parties -We use third-party services to provide the website and our offers. An up-to-date list of all the providers we use and their areas of activity can be found on our "[Trust Page](https://zitadel.com/trust)". +### Third party sub-processors + +We use third-party services to provide the website and our offers. An up-to-date list of all the providers we use and their areas of activity can be found on our [list of involved and approved sub-processors](../subprocessors). + +### External payment providers This website uses external payment service providers through whose platforms users and we can make payment transactions. For example via @@ -99,8 +103,12 @@ The data processed by the payment service providers includes personal data, such For payment transactions, the terms and conditions and the data protection notices of the respective payment service providers apply, which can be accessed within the respective website or transaction applications. We also refer to these for the purpose of further information and assertion of revocation, information and other rights concerned. +### Law enforcement + We disclose personal information to law enforcement agencies, investigative authorities or in legal proceedings to the extent we are required to do so by law or when necessary to protect our rights or the rights of users. +### Visitor analytics + We also share data with third parties in aggregate form and/or in a form that does not allow the recipient to identify the data subject from that data third parties, for example for analytics. ## Cookies @@ -180,9 +188,3 @@ We may amend this privacy policy at any time without prior notice. Always the cu ## Questions about data processing by us If you have any questions about our data processing, please email us or contact the person in our organization listed at the beginning of this privacy statement directly. - -## Entry into force - -This privacy policy is valid from July 15, 2022. - -Last revised: December 2, 2022 \ No newline at end of file diff --git a/docs/docs/legal/rate-limit-policy.md b/docs/docs/legal/policies/rate-limit-policy.md similarity index 89% rename from docs/docs/legal/rate-limit-policy.md rename to docs/docs/legal/policies/rate-limit-policy.md index 48c78b6a48..378bab28e4 100644 --- a/docs/docs/legal/rate-limit-policy.md +++ b/docs/docs/legal/policies/rate-limit-policy.md @@ -3,7 +3,9 @@ title: Rate Limit Policy custom_edit_url: null --- -This policy is an annex to the [Terms of Service](terms-of-service) and clarifies your obligations while using our Services, specifically how we will use rate limiting to enforce certain aspects of our [Acceptable Use Policy](acceptable-use-policy). +Last updated on April 20, 2023 + +This policy is an annex to the [Terms of Service](../terms-of-service) and clarifies your obligations while using our Services, specifically how we will use rate limiting to enforce certain aspects of our [Acceptable Use Policy](acceptable-use-policy). ## Why do we rate limit diff --git a/docs/docs/legal/vulnerability-disclosure-policy.mdx b/docs/docs/legal/policies/vulnerability-disclosure-policy.mdx similarity index 98% rename from docs/docs/legal/vulnerability-disclosure-policy.mdx rename to docs/docs/legal/policies/vulnerability-disclosure-policy.mdx index 74d04258e3..68e3e34e4d 100644 --- a/docs/docs/legal/vulnerability-disclosure-policy.mdx +++ b/docs/docs/legal/policies/vulnerability-disclosure-policy.mdx @@ -3,6 +3,8 @@ title: Vulnerability Disclosure Policy custom_edit_url: null --- +Last updated on March 16, 2023 + At ZITADEL we are extremely grateful for security aware people who disclose vulnerabilities to us and the open source community. All reports will be investigated by our team and we will work with you closely to validate and fix vulnerabilities reported to us. @@ -86,9 +88,3 @@ In case we have confirmed your report, we may compensate you, given prior writte - incurred during research for using our paid services - on time & material spend on analysis after confirming your report - -## Entry into force - -This policy is valid from March 16, 2023. - -Last revised March 16, 2023 diff --git a/docs/docs/legal/service-description/billing.md b/docs/docs/legal/service-description/billing.md new file mode 100644 index 0000000000..5a6988c084 --- /dev/null +++ b/docs/docs/legal/service-description/billing.md @@ -0,0 +1,81 @@ +--- +title: Pricing and billing of ZITADEL services +sidebar_label: Billing +custom_edit_url: null +--- + +Last updated on November 15, 2023 + +This annex of the [Framework Agreement](../terms-of-service) describes the pricing and billing of our Services. + +## Pricing + +You can find pricing information on our [website](https://zitadel.com/pricing). + +### Enterprise pricing + +Customer and ZITADEL may agree on an individual per-customer pricing via an Enterprise Agreement. + +## Billing Metrics + +### Monthly amount + +Monthly amount means the available usage per measure for one billing period. +The amount is reset to zero with the start of a new billing period. + +### Daily active user (DAU) + +Daily Active Users (DAU) are counted as users who authenticate or refresh their token during the given day. +To calculate the monthly amount we take the sum of DAU over a given month. +Included are users that either login with local accounts or users that login with an external identity provider. +Service users that authenticate or access the management API are counted against Daily Active Users. + +### Active external identity providers + +To calculate the monthly amount we take maximum activated external identity providers on each day over a given month. +Excluded are configured identity providers that are not activated. + +### Action minutes + +Action minutes mean execution time, rounded up to 1 second, of custom code execution via a customer defined Action. + +### Management API requests + +Management API requests means any request to the following API endpoints requiring a valid authorization header. +Excluded are requests with a server error, public endpoints, health endpoints, and endpoints to load UI assets. + +Management endpoints: + +- /zitadel.* +- /v2alpha* +- /v2beta* +- /admin* +- /management* +- /system* + +### Admin users + +Admin users means users within the customer portal that can manage a customer's account including billing, instances, analytics and additional services. + +### Audit trail history (events) + +Audit trail history (events) means past events that can be retrieved via API or GUI. +Typically all changes to any object in within ZITADEL are saved as events and can be used for audit trail and analytics purposes. +The number of past events that can be retrieved may be limited by your subscription. + +### Access and runtime logs (logs) + +Access and runtime logs (logs) means logs that are available about your instance. +Logs may contain information about success or failure reasons for API requests and Action executions, output from Actions, rate limit violations, and system health. +You might be able to retrieve logs only for a limited period of time based on your subscription. + +### Custom domains + +Custom domains mean domains that you can configure to reach your ZITADEL instance. +By default ZITADEL creates a custom domain for you when creating new instances. +Besides the included amount each additional custom domain is charged. + +## Payment cycle + +If not agreed otherwise, the payment frequency is monthly. +Your invoice will contain both pre-paid items for the current billing period and usage-based charges from the last billing period. diff --git a/docs/docs/legal/service-description/cloud-service-description.md b/docs/docs/legal/service-description/cloud-service-description.md new file mode 100644 index 0000000000..6d24e0315d --- /dev/null +++ b/docs/docs/legal/service-description/cloud-service-description.md @@ -0,0 +1,62 @@ +--- +title: Service description for ZITADEL Cloud and ZITADEL Enterprise +sidebar_label: Service description +custom_edit_url: null +--- + +Last updated on November 15, 2023 + +This annex of the [Framework Agreement](../terms-of-service) describes the services offered by us. + +## Services offered + +### ZITADEL Cloud + +[ZITADEL Cloud](https://zitadel.com) is a fully managed cloud service of the [ZITADEL software](https://github.com/zitadel). + +You will benefit from the same software as the open-source project, but we take care of the hosting, maintenance, backup, scaling, and operational security. The cloud service is managed and maintained by the team that also develops the software. + +When creating a new instance, you are able to choose a [data location](#data-location). +We follow a single-provider strategy by minimizing the involved [sub-processors](../subprocessors.md) to increase security, compliance, and performance of our services. [Billing](./billing.md) is based on effective usage of our services. + +### Enterprise license / self-hosted + +The ZITADEL Enterprise license allows you to use the [ZITADEL software](https://github.com/zitadel) on your own data center or private cloud. + +You will benefit from the transparency of the open source and the hyper-scalability of the same software that is being used to operate [ZITADEL Cloud](#zitadel-cloud). + +#### Benefits over using open source / community license + +- [Enterprise supported features](support-services) are only supported under an Enterprise license +- Individual [onboarding support](./support-services#onboarding-support) tailored to your needs and team +- Get access to our support with a [Service Level Agreement](support-services#service-level-agreement) that is tailored to your needs +- Benefit from personal [technical account management](support-services#technical-account-manager) provided by our engineers to help you with architecture, integration, migration, and operational improvements of your setup + +#### Benefits over ZITADEL Cloud + +You can reduce your supply-chain risks by removing us as sub-processor of personal information about your users. +Support staff will have no access to your infrastructure and will only provide technical support. +Operation and direct maintenance of ZITADEL will be done by you. + +You can freely choose the infrastructure and location to host ZITADEL. + +## Data location + +Data location refers to a region, consisting of one or many countries or territories, where the customer's data is being hosted. + +We can not guarantee that during transit the data will only remain within this region. We take measures, as outlined in our [privacy policy](../policies/privacy-policy), to protect your data in transit and in rest. + +The following regions will be available when using our cloud service. This list is for informational purposes and will be updated in due course, please refer to our website for all available regions at this time. + +- **Global**: All available cloud regions offered by our cloud provider +- **Switzerland**: Exclusively on Swiss region +- **GDPR safe countries**: Hosting location is within any of the EU member states and [Adequate Countries](https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en) as recognized by the European Commission under the GDPR + +## Backup + +Our backup strategy executes daily full backups and differential backups on much higher frequency. +In a disaster recovery scenario, our goal is to guarantee a recovery point objective (RPO) of 1h, and a higher but similar recovery time objective (RTO). +Under normal operations, RPO and RTO goals are below 1 minute. + +If you you have different requirements we provide you with a flexible approach to backup, restore, and transfer data (f.e. to a self-hosted setup) through our APIs. +Please consult the [migration guides](/docs/guides/migrate/introduction.md) for more information. diff --git a/docs/docs/legal/service-level-description.md b/docs/docs/legal/service-description/service-level-description.md similarity index 62% rename from docs/docs/legal/service-level-description.md rename to docs/docs/legal/service-description/service-level-description.md index 465a49d784..442b917f98 100644 --- a/docs/docs/legal/service-level-description.md +++ b/docs/docs/legal/service-description/service-level-description.md @@ -1,33 +1,42 @@ --- -title: Service Level +title: Service level description for ZITADEL Cloud +sidebar_label: Service Level custom_edit_url: null --- -## Introduction +Last updated on November 15, 2023 -This annex of the [Framework Agreement](terms-of-service) describes the service levels offered by us for our Services (ZITADEL Cloud). - -Last revised: June 14, 2022 +This annex of the [Framework Agreement](../terms-of-service) describes the service levels offered by us for our Services (ZITADEL Cloud). ## Definitions -**Monthly Uptime Percentage** means total number of minutes in a month, minus the number of minutes of Downtime suffered from all Downtime Periods in a month, divided by the total number of minutes in a month. +### Monthly Uptime Percentage -**Downtime Period** means a period of one or more consecutive minutes of Downtime. Partial minutes or intermittent Downtime for a period of less than one minute will not count towards any Downtime Period. +Monthly Uptime Percentage means total number of minutes in a month, minus the number of minutes of Downtime suffered from all Downtime Periods in a month, divided by the total number of minutes in a month. -**Downtime** means any period of time in which Core Services are not Available within the Region of the customer’s organization. Downtime excludes any time in which ZITADEL Cloud is not Available because of +### Downtime Period + +Downtime Period means a period of one or more consecutive minutes of Downtime. Partial minutes or intermittent Downtime for a period of less than one minute will not count towards any Downtime Period. + +### Downtime + +Downtime means any period of time in which Core Services are not Available within the Region of the customer’s organization. Downtime excludes any time in which ZITADEL Cloud is not Available because of - [Announced maintenance work](/docs/support/software-release-cycles-support#maintenance) - Emergency maintenance - Force majeure events. -**Available** means that Core Services of ZITADEL Cloud respond to Customer Requests in such a way that results in a Successful Minute. The Availability of Core Services will be monitored from CAOS’ facilities from black-box monitoring jobs. +### Available -**Successful Minute** means a minute in which ZITADEL cloud is not repeatedly returning Failed Customer Requests and includes minutes in which no Customer Request were made. +Available means that Core Services of ZITADEL Cloud respond to Customer Requests in such a way that results in a Successful Minute. The Availability of Core Services will be monitored from CAOS’ facilities from black-box monitoring jobs. -**Customer Requests** means a HTTP request made by a Customer or a Customers’ users to Core Services within the Customer’s organization’s region. +### Customer Requests -**Successful Minute** means a minute in which ZITADEL Cloud is not repeatedly returning Failed Customer Requests and includes minutes in which no Customer Requests were made. +Customer Requests means a HTTP request made by a Customer or a Customers’ users to Core Services within the Customer’s organization’s region. + +### Successful Minute + +Successful Minute means a minute in which ZITADEL Cloud is not repeatedly returning Failed Customer Requests and includes minutes in which no Customer Requests were made. Failed Customer Request means Customer Requests that @@ -39,14 +48,18 @@ This excludes specifically: - Failed Customer Requests due to malformed requests, client-side application errors outside of ZITADEL Cloud’s control - Customer Requests that do not reach ZITADEL Cloud Core Services -**Core Services** means the following ZITADEL Cloud Services and API’s: +### Core Services -- **Authentication API** Endpoints +Core Services means the following ZITADEL Cloud Services and API’s: + +- **Authentication API** Endpoints including the session endpoints - **OpenID Connect 1.0 / OAuth 2.0 API** Endpoints - **SAML 2.0** Endpoints - **Login Service** means the graphical user interface of ZITADEL Cloud for users to Login, Self-Register, and conduct a Password Reset. - **Identity Brokering Service** means the component of ZITADEL Cloud that handles federated authentication of users with third-party identity provider, excluding any failure or misconfiguration by the third-party +### Financial Credit + **Financial Credit** means the percent of the monthly subscription fee applicable to the month in which the guaranteed service level was not met, according to the actual achieved monthly uptime percentage, as shown in the following table Achieved vs. Guaranteed| 99.50% | 99.90% | 99.95% diff --git a/docs/docs/legal/service-description/support-services.mdx b/docs/docs/legal/service-description/support-services.mdx new file mode 100644 index 0000000000..617999d205 --- /dev/null +++ b/docs/docs/legal/service-description/support-services.mdx @@ -0,0 +1,254 @@ +--- +title: Support service description for ZITADEL +sidebar_label: Support service +custom_edit_url: null +--- + +import Tabs from '@theme/Tabs'; +import TabItem from '@theme/TabItem'; + +Last updated on November 15, 2023 + +This annex of the [Framework Agreement](../terms-of-service) and the [Support Service Terms and Conditions](../annex-support-services) describes the support services offered by us for our Services. + +Support Services for products and services provided by ZITADEL is offered to customers according to the terms and conditions outlined in this document. +The customer may purchase support services from ZITADEL (CAOS Ltd.) directly. + +## Service Level Agreement + +ZITADEL provides a Service Level Agreement for support of the [services offered](./cloud-service-description.md#services-offered). +Depending on your subscription plan you might be eligible to the following support service level agreement. + +### ZITADEL Cloud + +Based on your subscription plan you may be eligible for the support services as outlined in this document. +You may purchase additional premium support plans which replace the default support features. + +#### Support in subscription plans + +Support features for ZITADEL Cloud subscriptions are as follows: + +Subscription Plans | Free | Production | Enterprise Cloud +--- | --- | --- | --- +[Support hours](#support-hours) | Business hours | Business hours | bespoke (up to 24x7) +[Response Time](#slo---initial-response-time) (Severity 1) | Best effort | 48 business hours | bespoke (as low as 30min) +[Community support](#community-support) | yes | yes | yes +[Professional support](#professional-support) | no | yes | yes +[Enterprise supported features](/docs/support/software-release-cycles-support.md#enterprise-supported) | no | no | yes +[Technical Account Management](#technical-account-manager) | no | no | bespoke + +#### Extended support + +Extended support can be added to ZITADEL Cloud subscription plans. +The default support features will be replaced as follows: + +Extended support | Default +--- | --- +[Support hours](#support-hours) | [Extended hours](#extended-hours) +[Response Time](#slo---initial-response-time) (Severity 1) | 1 business hour +[Community support](#community-support) | yes +[Professional support](#professional-support) | yes +[Enterprise supported features](/docs/support/software-release-cycles-support.md#enterprise-supported) | no +[Technical Account Management](#technical-account-manager) | no + +### ZITADEL Enterprise / self-hostable + +With ZITADEL Enterprise you become eligible for support plans according to your purchase order for self-hosting ZITADEL. +Please refer to the [service description](./cloud-service-description.md#enterprise-license--self-hosted) for an overview of ZITADEL Enterprise. + +ZITADEL Enterprise self-hostable| Default +--- | --- +[Support hours](#support-hours) | bespoke (up to 24x7) +[Response Time](#slo---initial-response-time) (Severity 1) | bespoke (as low as 30min) +[Community support](#community-support) | yes +[Professional support](#professional-support) | yes +[Enterprise supported features](/docs/support/software-release-cycles-support.md#enterprise-supported) | yes +[Technical Account Management](#technical-account-manager) | bespoke + +## Description of support services + +### Support hours + +#### Business hours + +Business hours means 08:00-17:00 Monday - Friday Switzerland time (or as per agreement with the customer). All times exclude public holidays in Switzerland / Canton St. Gallen. + +#### Extended hours + +Extended hours means 07:00-19:00 Monday - Friday Switzerland time (or as per agreement with the customer). All times exclude public holidays in Switzerland / Canton St. Gallen. + +### Ticket + +Ticket means a discrete technical or non-technical issue that was submitted by the customer and exists in the support portal. A ticket includes a record of all communication associated with the issue. + +### SLO - Initial response time + +ZITADEL service level objective (SLO) for Support Services is defined in terms of initial response time to a support request, as outlined in the table below per plan. +ZITADEL will use reasonable efforts to resolve support requests, but does not guarantee a work-around, resolution or resolution time. + +Subscription Plans | Default | Extended SLA | Custom +--- | --- | --- | --- +Severity 1| Best effort | 1 business hour | up to 30min +Severity 2| Best effort | 2 business hour | 2 business hours +Severity 3| Best effort | 12 business hour | 12 business hours +Severity 4| Best effort | 24 business hour | 24 business hours + +If we fail to provide the initial response time objective, you will be entitled to service credits. For every 15 minutes exceeding the state objective, 1 day will be added as extension to the current term. + +### Communication + +#### Community support + +Community support for ZITADEL is available on our website, our [public chat](https://zitadel.com/chat), and [GitHub](https://github.com/zitadel/). + +#### Professional support + +- Support is available in English +- Default contact: Whenever customers require support, Customers should consult the documentation of the service or product or post a question to our community +- When Customer is eligible for support services through a Subscription Plan, Customer may contact ZITADEL support via the following channels + +Support Feature | Contact information +--- | --- +Ticket | Submit an issue via the [customer portal](https://zitadel.com/admin/support) +eMail Support | support@zitadel.com +Chat Support | Private chat channel between ZITADEL and Customer that is opened when Subscription becomes active +Phone Support | +41 43 215 27 34 + +- ZITADEL Cloud system status, incidents and maintenance windows will be communicated via [our status page](https://status.zitadel.com). +- Questions regarding pricing, billing, and invoicing of our services should be addressed to billing@zitadel.com +- Security related questions and incidents can also be directly addressed to security@zitadel.com + +### Technical account manager + +ZITADEL will enhance its support offering by providing eligible clients with a Technical Account Manager (TAM), who will perform the following tasks for up to the agreed amount of time during the term of service: + +- Provide support and advice regarding best practices on platform, product and configuration covered by the applicable Support Services; +- Participate in review calls every other week at mutually agreed times addressing customer’s operational challenges or complex support requests; +- Walk-through of new features and customer feedback. + +We offer TAM services only bundled with specific subscription plans, and the option to add more TAM hours per period to these plans. +If you require consulting for your projects, please request a quote via our [website](https://zitadel.com/contact). + +### Onboarding support + +Our onboarding support should help you, as a new customer, to get a better understanding on how to integrate ZITADEL into your solution, how to tackle the migration, and ensure a highly-available day-to-day operation. + +Onboarding support services can be offered to customers that enter a ZITADEL Cloud or a ZITADEL Enterprise subscription. + +If you intend to use the open-source version exclusively then please join our community chat or GitHub. +Your questions might help other people in the community and will make our project better over time. + +Please [contact us](https://zitadel.com/contact) for a quote and to get started with onboarding support. +Below you will find topics covered and scope of the offered services. + +#### Proof of value + +Within a short time-frame, f.e. 3 weeks, we can show the value of using our services and have the ability to establish the proof a of working setup for your most critical use cases. +We may offer to support you during an initial period to evaluate next steps. +Before the start of the period we may ask you to provide a description of your critical use cases and a high-level overview of your planned integration architecture. +During this period you should make sure that you have the necessary resources on your side to complete the proof of value. + +#### Onboarding term + +With the onboarding support we provide the initial knowledge transfer to configure and operate ZITADEL. +During the term you will get direct access to our engineering team via [Technical Account Management](#technical-account-manager). +Duration is typically 3 months but this could vary depending on your requirements. + +We offer an onboarding term in combination with ZITADEL Enterprise subscriptions. + +#### Topics covered + +The scope will be tailored to your requirements. +Topics of the onboarding term may include + +- Administration +- DevOps (Operation) +- Architecture +- Integration +- Migration +- Security Best Practices & Go-Live Checkup + + + +
    +
  • IAM Configuration
    • +
  • Walk-though all features
    • +
  • Users / Manuals
    • +
  • Authentication & Management APIs
    • +
  • Validation of tokens
    • +
  • Client integration best-practices
    • +
  • Event types
    • +
  • Database schemas and compute models
    • +
  • Accessing database
    • +
  • Observability (Logs, Errors, Metrics, Tracing)
    • +
  • Operations best practices (Deployment, Backup, Networking etc.)
    • +
  • Check prerequisites and architecture
    • +
  • Troubleshoot installation and configuration of ZITADEL
    • +
  • Troubleshoot and configuration connectivity to the database
    • +
  • Functional testing of the ZITADEL instance
    • +
+ + +
    +
  • Performance testing
    • +
  • Setting up or maintaining backup storage
    • +
  • Running multiple ZITADEL instances on the same cluster
    • +
  • Integration into internal monitoring and alerting
    • +
  • Multi-cluster architecture deployments
    • +
  • DNS, Network and Firewall configuration
    • +
  • Customer-specific Kubernetes configuration needs
    • +
  • Non-production environments
    • +
  • Production deployment
    • +
  • Application-side coding, configuration, or tuning
    • +
+ + + +## Support + +### Support request + +ZITADEL agrees to handle support incidents in the following scenarios: + +1. Service, product or configuration as provided by ZITADEL contains errors or critical security-related issues +2. Service or product requires upgrades or changes through the customer +3. Service or product has incorrect or missing documentation + +Support features include: + +- Answer questions regarding usage of specific features or configurations +- Provide high-level suggestions regarding appropriate usage, features or configurations +- Assist in troubleshooting of issues to isolate potential root cause +- Document and advise alternative solutions for reported defects + +Excluded are broader consulting & customer-specific engineering requests regarding use of our products and services. Moreover support requests from Customer’s end users must be handled by the Customer directly. + +### Support service process + +The customer may submit support requests (“ticket”) through any means of eligible communication channels, consisting of + +- Single discrete problem, issue, or request +- Initial severity level and impact statement for assessment +- Description of the issue and if possible a description of the observed and expected behavior, steps to reproduce the issue, evidence that issue is not caused by connectivity / compute, relevant anonymized log-files etc. +- All information requested by ZITADEL as we resolve the ticket (e.g. system logs) + +ZITADEL will review the case information and determine the severity level (see below), working with the customer to assess the urgency of the request and use reasonable efforts to respond to support requests within the initial response time. + +ZITADEL will use reasonable efforts to resolve support request as defined below, but does not guarantee a workaround, resolution or resolution time. + +Severity Level | Description +--- | --- +**Severity 1**
Critical / Service down|

Widespread failure or complete unavailability of ZITADEL Core Services.

ZITADEL will use continuous effort to provide a workaround or permanent solution. When Core Services are available, the severity will be lowered to the new appropriate level.

+**Severity 2**
Core functionality unavailable or severely degraded|

Core Services of ZITADEL software continue to operate in severely restricted fashion, yet long-term productivity may be impacted.

When Core Services are no longer severely degraded (eg, through a viable workaround or release), the severity level will be lowered to Severity 3.

+**Severity 3**
Standard support request|

Partial and non-critical loss of ZITADEL software functionality or major software defect, yet a workaround exists for viable long-term operation.

ZITADEL will continue to work on developing permanent resolution.

+**Severity 4**
Non-urgent request|

Defined as follows:

+

ZITADEL will continue to work on developing permanent resolution and response to general requests. ZITADEL does not provide a timeline or guarantee to include any feature requests.

+ +### Escalation + +The customer may escalate support requests following the escalation process: + +1. For non-urgent needs, the client may request management escalation within the ticket. A manager will review the request and provide a response within one business day. +2. For urgent needs, the client may escalate directly by calling +41 43 456 84 69 and emailing to [hi@zitadel.com](mailto:hi@zitadel.com). A manager will review the request and provide response within two business hours. + +If we fail to provide a response to the escalation, you will be entitled to service credits. For every 15 minutes exceeding the state objective, 1 day will be added as extension to the current term. diff --git a/docs/docs/legal/subprocessors.md b/docs/docs/legal/subprocessors.md new file mode 100644 index 0000000000..b5fa71ee03 --- /dev/null +++ b/docs/docs/legal/subprocessors.md @@ -0,0 +1,21 @@ +--- +title: Third party sub-processors for ZITADEL +sidebar_label: Third Party Sub-Processors +custom_edit_url: null +--- + +Last updated on November 15, 2023 + +In order to achieve the best possible transparency we publish which sub-processors and services we use to provide ZITADEL and related services. +The table shows what activity each entity performs. +More information about each activity is provided directly below. +This explains the limited processing of customer data the entity is authorized to perform. + +We regularly audit all data processing agreements that we have with our sub-processors to guarantee that they adhere to the same level of privacy as ours to protect your personal data. + +The following table indicates which sub-processors have access to end-user data. We try to minimize the number of sub-processors that handle end-user data on our behalf to reduce any vendor related risks. +Some providers are used by default, but you can opt-out of the default provide and replace the sub-processor by a provider of your choice. + +import { SubProcessorTable } from "../../src/components/subprocessors"; + + diff --git a/docs/docs/legal/support-services.md b/docs/docs/legal/support-services.md deleted file mode 100644 index 1a6f0a1555..0000000000 --- a/docs/docs/legal/support-services.md +++ /dev/null @@ -1,138 +0,0 @@ ---- -title: Support Services -custom_edit_url: null ---- - -## Introduction - -This annex of the [Framework Agreement](terms-of-service) and the [Support Service Terms and Conditions](terms-support-service) describes the support services offered by us for our Services. - -Support Services for products and services provided by ZITADEL is offered to customers according to the terms and conditions outlined in this document. -The customer may purchase support services from ZITADEL (CAOS Ltd.) directly. - -Last revised: October 6, 2023 - -## Support Services - -**Business hours** means 08:00-17:00 Monday - Friday Switzerland time (or as per agreement with the customer). All times exclude public holidays in Switzerland / Canton St. Gallen. - -**Extended hours** means 07:00-19:00 Monday - Friday Switzerland time (or as per agreement with the customer). All times exclude public holidays in Switzerland / Canton St. Gallen. - -**Ticket** means a discrete technical or non-technical issue that was submitted by the customer and exists in the support portal. A ticket includes a record of all communication associated with the issue. - -## Description of Services - -### Cloud - -Support features for cloud subscriptions are as follows: - -Subscription Plans | Default | Extended SLA | Custom ---- | --- | --- | --- -Support hours | Business hours | Business hours | up to 24x7 -Response Time (Severity 1) | Best effort | 1 business hour | bespoke -eMail Support | yes | yes | yes -Phone Support | no | no | optional -Chat Support | no | no | optional - -If you want to add a [Technical Account Manager](#technical-account-manager) or need assistance during onboarding, please [get in touch](https://zitadel.com/contact). - -### Self-hosting - -Support plans for self-hosting according to your purchase order. - -Customers can define the SLA and additional support options, such as - -- Support Hours (business, extended, 24x7) along different severities -- SLO [Initial response time](#slo---initial-response-time) -- [Technical account manager](#technical-account-manager) -- Communication channels - -### SLO - Initial response time - -ZITADEL service level objective (SLO) for Support Services is defined in terms of initial response time to a support request, as outlined in the table below per plan. -ZITADEL will use reasonable efforts to resolve support requests, but does not guarantee a work-around, resolution or resolution time. - -Subscription Plans | Default | Extended SLA | Custom ---- | --- | --- | --- -Severity 1| Best effort | 1 business hour | up to 30min -Severity 2| Best effort | 2 business hour | 2 business hours -Severity 3| Best effort | 12 business hour | 12 business hours -Severity 4| Best effort | 24 business hour | 24 business hours - -If we fail to provide the initial response time objective, you will be entitled to service credits. For every 15 minutes exceeding the state objective, 1 day will be added as extension to the current term. - -### Communication - -- Support is available in Swiss-German, German, and English -- Default contact: Whenever customers require support, Customers should consult the documentation of the service or product or post a question to our community. -- When Customer is eligible for support services through a Subscription Plan, Customer may contact ZITADEL support via the following channels - -Support Feature | Contact information ---- | --- -eMail Support | support@zitadel.com -Chat Support | Private chat channel between ZITADEL and Customer that is opened when Subscription becomes active -Phone Support | +41 43 215 27 34 - -- ZITADEL Cloud system status, incidents and maintenance windows will be communicated via [our status page](https://status.zitadel.com). -- Questions regarding pricing, billing, and invoicing of our services should be addressed to billing@zitadel.com -- Security related questions and incidents can also be directly addressed to security@zitadel.com - -### Technical account manager - -ZITADEL will enhance its support offering by providing eligible clients with a Technical Account Manager (TAM), who will perform the following tasks for up to the specified amount of time per week during the term of service: - -- Provide support and advice regarding best practices on platform, product and configuration covered by the applicable Support Services; -- Participate in review calls every other week at mutually agreed times addressing customer’s operational challenges or complex support requests; -- Walk-through of new features and customer feedback. - -We offer TAM services only bundled with specific subscription plans, and the option to add more TAM hours to these plans. -If you require consulting for your projects, please request a quote via our [website](https://zitadel.com/contact). - -## Support - -### Support request - -ZITADEL agrees to handle support incidents in the following scenarios: - -1. Service, product or configuration as provided by ZITADEL contains errors or critical security-related issues -2. Service or product requires upgrades or changes through the customer -3. Service or product has incorrect or missing documentation - -Support features include: - -- Answer questions regarding usage of specific features or configurations -- Provide high-level suggestions regarding appropriate usage, features or configurations -- Assist in troubleshooting of issues to isolate potential root cause -- Document and advise alternative solutions for reported defects - -Excluded are broader consulting & customer-specific engineering requests regarding use of our products and services. Moreover support requests from Customer’s end users must be handled by the Customer directly. - -### Support service process - -The customer may submit support requests (“ticket”) through any means of eligible communication channels, consisting of - -- Single discrete problem, issue, or request -- Initial severity level and impact statement for assessment -- Description of the issue and if possible a description of the observed and expected behavior, steps to reproduce the issue, evidence that issue is not caused by connectivity / compute, relevant anonymized log-files etc. -- All information requested by ZITADEL as we resolve the ticket (e.g. system logs) - -ZITADEL will review the case information and determine the severity level (see below), working with the customer to assess the urgency of the request and use reasonable efforts to respond to support requests within the initial response time. - -ZITADEL will use reasonable efforts to resolve support request as defined below, but does not guarantee a workaround, resolution or resolution time. - -Severity Level | Description ---- | --- -**Severity 1**
Critical / Service down|

Widespread failure or complete unavailability of ZITADEL Core Services.

ZITADEL will use continuous effort to provide a workaround or permanent solution. When Core Services are available, the severity will be lowered to the new appropriate level.

-**Severity 2**
Core functionality unavailable or severely degraded|

Core Services of ZITADEL software continue to operate in severely restricted fashion, yet long-term productivity may be impacted.

When Core Services are no longer severely degraded (eg, through a viable workaround or release), the severity level will be lowered to Severity 3.

-**Severity 3**
Standard support request|

Partial and non-critical loss of ZITADEL software functionality or major software defect, yet a workaround exists for viable long-term operation.

ZITADEL will continue to work on developing permanent resolution.

-**Severity 4**
Non-urgent request|

Defined as follows:

-

ZITADEL will continue to work on developing permanent resolution and response to general requests. ZITADEL does not provide a timeline or guarantee to include any feature requests.

- -### Escalation - -The customer may escalate support requests following the escalation process: - -1. For non-urgent needs, the client may request management escalation within the ticket. A manager will review the request and provide a response within one business day. -2. For urgent needs, the client may escalate directly by calling +41 43 456 84 69 and emailing to [hi@zitadel.com](mailto:hi@zitadel.com). A manager will review the request and provide response within two business hours. - -If we fail to provide a response to the escalation, you will be entitled to service credits. For every 15 minutes exceeding the state objective, 1 day will be added as extension to the current term. diff --git a/docs/docs/legal/terms-of-service.md b/docs/docs/legal/terms-of-service.md index 4dfca36d0e..a5fda38cac 100644 --- a/docs/docs/legal/terms-of-service.md +++ b/docs/docs/legal/terms-of-service.md @@ -2,28 +2,29 @@ title: Terms of Service Agreement custom_edit_url: null --- + +Last updated on November 15, 2023 + ## General ### Introduction -CAOS Ltd. (**"We"**, **CAOS AG**, or simply **CAOS**), with head office in Lerchenfeldstrasse 3, 9014 St. Gallen, Switzerland, offers "Identity and Access Management as service" with the brand name "ZITADEL Cloud Services" and all of our Websites (**Services** or **ZITADEL Cloud**). +CAOS Ltd. (**"We"**, **ZITADEL**, **CAOS AG**, or simply **CAOS**), with head office in Lerchenfeldstrasse 3, 9014 St. Gallen, Switzerland, offers "Identity and Access Management as service" with the brand name "ZITADEL Cloud Services" and all of our Websites (**Services** or **ZITADEL Cloud**). -The customer relationship (**Framework Agreement** or **The Agreement**) is created by the **Customer** (**"you"**) by creating a user or organization within the ZITADEL Cloud Service. On the basis of this Framework Agreement you may then choose to make use of payable services (**Subscription**) as you wish, i.e. you may book services, options and packages yourself at any time (**Booking**, **Purchase Order**) and subsequently terminate them. +The customer relationship (**Framework Agreement** or **The Agreement**) is created by the **Customer** (**"you"**) by creating a user or organization within the ZITADEL Cloud Service or with signature of a purchase order between you and ZITADEL (jointly referred to as **Parties**). +On the basis of this Framework Agreement you may then choose to make use of payable services (**Subscription**) as you wish, i.e. you may book services, options and packages yourself at any time (**Booking**, **Purchase Order**, **PO**) and subsequently terminate them. The terms of service (**"TOS"**) outlined in this document establish the most important points of this Framework Agreement – independently of the use of any services. This Agreement has the following appendices. When you enter the Agreement with us, you accept these agreements. * [**Data Processing Agreement**](data-processing-agreement) - How we process personal data on behalf of you -* [**Service Description**](cloud-service-description) - What service we offer under this agreement -* [**Service Level Description**](service-level-description) - What service levels do we guarantee you -* [**Support Service Descriptions**](support-services) - How we provide support services to you +* [**Service Descriptions**](./service-description/) - How we provide services to yo +* [**Policies**](./policies/) - Policies that apply for use of our services +* [**Enterprise Agreement**](./annex-support-services/) - Annex for Enterprise Agreement and Support Services -The following policies complement the TOS. When accepting the TOS, you accept these policies. - -* [**Privacy Policy**](privacy-policy) - How we process personal data on our websites and products -* [**Acceptable Use Policy**](acceptable-use-policy) - What we understand as acceptable and fair use of our Services -* [**Rate Limit Policy**](rate-limit-policy) - How we avoid overloads of our services +The outlined policies complement these terms of service. +When accepting the TOS, you accept these policies. ### Alterations @@ -37,15 +38,23 @@ You may only transfer the Framework Agreement or Services used in the context of ### Type and scope of the services -We provide the Services under the conditions stated on our websites at the time of booking. +We provide the Services under the conditions stated on our websites, or the latest customer specific purchase order, at the time of booking. ### Modifications of services offered -We are entitled to offer new services, to withdraw existing services (**Termination**) or to modify the specifications and prices of existing services (**Modification**) at any time. If the modification or termination affects a service that you are using at that time, we will inform you via email that said service will be automatically modified and/or is no longer available after a period of 30 days. +We are entitled to offer new services, to withdraw existing services (**Termination**) or to modify the specifications and prices of existing services (**Modification**) at any time. +If the modification or termination affects a service that you are using at that time, we will inform you via email that said service will be automatically modified and/or is no longer available after a period of 30 days. + +If such modification would have a disadvantageous impact on the Customer use of service, ZITADEL and Customer must discuss the change with the Customer first and, to the best of its ability, find a solution that is acceptable to both Parties. +If such a solution cannot be found, ZITADEL may implement the modification and Customer may submit notice of termination of the relevant Service (email is sufficient) before the modification becomes effective without being obliged to pay contractual penalties or termination fees. +ZITADEL may modify the prices for a service after the minimum term of the agreement. ### Modification of services booked by you -You may change or terminate Services or Subscriptions booked by you at any time. You may, where applicable, add more Services (e.g. add-ons) to your existing Services at any time. +You may change or terminate Services or Subscriptions booked by you at any time. +You may, where applicable, add more Services (e.g. add-ons) to your existing Services at any time. +Modifications will take effect in the next billing period, or as agreed otherwise between the Parties. +Changing services booked by you requires a new purchase order, stating the new conditions of the services after Modification, to be accepted by the Parties. ### Due care @@ -55,21 +64,34 @@ The [Annex of the data processing agreement](data-processing-agreement#annex-reg ### Support -We offer Support Services directly related to the use of our Services. The Description of Support Services is available as [Annex](support-services) to this document. +We offer Support Services directly related to the use of our Services. +The Description of Support Services is available as [Annex](./service-description/support-services) to this document. Customers without a subscription can contact us via the official [communication channels](https://zitadel.com/contact). - -### Limited influence - -Be advised that the scope of our influence is limited. For example, the actual accessibility of a service is also dependent on the connection to and between various Internet Service Providers ("ISPs"). Portions of our services, i.e. software components, may also be beyond our influence and be subject to their own contractual conditions. You accept that in such cases we reject any responsibility. +The parties may enter a service level agreement, as specified in our [Support Service Description](./service-description/support-services), for booked Support Services. +Only named persons in the Purchase Order, or as agreed in writing (email is sufficient) may use the Support Services to interact with ZITADEL. ### Service level -Customers with a Subscription may be eligible for a SLA as outlined in our [Service Level Description](service-level-description). +Customers with a Subscription may be eligible for a SLA as outlined in our [Service Level Description](./service-description/service-level-description). + +### Service credit + +Failure to provide the agreed service level objectives during the term of the Agreement results in compensation via service credits, as outlined in the [Annex](./service-description/support-services) per service level objective. + +Customer must request service credit and must notify ZITADEL in writing (email sufficient) within 30 days of becoming eligible for service credit and must prove failure of ZITADEL to meet the stated objective. +ZITADEL will confirm or reject the claim with reasons for a refusal within 10 days. +Service credit will in no case be paid as a cash equivalent. +No further guarantees are provided. + +### Limited influence + +Be advised that the scope of our influence is limited. For example, the actual accessibility of a service is also dependent on the connection to and between various Internet Service Providers ("ISPs"). +Portions of our services, i.e. software components, may also be beyond our influence and be subject to their own contractual conditions. You accept that in such cases we reject any responsibility. ### Inclusion of third parties -We may include third parties in the provision of our services. See our [Privacy Policy](privacy-policy) and our [Data Processing Agreement](data-processing-agreement) for more information. +We may include third parties in the provision of our services. See our [Privacy Policy](./policies/privacy-policy), [Third Party Sub-Processor List](subprocessors), and our [Data Processing Agreement](data-processing-agreement) for more information. ## Your obligations @@ -79,11 +101,12 @@ At our request you will provide your truthful contact information and keep it up ### Use -You will ensure that the use of our Websites and Services by you or third parties complies with all applicable legislation, these these TOS, and our [Acceptable Use Policy](acceptable-use-policy) at all times. +You will ensure that the use of our Websites and Services by you or third parties complies with all applicable legislation, this Agreement, any Annexes and policies, specifically the [Acceptable Use Policy](./policies/acceptable-use-policy), at all times. ### Security -You will take appropriate measures to prevent any misuse of the services you booked. These include, for example, securing the software used and the prompt installation of security updates as well as using suitably secure passwords. +You will take appropriate measures to prevent any misuse of the services you booked. +These include, for example, securing the software used and the prompt installation of security updates as well as using suitably secure passwords. ### Disaster recovery @@ -107,11 +130,13 @@ You will ensure that your vicarious agents, customers and third parties fulfill ### Credit and payment -Signup to our Services does not require you to open a payment account. However, a payment account is required for the purchase of our Subscriptions. The costs for the services you have purchased will be debited periodically from your payment account. +Signup to our Services does not require you to open a payment account. +However, a payment account is required for the purchase of our Subscriptions. +The costs for the services you have purchased will be debited periodically from your payment account or must be paid according to the purchase order. ### Payment procedure -If payment upon invoice is agreed, the payment deadline shall be 30 days after receipt of the invoice. +If payment upon invoice is agreed, the payment deadline shall be 30 days after receipt of the invoice, or as stated in the purchase order. ### Offsetting @@ -127,13 +152,17 @@ In the event of default we reserve the right to transfer our claim to a collecti You may terminate the Framework Agreement at any time by ceasing your use of the services and deleting your customer account on our website. +For purchase orders, the term must be terminated by providing written notice (email is sufficient) of termination at least 30 days prior to the end of the term. + ### Termination by us We may terminate the Framework Agreement at any time via email message with a notice period of 90 days. Any use of the services will cease at the end of this period and the Framework Agreement will be terminated. ### Automatic termination -If you have neither used services nor made payment for a period of 3 years, the Framework Agreement will be considered automatically terminated at the end of this period. +If you have neither used services nor made payment for a period of 180 days, the Framework Agreement will be considered automatically terminated at the end of this period. + +If you have a Subscription to any free plans, that don't require payment, we automatically the Framework Agreement will be considered automatically terminated after 30 days without any Daily Active User on the Unit. ### No reimbursement @@ -157,21 +186,26 @@ In the event of the termination of the contract, we reserve the right to irrevoc ## Data protection -Please consult the annex to this Framework Agreement, specifically our [Privacy Policy](privacy-policy) and [Data Processing Agreement](data-processing-agreement), or our [Trust Site](https://zitadel.com/trust/) for more information about how we process and protect your data. +Please consult the annex to this Framework Agreement, specifically our [Privacy Policy](./policies/privacy-policy), [Data Processing Agreement](data-processing-agreement), [Third Party Sub-Processors](subprocessors), and or our [Trust Site](https://zitadel.com/trust/) for more information about how we process and protect your data. ## Liability ### Our liability -We and/or third parties which we involve are only liable for demonstrably willful or grossly negligent damages. Our liability per damage event is limited to the value of the services used during the previous contractual year. Any liability in other cases, for consequential damages or lost profits is hereby excluded. +We and/or third parties which we involve are only liable for demonstrably willful or grossly negligent damages. +Our liability per damage event is limited to the value of the services used during the previous contractual year. +Any liability in other cases, for consequential damages or lost profits is hereby excluded. ### Your liability -You are liable for all damages and costs arising from the illegal or non-contractual use of the services which you have booked. We in particular reserve the right to invoice you for any additional costs incurred by us in this context. +You are liable for all damages and costs arising from the illegal or non-contractual use of the services which you have booked. +We in particular reserve the right to invoice you for any additional costs incurred by us in this context. ### Force majeure -You acknowledge that we may be partially or entirely unable to provide our services during and/or as a result of events beyond our influence. These include events such as natural disasters, war, terrorism, sabotage, attacks on our infrastructure (i.e. DoS/DDoS attacks), failure of electrical or data connections and unexpected official requirements. We are not liable for any damages in such cases. +You acknowledge that we may be partially or entirely unable to provide our services during and/or as a result of events beyond our influence. +These include events such as natural disasters, war, terrorism, sabotage, attacks on our infrastructure (i.e. DoS/DDoS attacks), failure of electrical or data connections and unexpected official requirements. +We are not liable for any damages in such cases. ## Final provision @@ -187,12 +221,10 @@ The exclusive place of jurisdiction is St. Gallen, Switzerland. Should any provision of these TOS be or become invalid, this shall not affect the validity of the remaining TOS. The invalid provision will be replaced by a valid one which approximates the invalid one as much as possible. -### Entry into force - -These TOS shall enter into force as of 15.07.2022. - -Last revised: May 12, 2023 - ### Amendments -We are entitled to unilaterally amend these TOS at any time. The current version is accessible via our website. We will inform you of any amendments via email. These amendments shall be considered as accepted upon booking additional services or at the latest after 30 days. In the case of a rejection on your part we reserve the right to terminate the Framework Agreement. +We are entitled to unilaterally amend this Agreement at any time. +The current version is accessible via our website. +We will inform you of any amendments via email. +These amendments shall be considered as accepted upon booking additional services or at the latest after 30 days. +In the case of a rejection on your part we reserve the right to terminate the Framework Agreement. diff --git a/docs/docs/legal/terms-support-service.md b/docs/docs/legal/terms-support-service.md deleted file mode 100644 index 2b1898f93a..0000000000 --- a/docs/docs/legal/terms-support-service.md +++ /dev/null @@ -1,222 +0,0 @@ ---- -title: Terms and Conditions for Support Services -custom_edit_url: null ---- -## General - -### Introduction - -CAOS Ltd. (**"We"**, **CAOS AG**, or simply **CAOS**), with head office located at Lerchenfeldstrasse 3, 9014 St. Gallen, Switzerland, offers amongst other services and websites (**Services**) as well commercial support services (**Support Services**) for units of CAOS software products (**Unit**), if not otherwise defined a Unit refers to a is a single, dedicated setup of an application or service. - -The customer relationship (**Framework Agreement** or **The Agreement**) is created by the **Customer** (**"you"**) by accepting a **Purchase Order** (**"PO"**) for the specified Support Services (**Booking**). Jointly you and CAOS will be referred to as **the Parties**. The terms of service (**"TOS"**) outlined in this document establish the most important points of this Framework Agreement – independently of the use of any other services. - -This Agreement has the following appendices. When you enter the Agreement with us, you accept these agreements. - -* [**Data Processing Agreement**](data-processing-agreement) - How we process personal data on behalf of you -* [**Support Service Descriptions**](support-services) - How we provide support services to you -* [**Acceptable Use Policy**](acceptable-use-policy) - What we understand as acceptable and fair use of our Services - -### Alterations - -Any provisions which deviate from these TOS must be agreed in writing (email sufficient) between the Customer and us. Such agreements shall take precedence over the TOS outlined in this document. - -### Transfer - -You may only transfer the Framework Agreement or Services used in the context of the Framework Agreement to third parties with our prior written consent. - -### Term - -Coverage under this Agreement will start with Booking of Support Services, for a minimum period of 12 months. Support Services agreements will automatically renew for additional one year terms upon submission of a purchase order for renewal, unless either you or CAOS provides written notice (email sufficient) of termination of any such term. Each renewal will be at CAOS' then-current rate. In the event that you accesses CAOS Support services in any way after the Agreement has expired or been terminated, you will continue to be bound by this Agreement, which will continue to apply to the services after such expiration or termination. - -## Our Services - -### Type and scope of the services - -We provide the Services under the conditions stated on our websites and the PO at the time of booking. - -### Modifications of services offered - -We are entitled to offer new services, to withdraw existing services (**Termination**) or to modify the specifications and prices of existing services (**Modification**) at any time. If the modification or termination affects a service that you are using at that time, we will inform you via email that said service will be automatically modified and/or is no longer available after a period of 30 days. - -If such modification would have a disadvantageous impact on the Customer use of service, CAOS and Customer must discuss the change with the Customer first and, to the best of its ability, find a solution that is acceptable to both Parties. If such a solution cannot be found, CAOS may implement the modification and Customer may submit notice of termination of the relevant Service (email is sufficient) before the modification becomes effective without being obliged to pay contractual penalties or termination fees. CAOS may modify the prices for a service after the minimum term of the agreement. - -### Modification of services booked by you - -You may change or terminate Services booked by you at any time. Modifications will take effect in the next billing period, or as agreed otherwise between the Parties. Changing services booked by you requires a new PO, stating the new conditions of the services after Modification, to be accepted by the Parties. - -### Due care - -We take all appropriate physical and electronic precautions to ensure the security and availability of our infrastructure and the service offered thereupon, in particular to protect against unauthorized access to data, data loss, failures and misuse. - -The [Annex of the data processing agreement](data-processing-agreement#annex-regarding-security-measures) outlines the measures we take in more detail. - -### Support Service - -The Description of Support Services is available as [Annex](support-services) to this document. - -The parties may enter a service level agreement, as specified in our [Support Service Description](support-services), for booked Support Services. Only named persons in the Purchase Order, or as agreed in writing (email is sufficient) may use the Support Services to interact with CAOS. - -### Service credit - -Failure to provide the agreed service level objectives during the term of the Agreement results in compensation via service credits, as outlined in the [Annex](support-services) per service level objective. - -Customer must request service credit and must notify CAOS in writing (email sufficient) within 30 days of becoming eligible for service credit and must prove failure of CAOS to meet the stated objective. CAOS will confirm or reject the claim with reasons for a refusal within 10 days. Service credit will in no case be paid as a cash equivalent. No further guarantees are provided. - -### Service review - -If not otherwise agreed, CAOS offers a yearly review meeting with you to discuss the service quality and any feedback you might have. We are not required to participate in the meeting after the term has expired. - -### Limited influence - -Be advised that the scope of our influence is limited. For example, the actual accessibility of a service is also dependent on the connection to and between various Internet Service Providers ("ISPs"). Portions of our services, i.e. software components, may also be beyond our influence and be subject to their own contractual conditions. You accept that in such cases we reject any responsibility. - -### Inclusion of third parties - -We may include third parties in the provision of our services. See our [Privacy Policy](privacy-policy) and our [Data Processing Agreement](data-processing-agreement) for more information. - -## Your obligations - -### Contact information - -At our request you will provide your truthful contact information and keep it updated at all times. You must also ensure that you actually receive messages, in particular emails, intended for you. - -### Use - -You will ensure that the use of our Websites and Services by you or third parties complies with all applicable legislation, these TOS, and our [Acceptable Use Policy](acceptable-use-policy) at all times. - -### Maintenance of units - -You will ensure that units eligible for Support Service are maintained and upgraded frequently. If you operate units with a release date older than 180 days since our latest stable release, the term is continued but CAOS is not required to handle any support request for that unit until the units are upgraded and recertified. - -### Support Process - -You will ensure to follow the support process, especially provide all required initial information to the issue, as outlined in the [Annex](support-services) to this document. - -### Training of support staff - -You will ensure regular training of your support staff. Your support staff must be able to provide the required information for support issues to us, and thus requires access and up-to-date knowledge of the services. - -Initial know-how transfer for the services will be organized in training sessions conducted by us. We can provide knowledge sessions throughout the term to train newly onboarded staff, update your support staff about important updates, or refresh knowledge in specified areas. In case we notice insufficient quality of support requests from Customers, we will propose appropriate training sessions. - -### Security - -You will take appropriate measures to prevent any misuse of the services you booked. These include, for example, securing the software used and the prompt installation of security updates as well as using suitably secure passwords. - -### Disaster recovery - -Any liability for damages, indirect or direct, in case of data loss is explicitly rejected. - -### Reporting obligations - -You will immediately report any knowledge of a misuse of your booked services. - -### Cooperation - -If the maintenance of service quality requires your cooperation, for example to remedy errors in the services you use, you will provide said cooperation promptly and free of charge. - -### Third party obligations - -You will ensure that your vicarious agents, customers and third parties fulfill these obligations as well. - -## Financial - -### Payment - -Fees for the initial or any subsequent term of Support Services booked will be due and payable net 30 days from date of invoice. All payments to CAOS will be made in CHF or EUR to our bank account, as indicated in the PO. - -### Offsetting - -Offsetting against a counterclaim is prohibited. - -### Collection - -In the event of default we reserve the right to transfer our claim to a collections agency. You will bear any resulting costs insofar as legally permissible. - -### Lapsed Service Fee - -In case the term of the Support Service contract has expired within 1 to 180 days, you will be required to pay a Lapsed Service fee in addition to purchasing and activating a one-year renewal contract term at the then-current fee and conditions. The renewal term's start date will also be backdated to begin coverage from the service's original expiration date. - -Please contact us for current fees. - -### Recertification Fee - -Recertification of a unit, to be covered under Support Services, is required for: - -* units for which Support Services have been expired for more than 180 days -* units that run a release that is older than 180 days from the products most recent stable release -* requests for support on products and services purchased or supported from non-authorized resellers - -Recertification of a unit requires payment of a Recertification Fee which results in a checkup of the unit by CAOS. The unit will be inspected to asses its condition and eligibility for service coverage. - -Please contact us for current fees. - -## Termination - -### Termination by you - -You may terminate the Framework Agreement by providing written notice (email is sufficient) of termination at least 30 days prior to the end of the term. - -### Termination by us - -We may terminate the Framework Agreement at any time via email message with a notice period of 90 days. Any use of the services will cease at the end of this period and the Framework Agreement will be terminated. - -### No reimbursement - -Any remaining credit shall automatically expire upon termination of the Framework Agreement. - -### Termination of services - -We are entitled to suspend and terminate services used by you if - -* Your credit has been used up by services and/or any applicable credit limit has been reached; -* You are in default in the payment of open invoices and/or prompt payment seems unlikely (i.e. in the event of insolvency proceedings); -* Your services were used illegally or in breach of contract, or if there is reasonable suspicion of such use (i.e. in the event of complaints or abuse reports); -* We consider the suspension or termination of the services to be necessary for the protection of ourselves, our infrastructure or other customers. - -We reserve the right to immediately terminate the Framework Agreement in such cases. - -### Deletion of data - -In the event of the termination of the contract, we reserve the right to irrevocably delete all of your data. - -## Data protection - -Please consult the annex to this Framework Agreement, specifically our [Privacy Policy](privacy-policy) and [Data Processing Agreement](data-processing-agreement), or our [Trust Site](https://zitadel.com/trust/) for more information about how we process and protect your data. - -## Liability - -### Our liability - -We and/or third parties which we involve are only liable for demonstrably willful or grossly negligent damages. Our liability per damage event is limited to the value of the services used during the previous contractual year. Any liability in other cases, for consequential damages or lost profits is hereby excluded. - -### Your liability - -You are liable for all damages and costs arising from the illegal or non-contractual use of the services which you have booked. We in particular reserve the right to invoice you for any additional costs incurred by us in this context. - -### Force majeure - -You acknowledge that we may be partially or entirely unable to provide our services during and/or as a result of events beyond our influence. These include events such as natural disasters, war, terrorism, sabotage, attacks on our infrastructure (i.e. DoS/DDoS attacks), failure of electrical or data connections and unexpected official requirements. We are not liable for any damages in such cases. - -## Final provision - -### Applicable law - -The Framework Agreement is subject to Swiss law. - -### Place of jurisdiction - -The exclusive place of jurisdiction is St. Gallen, Switzerland. - -### Severability clause - -Should any provision of these TOS be or become invalid, this shall not affect the validity of the remaining TOS. The invalid provision will be replaced by a valid one which approximates the invalid one as much as possible. - -### Entry into force - -These TOS shall enter into force as of 15.07.2022. - -Last revised: June 14, 2022 - -### Amendments - -We are entitled to unilaterally amend these TOS at any time. The current version is accessible via our website. We will inform you of any amendments via email. These amendments shall be considered as accepted upon booking additional services or at the latest after 30 days. In the case of a rejection on your part we reserve the right to terminate the Framework Agreement. diff --git a/docs/docs/self-hosting/manage/productionchecklist.md b/docs/docs/self-hosting/manage/productionchecklist.md index 24c4803a10..25b3eb1a14 100644 --- a/docs/docs/self-hosting/manage/productionchecklist.md +++ b/docs/docs/self-hosting/manage/productionchecklist.md @@ -32,7 +32,7 @@ To apply best practices to your production setup we created a step by step check - [ ] Use a Layer 7 Web Application Firewall to secure ZITADEL that supports **[HTTP/2](/docs/self-hosting/manage/http2)** - [ ] Limit the access by IP addresses if needed - - [ ] Secure the access by rate limits for specific endpoints (e.g. API vs frontend) to secure availability on high load. See the [ZITADEL Cloud rate limits](/docs/legal/rate-limit-policy) for reference. + - [ ] Secure the access by rate limits for specific endpoints (e.g. API vs frontend) to secure availability on high load. See the [ZITADEL Cloud rate limits](/docs/legal/policies/rate-limit-policy) for reference. - [ ] Check that your firewall also filters IPv6 traffic ### ZITADEL configuration diff --git a/docs/docs/support/software-release-cycles-support.md b/docs/docs/support/software-release-cycles-support.md index 1b601cfd8d..d587e79fc9 100644 --- a/docs/docs/support/software-release-cycles-support.md +++ b/docs/docs/support/software-release-cycles-support.md @@ -16,7 +16,7 @@ Supported features are those that are guaranteed to work as intended and are ful If you encounter any issues with a supported feature, please contact us by creating a [bug report](https://github.com/zitadel/zitadel/issues/new/choose). We will review the issues according to our [product management process](https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md#product-management). -In case you are eligible to [support services](/docs/legal/support-services) get in touch via one of our support channels and we will provide prompt response to the issues you may experience and make our best effort to assist you to find a resolution. +In case you are eligible to [support services](/docs/legal/service-description/support-services) get in touch via one of our support channels and we will provide prompt response to the issues you may experience and make our best effort to assist you to find a resolution. :::info Security Issues Please report any security issues immediately to the indicated address in our [security.txt](https://zitadel.com/.well-known/security.txt) @@ -24,7 +24,7 @@ Please report any security issues immediately to the indicated address in our [s ### Enterprise supported -Enterprise supported features are those where we provide support only to users eligible for enterprise [support services](/docs/legal/support-services). +Enterprise supported features are those where we provide support only to users eligible for enterprise [support services](/docs/legal/service-description/support-services). These features should be functional for eligible users, but may have some limitations for a broader use. If you encounter issues with an enterprise supported feature and you are eligible for enterprise support services, we will provide a prompt response to the issues you may experience and make our best effort to assist you to find a resolution. diff --git a/docs/docusaurus.config.js b/docs/docusaurus.config.js index 8e7dc19264..aedb22e6ca 100644 --- a/docs/docusaurus.config.js +++ b/docs/docusaurus.config.js @@ -143,7 +143,7 @@ module.exports = { }, { label: "Privacy Policy", - href: "/legal/privacy-policy", + href: "/legal/policies/privacy-policy", }, ], }, diff --git a/docs/sidebars.js b/docs/sidebars.js index 14775e2169..d2e7998fb1 100644 --- a/docs/sidebars.js +++ b/docs/sidebars.js @@ -428,7 +428,7 @@ module.exports = { { type: 'link', label: 'Support Service Descriptions', - href: '/legal/support-services', + href: '/legal/service-description/support-services', }, { type: 'category', @@ -631,7 +631,7 @@ module.exports = { { type: 'link', label: 'Rate Limits (Cloud)', // The link label - href: '/legal/rate-limit-policy', // The internal path + href: '/legal/policies/rate-limit-policy', // The internal path }, ], selfHosting: [ @@ -700,23 +700,23 @@ module.exports = { items: [ "legal/terms-of-service", "legal/data-processing-agreement", + "legal/subprocessors", + "legal/annex-support-services", { type: "category", label: "Service Description", collapsed: false, + link: { + type: "generated-index", + title: "Service description", + slug: "/legal/service-description", + description: "Description of services and service levels for ZITADEL Cloud and Enterprise subscriptions.", + }, items: [ - "legal/cloud-service-description", - "legal/service-level-description", - "legal/support-services", - "legal/onboarding-support", - ], - }, - { - type: "category", - label: "Support Program", - collapsed: true, - items: [ - "legal/terms-support-service", + { + type: 'autogenerated', + dirName: 'legal/service-description', + } ], }, { @@ -730,13 +730,11 @@ module.exports = { description: "Policies and guidelines in addition to our terms of services.", }, items: [ - "legal/privacy-policy", - "legal/acceptable-use-policy", - "legal/rate-limit-policy", - "legal/policies/account-lockout-policy", - "legal/policies/feature-development-policy", - "legal/vulnerability-disclosure-policy", - ], + { + type: 'autogenerated', + dirName: 'legal/policies', + } + ] }, ] }, diff --git a/docs/src/components/subprocessors.jsx b/docs/src/components/subprocessors.jsx new file mode 100644 index 0000000000..aa4d37aec2 --- /dev/null +++ b/docs/src/components/subprocessors.jsx @@ -0,0 +1,169 @@ +import React from "react"; + +export function SubProcessorTable() { + + const country_list = { + us: "USA", + eu: "EU", + ch: "Switzerland", + fr: "France", + in: "India", + de: "Germany", + ee: "Estonia", + nl: "Netherlands", + ro: "Romania", + } + const processors = [ + { + entity: "Google LLC", + purpose: "Cloud infrastructure provider (Google Cloud), business applications and collaboration (Workspace), Data warehouse services, Content delivery network, DDoS and bot prevention", + hosting: "Region designated by Customer, United States", + country: country_list.us, + enduserdata: "Yes (transit)" + }, + { + entity: "Cockroach Labs, Inc.", + purpose: "Managed database services: Dedicated CockroachDB clusters on Google Cloud", + hosting: "Region designated by Customer", + country: country_list.us, + enduserdata: "Yes (at rest)" + }, + { + entity: "Datadog, Inc.", + purpose: "Infrastructure monitoring, log analytics, and alerting", + hosting: country_list.eu, + country: country_list.us, + enduserdata: "Yes (logs)" + }, + { + entity: "Github, Inc.", + purpose: "Source code management, code scanning, dependency management, security advisory, issue management, continuous integration", + hosting: country_list.us, + country: country_list.us, + enduserdata: false + }, + { + entity: "Stripe Payments Europe, Ltd.", + purpose: "Subscription management, payment process", + hosting: country_list.us, + country: country_list.us, + enduserdata: false + }, + { + entity: "Bexio AG", + purpose: "Customer management, payment process", + hosting: country_list.ch, + country: country_list.ch, + enduserdata: false + }, + { + entity: "Mailjet SAS", + purpose: "Marketing automation", + hosting: country_list.eu, + country: country_list.fr, + enduserdata: false + }, + { + entity: "Postmark (AC PM LLC)", + purpose: "Transactional mails, if no customer owned SMTP service is configured", + hosting: country_list.us, + country: country_list.us, + enduserdata: "Yes (opt-out)" + }, + { + entity: "Vercel, Inc.", + purpose: "Website hosting", + hosting: country_list.us, + country: country_list.us, + enduserdata: false + }, + { + entity: "Agolia SAS", + purpose: "Documentation search engine (zitadel.com/docs)", + hosting: country_list.us, + country: country_list.in, + enduserdata: false + }, + { + entity: "Discord Netherlands BV", + purpose: "Community chat (zitadel.com/chat)", + hosting: country_list.us, + country: country_list.us, + enduserdata: false + }, + { + entity: "Statuspal", + purpose: "ZITADEL Cloud service status announcements", + hosting: country_list.us, + country: country_list.de, + enduserdata: false + }, + { + entity: "Plausible Insights OÜ", + purpose: "Privacy-friendly web analytics", + hosting: country_list.de, + country: country_list.ee, + enduserdata: false, + dpa: 'https://plausible.io/dpa' + }, + { + entity: "Twillio Inc.", + purpose: "Messaging platform for SMS", + hosting: country_list.us, + country: country_list.us, + enduserdata: "Yes (opt-out)" + }, + { + entity: "Mohlmann Solutions SRL", + purpose: "Global payroll", + hosting: undefined, + country: country_list.ro, + enduserdata: false + }, + { + entity: "Remote Europe Holding, B.V.", + purpose: "Global payroll", + hosting: undefined, + country: country_list.nl, + enduserdata: false + }, + { + entity: "Clickhouse, Inc.", + purpose: "Data warehouse services", + hosting: country_list.us, + country: country_list.us, + enduserdata: false + }, + ] + + return ( + + + + + + + + + { + processors + .sort((a, b) => { + if (a.entity < b.entity) return -1 + if (a.entity > b.entity) return 1 + else return 0 + }) + .map((processor, rowID) => { + return ( + + + + + + + + ) + }) + } +
Entity namePurposeEnd-user dataHosting locationCountry of registration
{processor.entity}{processor.purpose}{processor.enduserdata ? processor.enduserdata : 'No'}{processor.hosting ? processor.hosting : 'n/a'}{processor.country}
+ ); +} diff --git a/docs/src/css/apicard.module.css b/docs/src/css/apicard.module.css index 047e9b4ef4..9a00f39b60 100644 --- a/docs/src/css/apicard.module.css +++ b/docs/src/css/apicard.module.css @@ -2,9 +2,7 @@ text-decoration: none; } -.apicard h3, -h4, -h5 { +.apicard.h3, .apicard.h4, .apicard.h5 { margin: 0.5rem 0 0 0; } diff --git a/docs/src/css/custom.css b/docs/src/css/custom.css index f98fad11b6..5cb0c80ec9 100644 --- a/docs/src/css/custom.css +++ b/docs/src/css/custom.css @@ -102,6 +102,7 @@ --font-color-strong: #000000; --ifm-navbar-link-hover-color: #000000; --ifm-heading-color: #000000; + --ifm-h4-font-size: 1.2rem; --ifm-color-success-contrast-foreground: #0e6245; --ifm-color-success-contrast-background: #cbf4c9; --ifm-color-success-dark: #0e6245;