TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-03-01 04:47:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs(legal): update legal framework and policies (November 2023) (#6611)

Browse Source 
* move policies

* service description editorial

* service description move

* add subprocessors

* resort policies and service descriptions

* subprocessor

* subprocessors wip

* wip

* subprocessors

* subprocessors introduction

* billing wip

* service level headings

* billing wip

* gdpr region clarification

* fix some styling

* support service wip

* wip

* service-description

* fair use, broken links

* services offered

* rework enterprise benefits

* support plans

* remove language, add support issue

* combine onboarding support

* wip

* use of brand and trademarks

* sidebar

* DASU

* Combine ToS for support services

* Apply suggestions from code review

Co-authored-by: Fabi <fabienne@zitadel.com>

* changes from review

* update updatedAt

* dpa and pp updates WIP

* broken links

* tom

* remote entity

* title annex enterprise agreement

* typo

* Apply suggestions from code review

Co-authored-by: Florian Forster <florian@zitadel.com>

* update last update dates

* replace quota with amount

---------

Co-authored-by: Fabi <fabienne@zitadel.com>
Co-authored-by: Florian Forster <florian@zitadel.com>
This commit is contained in:
mffap 2023-11-16 11:26:25 +02:00 committed by GitHub
parent 2e8c3b5a53
commit bd5506494a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
29 changed files with 899 additions and 618 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/docs/guides/manage/cloud/support.md
View File

@ -4,7 +4,7 @@ sidebar_label: Support
---
:::note
We describe our [support services](/docs/legal/support-services) and information required in more detail in our legal section. Beware that not all features may be supported by your subscription and consult the [support states](/docs/support/software-release-cycles-support#support-states).
We describe our [support services](/docs/legal/service-description/support-services) and information required in more detail in our legal section. Beware that not all features may be supported by your subscription and consult the [support states](/docs/support/software-release-cycles-support#support-states).
:::
In the header you can find a button for the support.

2
docs/docs/guides/overview.mdx
View File

@ -37,7 +37,7 @@ Choose [ZITADEL self-hosted](/self-hosting/deploy/overview) if you want:
Join our [Discord chat](https://zitadel.com/chat) or open a [discussion](https://github.com/zitadel/zitadel/discussions) on Github to get help from the community and the ZITADEL team.
Cloud and enterprise customers can additionally reach us privately via our [support communication channels](/legal/support-services).
Cloud and enterprise customers can additionally reach us privately via our [support communication channels](/legal/service-description/support-services).
## Contribute

2
docs/docs/guides/solution-scenarios/b2c.mdx
View File

@ -33,7 +33,7 @@ If you are migrating an existing project and you already have an external identi
Read our [Management API definitions](/apis/resources/mgmt) for more info. If the users email is not verified or no password is set, a initialization mail will be send.
:::info
Requests to the management API are rate limited. Read our [Rate limit Policy](../../legal/rate-limit-policy) for more info.
Requests to the management API are rate limited. Read our [Rate limit Policy](/docs/legal/policies/rate-limit-policy) for more info.
:::
### User Authentication

68
docs/docs/legal/annex-support-services.mdx Normal file
View File

@ -0,0 +1,68 @@
---
title: Annex for ZITADEL Enterprise and Support Services
sidebar_label: Enterprise Agreement
custom_edit_url: null
---
Last updated on November 15, 2023
This annex of the [Framework Agreement](terms-of-service) describes the commercial support services (**Support Services**, **Enterprise License**, or **Enterprise Agreement**) for units of ZITADEL software products (**Unit**), if not otherwise defined a Unit refers to a is a single, dedicated setup of an application or service covered under an Enterprise agreement.
The customer relationship (**Framework Agreement** or **The Agreement**) is created by the **Customer** (**"you"**) by accepting a **Purchase Order** (**"PO"**) for the specified Support Services (**Booking**). Jointly you and ZITADEL will be referred to as **the Parties**. The terms of service (**"TOS"**) outlined in this document establish the most important points of this Framework Agreement independently of the use of any other services.
### Term
Coverage under this Agreement will start with Booking of Support Services, for a minimum period of 12 months.
Support Services agreements will automatically renew for additional one-year term upon submission of a purchase order for renewal, unless either you or ZITADEL provides written notice (E-Mail sufficient) of termination of any such term.
Each renewal will be at ZITADEL's then-current rate.
In the event that you accesses ZITADEL Support services in any way after the Agreement has expired or been terminated, you will continue to be bound by this Agreement, which will continue to apply to the services after such expiration or termination.
### Service review
If not otherwise agreed, ZITADEL offers a yearly review meeting with you to discuss the service quality and any feedback you might have. We are not required to participate in the meeting after the term has expired.
## Your obligations
### Maintenance of units
You will ensure that units eligible for Support Service are maintained and upgraded frequently.
If you operate units with a release date older than 180 days since our latest stable release, the term is continued but ZITADEL is not required to handle any support request for that unit until the units are upgraded and re-certified.
### Support Process
You will ensure to follow the support process, especially provide all required initial information to the issue, as outlined in the [Annex](./service-description/support-services) to this document.
### Training of support staff
You will ensure regular training of your support staff. Your support staff must be able to provide the required information for support issues to us, and thus requires access and up-to-date knowledge of the services.
Initial know-how transfer for the services will be organized in training sessions conducted by us. We can provide knowledge sessions throughout the term to train newly onboarded staff, update your support staff about important updates, or refresh knowledge in specified areas. In case we notice insufficient quality of support requests from Customers, we will propose appropriate training sessions.
## Financial
### Lapsed Service Fee
In case the term of the Support Service contract has expired within 1 to 180 days, you will be required to pay a Lapsed Service fee in addition to purchasing and activating a one-year renewal contract term at the then-current fee and conditions. The renewal term's start date will also be backdated to begin coverage from the service's original expiration date.
Please contact us for current fees.
### Recertification Fee
Recertification of a unit, to be covered under Support Services, is required for:
* units for which Support Services have been expired for more than 180 days
* units that run a release that is older than 180 days from the products most recent stable release
* requests for support on products and services purchased or supported from non-authorized resellers
Recertification of a unit requires payment of a Recertification Fee which results in a checkup of the unit by ZITADEL. The unit will be inspected to asses its condition and eligibility for service coverage.
Please contact us for current fees.
### Disaster recovery
You are solely responsible to ensure appropriate backup and disaster recovery of Units managed by you.
Any liability for damages, indirect or direct, in case of data loss is explicitly rejected.
### Amendments
We are entitled to unilaterally amend these TOS at any time. The current version is accessible via our website. We will inform you of any amendments via email. These amendments shall be considered as accepted upon booking additional services or at the latest after 30 days. In the case of a rejection on your part we reserve the right to terminate the Framework Agreement.

39
docs/docs/legal/cloud-service-description.md
View File

@ -1,39 +0,0 @@
---
title: Cloud Service
custom_edit_url: null
---
This annex of the [Framework Agreement](terms-of-service) describes the service levels offered by us for our Services.
## Definitions
**Monthly quota** means the available usage per measure for one billing period. The quota is reset to zero with the start of a new billing period.
**Authenticated request** means any request to our API endpoints requiring a valid authorization header. We exclude requests with a server error, discovery endpoints, and endpoints to load UI assets.
**Action minutes** means execution time, rounded up to 1 second, of custom code execution via a customer defined Action.
**Adequate Country** means a country or territory recognized as providing an adequate level of protection for Personal Data under an adequacy decision made, from time to time, by (as applicable) (i) the Information Commissioner's Office and/or under applicable UK law (including the UK GDPR), or (ii) the [European Commission under the GDPR](https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).
## Data location
Data location refers to a region, consisting of one or many countries or territories, where the customer's data is stored in our database and processed by our systems.
We can not guarantee that during transit the data will only remain within this region. We take measures, as outlined in our [privacy policy](privacy-policy), to protect your data in transit and in rest.
The following regions will be available when using our cloud service. This list is for informational purposes and will be updated in due course, please refer to our website for all available regions at this time.
- **Global**: All available cloud regions offered by our cloud provider
- **Switzerland**: Exclusively on Swiss region
- **GDPR safe countries**: Exclusively [Adequate Countries](https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en) as recognized by the European Commission under the GDPR
## Backup
Our backup strategy executes daily full backups and differential backups on much higher frequency.
In a disaster recovery scenario, our goal is to guarantee a recovery point objective (RPO) of 1h, and a higher but similar recovery time objective (RTO).
Under normal operations, RPO and RTO goals are below 1 minute.
If you you have different requirements we provide you with a flexible approach to backup, restore, and transfer data (f.e. to a self-hosted setup) through our APIs.
Please consult the [migration guides](../guides/migrate/introduction.md) for more information.
Last revised: June 21, 2023

58
docs/docs/legal/data-processing-agreement.mdx
View File

@ -1,12 +1,15 @@
---
title: Data Processing Agreement
custom_edit_url: null
custom:
created_at: 2022-07-15
updated_at: 2023-11-16
---
import PiidTable from './_piid-table.mdx';
## Background
Last updated on November 15, 2023
Within the scope of the [**Framework Agreement**](terms-of-service), the **Processor** (CAOS Ltd.) processes **Personal Data** on behalf of the **Customer** (Responsible Party), collectively the **"Parties"**.
Within the scope of the [**Framework Agreement**](terms-of-service), the **Processor** (CAOS Ltd., also **ZITADEL**) processes **Personal Data** on behalf of the **Customer** (Responsible Party), collectively the **"Parties"**.
This Annex to the Agreement governs the Parties' data protection obligations in addition to the provisions of the Agreement.
@ -33,7 +36,7 @@ The Processor is responsible for taking appropriate technical and organizational
### Bound by directions
The Processor processes personal data in accordance with its privacy policy (cf. [Privacy Policy](/legal/privacy-policy)) and on the documented directions of the Customer. The initial direction result from the Agreement. Subsequent instructions shall be given either in writing, whereby e-mail shall suffice, or orally with immediate written confirmation.
The Processor processes personal data in accordance with its privacy policy (cf. [Privacy Policy](/legal/policies/privacy-policy)) and on the documented directions of the Customer. The initial direction result from the Agreement. Subsequent instructions shall be given either in writing, whereby e-mail shall suffice, or orally with immediate written confirmation.
If the Processor is of the opinion that a direction of the Customer violates the Agreement, the GDPR or other data protection provisions of the EU, EU Member States or Switzerland, it shall inform the Customer thereof and shall be entitled to suspend the Processing until the instruction is withdrawn or confirmed.
@ -49,19 +52,41 @@ The technical and organizational security measures are described in more detail
### Involvement of subcontracted processors
A current and complete list of involved and approved sub-processors can be found at [https://zitadel.com/trust/](https://zitadel.com/trust/).
A current and complete [list of involved and approved sub-processors](./subprocessors) can be found in our legal section.
The Processor is entitled to involve additional sub-processors. In this case, the Processor shall inform the Responsible Party about any intended change regarding sub-processors and update the list at <https://zitadel.com/trust>. The Customer has the right to object to such changes. If the Parties are unable to reach a mutual agreement within 90 days of receipt of the objection by the Processor, the Customer may terminate the Agreement extraordinarily.
The Processor is entitled to involve additional sub-processors.
In this case, the Processor shall inform the Responsible Party about any intended change regarding sub-processors and update the list of involved an approved sub-processors.
The Customer has the right to object to such changes.
If the Parties are unable to reach a mutual agreement within 30 days of receipt of the objection by the Processor, the Customer may terminate the Agreement extraordinarily.
The Processor obligates itself to impose on all sub-processors, by means of a contract (or in another appropriate manner), the same data protection obligations as are imposed on it by this Annex. In particular, sufficient guarantees shall be provided that the appropriate technical and organizational measures are implemented in such a way that the processing by the sub-processor is carried out in accordance with the legal requirements. If the sub-processor fails to comply with its data protection obligations, the processor shall be liable to the customer for this as for its own conduct.
The Processor obligates itself to impose on all sub-processors, by means of a contract (or in another appropriate manner), the same data protection obligations as are imposed on it by this Annex.
In particular, sufficient guarantees shall be provided that the appropriate technical and organizational measures are implemented in such a way that the processing by the sub-processor is carried out in accordance with the legal requirements.
Our websites and services may involve processing by third-party sub-processors with country of registration outside of Switzerland or the EU/EAA.
In these cases, we only transfer personal data after we have implemented the legally required measures for this, such as concluding standard contractual clauses on data protection or obtaining the consent of the data subjects. If interested, the documentation on these measures can be obtained from the contact person mentioned above.
The country of registration of a sub-processor may be different from the hosting location of the data. Please refer to the [list of involved and approved sub-processors](./subprocessors) for more details.
If the sub-processor fails to comply with its data protection obligations, the processor shall be liable to the customer for this as for its own conduct.
### Assistance in responding to requests
The Processor shall support the Customer as far as possible with suitable technical and organizational measures in fulfilling its obligation to respond to requests to exercise the data subject's rights. The parties shall agree separately on the compensation of the Processor for this.
The Processor shall support the Customer as far as possible with suitable technical and organizational measures in fulfilling its obligation to respond to requests to exercise the data subject's rights (**"Data Subject Request"**).
The Processor will promptly notify the Customer if it receives a Data Subject Request.
The Processor will not respond to a Data Subject Request, provided that the Customer agrees the Processor may at its discretion respond to confirm that such request relates to the Customer.
The Customer acknowledges and agrees that the Services include features which will allow the Customer to manage Data Subject Requests directly through the Services without additional assistance from the Processor.
If the Customer does not have the ability to address a Data Subject Request, the Processor will, upon the Customers written request, provide reasonable assistance to facilitate the Customers response to the Data Subject Request to the extent such assistance is consistent with applicable law; provided that the Customer will be responsible for paying for any costs incurred or fees charged by the Processor for providing such assistance.
The Processor, unless prohibited from doing so by applicable law, will promptly notify the Customer of any requests from a regulator or any other authority in relation to Personal Data that is being processed on behalf of the Customer, given that request resulted in disclosure of Personal Data to the regulator or any other authority.
### Further support for the customer
The Processor shall, taking into account the nature of the processing and the information available to it, assist the Customer in complying with its obligations in connection with the security of the processing, any notifications of personal data breaches, and any data protection impact assessments.
The Processor shall, taking into account the nature of the processing and the information available to it, assist the Customer in complying with its obligations in connection with the security of the processing, any notifications of [Security Incidents](#security-incidents), and any data protection impact assessments.
### Security incidents
The Processor will notify the Customer of any incident, meaning breach of security or other action or inaction leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data covered under this (***Security Incident"**) without undue delay, and will promptly provide the Customer with all reasonable information concerning the Security Incident insofar as it affects the Customer.
If possible, the Processor will promptly implement measures proposed in the notification.
Insofar required the Processor will assist the Customer in notifying any applicable regulatory authority.
### Deletion or destruction after termination
@ -69,7 +94,8 @@ Upon Customer's request, the Processor shall delete personal data received after
### Information and control rights of the customer
The Processor shall provide the Customer with all information necessary to demonstrate compliance with the obligations set forth in this annex. It shall enable and contribute to audits, including inspections, carried out by the Customer or an auditor appointed by the Customer.
The Processor shall provide the Customer with all information necessary to demonstrate compliance with the obligations set forth in this annex or to respond to requests from an applicable supervisory authority, subject to the confidentiality terms in the Framework Agreement.
The Processor shall enable and contribute to audits, including inspections, carried out by the Customer or an auditor appointed by the Customer.
The procedure to be followed in the event of directions that are presumed to be unlawful is governed by the section [Bound by directions](#bound-by-directions) of this Appendix.
@ -84,7 +110,7 @@ The following measures for pseudonymization and encryption exist:
1. All communication is encrypted with TLS &gt;1.2 with PFS
2. Critical data is exclusively stored in encrypted form
3. Storage media that store customer data are always encrypted
4. Passwords are irreversibly stored with a hash function (bcrypt)
4. Passwords are irreversibly stored with a hash function
5. Data for web analytics are pseudonymized and do not contain any personal data
### Ensuring certain properties of the systems and services
@ -93,8 +119,10 @@ The following measures for pseudonymization and encryption exist:
The following confidentiality measures exist:
1. Implementation of information security policies
2. Implementation of secure authentication policies
1. Information security policies
2. Authentication policies
3. Vendor management policies
4. Technical measures in this annex
#### Integrity
@ -135,9 +163,3 @@ The following measures exist for regular review, assessment and evaluation of ef
1. At least annual audit and evaluation of processes within the framework of an information security management system
2. Responsible Disclosure and Bug Bounty policies
3. External audit of system security ("penetration testing")
## Entry into force
This agreement is valid from 15.07.2022.
Last revised: June 14, 2022

87
docs/docs/legal/onboarding-support.md
View File

@ -1,87 +0,0 @@
---
title: Description of onboarding support services for ZITADEL
sidebar_label: Onboarding support
custom_edit_url: null
---
This annex of the [Framework Agreement](terms-of-service) describes the onboarding support services offered by us for our services.
Last revised: October 12, 2023
Our onboarding support should help you, as a new customer, to get a better understanding on how to integrate ZITADEL into your solution, how to tackle the migration, and ensure a highly-available day-to-day operation.
Onboarding support services can be offered to customers that enter a ZITADEL Cloud or a ZITADEL Enterprise subscription.
If you intend to use the open source version exclusively then please join our community chat or Github.
Your questions might help other people in the community and will make our project better over time.
Please [contact us](https://zitadel.com/contact) for a quote and to get started with onboarding support.
Below you will find topics covered and scope of the offered services.
## Proof of value
Within a short time-frame, f.e. 3 weeks, we can show the value of using our services and have the ability to establish the proof a of working setup for your most critical use cases.
We may offer to support you during an initial period to evaluate next steps.
Before the start of the period we may ask you to provide a description of your critical use cases and a high-level overview of your planned integration architecture.
During this period you should make sure that you have the necessary resources on your side to complete the proof of value.
## Onboarding term
With the onboarding support we provide the initial knowledge transfer to configure and operate ZITADEL.
During the term you will get direct access to our engineering team via [Technical Account Management](./support-services.md#technical-account-manager).
Duration is typically 3 months but this could vary depending on your requirements.
We offer an onboarding term in combination with ZITADEL Enterprise subscriptions.
### Topics covered
Topics of the onboarding term may include:
- Administration
- DevOps (Operation)
- Architecture
- Integration
- Migration
- Security Best Practices & Go-Live Checkup
The scope will be tailored to your requirements.
More details
- IAM Configuration
- Walk-though all features
- Users / Manuals
- Authentication & Management APIs
- Validation of tokens
- Client integration best-practices
- Event types
- Database schemas and compute models
- Accessing database
- Observability (Logs, Errors, Metrics, Tracing)
- Operations best practices (Deployment, Backup, Networking etc.)
- Check prerequisites and architecture
- Troubleshoot installation and configuration of ZITADEL
- Troubleshoot and configuration connectivity to the database
- Functional testing of the ZITADEL instance
<details>
<summary>Out of scope</summary>
<ul>
<li>Performance testing</li>
<li>Setting up or maintaining backup storage</li>
<li>Running multiple ZITADEL instances on the same cluster</li>
<li>Integration into internal monitoring and alerting</li>
<li>Multi-cluster architecture deployments</li>
<li>DNS, Network and Firewall configuration</li>
<li>Customer-specific Kubernetes configuration needs</li>
<li>Non-production environments</li>
<li>Production deployment</li>
<li>Application-side coding, configuration, or tuning</li>
</ul>
</details>
## Continuous support
After the onboarding phase has ended we will provide continuous support according to your subscription.
We can provide you with continued access to the technical account management in our Enterprise subscriptions.

19
docs/docs/legal/acceptable-use-policy.md → docs/docs/legal/policies/acceptable-use-policy.md
View File

@ -3,7 +3,9 @@ title: Acceptable Use Policy
custom_edit_url: null
---
This policy is an annex to the [Terms of Service](terms-of-service) and clarifies your obligations while using our Services.
Last updated on November 15, 2023
This policy is an annex to the [Terms of Service](../terms-of-service) and clarifies your obligations while using our Services.
## Use
@ -17,13 +19,22 @@ You may not:
4. Attempt to probe, scan, penetrate or test the vulnerability of our Subscription Services, Website, systems, or network or try to circumvent our authentication. Any penetration testing must not be conducted without prior written consent by CAOS.
5. Use any organization or domain name that includes or is confusingly similar with trademarks, or any third parties. CAOS may determine any violation at its sole discretion
6. Collecting any information about our Customers, our Customers users, or our users without the consent of the person identified. This includes phishing, social engineering, scamming, spidering or harvesting information from any Subscription Service or Website
7. Use Actions to run workloads that are unrelated to the Subscription Services and Websites, such as excessively calling unrelated third party services, crypto mining, intentionally long running code
## Fair Use Principle
## Fair use principles
The “fair use” principle applies to the use of our services. We optimize our infrastructure in such a way that sufficient capacity is available to you even during short-term increased demand (“peaks”) and implement mitigation measures such as our [Rate Limit Policy](rate-limit-policy). You are nonetheless required to adhere to reasonable use of our resources in order to avoid negatively affecting the services for other customers.
The “fair use” principle applies to the use of our services.
We optimize our infrastructure in such a way that sufficient capacity is available to you even during short-term increased demand (“peaks”) and implement mitigation measures such as our [Rate Limit Policy](rate-limit-policy).
You are nonetheless required to adhere to reasonable use of our resources in order to avoid negatively affecting the services for other customers.
You agree that we may delete any data on our systems or networks, if CAOS believes that this data may corrupt our systems, interfere or may compromise other customers' data.
You agree to adhere to the following fair use limits:
- [Actions minutes](../service-description/billing.md#action-minutes): A monthly limit of 1'000 Action minutes per instance
- Usage limits that were agreed by both parties in advance for the duration of the term
## Violations of this policy
We may suspend or terminate your usage of our Services for any violation of this Acceptable Use Policy. You will not be entitled to any Financial Credit or compensation for any interruptions caused by violation of this policy.
We may suspend or terminate your usage of our Services for any violation of this Acceptable Use Policy.
You will not be entitled to any Financial Credit or compensation for any interruptions caused by violation of this policy.

8
docs/docs/legal/policies/account-lockout-policy.md
View File

@ -4,6 +4,8 @@ sidebar_label: Account Lockout Policy
custom_edit_url: null
---
Last updated on May 31, 2023
This policy is an annex to the [Terms of Service](../terms-of-service) that clarifies your obligations and our procedure handling requests where you can't get access to your ZITADEL Cloud services and data. This policy is applicable to situations where we, ZITADEL, need to restore your access for a otherwise available service and not in cases where the services are unavailable.
## Why to do we have this policy?
@ -55,9 +57,3 @@ Please visit the [support page in the customer portal](https://zitadel.cloud/adm
Please allow us time to validate your request.
Our support will get back to you to request additional information for verification.
## Entry into force
This policy is valid from May 31, 2023.
Last revised May 31, 2023

45
docs/docs/legal/policies/brand-trademark-policy.md Normal file
View File

@ -0,0 +1,45 @@
---
title: Use of brands and trademarks
sidebar_label: Brand and Trademark Policy
custom_edit_url: null
---
Last updated on November 15, 2023
This policy is an annex to the [Terms of Service](../terms-of-service) that clarifies how you may use our brands and trademarks under fair use.
We reserve the right to object to any use or misuse of brands and trademarks in any jurisdiction worldwide.
If you are unsure about the use of our logos, please contact [legal@zitadel.com](mailto:legal@zitadel.com).
## Conditions
ZITADEL's brand assets and trademarks are proprietary assets owned exclusively by us.
No third party may claim ownership over brand assets and trademarks or brands and trademarks that are confusingly similar. This extends to all trademarks in image, textform, combined image and text, visual, and audio.
You must not include our brands and trademarks in the name of your product or service wether commercial or non-commercial, this includes, but is not limited to, websites, blogs, informational, advertising, and personal home pages, applications.
## Spelling
When referring to ZITADEL, please make sure it is spelled correctly and written in uppercase letters.
## Logo usage
When embedding our logo, always use the official version.
You must not alter the logo in any way, and avoid overlapping with other images.
To ensure the logo is used as intended, we provide specific examples below and reserve the right to object to any use or misuse.
### Fair use
- Use in architecture diagrams without implying affiliation or partnership
- Editorial and informational purposes such as blog posts or news articles
- Linking back to our [website](https://zitadel.com), official [repositories](https://github.com/zitadel), or [documentation](https://zitadel.com/docs)
- Indicating that the software is available for use or installation without implying any affiliation or endorsement
### Not acceptable
- Using our brands and trademarks, including our logo, or any variations for your own product or services
- Modification of our brands and trademarks
- Integration of our brands and trademarks into your own brands and trademarks
- Suggesting affiliation, endorsement, or partnership without our consent

8
docs/docs/legal/policies/feature-development-policy.md
View File

@ -3,6 +3,8 @@ title: Feature Development Policy
custom_edit_url: null
---
Last updated on September 25, 2023
This policy clarifies how we handle requests for feature prioritization and development. This policy is applicable to situations where a user wants to prioritize certain features or development for our products and services.
## Why to do we have this policy?
@ -49,9 +51,3 @@ We will send you an invoice and expect payment within the given deadline.
Completion means that the agreed scope is available according to the agreed acceptance criteria.
You had 14 days to verify the acceptance criteria and report any issues.
A feature is considered complete, if the outstanding issues are being solved, or a timeline for resolution of the issues has been mutually agreed, or if we haven't got any response within the last 14 days.
## Entry into force
This policy is valid from September 25, 2023.
Last revised September 25, 2023

20
docs/docs/legal/privacy-policy.mdx → docs/docs/legal/policies/privacy-policy.mdx
View File

@ -2,9 +2,9 @@
title: Privacy Policy
custom_edit_url: null
---
import PiidTable from './_piid-table.mdx';
import PiidTable from '../_piid-table.mdx';
## Introduction
Last updated on November 15, 2023
This privacy policy applies to CAOS Ltd., the websites it operates (including zitadel.ch, zitadel.cloud and zitadel.com) and the services and products it provides (including ZITADEL). This privacy policy describes how we process personal data for the provision of this websites and our products.
@ -86,7 +86,11 @@ The fulfillment of the contract includes in particular, but is not limited to, t
## Disclosure to third parties
We use third-party services to provide the website and our offers. An up-to-date list of all the providers we use and their areas of activity can be found on our "[Trust Page](https://zitadel.com/trust)".
### Third party sub-processors
We use third-party services to provide the website and our offers. An up-to-date list of all the providers we use and their areas of activity can be found on our [list of involved and approved sub-processors](../subprocessors).
### External payment providers
This website uses external payment service providers through whose platforms users and we can make payment transactions. For example via
@ -99,8 +103,12 @@ The data processed by the payment service providers includes personal data, such
For payment transactions, the terms and conditions and the data protection notices of the respective payment service providers apply, which can be accessed within the respective website or transaction applications. We also refer to these for the purpose of further information and assertion of revocation, information and other rights concerned.
### Law enforcement
We disclose personal information to law enforcement agencies, investigative authorities or in legal proceedings to the extent we are required to do so by law or when necessary to protect our rights or the rights of users.
### Visitor analytics
We also share data with third parties in aggregate form and/or in a form that does not allow the recipient to identify the data subject from that data third parties, for example for analytics.
## Cookies
@ -180,9 +188,3 @@ We may amend this privacy policy at any time without prior notice. Always the cu
## Questions about data processing by us
If you have any questions about our data processing, please email us or contact the person in our organization listed at the beginning of this privacy statement directly.
## Entry into force
This privacy policy is valid from July 15, 2022.
Last revised: December 2, 2022

4
docs/docs/legal/rate-limit-policy.md → docs/docs/legal/policies/rate-limit-policy.md
View File

@ -3,7 +3,9 @@ title: Rate Limit Policy
custom_edit_url: null
---
This policy is an annex to the [Terms of Service](terms-of-service) and clarifies your obligations while using our Services, specifically how we will use rate limiting to enforce certain aspects of our [Acceptable Use Policy](acceptable-use-policy).
Last updated on April 20, 2023
This policy is an annex to the [Terms of Service](../terms-of-service) and clarifies your obligations while using our Services, specifically how we will use rate limiting to enforce certain aspects of our [Acceptable Use Policy](acceptable-use-policy).
## Why do we rate limit

8
docs/docs/legal/vulnerability-disclosure-policy.mdx → docs/docs/legal/policies/vulnerability-disclosure-policy.mdx
View File

@ -3,6 +3,8 @@ title: Vulnerability Disclosure Policy
custom_edit_url: null
---
Last updated on March 16, 2023
At ZITADEL we are extremely grateful for security aware people who disclose vulnerabilities to us and the open source community.
All reports will be investigated by our team and we will work with you closely to validate and fix vulnerabilities reported to us.
@ -86,9 +88,3 @@ In case we have confirmed your report, we may compensate you, given prior writte
- incurred during research for using our paid services
- on time & material spend on analysis after confirming your report
## Entry into force
This policy is valid from March 16, 2023.
Last revised March 16, 2023

81
docs/docs/legal/service-description/billing.md Normal file
View File

@ -0,0 +1,81 @@
---
title: Pricing and billing of ZITADEL services
sidebar_label: Billing
custom_edit_url: null
---
Last updated on November 15, 2023
This annex of the [Framework Agreement](../terms-of-service) describes the pricing and billing of our Services.
## Pricing
You can find pricing information on our [website](https://zitadel.com/pricing).
### Enterprise pricing
Customer and ZITADEL may agree on an individual per-customer pricing via an Enterprise Agreement.
## Billing Metrics
### Monthly amount
Monthly amount means the available usage per measure for one billing period.
The amount is reset to zero with the start of a new billing period.
### Daily active user (DAU)
Daily Active Users (DAU) are counted as users who authenticate or refresh their token during the given day.
To calculate the monthly amount we take the sum of DAU over a given month.
Included are users that either login with local accounts or users that login with an external identity provider.
Service users that authenticate or access the management API are counted against Daily Active Users.
### Active external identity providers
To calculate the monthly amount we take maximum activated external identity providers on each day over a given month.
Excluded are configured identity providers that are not activated.
### Action minutes
Action minutes mean execution time, rounded up to 1 second, of custom code execution via a customer defined Action.
### Management API requests
Management API requests means any request to the following API endpoints requiring a valid authorization header.
Excluded are requests with a server error, public endpoints, health endpoints, and endpoints to load UI assets.
Management endpoints:
- /zitadel.*
- /v2alpha*
- /v2beta*
- /admin*
- /management*
- /system*
### Admin users
Admin users means users within the customer portal that can manage a customer's account including billing, instances, analytics and additional services.
### Audit trail history (events)
Audit trail history (events) means past events that can be retrieved via API or GUI.
Typically all changes to any object in within ZITADEL are saved as events and can be used for audit trail and analytics purposes.
The number of past events that can be retrieved may be limited by your subscription.
### Access and runtime logs (logs)
Access and runtime logs (logs) means logs that are available about your instance.
Logs may contain information about success or failure reasons for API requests and Action executions, output from Actions, rate limit violations, and system health.
You might be able to retrieve logs only for a limited period of time based on your subscription.
### Custom domains
Custom domains mean domains that you can configure to reach your ZITADEL instance.
By default ZITADEL creates a custom domain for you when creating new instances.
Besides the included amount each additional custom domain is charged.
## Payment cycle
If not agreed otherwise, the payment frequency is monthly.
Your invoice will contain both pre-paid items for the current billing period and usage-based charges from the last billing period.

62
docs/docs/legal/service-description/cloud-service-description.md Normal file
View File

@ -0,0 +1,62 @@
---
title: Service description for ZITADEL Cloud and ZITADEL Enterprise
sidebar_label: Service description
custom_edit_url: null
---
Last updated on November 15, 2023
This annex of the [Framework Agreement](../terms-of-service) describes the services offered by us.
## Services offered
### ZITADEL Cloud
[ZITADEL Cloud](https://zitadel.com) is a fully managed cloud service of the [ZITADEL software](https://github.com/zitadel).
You will benefit from the same software as the open-source project, but we take care of the hosting, maintenance, backup, scaling, and operational security. The cloud service is managed and maintained by the team that also develops the software.
When creating a new instance, you are able to choose a [data location](#data-location).
We follow a single-provider strategy by minimizing the involved [sub-processors](../subprocessors.md) to increase security, compliance, and performance of our services. [Billing](./billing.md) is based on effective usage of our services.
### Enterprise license / self-hosted
The ZITADEL Enterprise license allows you to use the [ZITADEL software](https://github.com/zitadel) on your own data center or private cloud.
You will benefit from the transparency of the open source and the hyper-scalability of the same software that is being used to operate [ZITADEL Cloud](#zitadel-cloud).
#### Benefits over using open source / community license
- [Enterprise supported features](support-services) are only supported under an Enterprise license
- Individual [onboarding support](./support-services#onboarding-support) tailored to your needs and team
- Get access to our support with a [Service Level Agreement](support-services#service-level-agreement) that is tailored to your needs
- Benefit from personal [technical account management](support-services#technical-account-manager) provided by our engineers to help you with architecture, integration, migration, and operational improvements of your setup
#### Benefits over ZITADEL Cloud
You can reduce your supply-chain risks by removing us as sub-processor of personal information about your users.
Support staff will have no access to your infrastructure and will only provide technical support.
Operation and direct maintenance of ZITADEL will be done by you.
You can freely choose the infrastructure and location to host ZITADEL.
## Data location
Data location refers to a region, consisting of one or many countries or territories, where the customer's data is being hosted.
We can not guarantee that during transit the data will only remain within this region. We take measures, as outlined in our [privacy policy](../policies/privacy-policy), to protect your data in transit and in rest.
The following regions will be available when using our cloud service. This list is for informational purposes and will be updated in due course, please refer to our website for all available regions at this time.
- **Global**: All available cloud regions offered by our cloud provider
- **Switzerland**: Exclusively on Swiss region
- **GDPR safe countries**: Hosting location is within any of the EU member states and [Adequate Countries](https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en) as recognized by the European Commission under the GDPR
## Backup
Our backup strategy executes daily full backups and differential backups on much higher frequency.
In a disaster recovery scenario, our goal is to guarantee a recovery point objective (RPO) of 1h, and a higher but similar recovery time objective (RTO).
Under normal operations, RPO and RTO goals are below 1 minute.
If you you have different requirements we provide you with a flexible approach to backup, restore, and transfer data (f.e. to a self-hosted setup) through our APIs.
Please consult the [migration guides](/docs/guides/migrate/introduction.md) for more information.

41
docs/docs/legal/service-level-description.md → docs/docs/legal/service-description/service-level-description.md
View File

@ -1,33 +1,42 @@
---
title: Service Level
title: Service level description for ZITADEL Cloud
sidebar_label: Service Level
custom_edit_url: null
---
## Introduction
Last updated on November 15, 2023
This annex of the [Framework Agreement](terms-of-service) describes the service levels offered by us for our Services (ZITADEL Cloud).
Last revised: June 14, 2022
This annex of the [Framework Agreement](../terms-of-service) describes the service levels offered by us for our Services (ZITADEL Cloud).
## Definitions
**Monthly Uptime Percentage** means total number of minutes in a month, minus the number of minutes of Downtime suffered from all Downtime Periods in a month, divided by the total number of minutes in a month.
### Monthly Uptime Percentage
**Downtime Period** means a period of one or more consecutive minutes of Downtime. Partial minutes or intermittent Downtime for a period of less than one minute will not count towards any Downtime Period.
Monthly Uptime Percentage means total number of minutes in a month, minus the number of minutes of Downtime suffered from all Downtime Periods in a month, divided by the total number of minutes in a month.
**Downtime** means any period of time in which Core Services are not Available within the Region of the customers organization. Downtime excludes any time in which ZITADEL Cloud is not Available because of
### Downtime Period
Downtime Period means a period of one or more consecutive minutes of Downtime. Partial minutes or intermittent Downtime for a period of less than one minute will not count towards any Downtime Period.
### Downtime
Downtime means any period of time in which Core Services are not Available within the Region of the customers organization. Downtime excludes any time in which ZITADEL Cloud is not Available because of
- [Announced maintenance work](/docs/support/software-release-cycles-support#maintenance)
- Emergency maintenance
- Force majeure events.
**Available** means that Core Services of ZITADEL Cloud respond to Customer Requests in such a way that results in a Successful Minute. The Availability of Core Services will be monitored from CAOS facilities from black-box monitoring jobs.
### Available
**Successful Minute** means a minute in which ZITADEL cloud is not repeatedly returning Failed Customer Requests and includes minutes in which no Customer Request were made.
Available means that Core Services of ZITADEL Cloud respond to Customer Requests in such a way that results in a Successful Minute. The Availability of Core Services will be monitored from CAOS facilities from black-box monitoring jobs.
**Customer Requests** means a HTTP request made by a Customer or a Customers users to Core Services within the Customers organizations region.
### Customer Requests
**Successful Minute** means a minute in which ZITADEL Cloud is not repeatedly returning Failed Customer Requests and includes minutes in which no Customer Requests were made.
Customer Requests means a HTTP request made by a Customer or a Customers users to Core Services within the Customers organizations region.
### Successful Minute
Successful Minute means a minute in which ZITADEL Cloud is not repeatedly returning Failed Customer Requests and includes minutes in which no Customer Requests were made.
Failed Customer Request means Customer Requests that
@ -39,14 +48,18 @@ This excludes specifically:
- Failed Customer Requests due to malformed requests, client-side application errors outside of ZITADEL Clouds control
- Customer Requests that do not reach ZITADEL Cloud Core Services
**Core Services** means the following ZITADEL Cloud Services and APIs:
### Core Services
- **Authentication API** Endpoints
Core Services means the following ZITADEL Cloud Services and APIs:
- **Authentication API** Endpoints including the session endpoints
- **OpenID Connect 1.0 / OAuth 2.0 API** Endpoints
- **SAML 2.0** Endpoints
- **Login Service** means the graphical user interface of ZITADEL Cloud for users to Login, Self-Register, and conduct a Password Reset.
- **Identity Brokering Service** means the component of ZITADEL Cloud that handles federated authentication of users with third-party identity provider, excluding any failure or misconfiguration by the third-party
### Financial Credit
**Financial Credit** means the percent of the monthly subscription fee applicable to the month in which the guaranteed service level was not met, according to the actual achieved monthly uptime percentage, as shown in the following table
Achieved vs. Guaranteed| 99.50% | 99.90% | 99.95%

254
docs/docs/legal/service-description/support-services.mdx Normal file
View File

@ -0,0 +1,254 @@
---
title: Support service description for ZITADEL
sidebar_label: Support service
custom_edit_url: null
---
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
Last updated on November 15, 2023
This annex of the [Framework Agreement](../terms-of-service) and the [Support Service Terms and Conditions](../annex-support-services) describes the support services offered by us for our Services.
Support Services for products and services provided by ZITADEL is offered to customers according to the terms and conditions outlined in this document.
The customer may purchase support services from ZITADEL (CAOS Ltd.) directly.
## Service Level Agreement
ZITADEL provides a Service Level Agreement for support of the [services offered](./cloud-service-description.md#services-offered).
Depending on your subscription plan you might be eligible to the following support service level agreement.
### ZITADEL Cloud
Based on your subscription plan you may be eligible for the support services as outlined in this document.
You may purchase additional premium support plans which replace the default support features.
#### Support in subscription plans
Support features for ZITADEL Cloud subscriptions are as follows:
Subscription Plans | Free | Production | Enterprise Cloud
--- | --- | --- | ---
[Support hours](#support-hours) | Business hours | Business hours | bespoke (up to 24x7)
[Response Time](#slo---initial-response-time) (Severity 1) | Best effort | 48 business hours | bespoke (as low as 30min)
[Community support](#community-support) | yes | yes | yes
[Professional support](#professional-support) | no | yes | yes
[Enterprise supported features](/docs/support/software-release-cycles-support.md#enterprise-supported) | no | no | yes
[Technical Account Management](#technical-account-manager) | no | no | bespoke
#### Extended support
Extended support can be added to ZITADEL Cloud subscription plans.
The default support features will be replaced as follows:
Extended support | Default
--- | ---
[Support hours](#support-hours) | [Extended hours](#extended-hours)
[Response Time](#slo---initial-response-time) (Severity 1) | 1 business hour
[Community support](#community-support) | yes
[Professional support](#professional-support) | yes
[Enterprise supported features](/docs/support/software-release-cycles-support.md#enterprise-supported) | no
[Technical Account Management](#technical-account-manager) | no
### ZITADEL Enterprise / self-hostable
With ZITADEL Enterprise you become eligible for support plans according to your purchase order for self-hosting ZITADEL.
Please refer to the [service description](./cloud-service-description.md#enterprise-license--self-hosted) for an overview of ZITADEL Enterprise.
ZITADEL Enterprise self-hostable| Default
--- | ---
[Support hours](#support-hours) | bespoke (up to 24x7)
[Response Time](#slo---initial-response-time) (Severity 1) | bespoke (as low as 30min)
[Community support](#community-support) | yes
[Professional support](#professional-support) | yes
[Enterprise supported features](/docs/support/software-release-cycles-support.md#enterprise-supported) | yes
[Technical Account Management](#technical-account-manager) | bespoke
## Description of support services
### Support hours
#### Business hours
Business hours means 08:00-17:00 Monday - Friday Switzerland time (or as per agreement with the customer). All times exclude public holidays in Switzerland / Canton St. Gallen.
#### Extended hours
Extended hours means 07:00-19:00 Monday - Friday Switzerland time (or as per agreement with the customer). All times exclude public holidays in Switzerland / Canton St. Gallen.
### Ticket
Ticket means a discrete technical or non-technical issue that was submitted by the customer and exists in the support portal. A ticket includes a record of all communication associated with the issue.
### SLO - Initial response time
ZITADEL service level objective (SLO) for Support Services is defined in terms of initial response time to a support request, as outlined in the table below per plan.
ZITADEL will use reasonable efforts to resolve support requests, but does not guarantee a work-around, resolution or resolution time.
Subscription Plans | Default | Extended SLA | Custom
--- | --- | --- | ---
Severity 1| Best effort | 1 business hour | up to 30min
Severity 2| Best effort | 2 business hour | 2 business hours
Severity 3| Best effort | 12 business hour | 12 business hours
Severity 4| Best effort | 24 business hour | 24 business hours
If we fail to provide the initial response time objective, you will be entitled to service credits. For every 15 minutes exceeding the state objective, 1 day will be added as extension to the current term.
### Communication
#### Community support
Community support for ZITADEL is available on our website, our [public chat](https://zitadel.com/chat), and [GitHub](https://github.com/zitadel/).
#### Professional support
- Support is available in English
- Default contact: Whenever customers require support, Customers should consult the documentation of the service or product or post a question to our community
- When Customer is eligible for support services through a Subscription Plan, Customer may contact ZITADEL support via the following channels
Support Feature | Contact information
--- | ---
Ticket | Submit an issue via the [customer portal](https://zitadel.com/admin/support)
eMail Support | support@zitadel.com
Chat Support | Private chat channel between ZITADEL and Customer that is opened when Subscription becomes active
Phone Support | +41 43 215 27 34
- ZITADEL Cloud system status, incidents and maintenance windows will be communicated via [our status page](https://status.zitadel.com).
- Questions regarding pricing, billing, and invoicing of our services should be addressed to billing@zitadel.com
- Security related questions and incidents can also be directly addressed to security@zitadel.com
### Technical account manager
ZITADEL will enhance its support offering by providing eligible clients with a Technical Account Manager (TAM), who will perform the following tasks for up to the agreed amount of time during the term of service:
- Provide support and advice regarding best practices on platform, product and configuration covered by the applicable Support Services;
- Participate in review calls every other week at mutually agreed times addressing customers operational challenges or complex support requests;
- Walk-through of new features and customer feedback.
We offer TAM services only bundled with specific subscription plans, and the option to add more TAM hours per period to these plans.
If you require consulting for your projects, please request a quote via our [website](https://zitadel.com/contact).
### Onboarding support
Our onboarding support should help you, as a new customer, to get a better understanding on how to integrate ZITADEL into your solution, how to tackle the migration, and ensure a highly-available day-to-day operation.
Onboarding support services can be offered to customers that enter a ZITADEL Cloud or a ZITADEL Enterprise subscription.
If you intend to use the open-source version exclusively then please join our community chat or GitHub.
Your questions might help other people in the community and will make our project better over time.
Please [contact us](https://zitadel.com/contact) for a quote and to get started with onboarding support.
Below you will find topics covered and scope of the offered services.
#### Proof of value
Within a short time-frame, f.e. 3 weeks, we can show the value of using our services and have the ability to establish the proof a of working setup for your most critical use cases.
We may offer to support you during an initial period to evaluate next steps.
Before the start of the period we may ask you to provide a description of your critical use cases and a high-level overview of your planned integration architecture.
During this period you should make sure that you have the necessary resources on your side to complete the proof of value.
#### Onboarding term
With the onboarding support we provide the initial knowledge transfer to configure and operate ZITADEL.
During the term you will get direct access to our engineering team via [Technical Account Management](#technical-account-manager).
Duration is typically 3 months but this could vary depending on your requirements.
We offer an onboarding term in combination with ZITADEL Enterprise subscriptions.
#### Topics covered
The scope will be tailored to your requirements.
Topics of the onboarding term may include
- Administration
- DevOps (Operation)
- Architecture
- Integration
- Migration
- Security Best Practices & Go-Live Checkup
<Tabs>
<TabItem value="in" label="Topics in scope">
<ul>
<li>IAM Configuration</li>
<li>Walk-though all features</li>
<li>Users / Manuals</li>
<li>Authentication & Management APIs</li>
<li>Validation of tokens</li>
<li>Client integration best-practices</li>
<li>Event types</li>
<li>Database schemas and compute models</li>
<li>Accessing database</li>
<li>Observability (Logs, Errors, Metrics, Tracing)</li>
<li>Operations best practices (Deployment, Backup, Networking etc.)</li>
<li>Check prerequisites and architecture</li>
<li>Troubleshoot installation and configuration of ZITADEL</li>
<li>Troubleshoot and configuration connectivity to the database</li>
<li>Functional testing of the ZITADEL instance</li>
</ul>
</TabItem>
<TabItem value="out" label="Topics out of scope" default>
<ul>
<li>Performance testing</li>
<li>Setting up or maintaining backup storage</li>
<li>Running multiple ZITADEL instances on the same cluster</li>
<li>Integration into internal monitoring and alerting</li>
<li>Multi-cluster architecture deployments</li>
<li>DNS, Network and Firewall configuration</li>
<li>Customer-specific Kubernetes configuration needs</li>
<li>Non-production environments</li>
<li>Production deployment</li>
<li>Application-side coding, configuration, or tuning</li>
</ul>
</TabItem>
</Tabs>
## Support
### Support request
ZITADEL agrees to handle support incidents in the following scenarios:
1. Service, product or configuration as provided by ZITADEL contains errors or critical security-related issues
2. Service or product requires upgrades or changes through the customer
3. Service or product has incorrect or missing documentation
Support features include:
- Answer questions regarding usage of specific features or configurations
- Provide high-level suggestions regarding appropriate usage, features or configurations
- Assist in troubleshooting of issues to isolate potential root cause
- Document and advise alternative solutions for reported defects
Excluded are broader consulting & customer-specific engineering requests regarding use of our products and services. Moreover support requests from Customers end users must be handled by the Customer directly.
### Support service process
The customer may submit support requests (“ticket”) through any means of eligible communication channels, consisting of
- Single discrete problem, issue, or request
- Initial severity level and impact statement for assessment
- Description of the issue and if possible a description of the observed and expected behavior, steps to reproduce the issue, evidence that issue is not caused by connectivity / compute, relevant anonymized log-files etc.
- All information requested by ZITADEL as we resolve the ticket (e.g. system logs)
ZITADEL will review the case information and determine the severity level (see below), working with the customer to assess the urgency of the request and use reasonable efforts to respond to support requests within the initial response time.
ZITADEL will use reasonable efforts to resolve support request as defined below, but does not guarantee a workaround, resolution or resolution time.
Severity Level | Description
--- | ---
**Severity 1**<br/> Critical / Service down| <p>Widespread failure or complete unavailability of ZITADEL Core Services. </p><p> ZITADEL will use continuous effort to provide a workaround or permanent solution. When Core Services are available, the severity will be lowered to the new appropriate level.</p>
**Severity 2**<br/> Core functionality unavailable or severely degraded| <p>Core Services of ZITADEL software continue to operate in severely restricted fashion, yet long-term productivity may be impacted.</p><p> When Core Services are no longer severely degraded (eg, through a viable workaround or release), the severity level will be lowered to Severity 3.</p>
**Severity 3**<br/>Standard support request| <p>Partial and non-critical loss of ZITADEL software functionality or major software defect, yet a workaround exists for viable long-term operation.</p><p>ZITADEL will continue to work on developing permanent resolution.</p>
**Severity 4**<br/>Non-urgent request| <p>Defined as follows: <ul><li>Request for information or general query</li><li>Feature request</li><li>Performance issues and little to none functional impact</li><li>Defects with workarounds and little to low functional impact</li></ul></p>
<p>ZITADEL will continue to work on developing permanent resolution and response to general requests. ZITADEL does not provide a timeline or guarantee to include any feature requests.</p>
### Escalation
The customer may escalate support requests following the escalation process:
1. For non-urgent needs, the client may request management escalation within the ticket. A manager will review the request and provide a response within one business day.
2. For urgent needs, the client may escalate directly by calling +41 43 456 84 69 and emailing to [hi@zitadel.com](mailto:hi@zitadel.com). A manager will review the request and provide response within two business hours.
If we fail to provide a response to the escalation, you will be entitled to service credits. For every 15 minutes exceeding the state objective, 1 day will be added as extension to the current term.

21
docs/docs/legal/subprocessors.md Normal file
View File

@ -0,0 +1,21 @@
---
title: Third party sub-processors for ZITADEL
sidebar_label: Third Party Sub-Processors
custom_edit_url: null
---
Last updated on November 15, 2023
In order to achieve the best possible transparency we publish which sub-processors and services we use to provide ZITADEL and related services.
The table shows what activity each entity performs.
More information about each activity is provided directly below.
This explains the limited processing of customer data the entity is authorized to perform.
We regularly audit all data processing agreements that we have with our sub-processors to guarantee that they adhere to the same level of privacy as ours to protect your personal data.
The following table indicates which sub-processors have access to end-user data. We try to minimize the number of sub-processors that handle end-user data on our behalf to reduce any vendor related risks.
Some providers are used by default, but you can opt-out of the default provide and replace the sub-processor by a provider of your choice.
import { SubProcessorTable } from "../../src/components/subprocessors";
<SubProcessorTable />

138
docs/docs/legal/support-services.md
View File

@ -1,138 +0,0 @@
---
title: Support Services
custom_edit_url: null
---
## Introduction
This annex of the [Framework Agreement](terms-of-service) and the [Support Service Terms and Conditions](terms-support-service) describes the support services offered by us for our Services.
Support Services for products and services provided by ZITADEL is offered to customers according to the terms and conditions outlined in this document.
The customer may purchase support services from ZITADEL (CAOS Ltd.) directly.
Last revised: October 6, 2023
## Support Services
**Business hours** means 08:00-17:00 Monday - Friday Switzerland time (or as per agreement with the customer). All times exclude public holidays in Switzerland / Canton St. Gallen.
**Extended hours** means 07:00-19:00 Monday - Friday Switzerland time (or as per agreement with the customer). All times exclude public holidays in Switzerland / Canton St. Gallen.
**Ticket** means a discrete technical or non-technical issue that was submitted by the customer and exists in the support portal. A ticket includes a record of all communication associated with the issue.
## Description of Services
### Cloud
Support features for cloud subscriptions are as follows:
Subscription Plans | Default | Extended SLA | Custom
--- | --- | --- | ---
Support hours | Business hours | Business hours | up to 24x7
Response Time (Severity 1) | Best effort | 1 business hour | bespoke
eMail Support | yes | yes | yes
Phone Support | no | no | optional
Chat Support | no | no | optional
If you want to add a [Technical Account Manager](#technical-account-manager) or need assistance during onboarding, please [get in touch](https://zitadel.com/contact).
### Self-hosting
Support plans for self-hosting according to your purchase order.
Customers can define the SLA and additional support options, such as
- Support Hours (business, extended, 24x7) along different severities
- SLO [Initial response time](#slo---initial-response-time)
- [Technical account manager](#technical-account-manager)
- Communication channels
### SLO - Initial response time
ZITADEL service level objective (SLO) for Support Services is defined in terms of initial response time to a support request, as outlined in the table below per plan.
ZITADEL will use reasonable efforts to resolve support requests, but does not guarantee a work-around, resolution or resolution time.
Subscription Plans | Default | Extended SLA | Custom
--- | --- | --- | ---
Severity 1| Best effort | 1 business hour | up to 30min
Severity 2| Best effort | 2 business hour | 2 business hours
Severity 3| Best effort | 12 business hour | 12 business hours
Severity 4| Best effort | 24 business hour | 24 business hours
If we fail to provide the initial response time objective, you will be entitled to service credits. For every 15 minutes exceeding the state objective, 1 day will be added as extension to the current term.
### Communication
- Support is available in Swiss-German, German, and English
- Default contact: Whenever customers require support, Customers should consult the documentation of the service or product or post a question to our community.
- When Customer is eligible for support services through a Subscription Plan, Customer may contact ZITADEL support via the following channels
Support Feature | Contact information
--- | ---
eMail Support | support@zitadel.com
Chat Support | Private chat channel between ZITADEL and Customer that is opened when Subscription becomes active
Phone Support | +41 43 215 27 34
- ZITADEL Cloud system status, incidents and maintenance windows will be communicated via [our status page](https://status.zitadel.com).
- Questions regarding pricing, billing, and invoicing of our services should be addressed to billing@zitadel.com
- Security related questions and incidents can also be directly addressed to security@zitadel.com
### Technical account manager
ZITADEL will enhance its support offering by providing eligible clients with a Technical Account Manager (TAM), who will perform the following tasks for up to the specified amount of time per week during the term of service:
- Provide support and advice regarding best practices on platform, product and configuration covered by the applicable Support Services;
- Participate in review calls every other week at mutually agreed times addressing customers operational challenges or complex support requests;
- Walk-through of new features and customer feedback.
We offer TAM services only bundled with specific subscription plans, and the option to add more TAM hours to these plans.
If you require consulting for your projects, please request a quote via our [website](https://zitadel.com/contact).
## Support
### Support request
ZITADEL agrees to handle support incidents in the following scenarios:
1. Service, product or configuration as provided by ZITADEL contains errors or critical security-related issues
2. Service or product requires upgrades or changes through the customer
3. Service or product has incorrect or missing documentation
Support features include:
- Answer questions regarding usage of specific features or configurations
- Provide high-level suggestions regarding appropriate usage, features or configurations
- Assist in troubleshooting of issues to isolate potential root cause
- Document and advise alternative solutions for reported defects
Excluded are broader consulting & customer-specific engineering requests regarding use of our products and services. Moreover support requests from Customers end users must be handled by the Customer directly.
### Support service process
The customer may submit support requests (“ticket”) through any means of eligible communication channels, consisting of
- Single discrete problem, issue, or request
- Initial severity level and impact statement for assessment
- Description of the issue and if possible a description of the observed and expected behavior, steps to reproduce the issue, evidence that issue is not caused by connectivity / compute, relevant anonymized log-files etc.
- All information requested by ZITADEL as we resolve the ticket (e.g. system logs)
ZITADEL will review the case information and determine the severity level (see below), working with the customer to assess the urgency of the request and use reasonable efforts to respond to support requests within the initial response time.
ZITADEL will use reasonable efforts to resolve support request as defined below, but does not guarantee a workaround, resolution or resolution time.
Severity Level | Description
--- | ---
**Severity 1**<br/> Critical / Service down| <p>Widespread failure or complete unavailability of ZITADEL Core Services. </p><p> ZITADEL will use continuous effort to provide a workaround or permanent solution. When Core Services are available, the severity will be lowered to the new appropriate level.</p>
**Severity 2**<br/> Core functionality unavailable or severely degraded| <p>Core Services of ZITADEL software continue to operate in severely restricted fashion, yet long-term productivity may be impacted.</p><p> When Core Services are no longer severely degraded (eg, through a viable workaround or release), the severity level will be lowered to Severity 3.</p>
**Severity 3**<br/>Standard support request| <p>Partial and non-critical loss of ZITADEL software functionality or major software defect, yet a workaround exists for viable long-term operation.</p><p>ZITADEL will continue to work on developing permanent resolution.</p>
**Severity 4**<br/>Non-urgent request| <p>Defined as follows: <ul><li>Request for information or general query</li><li>Feature request</li><li>Performance issues and little to none functional impact</li><li>Defects with workarounds and little to low functional impact</li></ul></p>
<p>ZITADEL will continue to work on developing permanent resolution and response to general requests. ZITADEL does not provide a timeline or guarantee to include any feature requests.</p>
### Escalation
The customer may escalate support requests following the escalation process:
1. For non-urgent needs, the client may request management escalation within the ticket. A manager will review the request and provide a response within one business day.
2. For urgent needs, the client may escalate directly by calling +41 43 456 84 69 and emailing to [hi@zitadel.com](mailto:hi@zitadel.com). A manager will review the request and provide response within two business hours.
If we fail to provide a response to the escalation, you will be entitled to service credits. For every 15 minutes exceeding the state objective, 1 day will be added as extension to the current term.

104
docs/docs/legal/terms-of-service.md
View File

@ -2,28 +2,29 @@
title: Terms of Service Agreement
custom_edit_url: null
---
Last updated on November 15, 2023
## General
### Introduction
CAOS Ltd. (**"We"**, **CAOS AG**, or simply **CAOS**), with head office in Lerchenfeldstrasse 3, 9014 St. Gallen, Switzerland, offers "Identity and Access Management as service" with the brand name "ZITADEL Cloud Services" and all of our Websites (**Services** or **ZITADEL Cloud**).
CAOS Ltd. (**"We"**, **ZITADEL**, **CAOS AG**, or simply **CAOS**), with head office in Lerchenfeldstrasse 3, 9014 St. Gallen, Switzerland, offers "Identity and Access Management as service" with the brand name "ZITADEL Cloud Services" and all of our Websites (**Services** or **ZITADEL Cloud**).
The customer relationship (**Framework Agreement** or **The Agreement**) is created by the **Customer** (**"you"**) by creating a user or organization within the ZITADEL Cloud Service. On the basis of this Framework Agreement you may then choose to make use of payable services (**Subscription**) as you wish, i.e. you may book services, options and packages yourself at any time (**Booking**, **Purchase Order**) and subsequently terminate them.
The customer relationship (**Framework Agreement** or **The Agreement**) is created by the **Customer** (**"you"**) by creating a user or organization within the ZITADEL Cloud Service or with signature of a purchase order between you and ZITADEL (jointly referred to as **Parties**).
On the basis of this Framework Agreement you may then choose to make use of payable services (**Subscription**) as you wish, i.e. you may book services, options and packages yourself at any time (**Booking**, **Purchase Order**, **PO**) and subsequently terminate them.
The terms of service (**"TOS"**) outlined in this document establish the most important points of this Framework Agreement independently of the use of any services.
This Agreement has the following appendices. When you enter the Agreement with us, you accept these agreements.
* [**Data Processing Agreement**](data-processing-agreement) - How we process personal data on behalf of you
* [**Service Description**](cloud-service-description) - What service we offer under this agreement
* [**Service Level Description**](service-level-description) - What service levels do we guarantee you
* [**Support Service Descriptions**](support-services) - How we provide support services to you
* [**Service Descriptions**](./service-description/) - How we provide services to yo
* [**Policies**](./policies/) - Policies that apply for use of our services
* [**Enterprise Agreement**](./annex-support-services/) - Annex for Enterprise Agreement and Support Services
The following policies complement the TOS. When accepting the TOS, you accept these policies.
* [**Privacy Policy**](privacy-policy) - How we process personal data on our websites and products
* [**Acceptable Use Policy**](acceptable-use-policy) - What we understand as acceptable and fair use of our Services
* [**Rate Limit Policy**](rate-limit-policy) - How we avoid overloads of our services
The outlined policies complement these terms of service.
When accepting the TOS, you accept these policies.
### Alterations
@ -37,15 +38,23 @@ You may only transfer the Framework Agreement or Services used in the context of
### Type and scope of the services
We provide the Services under the conditions stated on our websites at the time of booking.
We provide the Services under the conditions stated on our websites, or the latest customer specific purchase order, at the time of booking.
### Modifications of services offered
We are entitled to offer new services, to withdraw existing services (**Termination**) or to modify the specifications and prices of existing services (**Modification**) at any time. If the modification or termination affects a service that you are using at that time, we will inform you via email that said service will be automatically modified and/or is no longer available after a period of 30 days.
We are entitled to offer new services, to withdraw existing services (**Termination**) or to modify the specifications and prices of existing services (**Modification**) at any time.
If the modification or termination affects a service that you are using at that time, we will inform you via email that said service will be automatically modified and/or is no longer available after a period of 30 days.
If such modification would have a disadvantageous impact on the Customer use of service, ZITADEL and Customer must discuss the change with the Customer first and, to the best of its ability, find a solution that is acceptable to both Parties.
If such a solution cannot be found, ZITADEL may implement the modification and Customer may submit notice of termination of the relevant Service (email is sufficient) before the modification becomes effective without being obliged to pay contractual penalties or termination fees.
ZITADEL may modify the prices for a service after the minimum term of the agreement.
### Modification of services booked by you
You may change or terminate Services or Subscriptions booked by you at any time. You may, where applicable, add more Services (e.g. add-ons) to your existing Services at any time.
You may change or terminate Services or Subscriptions booked by you at any time.
You may, where applicable, add more Services (e.g. add-ons) to your existing Services at any time.
Modifications will take effect in the next billing period, or as agreed otherwise between the Parties.
Changing services booked by you requires a new purchase order, stating the new conditions of the services after Modification, to be accepted by the Parties.
### Due care
@ -55,21 +64,34 @@ The [Annex of the data processing agreement](data-processing-agreement#annex-reg
### Support
We offer Support Services directly related to the use of our Services. The Description of Support Services is available as [Annex](support-services) to this document.
We offer Support Services directly related to the use of our Services.
The Description of Support Services is available as [Annex](./service-description/support-services) to this document.
Customers without a subscription can contact us via the official [communication channels](https://zitadel.com/contact).
### Limited influence
Be advised that the scope of our influence is limited. For example, the actual accessibility of a service is also dependent on the connection to and between various Internet Service Providers ("ISPs"). Portions of our services, i.e. software components, may also be beyond our influence and be subject to their own contractual conditions. You accept that in such cases we reject any responsibility.
The parties may enter a service level agreement, as specified in our [Support Service Description](./service-description/support-services), for booked Support Services.
Only named persons in the Purchase Order, or as agreed in writing (email is sufficient) may use the Support Services to interact with ZITADEL.
### Service level
Customers with a Subscription may be eligible for a SLA as outlined in our [Service Level Description](service-level-description).
Customers with a Subscription may be eligible for a SLA as outlined in our [Service Level Description](./service-description/service-level-description).
### Service credit
Failure to provide the agreed service level objectives during the term of the Agreement results in compensation via service credits, as outlined in the [Annex](./service-description/support-services) per service level objective.
Customer must request service credit and must notify ZITADEL in writing (email sufficient) within 30 days of becoming eligible for service credit and must prove failure of ZITADEL to meet the stated objective.
ZITADEL will confirm or reject the claim with reasons for a refusal within 10 days.
Service credit will in no case be paid as a cash equivalent.
No further guarantees are provided.
### Limited influence
Be advised that the scope of our influence is limited. For example, the actual accessibility of a service is also dependent on the connection to and between various Internet Service Providers ("ISPs").
Portions of our services, i.e. software components, may also be beyond our influence and be subject to their own contractual conditions. You accept that in such cases we reject any responsibility.
### Inclusion of third parties
We may include third parties in the provision of our services. See our [Privacy Policy](privacy-policy) and our [Data Processing Agreement](data-processing-agreement) for more information.
We may include third parties in the provision of our services. See our [Privacy Policy](./policies/privacy-policy), [Third Party Sub-Processor List](subprocessors), and our [Data Processing Agreement](data-processing-agreement) for more information.
## Your obligations
@ -79,11 +101,12 @@ At our request you will provide your truthful contact information and keep it up
### Use
You will ensure that the use of our Websites and Services by you or third parties complies with all applicable legislation, these these TOS, and our [Acceptable Use Policy](acceptable-use-policy) at all times.
You will ensure that the use of our Websites and Services by you or third parties complies with all applicable legislation, this Agreement, any Annexes and policies, specifically the [Acceptable Use Policy](./policies/acceptable-use-policy), at all times.
### Security
You will take appropriate measures to prevent any misuse of the services you booked. These include, for example, securing the software used and the prompt installation of security updates as well as using suitably secure passwords.
You will take appropriate measures to prevent any misuse of the services you booked.
These include, for example, securing the software used and the prompt installation of security updates as well as using suitably secure passwords.
### Disaster recovery
@ -107,11 +130,13 @@ You will ensure that your vicarious agents, customers and third parties fulfill
### Credit and payment
Signup to our Services does not require you to open a payment account. However, a payment account is required for the purchase of our Subscriptions. The costs for the services you have purchased will be debited periodically from your payment account.
Signup to our Services does not require you to open a payment account.
However, a payment account is required for the purchase of our Subscriptions.
The costs for the services you have purchased will be debited periodically from your payment account or must be paid according to the purchase order.
### Payment procedure
If payment upon invoice is agreed, the payment deadline shall be 30 days after receipt of the invoice.
If payment upon invoice is agreed, the payment deadline shall be 30 days after receipt of the invoice, or as stated in the purchase order.
### Offsetting
@ -127,13 +152,17 @@ In the event of default we reserve the right to transfer our claim to a collecti
You may terminate the Framework Agreement at any time by ceasing your use of the services and deleting your customer account on our website.
For purchase orders, the term must be terminated by providing written notice (email is sufficient) of termination at least 30 days prior to the end of the term.
### Termination by us
We may terminate the Framework Agreement at any time via email message with a notice period of 90 days. Any use of the services will cease at the end of this period and the Framework Agreement will be terminated.
### Automatic termination
If you have neither used services nor made payment for a period of 3 years, the Framework Agreement will be considered automatically terminated at the end of this period.
If you have neither used services nor made payment for a period of 180 days, the Framework Agreement will be considered automatically terminated at the end of this period.
If you have a Subscription to any free plans, that don't require payment, we automatically the Framework Agreement will be considered automatically terminated after 30 days without any Daily Active User on the Unit.
### No reimbursement
@ -157,21 +186,26 @@ In the event of the termination of the contract, we reserve the right to irrevoc
## Data protection
Please consult the annex to this Framework Agreement, specifically our [Privacy Policy](privacy-policy) and [Data Processing Agreement](data-processing-agreement), or our [Trust Site](https://zitadel.com/trust/) for more information about how we process and protect your data.
Please consult the annex to this Framework Agreement, specifically our [Privacy Policy](./policies/privacy-policy), [Data Processing Agreement](data-processing-agreement), [Third Party Sub-Processors](subprocessors), and or our [Trust Site](https://zitadel.com/trust/) for more information about how we process and protect your data.
## Liability
### Our liability
We and/or third parties which we involve are only liable for demonstrably willful or grossly negligent damages. Our liability per damage event is limited to the value of the services used during the previous contractual year. Any liability in other cases, for consequential damages or lost profits is hereby excluded.
We and/or third parties which we involve are only liable for demonstrably willful or grossly negligent damages.
Our liability per damage event is limited to the value of the services used during the previous contractual year.
Any liability in other cases, for consequential damages or lost profits is hereby excluded.
### Your liability
You are liable for all damages and costs arising from the illegal or non-contractual use of the services which you have booked. We in particular reserve the right to invoice you for any additional costs incurred by us in this context.
You are liable for all damages and costs arising from the illegal or non-contractual use of the services which you have booked.
We in particular reserve the right to invoice you for any additional costs incurred by us in this context.
### Force majeure
You acknowledge that we may be partially or entirely unable to provide our services during and/or as a result of events beyond our influence. These include events such as natural disasters, war, terrorism, sabotage, attacks on our infrastructure (i.e. DoS/DDoS attacks), failure of electrical or data connections and unexpected official requirements. We are not liable for any damages in such cases.
You acknowledge that we may be partially or entirely unable to provide our services during and/or as a result of events beyond our influence.
These include events such as natural disasters, war, terrorism, sabotage, attacks on our infrastructure (i.e. DoS/DDoS attacks), failure of electrical or data connections and unexpected official requirements.
We are not liable for any damages in such cases.
## Final provision
@ -187,12 +221,10 @@ The exclusive place of jurisdiction is St. Gallen, Switzerland.
Should any provision of these TOS be or become invalid, this shall not affect the validity of the remaining TOS. The invalid provision will be replaced by a valid one which approximates the invalid one as much as possible.
### Entry into force
These TOS shall enter into force as of 15.07.2022.
Last revised: May 12, 2023
### Amendments
We are entitled to unilaterally amend these TOS at any time. The current version is accessible via our website. We will inform you of any amendments via email. These amendments shall be considered as accepted upon booking additional services or at the latest after 30 days. In the case of a rejection on your part we reserve the right to terminate the Framework Agreement.
We are entitled to unilaterally amend this Agreement at any time.
The current version is accessible via our website.
We will inform you of any amendments via email.
These amendments shall be considered as accepted upon booking additional services or at the latest after 30 days.
In the case of a rejection on your part we reserve the right to terminate the Framework Agreement.

222
docs/docs/legal/terms-support-service.md
View File

@ -1,222 +0,0 @@
---
title: Terms and Conditions for Support Services
custom_edit_url: null
---
## General
### Introduction
CAOS Ltd. (**"We"**, **CAOS AG**, or simply **CAOS**), with head office located at Lerchenfeldstrasse 3, 9014 St. Gallen, Switzerland, offers amongst other services and websites (**Services**) as well commercial support services (**Support Services**) for units of CAOS software products (**Unit**), if not otherwise defined a Unit refers to a is a single, dedicated setup of an application or service.
The customer relationship (**Framework Agreement** or **The Agreement**) is created by the **Customer** (**"you"**) by accepting a **Purchase Order** (**"PO"**) for the specified Support Services (**Booking**). Jointly you and CAOS will be referred to as **the Parties**. The terms of service (**"TOS"**) outlined in this document establish the most important points of this Framework Agreement independently of the use of any other services.
This Agreement has the following appendices. When you enter the Agreement with us, you accept these agreements.
* [**Data Processing Agreement**](data-processing-agreement) - How we process personal data on behalf of you
* [**Support Service Descriptions**](support-services) - How we provide support services to you
* [**Acceptable Use Policy**](acceptable-use-policy) - What we understand as acceptable and fair use of our Services
### Alterations
Any provisions which deviate from these TOS must be agreed in writing (email sufficient) between the Customer and us. Such agreements shall take precedence over the TOS outlined in this document.
### Transfer
You may only transfer the Framework Agreement or Services used in the context of the Framework Agreement to third parties with our prior written consent.
### Term
Coverage under this Agreement will start with Booking of Support Services, for a minimum period of 12 months. Support Services agreements will automatically renew for additional one year terms upon submission of a purchase order for renewal, unless either you or CAOS provides written notice (email sufficient) of termination of any such term. Each renewal will be at CAOS' then-current rate. In the event that you accesses CAOS Support services in any way after the Agreement has expired or been terminated, you will continue to be bound by this Agreement, which will continue to apply to the services after such expiration or termination.
## Our Services
### Type and scope of the services
We provide the Services under the conditions stated on our websites and the PO at the time of booking.
### Modifications of services offered
We are entitled to offer new services, to withdraw existing services (**Termination**) or to modify the specifications and prices of existing services (**Modification**) at any time. If the modification or termination affects a service that you are using at that time, we will inform you via email that said service will be automatically modified and/or is no longer available after a period of 30 days.
If such modification would have a disadvantageous impact on the Customer use of service, CAOS and Customer must discuss the change with the Customer first and, to the best of its ability, find a solution that is acceptable to both Parties. If such a solution cannot be found, CAOS may implement the modification and Customer may submit notice of termination of the relevant Service (email is sufficient) before the modification becomes effective without being obliged to pay contractual penalties or termination fees. CAOS may modify the prices for a service after the minimum term of the agreement.
### Modification of services booked by you
You may change or terminate Services booked by you at any time. Modifications will take effect in the next billing period, or as agreed otherwise between the Parties. Changing services booked by you requires a new PO, stating the new conditions of the services after Modification, to be accepted by the Parties.
### Due care
We take all appropriate physical and electronic precautions to ensure the security and availability of our infrastructure and the service offered thereupon, in particular to protect against unauthorized access to data, data loss, failures and misuse.
The [Annex of the data processing agreement](data-processing-agreement#annex-regarding-security-measures) outlines the measures we take in more detail.
### Support Service
The Description of Support Services is available as [Annex](support-services) to this document.
The parties may enter a service level agreement, as specified in our [Support Service Description](support-services), for booked Support Services. Only named persons in the Purchase Order, or as agreed in writing (email is sufficient) may use the Support Services to interact with CAOS.
### Service credit
Failure to provide the agreed service level objectives during the term of the Agreement results in compensation via service credits, as outlined in the [Annex](support-services) per service level objective.
Customer must request service credit and must notify CAOS in writing (email sufficient) within 30 days of becoming eligible for service credit and must prove failure of CAOS to meet the stated objective. CAOS will confirm or reject the claim with reasons for a refusal within 10 days. Service credit will in no case be paid as a cash equivalent. No further guarantees are provided.
### Service review
If not otherwise agreed, CAOS offers a yearly review meeting with you to discuss the service quality and any feedback you might have. We are not required to participate in the meeting after the term has expired.
### Limited influence
Be advised that the scope of our influence is limited. For example, the actual accessibility of a service is also dependent on the connection to and between various Internet Service Providers ("ISPs"). Portions of our services, i.e. software components, may also be beyond our influence and be subject to their own contractual conditions. You accept that in such cases we reject any responsibility.
### Inclusion of third parties
We may include third parties in the provision of our services. See our [Privacy Policy](privacy-policy) and our [Data Processing Agreement](data-processing-agreement) for more information.
## Your obligations
### Contact information
At our request you will provide your truthful contact information and keep it updated at all times. You must also ensure that you actually receive messages, in particular emails, intended for you.
### Use
You will ensure that the use of our Websites and Services by you or third parties complies with all applicable legislation, these TOS, and our [Acceptable Use Policy](acceptable-use-policy) at all times.
### Maintenance of units
You will ensure that units eligible for Support Service are maintained and upgraded frequently. If you operate units with a release date older than 180 days since our latest stable release, the term is continued but CAOS is not required to handle any support request for that unit until the units are upgraded and recertified.
### Support Process
You will ensure to follow the support process, especially provide all required initial information to the issue, as outlined in the [Annex](support-services) to this document.
### Training of support staff
You will ensure regular training of your support staff. Your support staff must be able to provide the required information for support issues to us, and thus requires access and up-to-date knowledge of the services.
Initial know-how transfer for the services will be organized in training sessions conducted by us. We can provide knowledge sessions throughout the term to train newly onboarded staff, update your support staff about important updates, or refresh knowledge in specified areas. In case we notice insufficient quality of support requests from Customers, we will propose appropriate training sessions.
### Security
You will take appropriate measures to prevent any misuse of the services you booked. These include, for example, securing the software used and the prompt installation of security updates as well as using suitably secure passwords.
### Disaster recovery
Any liability for damages, indirect or direct, in case of data loss is explicitly rejected.
### Reporting obligations
You will immediately report any knowledge of a misuse of your booked services.
### Cooperation
If the maintenance of service quality requires your cooperation, for example to remedy errors in the services you use, you will provide said cooperation promptly and free of charge.
### Third party obligations
You will ensure that your vicarious agents, customers and third parties fulfill these obligations as well.
## Financial
### Payment
Fees for the initial or any subsequent term of Support Services booked will be due and payable net 30 days from date of invoice. All payments to CAOS will be made in CHF or EUR to our bank account, as indicated in the PO.
### Offsetting
Offsetting against a counterclaim is prohibited.
### Collection
In the event of default we reserve the right to transfer our claim to a collections agency. You will bear any resulting costs insofar as legally permissible.
### Lapsed Service Fee
In case the term of the Support Service contract has expired within 1 to 180 days, you will be required to pay a Lapsed Service fee in addition to purchasing and activating a one-year renewal contract term at the then-current fee and conditions. The renewal term's start date will also be backdated to begin coverage from the service's original expiration date.
Please contact us for current fees.
### Recertification Fee
Recertification of a unit, to be covered under Support Services, is required for:
* units for which Support Services have been expired for more than 180 days
* units that run a release that is older than 180 days from the products most recent stable release
* requests for support on products and services purchased or supported from non-authorized resellers
Recertification of a unit requires payment of a Recertification Fee which results in a checkup of the unit by CAOS. The unit will be inspected to asses its condition and eligibility for service coverage.
Please contact us for current fees.
## Termination
### Termination by you
You may terminate the Framework Agreement by providing written notice (email is sufficient) of termination at least 30 days prior to the end of the term.
### Termination by us
We may terminate the Framework Agreement at any time via email message with a notice period of 90 days. Any use of the services will cease at the end of this period and the Framework Agreement will be terminated.
### No reimbursement
Any remaining credit shall automatically expire upon termination of the Framework Agreement.
### Termination of services
We are entitled to suspend and terminate services used by you if
* Your credit has been used up by services and/or any applicable credit limit has been reached;
* You are in default in the payment of open invoices and/or prompt payment seems unlikely (i.e. in the event of insolvency proceedings);
* Your services were used illegally or in breach of contract, or if there is reasonable suspicion of such use (i.e. in the event of complaints or abuse reports);
* We consider the suspension or termination of the services to be necessary for the protection of ourselves, our infrastructure or other customers.
We reserve the right to immediately terminate the Framework Agreement in such cases.
### Deletion of data
In the event of the termination of the contract, we reserve the right to irrevocably delete all of your data.
## Data protection
Please consult the annex to this Framework Agreement, specifically our [Privacy Policy](privacy-policy) and [Data Processing Agreement](data-processing-agreement), or our [Trust Site](https://zitadel.com/trust/) for more information about how we process and protect your data.
## Liability
### Our liability
We and/or third parties which we involve are only liable for demonstrably willful or grossly negligent damages. Our liability per damage event is limited to the value of the services used during the previous contractual year. Any liability in other cases, for consequential damages or lost profits is hereby excluded.
### Your liability
You are liable for all damages and costs arising from the illegal or non-contractual use of the services which you have booked. We in particular reserve the right to invoice you for any additional costs incurred by us in this context.
### Force majeure
You acknowledge that we may be partially or entirely unable to provide our services during and/or as a result of events beyond our influence. These include events such as natural disasters, war, terrorism, sabotage, attacks on our infrastructure (i.e. DoS/DDoS attacks), failure of electrical or data connections and unexpected official requirements. We are not liable for any damages in such cases.
## Final provision
### Applicable law
The Framework Agreement is subject to Swiss law.
### Place of jurisdiction
The exclusive place of jurisdiction is St. Gallen, Switzerland.
### Severability clause
Should any provision of these TOS be or become invalid, this shall not affect the validity of the remaining TOS. The invalid provision will be replaced by a valid one which approximates the invalid one as much as possible.
### Entry into force
These TOS shall enter into force as of 15.07.2022.
Last revised: June 14, 2022
### Amendments
We are entitled to unilaterally amend these TOS at any time. The current version is accessible via our website. We will inform you of any amendments via email. These amendments shall be considered as accepted upon booking additional services or at the latest after 30 days. In the case of a rejection on your part we reserve the right to terminate the Framework Agreement.

2
docs/docs/self-hosting/manage/productionchecklist.md
View File

@ -32,7 +32,7 @@ To apply best practices to your production setup we created a step by step check
- [ ] Use a Layer 7 Web Application Firewall to secure ZITADEL that supports **[HTTP/2](/docs/self-hosting/manage/http2)**
- [ ] Limit the access by IP addresses if needed
- [ ] Secure the access by rate limits for specific endpoints (e.g. API vs frontend) to secure availability on high load. See the [ZITADEL Cloud rate limits](/docs/legal/rate-limit-policy) for reference.
- [ ] Secure the access by rate limits for specific endpoints (e.g. API vs frontend) to secure availability on high load. See the [ZITADEL Cloud rate limits](/docs/legal/policies/rate-limit-policy) for reference.
- [ ] Check that your firewall also filters IPv6 traffic
### ZITADEL configuration

4
docs/docs/support/software-release-cycles-support.md
View File

@ -16,7 +16,7 @@ Supported features are those that are guaranteed to work as intended and are ful
If you encounter any issues with a supported feature, please contact us by creating a [bug report](https://github.com/zitadel/zitadel/issues/new/choose).
We will review the issues according to our [product management process](https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md#product-management).
In case you are eligible to [support services](/docs/legal/support-services) get in touch via one of our support channels and we will provide prompt response to the issues you may experience and make our best effort to assist you to find a resolution.
In case you are eligible to [support services](/docs/legal/service-description/support-services) get in touch via one of our support channels and we will provide prompt response to the issues you may experience and make our best effort to assist you to find a resolution.
:::info Security Issues
Please report any security issues immediately to the indicated address in our [security.txt](https://zitadel.com/.well-known/security.txt)
@ -24,7 +24,7 @@ Please report any security issues immediately to the indicated address in our [s
### Enterprise supported
Enterprise supported features are those where we provide support only to users eligible for enterprise [support services](/docs/legal/support-services).
Enterprise supported features are those where we provide support only to users eligible for enterprise [support services](/docs/legal/service-description/support-services).
These features should be functional for eligible users, but may have some limitations for a broader use.
If you encounter issues with an enterprise supported feature and you are eligible for enterprise support services, we will provide a prompt response to the issues you may experience and make our best effort to assist you to find a resolution.

2
docs/docusaurus.config.js
View File

@ -143,7 +143,7 @@ module.exports = {
},
{
label: "Privacy Policy",
href: "/legal/privacy-policy",
href: "/legal/policies/privacy-policy",
},
],
},

38
docs/sidebars.js
View File

@ -428,7 +428,7 @@ module.exports = {
{
type: 'link',
label: 'Support Service Descriptions',
href: '/legal/support-services',
href: '/legal/service-description/support-services',
},
{
type: 'category',
@ -631,7 +631,7 @@ module.exports = {
{
type: 'link',
label: 'Rate Limits (Cloud)', // The link label
href: '/legal/rate-limit-policy', // The internal path
href: '/legal/policies/rate-limit-policy', // The internal path
},
],
selfHosting: [
@ -700,23 +700,23 @@ module.exports = {
items: [
"legal/terms-of-service",
"legal/data-processing-agreement",
"legal/subprocessors",
"legal/annex-support-services",
{
type: "category",
label: "Service Description",
collapsed: false,
items: [
"legal/cloud-service-description",
"legal/service-level-description",
"legal/support-services",
"legal/onboarding-support",
],
link: {
type: "generated-index",
title: "Service description",
slug: "/legal/service-description",
description: "Description of services and service levels for ZITADEL Cloud and Enterprise subscriptions.",
},
{
type: "category",
label: "Support Program",
collapsed: true,
items: [
"legal/terms-support-service",
{
type: 'autogenerated',
dirName: 'legal/service-description',
}
],
},
{
@ -730,13 +730,11 @@ module.exports = {
description: "Policies and guidelines in addition to our terms of services.",
},
items: [
"legal/privacy-policy",
"legal/acceptable-use-policy",
"legal/rate-limit-policy",
"legal/policies/account-lockout-policy",
"legal/policies/feature-development-policy",
"legal/vulnerability-disclosure-policy",
],
{
type: 'autogenerated',
dirName: 'legal/policies',
}
]
},
]
},

169
docs/src/components/subprocessors.jsx Normal file
View File

@ -0,0 +1,169 @@
import React from "react";
export function SubProcessorTable() {
const country_list = {
us: "USA",
eu: "EU",
ch: "Switzerland",
fr: "France",
in: "India",
de: "Germany",
ee: "Estonia",
nl: "Netherlands",
ro: "Romania",
}
const processors = [
{
entity: "Google LLC",
purpose: "Cloud infrastructure provider (Google Cloud), business applications and collaboration (Workspace), Data warehouse services, Content delivery network, DDoS and bot prevention",
hosting: "Region designated by Customer, United States",
country: country_list.us,
enduserdata: "Yes (transit)"
},
{
entity: "Cockroach Labs, Inc.",
purpose: "Managed database services: Dedicated CockroachDB clusters on Google Cloud",
hosting: "Region designated by Customer",
country: country_list.us,
enduserdata: "Yes (at rest)"
},
{
entity: "Datadog, Inc.",
purpose: "Infrastructure monitoring, log analytics, and alerting",
hosting: country_list.eu,
country: country_list.us,
enduserdata: "Yes (logs)"
},
{
entity: "Github, Inc.",
purpose: "Source code management, code scanning, dependency management, security advisory, issue management, continuous integration",
hosting: country_list.us,
country: country_list.us,
enduserdata: false
},
{
entity: "Stripe Payments Europe, Ltd.",
purpose: "Subscription management, payment process",
hosting: country_list.us,
country: country_list.us,
enduserdata: false
},
{
entity: "Bexio AG",
purpose: "Customer management, payment process",
hosting: country_list.ch,
country: country_list.ch,
enduserdata: false
},
{
entity: "Mailjet SAS",
purpose: "Marketing automation",
hosting: country_list.eu,
country: country_list.fr,
enduserdata: false
},
{
entity: "Postmark (AC PM LLC)",
purpose: "Transactional mails, if no customer owned SMTP service is configured",
hosting: country_list.us,
country: country_list.us,
enduserdata: "Yes (opt-out)"
},
{
entity: "Vercel, Inc.",
purpose: "Website hosting",
hosting: country_list.us,
country: country_list.us,
enduserdata: false
},
{
entity: "Agolia SAS",
purpose: "Documentation search engine (zitadel.com/docs)",
hosting: country_list.us,
country: country_list.in,
enduserdata: false
},
{
entity: "Discord Netherlands BV",
purpose: "Community chat (zitadel.com/chat)",
hosting: country_list.us,
country: country_list.us,
enduserdata: false
},
{
entity: "Statuspal",
purpose: "ZITADEL Cloud service status announcements",
hosting: country_list.us,
country: country_list.de,
enduserdata: false
},
{
entity: "Plausible Insights OÜ",
purpose: "Privacy-friendly web analytics",
hosting: country_list.de,
country: country_list.ee,
enduserdata: false,
dpa: 'https://plausible.io/dpa'
},
{
entity: "Twillio Inc.",
purpose: "Messaging platform for SMS",
hosting: country_list.us,
country: country_list.us,
enduserdata: "Yes (opt-out)"
},
{
entity: "Mohlmann Solutions SRL",
purpose: "Global payroll",
hosting: undefined,
country: country_list.ro,
enduserdata: false
},
{
entity: "Remote Europe Holding, B.V.",
purpose: "Global payroll",
hosting: undefined,
country: country_list.nl,
enduserdata: false
},
{
entity: "Clickhouse, Inc.",
purpose: "Data warehouse services",
hosting: country_list.us,
country: country_list.us,
enduserdata: false
},
]
return (
<table className="text-xs">
<tr>
<th>Entity name</th>
<th>Purpose</th>
<th>End-user data</th>
<th>Hosting location</th>
<th>Country of registration</th>
</tr>
{
processors
.sort((a, b) => {
if (a.entity < b.entity) return -1
if (a.entity > b.entity) return 1
else return 0
})
.map((processor, rowID) => {
return (
<tr>
<td key={rowID}>{processor.entity}</td>
<td>{processor.purpose}</td>
<td>{processor.enduserdata ? processor.enduserdata : 'No'}</td>
<td>{processor.hosting ? processor.hosting : 'n/a'}</td>
<td>{processor.country}</td>
</tr>
)
})
}
</table>
);
}

4
docs/src/css/apicard.module.css
View File

@ -2,9 +2,7 @@
text-decoration: none;
}
.apicard h3,
h4,
h5 {
.apicard.h3, .apicard.h4, .apicard.h5 {
margin: 0.5rem 0 0 0;
}

1
docs/src/css/custom.css
View File

@ -102,6 +102,7 @@
--font-color-strong: #000000;
--ifm-navbar-link-hover-color: #000000;
--ifm-heading-color: #000000;
--ifm-h4-font-size: 1.2rem;
--ifm-color-success-contrast-foreground: #0e6245;
--ifm-color-success-contrast-background: #cbf4c9;
--ifm-color-success-dark: #0e6245;