Acceptable Use Policy
This Acceptable Use Policy, from now on (“this Policy”), applies to users accessing Inbenta Holdings Inc’s. (“Inbenta”) software, information Assets and Information Systems (“our Services”).
The purpose of this document is to define clear rules for the use of the information assets provided or arranged by Inbenta Holdings Inc.
We may modify this Policy at any time by posting a revised version on our website. By using our Services, clients agree to the latest version of this Policy. If clients fail to fulfill with the terms of this Policy or authorise or help others to do so, we may suspend or terminate the client’s use of our Services.
Information Systems: cloud servers, network infrastructure, system and application software, and other computer subsystems and components which are owned or used by Inbenta or which are under Inbenta’s responsibility. The use of an Information System also includes the use of all internal or external services, such as Internet access, e-mail, etcetera.
Information Assets: in the context of this Policy, the term Information Assets is applied to Information Systems and other information/data irrespective of form, i.e. electronic information and paper documents.
Users: in the context of this Policy, the term “users” refers to any individual accessing Inbenta Holdings Inc’s. (“Inbenta”) software, information Assets and Information Systems (“our Services”).
Instance: in the context of this Policy, an Instance represents each environment that Inbenta provides to the Customer for the use of the Service, with its dedicated KnowledgeBase, usage dashboards and API keys.
I. Responsibilities of the client
Clients are responsible for all activities that occur under their instances, regardless of whether they authorise those activities or undertaken by them, by their employees or by a third party (including contractors and End Users). Inbenta and our affiliates are not responsible for unauthorised access to the client’s instances.
Clients must use the Information Systems only for purposes for which they have been authorised, i.e. for which they have been granted access rights.
Clients must take all reasonable precautions to safeguard any credentials (for example, a username and password, email address, smart card or other security token) and must not, directly or indirectly, allow another person or organisation to use their access rights, i.e. username, and must not attempt to obtain or use anyone else’s credentials.
Access to Inbenta’s Information Systems will only be granted to duly authenticated users through a unique and secure username and strong password combination (a minimum of 8 alphanumeric characters, where a minimum 1 uppercase letter, plus a minimum of 1 symbol and a minimum of 1 number) that must be renewed periodically. Clients must only allow authorised employees to manage their accounts and are responsible for all content and transactions related to those accounts.
Clients will ensure that their Content and their and End Users’ use of their Content will not violate this Policy and any applicable law. Clients are solely responsible for the development, operation, maintenance, and privacy compliance and use of their content.
Clients are responsible for properly integrating, configuring and using our Services and otherwise taking appropriate action to secure, protect and backup their instances and their Content in a manner that will provide appropriate security and protection.
This must include the use of data encryption both in transit and at rest, and the use of our obfuscator tool, when possible, to protect user’s personal information from unauthorised access and exposure.
If clients becomes aware of any violation of this Policy, they must immediately notify Inbenta and provide us with assistance, as requested, to stop or remedy the violation.
Contact channels: Support Center
4. End Users
Clients are responsible for End Users’ use of the clients’ Content and our Services.
Clients shall ensure that all End Users comply with the client’s’ obligations under this Policy and that the terms of the clients’ security and privacy policies with each End User are consistent with this Policy.
II. Acceptable use of our Information Assets and Information Systems
Clients shall not use our software to compromise the security or integrity of any network, computer or communications system, software application, or network or computing device or personal data, or in a manner that unnecessarily weakens the performance of the information system or poses a security threat. Non authorized activities include:
- Illegal, harmful or fraudulent activities: to create, transmit or manipulate information with the intent to defraud, to gain personal profit or other uses beyond those established by contract agreement.
- Infringing content: to create, transmit or manipulate information such that this infringes the intellectual property rights of Inbenta, or break the terms of licences for software or other material, as established in our General Terms of Service.
- Harmful Content: to disrupt Inbenta’s systems, deny access to them, or corrupt or destroy their data.
- To access, delete, modify or disclose Information Assets belonging to Inbenta without our permission, including attempting to probe, scan, or test the vulnerability of a System or to breach any security or authentication measures used by a System.
- Avoiding System Restrictions. Using manual or electronic means to avoid any use limitations placed on a System, such as access and storage restrictions.
- Interception. To monitor the use of information or communication systems without the explicit permission of Inbenta. This would include monitoring of network traffic; network and/or device discovery; Wi-Fi traffic capture; installation of keylogging or screen grabbing software that may affect users other than yourself; attempting to access system logs or servers or network equipment.
- Adding scripts hosted by Inbenta in pages where credit card information or any other sensitive information is being collected. Inbenta is not PCI DSS compliant. Adding a component from a vendor that is not PCI DSS compliant in the checkout page makes the entire payment process not PCI DSS compliant. The alternative is to host that script in the clients’ datacenter, and secure the script using Subresource Integrity.
III. Enforcement of this Policy
We reserve the right to investigate any failure to fulfill with this Policy or misuse of our Services by our clients and their partners.
We may report any activity that we suspect violates any law or regulation to appropriate law enforcement agencies. Our reporting may include disclosing appropriate customer information if we are required by the law enforcement agencies.
Last update: June 3rd, 2020