<img src="http://www.glb21pkgr.com/68514.png" style="display:none;">

Terms Of Use

What Are The Terms of Use?

The Terms of Use is an Agreement between you or the ENTITY that you represent (hereinafter “You” or “Your”) and KAYBUS, INC. (hereinafter “KAYBUS” or “We”, “Us” or “Our”) governing Your use of one or more of Our Hosted Services purchased by the entity that You represent (herein after referred to as the “Customer” pursuant to (and as defined in) the agreement entered into between KAYBUS and Customer (the “Customer Agreement” or “Agreement”). These Terms include the provisions set forth in this document and in the KAYBUS Privacy Policy, KAYBUS Security Policy, Customer Agreement, and other terms or conditions that may be presented by Us and accepted by You from time to time in connection with specific Hosted Services offerings (all of which we collectively refer to as the “Terms of Use” or “Terms”). If You do not agree to these Terms, You do not have the right to access or use our Hosted Services.

By using the Hosted Services, you acknowledge, accept and agree with all provisions of the Privacy Policy, including, without limitation, the use and treatment of Your Account Information and Your Content in accordance with such Privacy Policy. You and Customer understand that Customer has granted You rights to access and use (subject to the limitations included herein and as elsewhere included in the Agreement) the KAYBUS Hosted Services pursuant to the Agreement and such Customer’s paid Subscription Fees thereunder (as applicable).

Parts of this Agreement

This Agreement consists of the following terms and conditions (hereinafter the “Terms of Use”). In the event of a conflict between these Terms of Use and the terms and conditions included in the Customer Agreement, the terms and conditions included in the Agreement shall prevail.

Acceptance of the Terms of Use

If you do not agree to the Terms of Use, do not use any of our Hosted Services. You can accept the Terms of Use by checking a checkbox or clicking on a button indicating your acceptance of the Terms of Use or by actually using the Hosted Services.

Is This the Only Contract I Have with KAYBUS?

It depends upon how you interact with the KAYBUS Hosted Services. If you purchase or license related KAYBUS Services (such as KAYBUS Professional Services), you may also need to enter into a separate agreement with us.

Will These Terms of Use Ever Change?

Changes in these Terms are almost certain to happen, due to changes in our Hosted Services and the laws that apply to Us and You. If we make a change, we’ll do our best to provide you with advance notice, although in some situations, such as where a change is required to satisfy applicable legal requirements, an update to these Terms may need to be effective immediately. We’ll announce changes here at our site, and we also may elect to notify You of changes by sending an email to the address You have provided to us. We will also try to explain the reasons for the change.

If we do update these Terms and it is determined that the changes made substantially affects your rights in connection with use of the Hosted Services, you may choose not to accept the updated Terms and stop using the Hosted Services. You shall have fifteen (15) days from the date you receive notification to terminate Your use of the Hosted Services. Your continued use of the Hosted Services after such fifteen (15) day notice period of any change to the Terms of Use will be deemed to be Your agreement to the amended Terms of Use.

Except for changes made by us as described here, no other amendment or modification of these Terms shall be effective unless set forth in a written agreement expressly amending these Terms and bearing a written signature by You and Us. For clarity, email or other communications will not constitute an effective written agreement for this purpose.

What Do I Have To Do To Use the KAYBUS Hosted Services?

You need to sign up for a user account by providing all required information in order to access or use the Hosted Services. If You represent an organization and wish to use the Hosted Services for corporate internal use, We recommend that You, and all other users from Your organization, sign up for user accounts by providing Your corporate contact information. In particular, we recommend that You use Your corporate email address. You agree to: a) provide true, accurate, current and complete information about yourself as prompted by the sign up process; and b) maintain and promptly update the information provided during sign up to keep it true, accurate, current, and complete. If You provide any information that is untrue, inaccurate, outdated, or incomplete, or if KAYBUS has reasonable grounds to suspect that such information is untrue, inaccurate, outdated, or incomplete, KAYBUS may terminate Your user account and refuse current or future use of any or all of the Hosted Services.

Personal Information; Privacy Policy; Security Policy

Personal information you provide to KAYBUS through the Hosted Services is governed by the KAYBUS Privacy Policy (Privacy Policy) and KAYBUS Security Policy (Security Policy) which are available online. Your election to use the Hosted Services indicates Your acceptance of the Terms of Use attached hereto as well as the Privacy Policy and Security Policy. You are responsible for maintaining confidentiality of Your username, password and other sensitive information. You are responsible for all activities that occur in Your user account and You agree to inform us immediately of any unauthorized use of Your user account by email to support@kaybus.com. We are not responsible for any loss or damage to You or to any third party incurred as a result of any unauthorized access and/or use of Your user account, or otherwise.

Communications from KAYBUS

The Hosted Services may include certain communications presented through the Hosted Services or via email from KAYBUS, such as service announcements, administrative messages, commercial email and or similar offers. You understand that these communications shall be considered part of using the Hosted Services.

Restrictions on Use

In addition to all other Terms of Use and conditions of this Agreement, you shall not: (i) transfer or otherwise make available to any third party the Hosted Services; (ii) provide any service based on the Hosted Services without prior written permission; (iii) use the third party links to sites without agreeing to their website Terms of Use & Conditions; (iv) post links to third party sites or use their logo, company name, etc. without their prior written permission; (v) use any high volume automated means (including but not limited to robots, spiders and scripts) to access the Hosted Services; (vi) attempt to hack, destabilize or adapt the Hosted Services or its source code; or (vii) use the Hosted Services for spamming and other illegal and or unauthorized purposes. Any use of the Hosted Services in violation of any of the foregoing shall constitute a violation of these Terms of Use and may result in, among other things, immediate termination and or suspension of Your rights to access and use the Hosted Services.

Spamming and Illegal Activities

You agree to be solely responsible for the contents of your transmissions through the Hosted Services. You agree not to use the Hosted Services for illegal purposes or for the transmission of material that is unlawful, defamatory, harassing, libelous, invasive of another's privacy, abusive, threatening, harmful, vulgar, pornographic, obscene, or is otherwise objectionable, offends religious sentiments, promotes racism, contains worms, viruses, or any code of a destructive nature to KAYBUS or its users, or that which infringes or may infringe intellectual property or other rights of another. You agree not to use the Hosted Services for the transmission of "junk mail", "spam", "chain letters", “phishing” or unsolicited mass distribution of email. We reserve the right to terminate your access to the Hosted Services if there are reasonable grounds to believe that you have used the Hosted Services for any illegal or unauthorized activity.

Data Ownership

We respect Your right to ownership of content created or stored by you. You own the content created or stored by you. Unless specifically permitted by You, Your use of the Hosted Services does not grant KAYBUS the license to use, reproduce, adapt, modify, publish or distribute the content created by You or stored in Your user account for KAYBUS’s commercial, marketing or any similar purpose. But You grant KAYBUS permission to access, copy, distribute, store, transmit, reformat, publicly display and publicly perform the content of Your user account solely as required for the purpose of providing the Hosted Services to You.

Are There Rules About What I Can Do On The KAYBUS Hosted Services?

Yes. Your use of the Hosted Services must be in accordance with these Terms. When it comes to Your use of the Hosted Services, You agree that You are responsible for Your own conduct and all conduct under your account. This means all Content – such as text, images, software, videos and anything else You can think of, no matter what the form or technical structure (collectively, “Content”) – created, transmitted, stored or displayed in Your account, is Your sole responsibility as the person who created the Content or introduced it into the Hosted Services. This applies whether the Content is kept private, shared or transmitted using the Hosted Services or any third party application or services integrated with the KAYBUS Hosted Services. If we find that any shared Content in your account violates our Terms of Use (including by violating another person’s intellectual property rights), we reserve the right to unshare or take down such content.

Will KAYBUS Look At My Content?

Your privacy of your Content is a paramount concern for Us, and we hope that we never need to examine anyone’s Content. However, there are limited circumstances in which We may have the need to review part or all of Your Content, as discussed in our Privacy Policy.

User-Generated Content

You may transmit or publish content created by You using any of the Hosted Services or otherwise. However, You shall be solely responsible for such content and the consequences of its transmission or publication. Any content made public will be publicly accessible through the internet and may be crawled and indexed by search engines. You are responsible for ensuring that You do not accidentally make any private content publicly available. Any content that you may receive from other users of the Hosted Services, is provided to You AS IS for Your information and personal use only and you agree not to use, copy, reproduce, distribute, transmit, broadcast, display, sell, license or otherwise exploit such content for any purpose, without the express written consent of the person who owns the rights to such content. In the course of using any of the Hosted Services, if You come across any content with copyright notice(s) or any copy protection feature(s), You agree not to remove such copyright notice(s) or disable such copy protection feature(s) as the case may be. By making any copyrighted/copyrightable content available on any of the Hosted Services You affirm that You have the consent, authorization or permission, as the case may be from every person who may claim any rights in such content to make such content available in such manner. Further, by making any content available in the manner aforementioned, You expressly agree that KAYBUS will have the right to block access to or remove such content made available by You, if KAYBUS receives complaints concerning any illegality or infringement of third party rights in such content. By using any of the Hosted Services and transmitting or publishing any content using such Hosted Services, You expressly consent to determination of questions of illegality or infringement of third party rights in such content by the agent designated by KAYBUS for this purpose.

How Does KAYBUS Respond To Copyright Or Other Intellectual Property Violations?

We respond to clear and complete notices of alleged infringement of copyright, trademark or other intellectual property laws that satisfy the requirements in these Terms (which we believe to comply with the United States Digital Millennium Copyright Act [www.copyright.gov] and other applicable laws). If You believe that Your intellectual property rights have been violated, please notify Us and We will investigate. Note that each owner of intellectual property is responsible for protecting their rights and taking any legal or other action they determine to be appropriate to do so, and KAYBUS does not accept any obligation to take any particular action to enforce or protect any party’s intellectual property rights.

Where Does My Data Go?

The KAYBUS Hosted Services are available worldwide, but our data processing operations currently take place in the United States. If You use the Hosted Services, You acknowledge that You may be sending electronic communications (including your personal account information and Content), through computer networks owned by KAYBUS and third parties located in California and other locations in the United States and other countries. As a result, Your use of the Service will likely result in interstate and possibly international data transmissions, and Your use of the Hosted Services shall constitute Your consent to permit such transmissions.

If I Have A Great Idea To Share With KAYBUS, What Are My Rights?

When You submit any ideas, suggestions, documents and/or proposals relating to the Hosted Services (or other products or services) to KAYBUS through the “Contact Us,” User Forum or Support interfaces or through any other mechanism (collectively, “Contributions”), You acknowledge and agree that: (i) Your Contributions do not contain confidential or proprietary information; (ii) KAYBUS is not under any obligation of confidentiality, express or implied, with respect to the Contributions; (iii) KAYBUS shall be entitled to use or disclose (or choose not to use or disclose) such Contributions for any purpose, in any way; (iv) KAYBUS may have something similar to the Contributions already under consideration or in development; (v) Your Contributions automatically become the property of KAYBUS without any obligation of KAYBUS to You; and (vi) You are not entitled to any accounting, compensation or reimbursement of any kind from KAYBUS under any circumstances.

What Else Do I Need To Know?

Third-Party Links, Content and Programming

We may include or recommend third party resources, materials and developers and/or links to third party websites, content and applications as part of, or in connection with, the Hosted Services. We may have little or no control over such sites or developers and, accordingly, You acknowledge and agree that (i) We are not responsible for the availability of such external sites, content or applications; (ii) We are not responsible or liable for any content or other materials or performance available from such sites or applications and (iii) We shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, materials or applications.

Trademark

KAYBUS, the KAYBUS logo, the names of individual Hosted Services and their logos are trademarks of KAYBUS, Inc. You agree not to display or use, in any manner, the KAYBUS trademarks, without the prior written permission of KAYBUS.

Disclaimer of Warranties

YOU EXPRESSLY UNDERSTAND AND AGREE THAT THE USE OF THE HOSTED SERVICES IS AT YOUR SOLE RISK. THE HOSTED SERVICES ARE PROVIDED ON AN AS-IS-AND-AS-AVAILABLE BASIS. KAYBUS EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. KAYBUS MAKES NO WARRANTY THAT THE HOSTED SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE, OR VIRUS FREE. USE OF ANY MATERIAL DOWNLOADED OR OBTAINED THROUGH THE USE OF THE HOSTED SERVICES SHALL BE AT YOUR OWN DISCRETION AND RISK AND YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM, MOBILE TELEPHONE, WIRELESS DEVICE OR DATA THAT RESULTS FROM THE USE OF THE HOSTED SERVICES OR THE DOWNLOAD OF ANY SUCH MATERIAL. NO ADVICE OR INFORMATION, WHETHER WRITTEN OR ORAL, OBTAINED BY YOU FROM KAYBUS, ITS EMPLOYEES OR REPRESENTATIVES SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THE TERMS OF USE.

Limitation of Liability

YOU AGREE THAT KAYBUS SHALL, IN NO EVENT, BE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL, INDIRECT, SPECIAL, PUNITIVE, OR OTHER LOSS OR DAMAGE WHATSOEVER OR FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, COMPUTER FAILURE, LOSS OF BUSINESS INFORMATION, OR OTHER LOSS ARISING OUT OF OR CAUSED BY YOUR USE OF OR INABILITY TO USE THE HOSTED SERVICES, EVEN IF KAYBUS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. YOUR SOLE AND EXCLUSIVE REMEDY FOR ANY DISPUTE WITH KAYBUS RELATED TO ANY OF THE HOSTED SERVICES SHALL BE TERMINATION OF SUCH HOSTED SERVICES. IN NO EVENT SHALL KAYBUS’S ENTIRE LIABILITY TO YOU IN RESPECT OF ANY HOSTED SERVICES, WHETHER DIRECT OR INDIRECT, EXCEED THE FEES PAID BY YOU TOWARDS SUCH HOSTED SERVICES.

Indemnification

You agree to indemnify and hold harmless KAYBUS, its officers, directors, employees, suppliers, and affiliates, from and against any losses, damages, fines and expenses (including attorney's fees and costs) arising out of or relating to any claims that You have used the Hosted Services in violation of another party's rights, in violation of any law, in violations of any provisions of the Terms of Use, or any other claim related to Your use of the Hosted Services, except where such use is in accordance with these Terms of Use or is otherwise authorized in writing by KAYBUS.

Arbitration

Any controversy or claim arising out of or relating to the Terms of Use shall be settled by binding arbitration in accordance with the commercial arbitration rules of the American Arbitration Association. Any such controversy or claim shall be arbitrated on an individual basis, and shall not be consolidated in any arbitration with any claim or controversy of any other party. The decision of the arbitrator shall be final and un-appealable. The arbitration shall be conducted in Northern California and judgment on the arbitration award may be entered into any court having jurisdiction thereof. Notwithstanding anything to the contrary, KAYBUS may at any time seek injunctions or other forms of equitable relief from any court of competent jurisdiction.

Suspension and Termination

We may suspend Your user account or temporarily disable access to whole or part of any Hosted Services in the event that (i) the Customer does not pay subscription fees when due (ii) there is any suspected illegal activity taking place (iii) extended periods of inactivity (iv) upon requests by law enforcement or other government agencies or (v) as otherwise provided for in these Terms of Use. In addition, We reserve the right to terminate Your user account and deny the Hosted Services upon reasonable belief that You have violated any of the Terms of Use. Termination of user account will include denial of access to all Hosted Services, deletion of information in Your user account such as Your e-mail address and password and deletion of all data in Your user account.

END OF TERMS OF USE

If you have any questions or concerns regarding this agreement, please contact us at support@kaybus.com.

Privacy Policy

At Kaybus Inc. (“KAYBUS”), we respect your need for online privacy and are committed to protect any personal information that you may share with us, in an appropriate manner. Our practice as it regards to the use of your personal information is as set forth below in this Privacy Policy Statement. As a condition to your use of KAYBUS Services, you consent to the terms of this Privacy Policy Statement, as it may be updated from time to time.

In an event of a material change, we shall notify you via email or by publishing such change through KAYBUS Services or by other reasonable and prominent means on our website. The KAYBUS Privacy Policy discloses our information gathering and dissemination practices with respects to all of KAYBUS Services. This policy addresses only our activities with respect to information that we can access and control because it resides on our servers and this Privacy Policy is hereby incorporated in, and subject to, the Terms of Use

Information Gathering

Your privacy is critically important to us. At KAYBUS we have a few fundamental principles:

We don’t ask you for personal information unless we truly need it
  • We don’t share your personal information with anyone except to comply with the law, develop our products, or protect our rights or your rights
  • We don’t store personal information on our servers unless required for the on-going operation of one or more of our KAYBUS Services
  • In our knowledge products, we aim to make it as simple as possible for you to control. We collect browsing records inside KAYBUS Services to enhance our search and knowledge engines, all of which are kept private to the Subscriber and permanently deleted once the your subscription/ account is terminated and or closed
  • We may in the course of providing KAYBUS Services collect and store statistics and other information about the online activities of our users, including those of the Subscriber and the Subscriber’s End Users
  • We also collect potentially personally-identifying information like Internet Protocol (IP) addresses for logged in users and for users leaving comments on KayP’s. This information is used for Analytics purposes only

In order to take full advantage of KAYBUS Services, Subscriber and Subscriber’s End Users must register with KAYBUS as a registered End User of the Subscriber. We take precautionary measures to ensure not to obtain and or take any personal information from minors.

Protection of Certain Personally Identifying Information

KAYBUS discloses potentially personally identifying and personally identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on KAYBUS’s behalf or to provide the KAYBUS Services, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country, by using KAYBUS Services, you consent to the transfer of such information to them. KAYBUS will not rent or sell potentially personally identifying and personally identifying information to anyone. Other than to its employees, contractors and affiliated organizations, as described above or elsewhere in your Customer Agreement, KAYBUS discloses potentially personally identifying and personally identifying information only in response to a subpoena, court order, or when KAYBUS believes in good faith that disclosure is reasonably necessary to protect the property or rights of KAYBUS, Subscriber, third parties or the public at large. If you are a registered user of KAYBUS Services and have supplied your email address, KAYBUS may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with KAYBUS and our products. We primarily use our various product blogs to communicate this type of information, so we expect to keep this type of email to a minimum. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. KAYBUS takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally identifying and or personally identifying information.

You can choose not to receive future e-mails from KAYBUS at any time, by contacting KAYBUS customer service or opting out of the email subscription. However, to the extent that corrected or deleted information is also stored in other databases, we cannot always ensure that such corrections or deletions will immediately reach the other databases. Please note that we may occasionally contact you for administrative purposes even if you unsubscribe from our distribution lists with regards to other forms of communications and you agree to such required administrative communications. KAYBUS uses your personal information primarily to provide you with a customized experience on KAYBUS Services.

Cookies

Cookies are small files that are stored by your Web browser to help a particular system recognize you and the pages you visited on a particular Web site. The Web Site uses "cookies" to make your online experience more convenient. For example, we use a cookie to store your login information between sessions and to maintain information about the quotes that you've requested during your session. This cookie is set when you register or "Log In" and is modified when you "Log Out" of KAYBUS Services. You also have choices with respect to our use of cookies. By modifying your browser preferences, you have the choice to accept all cookies, to be notified when a cookie is set, or to reject all cookies. We may use your IP address to help diagnose problems with our server, and to administer KAYBUS Services pursuant to this MSA. Your IP address is used to help identify you.

Security

While no security system is 100% guaranteed, KAYBUS utilizes several state-of-the-art tools to protect your information. Strict security measures are employed whenever your personal information is collected and transmitted.

Your KAYBUS account information and KAYBUS profiles are password protected so that only you have access to your personal information. It is your responsibility not to divulge your password to anyone. Also remember to sign out of your KAYBUS account and close your browser window when you have finished your work, especially if you share a computer with someone else or are using a computer in a public place such as a library or Internet cafe to help prevent others from accessing your personal information and correspondence. KAYBUS shall have no liability, financially or otherwise, in the event that your password and or user identification information are obtained from a third party and or used on KAYBUS Services without your consent.

In addition to password protection, KAYBUS employs cutting edge encryption standards (such as secure sockets layer (SSL)) to ensure that particularly sensitive data, such as registration and profile information and all related product management transactions, exchanged between your computer and our servers is secure. In these highly secure areas of the sight, both our servers and your computer encrypt the data before it is transferred across the Internet. We take these measures to safeguard the confidentiality of your personally identifiable information.

Keep in mind that whenever you voluntarily disclose personal information online (for example on message boards, discussion groups, through e-mail, or in chat areas) that information can be collected and used by others. In short, if you post personal information online that is accessible to the public, you may receive unsolicited messages from other parties in return. Ultimately, you are solely responsible for maintaining the secrecy of your passwords and/or any account information.

Modifications

KAYBUS reserves the right to modify or supplement this Privacy Policy Statement at any time. As noted in the forefront of this document, If we make any material modification hereof, we will update this page with a notice of such changes and how they would affect the security and disclosure of your personal information.

An "As Is" Web Site

Use of KAYBUS Services is provided on an "as is” basis. KAYBUS, its partners, and affiliates cannot be held liable for any direct, indirect, punitive, incidental, special, or consequential damage or other injury arising out of or in any way connected with the use of KAYBUS Services by Subscriber and or Subscriber’s End Users.

REMAINDER OF THE PAGE INTENTIONALLY LEFT BLANK

Security Policy

Kaybus Inc. (“KAYBUS”) offers its customers the right to access and use one or more of its hosted software services on a paid subscription basis (“KAYBUS Services” or “Services”). KAYBUS recognizes that many of our customers are subject to at least some privacy-related laws that govern the handling of personal information. We seek to support our customers' compliance with such laws by providing a comprehensive privacy and security program that includes certifications, policies, practices, people, and technology. KAYBUS takes security for customers and data protection very seriously. As a condition to your use of KAYBUS Services, you consent to the terms of this Security Policy, as it may be updated from time to time. In an event of a material change, we shall notify you via email or by publishing such change through KAYABUS Services or by other reasonable and prominent means on our website. The KAYBUS Security Policy addresses only our activities with respect to information that we can access and control because it resides on our servers and is incorporated in, and subject to, the Terms of Use as well as the Customer Agreement entered into between the Cusomter and KAYBUS.

Certifications

KAYBUS has comprehensive privacy and security assessments and certifications performed by multiple third parties as follows:

  • Global Audit Compliance
    •  ISO 27001
    •  SSAE 16/ISAE 3402 SOC-1
    •  SysTrust (SOC-3)
    •  FISMA
    •  PCI-DSS
    •  TUV Certificate

Policies

KAYBUS has privacy and security-conscious policies that apply to all of our information handling practices.

  • Contractual Privacy Protection for Customers

    KAYBUS’ contractual privacy protection agreements include confidentiality provisions that prohibit us from disclosing customer confidential information, including customer data, except under certain narrowly defined circumstances, including but not limited to, as and when required by law. KAYBUS agrees not to access customer's accounts, including customer data, except to maintain its Service obligations, prevent or respond to technical or service problems or at a customer's request in connection with a customer support issue.

  • Code of Conduct, Confidentiality Agreements, and Information Security Policies

    Every KAYBUS employee and contractor must follow KAYBUS’ code of conduct, sign confidentiality agreements, and follow KAYBUS’ information security policies.

  • Privacy Policy

    For information collected on KAYBUS Services, KAYBUS provides assurances around the types of information collected, how that information may be used, and how that information may be shared – please refer to the KAYBUS Privacy Policy for further details. In addition, KAYBUS Services also offers individuals the opportunity to update or change the information they provide.

Practices

KAYBUS’ comprehensive privacy and security program includes, among other things, communicating with personnel and customers about current issues and best practices.

    • Internal Training and Communications for KAYBUS Services Personnel
    •  KAYBUS regularly communicates and trains Service personnel about our obligation to safeguard confidential information, including customer data and personal information.
    •  KAYBUS provides training around confidentiality, privacy, and information security for all new employees during new hire orientation.
    •  All KAYBUS Services personnel are required to complete an annual privacy and security training and are tested on the materials presented.
    •  KAYBUS communicates with all personnel about privacy and information security awareness through emails and newsletters.
  • Customer Transparency

    KAYBUS strongly encourages all of our customers and users to adopt industry-standard solutions to secure and protect their authentication credentials, networks, servers, and computers from security attacks.

    •  We communicate with our customers about current issues and trends.
    •  We email end users about specific security issues when warranted.
    •  We publish a Security Implementation Guide for customers to learn more about how to implement customer-controlled security settings.

People

KAYBUS has multiple organizations, teams, and individuals responsible for security and security-related matters. The Systems Operations team is responsible for KAYBUS' security program and personnel, including information, product, and corporate security, enterprise risk management, and technology audit & compliance. The Privacy Counsel is responsible for KAYBUS' privacy program, including compliance with applicable privacy and data-protection laws. Additionally, all KAYBUS Services personnel are required to follow confidentiality, privacy, and information security policies.

Physical Security

KAYBUS uses Amazon Web Services (“AWS”) as its infrastructure provider and relies on the physical data center security and related AWS security best practices https://aws.amazon.com/security/ provided by AWS for all its customers.

All KAYBUS offices also adhere to physical security best practices that include, but are not limited to, security card access and separate restricted areas for Systems administrators and Operations personnel. Remote network access to AWS console is further restricted to a very small subset of Operations personnel, and all access is password protected and all activities are logged.

Production environment access is very limited and is only for select DevOps engineers. To be in the Kaybus DevOps team each employee must have signed special NDAs and have had background checks. We log each and every access attempt, and on the OS level we log every keystroke typed by the engineer.

In the special scenarios where customers provide customer data on physical removable media or hard drives for KAYBUS to perform bulk loading operations, all necessary security measures are in place for handling the entire chain of custody for such media from the point of receipt to inventory reports to the customer to secure handling of the media for the short duration while it is kept in the restricted area where Operations personnel prepare the data for bulk ingestion into KAYBUS. The customer media is promptly returned to the customer after loading the data into the secure KAYBUS service. While the customer media is on KAYBUS premises, it is always stored in a secure safe in a restricted part of the office.

The machines which run the bulk upload operations are under secure DevOps environment with no access except DevOps and bulk-upload operators. These machines run Kaspersky antivirus and spyware detector. These machines are not accessible from outside i.e only accessible if the operator is sitting in front of the machine.

All prestine data is backed up on the NAS (RAID 5) for redundency and data loss protection.

Technology

KAYBUS maintains a comprehensive array of technical measures to protect the KAYBUS Services and offers a robust set of customer-controlled settings to further heighten privacy and security protection.

  • Infrastructure

    KAYBUS uses Amazon Web Services (“AWS”) as its infrastructure provider. KAYBUS uses AWS security best practices https://aws.amazon.com/security/ to secure the KAYBUS Services infrastructure. Only System administrators have access to the AWS console. AWS is a worldclass cloud infrastructure solution and has been used by many large enterprises such as NetFlix etc. AWS has a state of art secure and reliable production infrastructure which has passed many compliance and assurance programs. More details regarding AWS compliance and the like can be found on http://aws.amazon.com/compliance/

    Kaybus uses AWS Identity and Access Management (IAM) to securely control access to AWS services and resources. Users required to access AWS, a very small subset of the overall DevOps team, are managed through IAM and allowed or denied permissions on real-time basis.

  • Default Privacy and Security Features

    Application features that protect customer data include:

      •  Connection to KAYBUS Services is via secure socket layer/transport layer security (SSL/TLS), ensuring that our customers have a secure connection to their data. Individual user sessions are uniquely identified and re-verified with each transaction.
      •  Customer’s passwords are encrypted and not accessible by KAYBUS personnel.
      •  Application log and activity event log record the creator, last updater, timestamps, and originating IP address for every record and transaction completed.
  • Logical separation of customer data
      •  Hardware and software configurations are designed to provide secure logical separations of customer data that permit each customer to view only their related information.
      •  Multi-tenant security controls include unique, secure session tokens, configurable session timeout values, password policies, sharing rules, and user profiles.
  • User Authentication

All Kaybus users are required to authenticate themselves using a combination of username and password. Passwords are stored as digests that are generated using one-way cryptographic algorithms.

  • User Authorization

Authorization is the process that is used for determining what accesses or privileges are allowed for users. Authorizations are enforced by means of roles and access controls

Kaybus’s User Authorization secures access to business data and functions, ensuring that only preauthorized users gain access to it. User roles are set by Administrators designated by Customers. An initial set of authorized users (Administrators) are created by Kaybus; Administrators can create new users and modify/add their permissions.

  • User Permissions

To enable users to do their job effectively without exposing data that they do not need to see, Kaybus provides flexible settings that allow you to expose different knowledge to different sets of users.

  • User Roles

Viewer – These users can access, search, comment, rate or filter any knowledge that is explicitly made accessible to them as an individual or to a group that they are a part of. They can also view recommended knowledge based on their context and permissions.

Publisher – In addition to above, these users can upload, publish, update and curate knowledge. They can also view Analytics about the usage and consumption of knowledge in their organization. Administrator – In addition to above, these users can create, modify and delete users. They have access to entire knowledge available on Kaybus Service for that Customer.

  • Granting User Access

Administrators can assign roles to user at the time of creating the users. Only users created by Administrators can access Kaybus system. Publishers can further assign access at the knowledge level by targeting the knowledge to specific individuals or groups.

  • Modifying User Access

Administrators can modify roles to user at any time. Publishers can modify access at the knowledge level by changing access to specific individuals or groups.

Users can request for access password to be reset by providing a valid email address. A password reset email will be sent to the email address that is configured by the Administrator for the user.

  • User Access Removal

Administrators can remove users from the Kaybus system at any time. The access for those users will be immediately revoked. If any employee leaves the organization, it is the responsibility of the Administrator to delete the user account from Kaybus Service.

  • Network security measures
    • Network Security Architecture

Security Architecture

  • Firewalls and Security Groups
      •  Multiple layers of external firewalls and firewalled security groups. Please refer to AWS security link above for more details.
  • Intrusion Detection and External Vulnerability Scans
      •  Intrusion-detection sensors, on AWS level
      •  Security event management system
      •  Continuous external vulnerability scanning, AWS level
  • Network Isolation
      •  Production environment completely isolated
  • Anti-virus Scans
      •  Kaybus uses Kaspersky antivirus to scan the machines, which are used for ingestion.
      •  Production infrastructure is exclusively Ubuntu Linux.
      •  DevOps team exclusively uses Ubuntu Linux or Mac OS for any authorized production access.
  • Data On-The-Wire Security
      •  Data transfer over the wire is via https
  • Data Segregation
      •  Data segregation is supported i.e each tenant has their own database hence data mingling is not possible
  • Account Provisioning Security
      •  Account provisioning on server under tenant control
      •  Tenant will be given an admin account on the instance and can setup their own users
      •  Will be able to view all access to the system since all activities are tracked
      •  Role based access within the product
  • Restricted Data Access
      •  There are 2 types of access levels for Data: Application access means only customer users will have access to the data. Secondly Kaybus System Administrators (with approval from Head of DevOps) will help only if the formal request is made. Kaybus uses key based access to the data.
      •  Restricted Access - Only Kaybus DevOps team members who have signed special NDAs and have had background checks have access to the system.
  • Redundancy and Scalability

    KAYBUS Services is highly scalable and redundant, allowing for fluctuation in demand and expansion of users while greatly reducing the threat of long-term outages. Use of auto scaling groups from AWS with automatic deploy allows KAYBUS to quickly recover from outages. Loadbalanced networks, pools of application servers, and clustered databases are features of our design.

  • DataBase Security
      •  Database servers are deployed under a separate security group. Only the authorized applications have access to the DataBase servers from a small set of IP addresses. All ports are closed and there is no unauthorized access allowed. The database is secured using username and password for access. Each tenant has separate database on a MongoDB Replica Set Cluster for separation of data. DataBase backups are on EBS secured volumes. Access to production data is not allowed to anyone.
      •  Disaster Recovery
        All customer data is stored in secure data centers and is replicated over secure links to a disaster recovery data center. This design provides the ability to rapidly restore KAYBUS Services in the case of a catastrophic loss.
      •  Backups
        In addition to our disaster-recovery capabilities, customer data is also backed up in a separate data center.
  • Customer-Controlled Privacy and Security Settings
      •  Customers may determine which of their respective designees can access different categories of data.
      •  Customers may set customizable password rules.
      •  Customers may define log-off times for inactivity.

Continuity Plan and Disaster Recovery

KAYBUS provides comprehensive data replication and backups of customer data across geographically separated data centers. The replication and backups are performed over secure links between the primary and disaster recovery data centers. KAYBUS maintains restore and recovery procedures to rapidly restore KAYBUS service along with customer data in an alternate data center upon any partial or total loss of service from primary data center or even in the event of total loss of primary data center. KAYBUS leverages Amazon Web Services capabilities and augments it with its own disaster recovery and backup capabilities. KAYBUS also maintains Operations staff in multiple locations in order to provide business continuity.

Disposal/destruction of physical media (hardware and removable media)

KAYBUS prefers to return customer media to customer, but in the event that customer does not wish to receive the media back and wishes KAYBUS to perform the physical destruction and disposal of the customer physical media, KAYBUS will perform a secure deletion that is forensically sound and DoDapproved and subsequently destroy the physical media and provide the customer a certificate of destruction.

REMAINDER OF THE PAGE INTENTIONALLY LEFT BLANK

Standard Support And Service Level Obligations

KAYBUS Service Severity Definitions

Severity Level 1 (urgent): A problem with the KAYBUS Service that severely impacts or halts business operations of Subscriber in a production environment, and no procedural workaround exists, such as service unavailable, loss of production data or a critical function not available. Severity 1 issues require the Subscriber to have dedicated resources available to work on the issue on an ongoing basis with KAYBUS.

Severity Level 2 (high): A problem where the KAYBUS Service is functioning but major functionality is impacted in a production environment or its performance is significantly degraded to the point of major impact on usage. The situation is causing a high impact to Subscriber’s business operations and no procedural workaround exists.

Severity Level 3 (medium): A problem that involves partial, non-critical loss of use of the KAYBUS Service in a production environment. There is a medium-to-low impact on Subscriber’s business, but the business continues to function, including by using a procedural workaround.

Severity Level 4 (low): The issue may be a routine technical issue, general usage question, reporting of a documentation error, or recommendation for a future product enhancement or modification. The functionality of the KAYBUS Service is not significantly affected by the problem, there is low-to-no impact on the Subscriber’s business operations, including by using a procedural workaround.

Support Response Targets

KAYBUS is committed to rapid response of all support requests. Severity Level Response times do not vary based on the method of submitting the support request. KAYBUS does not guarantee resolution times, and a resolution may consist of a fix, workaround, service availability or other solution that KAYBUS deems reasonable. KAYBUS will use reasonable efforts to meet the target response times stated in the table below.

Severity Level Acknowledgement Problem Determination Target Resolution
1 6 Business Hours 24 Hours 48 Business Hours
2 12 Business Hours 3 Business Days 8 Business Days
3 24 Business Hours 7 Business Days 14 Business Days
4 3 Business Days 14 Business Days As Applicable

Upgrade/Downgrade of Severity Level

If, during the Support Request process, the issue either warrants assignment of a higher severity level than currently assigned or no longer warrants the severity level currently assigned based on its current impact on the production operation of KAYBUS Services, then the severity level will be upgraded or downgraded accordingly to the severity level that most appropriately reflects its current impact.

Service Level Commitments

"Downtime" shall mean inability to access KAYBUS Services due to a Qualifying Fault. Downtime is measured based on availability of the individual KAYBUS Services as measured by KAYBUS’s application monitoring tool.

“Qualifying Fault” shall mean and include server side errors and reachability errors attributable to KAYBUS Services.

“Downtime Period" shall mean ten or more consecutive minutes of Downtime. Intermittent Downtime for a period of less than ten minutes will not be counted towards any Downtime Periods.

“Monthly Uptime” shall mean total number of minutes in a calendar month minus the number of minutes of Downtime suffered from all Downtime Periods in a calendar month.

"Monthly Uptime Percentage" shall mean the percentage calculated by dividing Monthly Uptime by the total number of minutes in a calendar month.

"Scheduled Downtime" shall mean unavailability of KAYBUS Services about which Subscriber is informed at least two weeks in advance. A Schedule Downtime will not constitute a Qualifying Fault.

Planning of Scheduled Downtime.

KAYBUS will ensure that Scheduled Downtime is planned to occur on the weekend for a period of two (2) hours.

Monthly Uptime Commitment.

KAYBUS Services will have a Monthly Uptime Percentage of 99.9%.

SLA Exclusions.

The SLA does not apply to any performance and availability issues: (i) caused by factors outside of KAYBUS’s reasonable control; (ii) that resulted from any actions or inactions of Subscriber; or (iii) that resulted from Subscriber’s equipment and/or third party equipment that are not within KAYBUS’s reasonable control. It is hereby clarified that performance and availability issues caused by factors within KAYBUS’s control and attributable to KAYBUS or its vendors are not excluded.

 

Reviewed and Updated: June 17, 2016

REMINDER OF THE PAGE INTENTIONALLY LEFT BLANK