Implementing TOTP Authentication Into Your Infrastructure
We have previously covered how to add Time-based One-time Password Algorithm (TOTP) on your mobile device. Now we can implement SSH access with TOTP. It is more secure to... Read More >>
The following abbreviations used in this document are defined as follows:
• “MSA” refers to the Master Service Agreement seen in Section 2
• “SLA” means the Service Level Agreement (also know as the Company Guarantee) seen in Section 3
• “AUP” refers to this Acceptable Use Policy seen in Section 1
• Other Definitions. All other capitalized terms are defined in the terms of the Master Service Policy
Purpose. The purpose of this AUP is (a) to protect Network resources from abuse or improper use, (b) to provide trouble-free Network resources for Users, (c) to protect ServerStack, ServerStack’s Users, the Network, the Users of the Network, and third parties, from unlawful or improper practices, (d) to make clear what activities on the Network are required, permitted, and prohibited, (e) to protect the technical reliability, goodwill, good name, lawful status, and reputation for honest dealing of ServerStack, (f) to secure each User’s agreement to abide by the limitations on Network use, and (g) to establish ServerStack’s rights to remedy violations of this AUP. This AUP shall create no rights in Users or third parties, nor shall its provisions be construed to impose duties upon ServerStack. ServerStack shall have discretion to apply this AUP in a manner that will effectuate these purposes.
Reporting Violations. All violations or alleged violations of this AUP should be sent to email@example.com
User Responsibilities. As further provided below Users agree that they will not use the Network for purposes inconsistent with those set forth in the foregoing “Purpose” section of this AUP.
Lawful Use of the Network. In using the Network, Users will comply with, and refrain from violations of, all applicable provisions of the United States Code, the Code of Federal Regulations, and the New York Revised Statutes, including but not limited to those statutes forbidding: (a) distribution of child pornography, (b) forgery, identity theft, misdirection or interference with electronic communications, (c) invasion of privacy, (d) violations of the CANSPAM Act, (e) collection of excessive user data from children, or other improper data collection activities, (f) securities violations, wire fraud, money laundering, or terrorist activities, or (f) false advertising, propagating or profiting from frauds and unfair schemes. Users will also comply with the affirmative requirements of law governing Network use, including but not limited to: (a) disclosure requirements, including those regarding notification of security breaches, (b) records maintenance for regulated industries, and (c) financial institution safeguards.
Agreed Use of Allotted Network Resources. Users shall not use any method to circumvent the provisions of the SLA, or to obtain services in excess of those for which they contract with ServerStack. Users shall use only those IP addresses that are assigned to them by ServerStack, and shall not use any IP addresses outside of their assigned range. Users shall not use any mechanism to exceed the amount of Network resources assigned to them, or to conceal such activities.
Injurious Code. Users may not use the Network to distribute, receive communications or data gleaned from, or execute any action directed by any type of injurious code, including but not limited to: (a) trojans, (b) key loggers, (c) viruses, (d) malware, (e) botnets, (f) denial of service attacks, (g) flood or mail bombs, or (h) logic bombs.
Email Violations. In addition to being forbidden from performing any acts made illegal by the CAN-SPAM Act, Users may not send bulk email utilizing their Network resources unless they maintain a double-authorized list of subscribed members including IP addresses and relevant contact information, along with following guidelines for including removal links with all sent emails according to the CAN-SPAM act. Users are forbidden from taking any action that would result in their IP addresses, or any IP address associated with ServerStack or other Users, being placed on the Spamhaus.org blacklist.
Invasion of Privacy, Defamation, or Harassment. Users may not use Network resources in a manner that would violate the lawful privacy rights of any person, or to publish or republish defamatory statements, or to harass and embarrass.
Violation of Copyright, Trademark, Patent or Trade Secret. Users may not use Network resources in violation of the copyrights, trademarks, patents or trade secrets of third parties, nor shall they utilize the Network to publish such materials in a manner that would expose them to public view in violation of the restrictions of law. The provisions of the DMCA will apply to issues presented by allegations of copyright violations by third parties. ServerStack will, in appropriate circumstances, terminate the accounts of repeat infringers.
Other Violations. The foregoing enumeration of violative acts is not meant to be exclusive, and ServerStack provides notice hereby that it has and will exercise its authority to take whatever action is necessary to protect the Network, Users, and third parties from acts that would be inimical to the purposes of this AUP as set forth above.
Acts of Sub-Users. Users are responsible for the acts of others utilizing their Network access, and will be held responsible for violations of this AUP by their sub-users or persons who gain access to the Network using the User’s access codes. Any activity that a User is prohibited from performing by this AUP is equally prohibited to anyone using the Network-access of the User. Accordingly, Users agree to take the following actions to control the activities of those who connect to the Network by any means.
Access Code Protection. Users will utilize proper security protocols, such as setting strong passwords and access control mechanisms, safeguarding access to all logins, passwords, and verifying the trustworthiness of persons who are entrusted with account access information.
Notification Regarding the AUP. Users will notify all persons who receive Network-access of the provisions of this AUP, and will inform them that its terms are binding upon them.
Remedial Action. Users will notify ServerStack if and when they learn of any security breaches regarding the Network, and will aid in any investigation or legal action that is taken by authorities and/or ServerStack to cure the security breach.
Remedies for Violations. ServerStack may take any of the following appropriate actions to remedy violations of this AUP:
Service Suspension or Termination. ServerStack may suspend or terminate any account by a User that violates the provisions of this AUP, as ServerStack may deem appropriate to the circumstances of the violation. ServerStack will provide prior notice of the intent to suspend or terminate service if the provision of notice will not, in ServerStack’s judgment, run counter to the purposes of the AUP.
Charges for Implementing Remedy. ServerStack may pass through to a User the costs of remedying the consequences of violations of the AUP that cause ServerStack to expend tech or administrative time, to purchase hardware or software, or to otherwise incur expenses that would not have otherwise been incurred. Such costs may be appended to the regular service invoice, and all collection provisions applicable to collection of service costs shall be applicable to the collection thereof.
Investigation. ServerStack may notify law enforcement to investigate conduct that violates the provisions of this AUP regarding criminal misconduct. ServerStack may directly investigate any violations of this AUP, and shall have no liability for undertaking any such investigation in good faith.
Legal Action. ServerStack may take legal action to: (a) enjoin violations of the AUP, (b) obtain indemnity under the MSA Indemnification provisions for violations of the AUP, or (c) to recover damages, including attorneys fees and costs, resulting from AUP violations.
“Agreement” refers to this Master Service Agreement and all of the terms incorporated by reference in the Related Agreements and Policies. The Agreement is subject to amendment upon written email notice by ServerStack. Amendments shall take effect no less than thirty-one days after notice is given, except in the event that amendments are made to remedy circumstances that may expose ServerStack, Users, or third parties to the risk of substantial damage, in which case amendments will take effect on the date necessary to forestall, prevent, or mitigate said risk, said date to be established in the sole discretion of ServerStack.
“Start Date” is the date when ServerStack provides User with IPs, logins, passwords and other access information.
The following “Related Agreements and Policies” are incorporated by reference and defined as follows:
“SLA” means the Service Level Agreement seen in Section 3
“AUP” refers to the Acceptable Use Policy seen in Section 1
“Hardware” includes Internet servers, processors, memory storage, power supplies, cabling, and all other physical requirements for operating ServerStack.
“Software” includes all digitally encoded instructions, programs, or scripts, in any computer language.
“Data” is information transmitted or stored in digital form.
“Personal Data” is information that records names, addresses, birthdates, telephone numbers, email addresses, user names, passwords, social security numbers, drivers license numbers, banking access codes, credit card numbers, and all other information that can be used to gain access to the personal records, accounts, and information records regarding individuals and businesses.
“Backup” is the process and product of creating redundant copies of data as security against systems failures that may endanger the preservation of data.
“Services” are provided by ServerStack pursuant to the terms of this Agreement, and include the following:
“Hosting” is the provision of server space that permits Users to publish content on the Internet, and is provided pursuant to the terms set forth in the SLA.
“Support” includes a variety of services provided by ServerStack, as set forth in greater detail in the SLA, including Growth Management, Server Management, Proactive Monitoring, and Incremental Backups.
“Additional Services” are services specifically tailored to the needs of particular Users, billed on an hourly basis and separately invoiced. The provision of Additional Services may be conditioned upon prepayment of all or a part of the estimated expense of providing the service.
“Confidential Information” is information that is the property of ServerStack, including software, technology, ideas, formulae, know-how, documentation, procedures, algorithms and trade secrets, including technical documentation, solution methodology, user manuals, customer lists, codes, passwords, and other information that reveals or facilitates the operation and/or content of its business processes.
“Third Party Products” are hardware or software that ServerStack purchases, leases, licenses, or otherwise procures, in order to provide services to Users.
Term. The term of this Agreement shall be monthly, to commence on the Effective Date, and to continue in force unless and until timely notice of cancellation is given in writing by either party. Timely notice shall be given not less than than five (5) days before the monthly anniversary of the Effective Date.
Fees. Fees are billed by ServerStack on a monthly billing cycle commencing on the first of each month, ending on the last day of the month. The account holder authorizes ServerStack to bill their credit card or alternative payment method for the services provided.
Initial Invoice. The initial invoice will contain a pro-rated amount for the remainder of the calendar month (from Start Date to the last day of that calendar month). Users will pay the initial invoice before receiving access to ServerStack services.
Invoicing Policies. All invoices are denominated, and User must pay, in U.S. Dollars. User will be billed on or around the first of each month, with payment due no later than the 15th of the month. Recurring fees stated in the SLA are billed in advance, monthly. Therefore, the full amount on each successive invoice will consist of the sum of the current billing cycle’s recurring fees and any outstanding overage fees for the previous billing cycle. Additional overage (e.g. bandwidth) and/or any non-recurring fees will be billed monthly in arrears. Any other fees will be billed as stated in the Service Contract or explicitly agreed to by the Customer in writing.
Arrearages. Payments not made within thirty (30) days of invoicing will be deemed in arrears. For accounts in arrears, ServerStack may include interest of 1.5% per month on the amount in arrears, or the maximum allowable rate. If any amount is more than thirty days overdue, ServerStack may suspend service and bring legal action to collect the full amount due, including any attorneys fees and costs. Customers whose checks are returned for insufficient funds may be charged $40 per returned check, or the maximum amount allowed by law. Customer will be notified of any future amendments to the recurring costs associated with their Service Contract on each billing cycle’s invoice.
Suspension for Nonpayment. ServerStack may suspend some or all Services to User for failure to make timely payment. Duties of ServerStack. During the term of this Agreement, ServerStack will provide User with the services selected during checkout, and Additional Services specifically contracted for in writing. ServerStack will provide User with IP addresses, logins, passwords, and other information necessary to access the services.
User Duties. User will:
Provide and maintain accurate personal and business identifying information, including Social Security Numbers, EIN Numbers, names, addresses, telephone numbers, and email addresses.
Utilize proper security protocols, such as setting strong passwords and access control mechanisms, safeguarding access to all logins, passwords, verifying the trustworthiness of persons who are entrusted with account access information, and notifying ServerStack if and when any security breaches involving data hosted or stored at ServerStack occurs.
Make full and timely payment of fees for services as selected pursuant to the terms of the SLA.
Provide ServerStack with accurate information relevant to assessing fees.
Third Party Products. ServerStack is authorized to procure such Third Party Products as are necessary to the provision of ServerStack Services for User, and in a manner in conformity with industry custom and practice, and to invoice for the same. ServerStack does not warrant the quality, reliability, durability, or fitness for use of such Third Party Products, and shall have no liability for the failure of performance of the same.
Disclaimers and Waiver of Liability. SERVERSTACK DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, REGARDING THE SERVICES PROVIDED HEREUNDER, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NONINFRINGEMENT. NO REPRESENTATION OR OTHER AFFIRMATION OF FACT REGARDING HARDWARE, SOFTWARE, OR SERVICES, NOR THE STATEMENT OR CONDUCT OF ANY AGENT OF SERVERSTACK, SHALL BE DEEMED A WARRANTY FOR ANY PURPOSE OR GIVE RISE TO ANY LIABILITY WHATSOEVER. USER ACKNOWLEDGES THAT HE OR SHE HAS RELIED ON NO WARRANTIES OR STATEMENTS OTHER THAN AS MAY BE SET FORTH HEREIN. USER HEREBY WAIVES ANY AND ALL CLAIMS AGAINST SERVERSTACK ARISING OUT OF USER’S PURCHASE OR USE OF THE SOFTWARE, OR ANY CONDUCT OF SERVERSTACK’S OFFICERS, EMPLOYEES, OR AGENTS. SERVERSTACK SHALL NOT, UNDER ANY CIRCUMSTANCES, BE LIABLE TO USER OR ANY THIRD PARTY IN ANY AMOUNT, OR FOR ANY INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL OR CONSEQUENTIAL DAMAGES, UNDER ANY CIRCUMSTANCES, INCLUDING, BUT NOT LIMITED TO, LOST PROFITS, REVENUE OR SAVINGS, LOSS OF GOODWILL, OR THE LOSS OF USE OF ANY DATA, EVEN IF SERVERSTACK HAD BEEN ADVISED OF, KNEW, OR SHOULD HAVE KNOWN, OF THE POSSIBILITY THEREOF. NO DISCLOSURE BY SERVERSTACK’S OFFICERS, EMPLOYEES, OR AGENTS, SHALL BE MADE A CAUSE OF LIABILITY. UNDER NO CIRCUMSTANCES SHALL SERVERSTACK’S AGGREGATE CUMULATIVE LIABILITY HEREUNDER, WHETHER IN CONTRACT, TORT, UNDER STATUTE, OR OTHERWISE, EXCEED THE AMOUNT OF ONE (1) MONTH OF SERVICE PROVIDED PURSUANT TO THIS AGREEMENT. USER ACKNOWLEDGES THAT THE FEES PAID BY HIM OR HER REFLECT THE ALLOCATION OF RISK SET FORTH IN THIS AGREEMENT AND THAT SERVERSTACK WOULD NOT ENTER INTO THIS AGREEMENT WITHOUT THESE LIMITATIONS.
Confidentiality. User shall keep confidential any Confidential Information to which it is given access, and shall cooperate with ServerStack’s efforts to maintain the confidentiality thereof. User shall not publish to third parties or distribute information or documentation that ServerStack provides for purposes of operating and maintaining its systems, including material contained in estimates, invoices, work orders, or other such materials.
Backup. Except as specifically contracted for by User in the SLA, User is solely responsible for the preservation of User’s Data. Even with respect to Data as to which User contracts for backup services, ServerStack shall have no responsibility to preserve Data beyond the scope and time periods set forth specifically in the SLA.
Export. User shall comply with all applicable export and import control laws and regulations in its use of ServerStack Services, and, in particular, User shall not utilize ServerStack Services to export or re-export Data or Software without all required United States and foreign government licenses. User assumes full legal responsibility for any access and use of ServerStack Services from outside the United States, with full understanding that the same may constitute export of technology and technical data that may implicate export regulations and/or require export license, and represents that, should such a license be required, it shall be User’s responsibility to obtain the same, and in the event of any breach of this duty resulting in legal claims against ServerStack, User shall defend and hold Licensor harmless from all claims and damages arising therefrom.
Indemnification. User shall defend, indemnify and hold harmless ServerStack from any and all claims or causes of action arising out of User’s misuse of ServerStack Services.
Termination. Either party may terminate this Agreement if the other party fails to cure a material breach of the terms of this Agreement within thirty (30) days after receiving notice thereof. In the event ServerStack terminates this Agreement for User’s material breach, any amounts owed to ServerStack hereunder before such termination will be immediately due and payable, any and all rights granted to user this Agreement will immediately be cancelled, and User shall promptly discontinue all use of the Services, relinquish any Confidential Information in User’s possession or control. If ServerStack determines that User’s failure to abide by the terms and conditions of this Agreement may give rise to unlawful consequences or cause an immediate risk of damage to ServerStack, other Users, or third parties, ServerStack may terminate this Agreement on less than thirty (30) days notice.
Legal Compliance. ServerStack may suspend or terminate Services and this Agreement immediately upon receipt of any lawfully issued notice from a court having jurisdiction over ServerStack, alleging the use of the Services to accomplish violations of law, pending the resolution of the relevant court proceeding. When subjected to lawful process requiring disclosure, ServerStack may disclose the User’s identity and contact information, and ServerStack shall not be liable for damages or results thereof, and User agrees not to bring any action or claim against ServerStack for such disclosure.
Survival. All terms of this Agreement, which by their nature are intended to survive termination of this Agreement, shall so survive.
Force Majeure. Either party shall be excused from performing hereunder to the extent that it is prevented from performing as a result of any act or event which occurs and is beyond its reasonable control, including, without limitation, acts of God, war, weather, utility or telecommunications outages, unrest or riot, strikes any action of a governmental entity, etc.; provided that the party experiencing the force majeure provides the other with prompt written notice thereof and uses reasonable efforts to remedy effects of such force majeure.
Choice of Law, Venue, Consent to Email Service and Waiver of Hague Convention Service Formalities. Any claim arising under this Agreement shall be construed in accordance with the substantive and procedural laws of the State of New York, without regard to principles of conflict of laws. User consents to the jurisdiction of the State of New York. User consents to service of process via Domestic or International First Class Certified Mail and/or email at the land and email addresses set forth in the signature line below, and waives any requirement under the Hague Convention or other judicial treaty requiring that legal process be translated into any language other than English.
Integration and Miscellaneous Provisions. This Agreement, including all related agreements and policies incorporated by reference herein, constitutes the entire agreement between the parties related to the subject matter hereof, supersedes any prior or contemporaneous agreement between the parties relating to ServerStack’s Services and shall not be modified except by a written agreement signed by both parties, specifically recording the intent to amend this Agreement. Any waiver of a provision of this Agreement must be in writing and signed by the party to be charged. A valid waiver hereunder shall not be interpreted to be a waiver of that obligation in the future or any other obligation under this Agreement. If any provision of this Agreement is prohibited by law or held to be unenforceable, the remaining provisions hereof shall not be affected, and this Agreement shall continue in full force and effect as if such unenforceable provision had never constituted a part hereof. This Agreement may be executed in counterparts, each of which shall be deemed an original, but all of which together shall constitute the same instrument. This Agreement may be signed electronically.
100% Uptime Guaranteed.
Network. We guarantee that the public and private networks at our data centers will be available 100% of the time in any given month, excluding scheduled maintenance.
Infrastructure. We guarantee that our data centers will have power and functioning HVAC, 100% of the time in any given month, excluding scheduled maintenance. Your servers will never be shut down due to loss of power or overheating problems.
Hardware. We guarantee that any failed hardware and server components located within our data centers will be replaced within two (2) hours of failure identification.
Credits. To file a request for SLA credit, customers must contact firstname.lastname@example.org within one (1) week of the incident, and include all applicable details about the downtime. Customers will be credited 5% of their monthly account fee for every half hour of sustained downtime, up to 100% of their monthly account fee for the affected server(s).