IF YOU ARE USING THE WEBSITE AND/OR SERVICES THROUGH AN ORGANIZATION, YOU REPRESENT AND WARRANT THAT YOU HAVE THE LEGAL AUTHORITY TO BIND YOUR ORGANIZATION TO THESE TERMS, AND THAT YOU HAVE READ AND UNDERSTOOD THESE TERMS. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU OR YOUR ORGANIZATION DOES NOT AGREE WITH THESE TERMS, THEN YOU SHOULD NOT USE THE SERVICES OR THE WEBSITE.
THE COMPANY RESERVES THE RIGHT TO AMEND OR MODIFY THESE TERMS AT ANY TIME WITHOUT NOTICE TO YOU. WE WILL MAKE AN EFFORT TO UPDATE THIS WEB PAGE WITH ANY CHANGES TO THESE TERMS AND/OR TO THE SERVICES DESCRIBED IN THESE TERMS AND YOU ARE ENCOURAGED TO REVIEW THESE TERMS FREQUENTLY (THE DATE OF THE MOST RECENT REVISION TO THESE TERMS APPEARS ABOVE). You shall be responsible for reviewing and becoming familiar with any such modifications. YOUR CONTINUED USE OF THE WEBSITE, SERVICES, USER ACCOUNT, AND ONLINE SERVICES AFTER CHANGES TO THESE TERMS SHALL SIGNIFY YOUR ASSENT AND ACCEPTANCE OF THE UPDATED TERMS.
The app.refactr.it and refactr.it websites, domain names, subdomain names, any other linked pages, features, content, and application services (including without limitation any mobile application services) offered from time to time by Company in connection therewith (collectively, the “Website”) are owned and operated by Company. Subject to the terms and conditions of this Agreement, Company may offer to provide certain services, as described more fully on the Website or in an Order Form, and that have been selected by you (together with the Website, the “Services”), solely for your own use, and not for the use or benefit of any third party. The term “Services” includes, without limitation, use of the Website, any service the Company performs for you and the Content (as defined below) offered by Company on the Website. The Company may change, suspend or discontinue the Services at any time, including the availability of any feature, database, or Content. The Company may also impose limits on certain features and services or restrict your access to parts or all of the Services without notice or liability. License Scope.
Subject to the terms of this Agreement and User’s purchase of Services, the Company, grants to you during the Term (defined below), a non-exclusive, non-transferable and non-sublicensable right and license to (a) install and use the Services on premises or in a cloud environment, in object-code form, solely for your internal business purposes, in the quantity agreed in the Order Form, and (b) to use any third-party open source software provided with the Services, subject to the applicable third-party open source licenses. You may permit your contractors and affiliates to use the Services and solely on your behalf in accordance with these Terms. You shall be responsible for ensuring your contractors and affiliates comply with these Terms and all applicable Order Forms.
The Company does not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow such persons to register for the Services. If you are under 13, please do not attempt to register for the Services or send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 13 may provide any personal information to the Company or on the Services. In the event that we learn that we have collected personal information from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at email@example.com
You represent and warrant to Company that: (i) if you are an individual (i.e., not a corporation), you are of legal age to form a binding contract or have your parent’s permission to do so, and you are at least 18 years or age or older; (ii) if you are an individual entering into this Agreement on behalf of an entity (e.g., a corporation), you are an authorized representative of the entity with the authority to bind the entity to this Agreement, you agree to this Agreement on the entity’s behalf, and “you” as used in this Agreement includes you and that entity; (iii) all registration information you submit is accurate and truthful; and (iv) you will maintain the accuracy of such information. You also certify that you are legally permitted to use and access the Services and take full responsibility for the selection and use of and access to the Services. This Agreement is void where prohibited by law, and the right to access the Services is revoked in such jurisdictions.
The Services and its contents may only be used in accordance with the terms of this Agreement. All materials displayed or performed on the Services, including, without limitation to text, graphics, articles, photographs, images, illustrations, materials, logos, audio, video, any other information provided from or on, uploaded to and/or downloaded from the Services (collectively, the “Content,”) are protected by copyright and owned by the Company, or its affiliates, subsidiaries, or its licensees. You shall abide by all copyright notices, trademark rules, information, and restrictions contained in any Content accessed through the Services, and shall not use, copy, reproduce, modify, translate, publish, broadcast, transmit, distribute, perform, upload, display, license, sell or otherwise exploit for any purposes whatsoever any Content or third party submissions or other proprietary rights not owned by you: (i) without the express prior written consent of the respective owners, and (ii) in any way that violates any third party right.
The Services are protected by copyright as a collective work and/or compilation, pursuant to U.S. copyright laws, international conventions, and other intellectual property laws. You may not modify, publish, transmit, participate in the transfer or sale of, reproduce (except as expressly provided in this Section 2), create derivative works based on, distribute, perform, display, or in any way exploit, any of the Content, software, materials, or Services in whole or in part.
You may download or copy the Content (and other items displayed on the Services for download) for personal non-commercial use only, provided that you maintain all copyright and other notices contained in such Content. You shall not store any significant portion of any Content in any form. Copying or storing of any Content other than personal, noncommercial use is expressly prohibited without prior written permission from Company or from the copyright holder identified in such Content’s copyright notice. If you link to the Website, Company may revoke your right to so link at any time, at Company’s sole discretion. Company reserves the right to require prior written consent before linking to the Website.
Under no circumstances will the Company be liable in any way for any Content, including, but not limited to, any errors or omissions in any Content, or any loss or damage of any kind incurred in connection with use of or exposure to any Content posted, emailed, accessed, transmitted, or otherwise made available via the Services.
By merely providing access to the Services, the Company does not warrant or represent that: (a) the Content is accurate, complete, up-to-date or current; (b) the Company has any obligation to update any Content; (c) the Content is free from technical inaccuracies or typographical errors; (d) that the Content does not infringe on the intellectual property rights of any third party; (e) that the Content is free from changes caused by a third party; (f) your access to the Services will be free from interruptions, errors, computer viruses or other harmful components; and/or (g) any information obtained in response to questions asked through, or postings made on, the Website is accurate or complete. Your use of the Services and other services offered therein are subject to federal law, the law of the State of Delaware and Washington, or, if the Company transfers your Account to another location, where the Company currently maintains your Account (“Applicable Law”).
(a). DEFINITIONS. The following definitions govern the terms of this Paragraph 3 and as used elsewhere in these Terms:
(b). ONLINE ACCOUNT ACCESS. For certain types of features available through the the Services, including without limitation, the online account access features (the “Online Service”), we require the use of encryption technologies provided for your protection and/or your use of a user identification name (“UserID”) and password after setting up a user account (“User Account”). The Online Service is available by clicking on the Login link on the Website. For self-enrollment, you must provide account-specific information to authenticate yourself (e.g. name, address, email address, phone number, entity or affiliate, and other information requested by the Company. In these Terms, “you” and “your” refer to each person, or, if applicable, the entity who is an owner, signer, or has unrestricted access to a User Account and each person that uses the Online Service with your permission (“Authorized User”). You may never use another person’s User Account and/or UserID without permission.
(c). USER ACCOUNT AND PASSWORD. We use reasonable precautions to protect the privacy of your UserID, password and User Account information by utilizing a Secure Socket Layer (“SSL”) connection. Accordingly, your UserID, password and User Account information are encrypted using an SSL connection and are not expected to be read in an intelligible form as they travel to the Website. You, however, are ultimately responsible for protecting, safeguarding, using reasonable precautions, your UserID, password and User Account information from disclosure to third parties, and you are not permitted to circumvent the use of required encryption technologies. You agree to never leave your computer unattended while using the Online Service and to always exit the Online Service by clicking on “Log Out.” You also agree to immediately notify the Company of any unauthorized use of your UserID, password and/or User Account, or any other breach of security, by email at firstname.lastname@example.org , or through the online message center (if applicable). You are solely responsible for any activity that occurs with respect to your User Account and UserID. While we provide certain encryption technologies and use other reasonable precautions to protect your confidential information and provide suitable security, we do not and cannot guarantee or warrant that information transmitted through the Internet is secure, or that such transmissions are free from delay, error, interception or interruption.
(d). RELIANCE BY THE COMPANY. You authorize the Company to rely on your UserID and password to identify you when you use the Online Service, and as signature authorization for any payment made using the Online Service. You acknowledge and agree that you are responsible for all payments you make using the Online Service and for paying any and all late charges or penalties. You also acknowledge and agree that if you permit another person or persons to use the Online Service or give them your UserID and/or password, you are responsible for any payment that person makes to your Account, even if the person exceeds your authorization. You agree that the Company may comply with the Payment Instructions entered by any person using your UserID and Password.
(e). SECURITY. The Company is committed to protecting the security and confidentiality of information about you and your Account and User Account. The Company uses, and may in the future use, several different security methods to protect your Account and User Account information, including without limitation, the Online Service will automatically log off if prolonged periods of inactivity occur; and/or your session will terminate if you navigate away from the Online Service to another website. If you have questions regarding the security measures taken by the Company, please review the Company’s Security Practices Policy at https://www.refactr.it/terms-privacy-security?tab=security-practices
(f). ELECTRONIC COMMUNICATION.
(i) Email and Online Message Center. When you enroll in the Online Service, you must designate a primary email address that will be used for receiving electronic communication. To the extent that the Company maintains an online message center now or in the future, such exchange of communications shall be considered an electronic communication and may be utilized by the Company for providing you notices pursuant to these Terms, as required by Applicable Law (as permitted) or generally regarding your Account(s) with the Company. The Company will NEVER send you email requesting confidential information such as Account numbers, usernames, or passwords and you should NEVER respond to any email requesting such information. If you receive such an email purportedly from the Company, do not respond to the email and notify the Company by forwarding the email to email@example.com
(ii) Usage of Electronic Communication. By your enrollment in the Online Service, you agree to receive these Terms and any disclosures or notices required by Applicable Law and all other communications electronically to the email address you designate in your account profile. You also agree that the Company may respond to any communication you send to the Company with an electronic communication, regardless of whether your original communication with the Company was an electronic communication. You should not rely on electronic communication if you need to communicate with the Company immediately and, in no event, should your sole method of communication with the Company regarding any emergency be by electronic communication. The Company strongly suggests that you report all matters requiring immediate attention to the Company by calling 866.493.9367 The Company may require you to provide written confirmation of any verbal or electronic notice of alleged error by the Company.
(h). INSUFFICIENT FUNDS TO COMPLETE PAYMENT. You must have sufficient available funds in your Payment Account on the Payment Due Date. If your Payment Account has insufficient funds, the payment will not be completed. Should a payment fail because of insufficient funds in your Payment Account, an amount equal to the Company’s returned payment fee then in effect will be applied to your User Account.
(i). ACCURATE INFORMATION. In creating and using your User Account you agree to: (i) provide true, accurate, current and complete information about yourself on any registration form required on the Website (such information being the “Registration Data”); and (ii) maintain and promptly update the Registration Data to keep it true, accurate, current and complete. If you provide any information that is untrue, inaccurate, not current or incomplete, or the Company has reasonable grounds to suspect that such information is untrue, inaccurate, not current or incomplete, the Company has the right to suspend or terminate your User Account and refuse any and all current or future use of your User Account.
(j). TERMINATION OF ACCOUNT AND ONLINE SERVICES. The Company reserves the right to terminate your use of the Online Service, User Account, and/or right to access secured portions of the Website, without notice to you, for any reason, and at any time, including without limitation, inactivity of your User Account and conduct that we believe violates these Terms and/or is harmful to other users of the Website, to the Company, to the business of the Website’s Internet service provider, or to other information providers. You have the right to terminate your use of the Online Service by writing to the Company at the address provided at the end of these Terms. Any termination of your use of the Online Service, whether initiated by you or by the Company, will not affect any of your or the Company’s rights and obligations under these Terms that have arisen before the effective date of such termination. Any and all payments made to the Company prior to termination of the Online Services, or User Account shall be nonrefundable.
(k). NON-TRANSFERABILITY OF USER ACCOUNT. User Accounts and UserIDs are non-transferable, and all users are obligated to take preventative measures to prohibit unauthorized users from accessing the Website with his or her UserID and password. You may not assign these Terms, in whole or in part, or delegate any of your responsibilities hereunder to any third party. Any such attempted assignment or delegation will not be recognized by the Company unless acknowledge by the Company in writing. The Company has no obligation to provide you with written acknowledgment.
(a). FEES; ORDER FORM. Although some features of the Services are free to users, others require a fee for Services or a fee to use a certain part or feature of the Website. You shall pay to the Company the then applicable fees (the “Fees”) described in the document that details the Services and support purchased by you, including the applicable pricing (“Order Form”), or set forth on the Website for any self-service features in accordance with the Terms therein. If your use of the Services exceeds the Services set forth on the Order Form or on the Website or otherwise requires the payment of additional fees, you shall be billed for such usage and you agree to pay the additional fees in the manner provided herein. If you believe that the Company has billed you incorrectly, you must contact Company no later than 30 days after the closing date on the first billing statement in which the error or problem appeared, in order to receive an adjustment or credit. Inquiries should be directed to Company’s customer support department. The Company may choose to bill through an invoice, in which case, full payment for invoices issued in any given month must be received by Company on the due date of the invoice, unless otherwise agreed by Company in writing. Unpaid amounts are subject to a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower, plus all expenses of collection and may result in immediate termination of Service. You shall be responsible for all taxes associated with Services other than U.S. taxes based on Company’s net income.
(b). AUTO-RENEW. You acknowledge that the Company reserves the right to charge for any portion of the Services from time to time in its discretion. Unless otherwise agreed in the Order Form, Payment for the use of the Services shall be on a subscription payment basis; whereby you acknowledge and agree that the Company shall bill your Payment Account through the Payment Instructions provided by you previously. For the sake of clarity, you acknowledge and agree that the Company will charge the payment method you provided when you signed up for the Services automatically without notice to you. When the Company receives a Payment Instruction, you have authorized the Company to debit or charge your Payment Account and remit funds on your behalf so that the funds arrive as close as reasonably possible to the due date. Unless otherwise agreed in an Order Form, During the Term (one year with automatic renewal unless otherwise agreed), the Fees for the Services shall be billed and paid on a monthly basis. The Fees will depend on the option you chose when signing up or on the Order Form. You may pre-pay your subscription by making a one-time annual payment to the Company instead of making monthly payments. Upon the end of each Term, your account will revert to a monthly payment subscription unless you make another annual pre-payment for the Fees.
(c). FEES INCREASE. The Company reserves the right to change the Fees or applicable charges and to institute new charges and Fees at the end of the initial Term of Services or then current renewal Term, upon thirty (30) days prior notice to you (which may be sent by email).
(d). CANCELLATION. Prior to the end of the Term, you may cancel the Services, including the AUTO-RENEW policy by providing notice to the Company in writing at firstname.lastname@example.org. Such notice shall contain the name of the User Account, any other information necessary for the Company to confirm your identity, and any other information reasonably requested by the Company. Upon receipt of the notice and any other information reasonably requested by the Company, your User Account will be terminated, and you will not be charged Fees for the subsequent Term; provided however, all Fees already paid shall be non-refundable. Upon termination of your paid plan without terminating your User Account, your plan would revert to the free community edition and you would not lose your automation content.
You represent, warrant, covenant, and agree not to directly or indirectly contribute any Content or User Submissions or otherwise use the Services in a manner that (i) infringes or violates the intellectual property rights or proprietary rights, rights of publicity or privacy, or other rights of any third party; (ii) violates any law, statute, ordinance or regulation or promotes illegal activity; (iii) is harmful, fraudulent, deceptive, threatening, abusive, harassing, tortious, defamatory, vulgar, obscene, libelous, or otherwise objectionable; (iv) involves commercial activities and/or sales without Company’s prior written consent such as contests, sweepstakes, barter, advertising, or pyramid schemes; (v) impersonates any person or entity, including without limitation any employee or representative of Company; (vi) contains a virus, trojan horse, worm, time bomb, or other harmful computer code, file, or program; (vii) interferes with the use of the Website or Services, or the equipment used to provide the Services, by customers, authorized resellers, or other authorized users; (viii) generates, distributes, publishes or facilitates unsolicited mass email, promotions, advertisings or other solicitations (“spam”); or (ix) uses the Services, or any interfaces provided with the Services, to access any other Company product or service in a manner that violates the terms of service of such other Company product or service.
Company reserves the right to remove any Content or User Submissions from the Services at any time, for any reason (including, without limitation, upon receipt of claims or allegations from third parties or authorities relating to such Content or User Submissions or if Company is concerned that you may have breached the immediately preceding sentence), or for no reason at all. You, not Company, remain solely responsible for all Content and User Submissions that you upload, post, email, transmit, or otherwise disseminate using, or in connection with, the Services, and you warrant that you possess all rights necessary to provide such content to Company and to grant Company the rights to use such information in connection with the Services and as otherwise provided herein.
You are responsible for all of your activity in connection with the Services. Any fraudulent, abusive, or otherwise illegal activity may be grounds for termination of your right to access or use the Services. You may not post or transmit, or cause to be posted or transmitted, any communication or solicitation designed or intended to obtain password, account, or private information from any other user of the Services. Use of the Services to violate the security of any computer network, crack passwords or security encryption codes, transfer or store illegal material (including material that may be considered threatening or obscene) or engage in any kind of illegal activity is expressly prohibited. Further, the use of manual or automated software, devices, or other processes to “crawl,” “scrape,” or “spider” any portion of the Services is strictly prohibited. You will not decompile, reverse engineer, or otherwise attempt to obtain the source code of the Services. You will be responsible for withholding, filing, and reporting all taxes, duties and other governmental assessments associated with your activity in connection with the Services.
You understand and agree that Company shall have the sole right to decide whether you are in violation of any of the restrictions set forth in this Section and shall have sole discretion regarding the course of action to take in connection therewith.
If the Service is being licensed or otherwise used by the U.S. Government, the Service is “commercial computer software” and “commercial computer documentation” developed exclusively at private expense, and (a) if acquired by or on behalf of a civilian agency, will be subject solely to the terms of this computer software license as specified in 48 C.F.R. 12.212 of the Federal Acquisition Regulations and its successors; and (b) if acquired by or on behalf of units of the Department of Defense (“DOD”) will be subject to the terms of this commercial computer software license as specified in 48 C.F.R. 227.7202-2, DOD FAR Supplement and its successors.
(a). THE COMPANY’S ENTIRE LIABILITY AND YOUR EXCLUSIVE REMEDY WITH RESPECT TO THE USE OF THE SERVICES AND/OR ANY SERVICE PROVIDED IN CONNECTION WITH THE WEBSITE SHALL BE THE CANCELLATION OF YOUR USER ACCOUNT WITH THE COMPANY. IN NO EVENT SHALL THE COMPANY BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES ARISING FROM YOUR USE OF THE SERVICES, AND/OR ANY SERVICE PROVIDED IN CONNECTION WITH THE SERVICES AND/OR ANY SERVICE PROVIDED IN CONNECTION WITH THE WEBSITE, OR FOR ANY OTHER CLAIM RELATED IN ANY WAY TO YOUR USE OF THE SERVICES, THE ONLINE SERVICE AND/OR ANY SERVICE PROVIDED IN CONNECTION WITH THE WEBSITE, INCLUDING, WITHOUT LIMITATION, (A) ERRORS, MISTAKES, OR INACCURACIES OF CONTENT, (B) PERSONAL INJURY OR PROPERTY DAMAGE, OF ANY NATURE WHATSOEVER, RESULTING FROM YOUR ACCESS TO AND USE OF THE SERVICES, THE ONLINE SERVICE AND/OR ANY SERVICE PROVIDED IN CONNECTION WITH THE WEBSITE, (C) ANY UNAUTHORIZED ACCESS TO OR USE OF OUR COMPUTER SERVERS AND/OR ANY AND ALL PERSONAL INFORMATION AND/OR FINANCIAL INFORMATION STORED THEREIN, (D) ANY INTERRUPTION OR CESSATION OF TRANSMISSION TO OR FROM THE SERVICES, THE ONLINE SERVICE AND/OR ANY SERVICE PROVIDED IN CONNECTION WITH THE WEBSITE, AND/OR (E) ANY VIRUSES, WORMS, TIME BOMBS, DROP DEAD DEVICES, TROJAN HORSES OR OTHER HARMFUL COMPONENTS THAT MAY BE TRANSMITTED TO OR THROUGH THE SERVICES, THE ONLINE SERVICE AND/OR ANY SERVICE PROVIDED IN CONNECTION WITH THE WEBSITE BY ANY THIRD PARTY OR FOR ANY LOSS OR DAMAGE OF ANY KIND.
(b). TO THE FULLEST EXTENT ALLOWED BY APPLICABLE LAW, THE MAXIMUM LIABILITY TO WHICH THE COMPANY OR ITS SUPPLIERS, OR THEIR RESPECTIVE PARENTS, SUBSIDIARIES, SHAREHOLDERS, OFFICERS, DIRECTORS, EMPLOYEES, OR AGENTS BE LIABLE WITH RESPECT TO THE SERVICES OR THE SUBJECT MATTER OF THIS AGREEMENT UNDER ANY CONTRACT, NEGLIGENCE, TORT, STRICT LIABILITY OR OTHER LEGAL OR EQUITABLE THEORY SHALL BE THE GREATER OF $100 OR THE FEES PAID BY YOU FOR THE SERVICES DURING THE 12-MONTH PERIOD PRECEEDING THE APPLICABLE CLAIM.
(c). BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, IN SUCH STATES OR JURISDICTIONS THE COMPANY’S LIABILITY WILL BE LIMITED TO THE GREATEST EXTENT PERMITTED BY LAW.
The Services may contain links to third party websites or services (“Third-Party Services”) that are not owned or controlled by Company. The Links to the Third-Party Services are provided for your convenience and information only. When you access Third Party Services, you do so at your own risk. You hereby represent and warrant that you have read and agree to be bound by all applicable policies of any Third-Party Services relating to your use of the Services and that you will act in accordance with those policies, in addition to your obligations under this Agreement. The Company has no control over, and assumes no responsibility for, the content, accuracy, privacy policies, or practices of or opinions expressed in any Third-Party Services. In addition, Company will not and cannot monitor, verify, censor or edit the content of any Third-Party Service. By using the Services, you expressly relieve and hold harmless Company from any and all liability arising from your use of any Third-Party Service.
If a third-party links to the Website, it is not necessarily an indication of an endorsement, authorization, sponsorship, affiliation, joint venture or partnership by or with the Company. In most cases, the Company is not even aware that a third party has linked to the Website. Your interactions with organizations and/or individuals found on or through the Services, including payment and delivery of goods or services, and any other terms, conditions, warranties or representations associated with such dealings, are solely between you and such organizations and/or individuals. You should make whatever investigation you feel necessary or appropriate before proceeding with any online or offline transaction with any of these third parties. You agree that the Company shall not be responsible or liable for any loss or damage of any sort incurred as the result of any such dealings. If there is a dispute between participants on this site, or between users and any third party, you understand and agree that the Company is under no obligation to become involved. In the event that you have a dispute with one or more other users or third parties, you hereby release Company, its officers, employees, agents, and successors in rights from claims, demands, and damages (actual and consequential) of every kind or nature, known or unknown, suspected or unsuspected, disclosed or undisclosed, arising out of or in any way related to such disputes.
(a). Subject to earlier termination as provided below, these Terms and your use of the Services shall continue for one year, unless otherwise agreed in an Order Form (“Initial Service Term”), and shall be automatically renewed for additional periods of the same duration as the Initial Service Term (collectively, the “Term”), unless either party requests termination at least thirty (30) days prior to the end of the then-current Term. Notwithstanding the foregoing, any Fees paid or required to be paid by you for the Services shall be paid in accordance with Section 5 of these Terms.
(b). In addition to any other remedies it may have, either party may also terminate this Agreement upon thirty (30) days’ notice (or without notice in the case of nonpayment), if the other party materially breaches any of the terms or conditions of this Agreement. You shall pay in full for the Services up to and including the last day on which the Services are provided. Upon any termination, the Company will make all customer data available to you for electronic retrieval for a period of thirty (30) days, but thereafter the Company may, but is not obligated to, delete stored customer data. All sections of this Agreement which by their nature should survive termination will survive termination, including, without limitation, accrued rights to payment, confidentiality obligations, warranty disclaimers, and limitations of liability.
(a). COMPANY TRADEMARKS AND COPYRIGHTS. The trademarks, service marks and logos used and displayed on the Website or otherwise through the Services are the Company’s, or its subsidiaries’ or affiliates’, registered and unregistered trademarks. The Company is the copyright owner or authorized licensee of all text and all graphics contained on the Website and Services and all Content contained therein. All trademarks and service marks of the Company that may be referred to on the Website are the property of the Company. Other parties’ trademarks and service marks that may be referred to on the Website and Services are the property of their respective owners. Nothing on the Website should be construed as granting, by implication, estoppel or otherwise, any license or right to use any of the Company’s trademarks or service marks without the Company’s prior written permission. The Company aggressively enforces its intellectual property rights. Neither the name of Refactr nor any of the Company’s other trademarks, service marks or copyrighted materials may be used in any way, including in any advertising, hyperlink, publicity or promotional materials of any kind, whether relating to the Website, the Services, or otherwise, without the Company’s prior written permission.
(b). COPYRIGHT DISPUTE POLICY. It is Company’s policy to (1) block access to or remove material that it believes in good faith to be copyrighted material that has been illegally copied and distributed by any of our advertisers, affiliates, content providers, members or users; and (2) remove and discontinue service to repeat offenders. In accordance with the Digital Millennium Copyright Act or DMCA (posted at www.lcweb.loc.gov/copyright/legislation/dmca.pdf), If you believe that material or content residing on or accessible through the Services or the Website infringes a copyright, please contact the Designated Agent at Refactr, 12345 Lake City Way NE #2067, Seattle, WA 98125 (Attn: Copyright Designated Agent) with the following notice:
(i). A physical or electronic signature of a person authorized to act on behalf of the owner of the copyright that has been allegedly infringed;
(ii). Identification of works or materials being infringed;
(iii). Identification of the material that is claimed to be infringing including information regarding the location of the infringing materials that the copyright owner seeks to have removed, with sufficient detail so that Company is capable of finding and verifying its existence;
(iv). Contact information about the notifier including address, telephone number and, if available, email address;
(v). A statement that the notifier has a good faith belief that the material identified in (3) is not authorized by the copyright owner, its agent, or the law; and
(vi). A statement made under penalty of perjury that the information provided is accurate and the notifying party is authorized to make the complaint on behalf of the copyright owner.
(c). COPYRIGHT DISPUTE COUNTER POLICY. If the content provider, member or user believes that the material that was removed (or to which access was disabled) is not infringing, or the content provider, member or user believes that it has the right to post and use such material from the copyright owner, the copyright owner’s agent, or, pursuant to the law, the content provider, member, or user, must send a counter-notice containing the following information to the Designated Agent listed below: (i) A physical or electronic signature of the content provider, member or user; (ii) identification of the material that has been removed or to which access has been disabled and the location at which the material appeared before it was removed or disabled; (iii) a statement that the content provider, member or user has a good faith belief that the material was removed or disabled as a result of mistake or misidentification of the material; and (4) Content provider’s, member’s or user’s name, address, telephone number, and, if available, email address, and a statement that such person or entity consents to the jurisdiction of the Federal Court for the judicial district in which the content provider’s, member’s or user’s address is located, or, if the content provider’s, member’s or user’s address is located outside the United States, for any judicial district in which Company is located, and that such person or entity will accept service of process from the person who provided notification of the alleged infringement. If a counter-notice is received by the Designated Agent, the Company may send a copy of the counter-notice to the original complaining party informing that person that Company may replace the removed material or cease disabling it in 10 business days.
The Company makes no representation that content or materials in the Website or the Services are appropriate or available for use in jurisdictions outside the United States. Access to the Website or the Services from jurisdictions where such access is illegal is prohibited. If you choose to access the Website or the Services from other jurisdictions, you do so on your own initiative and are responsible for compliance with applicable local laws. The Company is not responsible for any violation of law. You may not use or export the Content or materials in the Website or Services in violation of U.S. export laws and regulations.
(a). ARBITRATION; GOVERNING LAW. This Agreement shall be governed by and construed in accordance with the laws of the State of Washington without regard to the conflict of laws provisions thereof. Any dispute arising from or relating to the subject matter of this Agreement shall be finally settled by arbitration in King County, Washington using the English language in accordance with the Streamlined Arbitration Rules and Procedures of Judicial Arbitration and Mediation Services, Inc. (“JAMS”) then in effect, by one commercial arbitrator with substantial experience in resolving intellectual property and commercial contract disputes, who shall be selected from the appropriate list of JAMS arbitrators in accordance with the Streamlined Arbitration Rules and Procedures of JAMS. Judgment upon the award so rendered may be entered in a court having jurisdiction, or application may be made to such court for judicial acceptance of any award and an order of enforcement, as the case may be. Notwithstanding the foregoing, each party shall have the right to institute an action in a court of proper jurisdiction for injunctive or other equitable relief pending a final decision by the arbitrator. For all purposes of this Agreement, the parties consent to exclusive jurisdiction and venue in the United States Federal Courts located in the Western District of Washington.
(b). NO CLASS ACTION/JURY TRIAL. RECIPIENT MAY ONLY BRING CLAIMS IN AN INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. CLAIMS OF TWO OR MORE PERSONS MAY NOT BE JOINED OR CONSOLIDATED IN THE SAME ARBITRATION. TO THE MAXIMUM EXTENT PERMITTED BY LAW, YOU AND WE WAIVE ALL RIGHT TO TRIAL BY JURY IN ANY ACTION OR PROCEEDING TO ENFORCE OR DEFEND ANY RIGHTS UNDER THIS AGREEMENT OR UNDER ANY AGREEMENT, INSTRUMENT OR OTHER DOCUMENT CONTEMPLATED HEREBY OR RELATED HERETO AND IN ANY ACTION DIRECTLY OR INDIRECTLY RELATED TO OR CONNECTED WITH THE WEBSITE OR SERVICES PROVIDED FOR HEREIN, OR ANY CONDUCT RELATING TO THE ADMINISTRATION OR ENFORCEMENT OF THESE TERMS OR ARISING FROM THE RELATIONSHIP OF ANY OF THE PARTIES REFERENCED HEREIN. YOU ACKNOWLEDGE THAT THIS WAIVER MAY DEPRIVE YOU OF AN IMPORTANT RIGHT AND THAT SUCH WAIVER HAS KNOWINGLY BEEN AGREED TO BY YOU.
(a). CONSENT; UPDATING THESE TERMS. By accessing and using the Website, Services, User Account, or Online Services, you consent to and agree to be bound by the terms of the foregoing Terms. The Company reserves the right to amend these Terms without notice to you. If we decide to change these Terms, we will make an effort to post those changes on the Website so that you will always be able to understand the terms and conditions that apply to your use of the Website, the Services, the User Account and/or the Online Service. Your use of the Website, the Services, the User Account and/or the Online Service following any amendment of these Terms will signify your assent to and acceptance of its revised terms.
(b). CONTACT. If you have any questions, complaints, or claims with respect to the Services, Website, User Account, or Online Services, you may contact the Company through the Website or by email at email@example.com
1. SEVERITY DEFINITIONS
Response and resolution times are based on your Service Level Agreement with Company. Please refer to ENTERPRISE PLANS: COMMUNITY, STARTER, PRO
Company will make reasonable efforts to adhere to the response and resolution times for issues within the scope of its own software.
The following definitions of Severity should be used when opening tickets.
SEVERITY 1 (URGENT)
Any error reported by the customer where the majority of users for a particular part of the software are affected, the error has high visibility, there is no workaround, and it affects customer’s ability to perform its business.
SEVERITY 2 (HIGH)
Any error reported by the customer where the majority of users for a particular part of the software are affected, the error has high visibility, a workaround is available; however, performance may be degraded or functions limited and it is affecting revenue.
SEVERITY 3 (NORMAL)
Any error reported by the customer where the majority of users for a particular part of the software are affected, the error has high visibility, a workaround is available; however, performance may be degraded or functions limited and it is NOT affecting revenue.
SEVERITY 4 (LOW)
Any error reported by the customer where a single user is severely affected or completely inoperable or a small percentage of users are moderately affected or partially inoperable and the error has limited business impact.
Refactr IT, Inc. (“Refactr”, “we”, “us” or “our”) respects the privacy of our users (“data subject”, “user”, “you”, or “your”). This Policy applies to information we collect when you use our website https://www.refactr.it (“Site”) including any other media form, media channel, mobile website, or mobile application related or connected thereto provided or officially sponsored by Refactr, or any other Refactr websites, e.g. https://app.refactr.it that link to this Policy (collectively, the “Websites”).
Any information relating to an identified or identifiable natural person (“data subject” or “user” or “you”), is considered personal data. An identifiable natural person is anyone who can be directly or indirectly identified, in particular by reference to an identifier such as a name, an identification number, location data, online identifiers, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
This refers to the various categories of personal data identified by European and other data privacy laws as requiring special treatment, including (in some circumstances) the need to obtain explicit consent. These categories comprise personal identity numbers, personal data about your personality and private life, racial or ethnic origin, nationality, political opinions, membership of political parties or movements, religious, philosophical or other similar beliefs, membership of a trade union or profession or trade association, physical or mental health, genetic code, addictions, sexual life, property matters or criminal records (including information about suspected criminal activities).
When you share personal data with us for processing, you become the data subject according to the General Data Protection Regulation, making us the controller responsible for processing.
The legal person, public authority, agency or other body which determines the purposes and means of processing personal data, whether alone or jointly with others. Where the purposes or means of processing are determined by Union or Member State law or other applicable law, rules or regulations, the controller (or the specific criteria for nominating the controller) may be provided for by the governing authority.
We consider any operation or set of operations performed on any personal data to be processing, whether through automated means or otherwise. Such operations include collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, alignment or combination, restriction, erasure or destruction, and disseminating or otherwise making personal data available.
To limit the processing of personal data in the future, such data may be marked to indicate this restriction of processing.
Any form of automated processing of personal data to evaluate certain personal aspects relating to a natural person is considered profiling. In particular, such processing may be used to analyze or predict aspects concerning that natural person’s performance at work, health and economic situation, personal preferences, interests, reliability, behavior, location or movements.
Processing personal data in a way that prevents that data from being attributed to a specific user without additional information is considered pseudonymization. This process ensures that information required to identify a natural person using pseudonymized data is kept separately and is subject to both administrative and technical measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
As defined by the General Data Protection Regulation, the processor is a natural or legal person, public authority, agency or other body that processes data on behalf of the controller.
The recipient is any natural or legal person, public authority, agency or other body to which personal data is disclosed, whether a third party or otherwise. Public authorities, however, which may receive personal data in the framework of a particular inquiry (in accordance with Union or Member State law, and other applicable laws, rules, and regulations), are not considered recipients. Processing of personal data by those public authorities must follow the applicable data protection rules according to the purposes of such processing.
Third parties consist of any natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
We consider consent of a user to be any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data relating to them, either by a statement or by a clear affirmative action.
We partner with selected third party vendors, such as Google Analytics, which may allow tracking technologies and remarketing services on our Websites through the use of first party cookies and third party cookies, to, among other things, analyze and track users’ use of our Websites, determine the popularity of certain content and better understand online activity.
By accessing the Websites, you consent to the collection and use of your information by these third-party vendors. You are encouraged to review their privacy policies and contact them directly for responses to your questions. We do not transfer personal information to these third-party vendors. However, if you do not want any information to be collected and used by tracking technologies, you can visit the third party vendor or Network Advertising Initiative Opt-Out Tool or Digital Advertising Alliance Opt-Out Tool.
Note: You should be aware that getting a new computer, installing a new Internet browser, upgrading an existing browser, or erasing or otherwise altering your Internet browser’s cookies may also clear certain opt-out cookies, plugins or settings.
Our newsletter and emails sent from or on behalf of Refactr may contain tracking pixels, or a transparent image embedded in emails to enable log file recording and analysis. We use information collected in this manner to perform statistical analysis of the success or failure of online marketing and customer outreach efforts. Based on the embedded tracking pixel, we may be able to determine if and when an email was opened, and which links in the email were accessed.
Personal data collected using tracking pixels is stored and analyzed by us (and is not shared with third parties) to optimize the delivery of our newsletters and emails, and to improve the relevance of the distributed content. Many email clients and web browsers support functionality to opt out or prevent the use of these tracking mechanisms, however users are entitled to revoke their consent to receiving our newsletter at any time, after which personal data collected in this manner will be deleted by us. We automatically consider a withdrawal or cancellation of subscription to our newsletter as a revocation of your consent.
While we try to limit the amount of data about you that we collect, it’s not always avoidable to provide our services to you. To receive services from us, you may be asked to share certain information as a contractual or statutory requirement (e.g., tax regulations). You are not obliged to share any information with us, however refusal to do so may result in any existing or proposed contract to be terminated or otherwise rendered void.
More specifically, information we may collect through the Websites includes:
When you access or register with the Websites, or when you choose to participate in other activities related to the Websites like online chat, contact or support, purchases, and subscriptions to services or newsletters, you may be asked to voluntarily share personally identifiable information with us. This information includes details such as your name, shipping address, email address and telephone number, as we as demographic information such as your age, gender, hometown, place of employment and interests. You’re not obligated to provide us with any personal information of any kind, and you are free to change or completely remove any information shared with us at any time, however refusing to do provide requested personal data might prevent you from using certain features of the Websites.
If you choose to register for an account with Refactr or on our Websites, it may be possible for you to share personal data with us. Personal data that we ask for will be indicated as such with an explanation of why we are requesting it, and what it will be used for. By registering and providing us with personal data in this manner, you are providing explicit consent for your information to be used in accordance with this Policy.
We may require additional verification of your consent through a double opt-in procedure where we send a confirmation email to the email address provided for legal purposes and to prevent abuse of our services. To make sure we’re sending newsletters to only those who are interested in receiving them, we may periodically send additional confirmation emails to verified subscribers of our newsletter. Other than confirmation emails, we will not send unsolicited email newsletters to an email address without first receiving consent.
We usually don’t seek to collect sensitive personal data through our Websites, but if we do, we will ask you to consent to our proposed uses of the data. We may also collect some sensitive personal data incidentally. By providing us with unsolicited sensitive personal data, you consent to our using the data subject to applicable law as described in this Policy.
When you purchase, order, return, exchange or request information about our services from the Websites, you may be asked to share financial data with us related to your payment method. This information may include your valid credit card number, card brand, and expiration date, as well as other details necessary to process your payment information. We store only very limited (if any) financial information that we collect. Otherwise, all financial information is processed and stored by our payment processors, such as Stripe. We encourage you to review their privacy policies and contact them directly for responses to your questions.
We automatically collect any information you provide when you voluntarily submit it to us such as your first name, last name, email address, phone number, job title and company name. You may choose to contact us by email or through our Websites for a variety of purposes such as product or company inquiries, customer support inquiries and sales requests. Throughout our Websites, we may also provide the opportunity to register for events or conferences, order or request white papers, or participate in online surveys. When we collect this type of information, we will notify you as to why we are asking for information and how this information will be used. It is completely up to you to choose whether or not you want to provide it.
We also provide the ability to submit job applications to our open job listings. To appropriately respond to your application, we need to collect and process your provided personal data, which may also be carried out electronically. If we begin an employment contract with you, your submitted application data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. With your consent, we may store your application data for up to twelve months for future consideration for employment with us. Otherwise, your application data will automatically be erased twelve (12) months after notification of the refusal decision, provided that we have no other legitimate interests that require such data such as burden of proof under the Equal Opportunity Act and General Equal Treatment Act.
Whenever you (or any other manual or automated system) accesses our Websites, we collect some general data and information about the request and store the relevant details in server or system log files. This data includes details like your IP address, your browser type and version used, your operating system, the time and date you accessed the Websites, and the pages you viewed directly before and after accessing the Websites. Additional detail may be collected or derived from this information for use in the event of an attack on our information technology systems.
We use this information to make sure the content of our Websites is delivered correctly, to optimize our Websites content, marketing and advertisements, to ensure the long-term performance and viability of our information technology systems and Websites, as well as to provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
To support these efforts, we analyze anonymously collected data and information statistically, with the aim of increasing the data protection and security of our company, and to maintain an optimal level of protection for the personal data we process. This anonymous data stored separately from all personal data provided by users to protect their privacy and ensure that we do not draw any conclusions about any individual users when analyzing this data.
We only process and keep any personal data that you share with us for as long as needed to achieve the purpose of storage, as long as consent is maintained, or as long as is granted by the European or other legislators in laws or regulations we are subject to. The exact length of time we keep personal data depends on the respective statutory retention period for that type of information. After that period of time passes, or if storage of personal data is not applicable, personal data is routinely blocked, deleted or erased as long as it is no longer necessary for the fulfillment or initiation of a contract with us.
Having accurate information about you helps us provide a smooth, efficient, and customized experience. Generally speaking, we use any information we collect to provide services to you, keep our Websites running smoothly, and protect us legally. More specifically, we may use information collected about you via our Websites to:
In accordance with applicable law, information covered by this Policy may be transferred to, and processed in, the United States or any other country in which Refactr or its affiliates, subsidiaries or service providers maintain facilities, even if the level of data privacy required in that country is less than that required by the European Union or other jurisdictions. By accessing our Websites or submitting your personal data to us, you consent to such transfers and to the worldwide processing of your personal data.
Refactr will not use or share your personal information in ways unrelated to those described above without first notifying you and offering you a choice as to whether or not we may use your personal data in a different manner. We do not use automatic decision-making or profiling and will not sell your personal data for any purpose.
We try not to share your personal information that you’ve shared with us, but it may be necessary to disclose it in certain situations. We will not sell individual information and will share it only as outlined in this Policy.
We display personal testimonials of satisfied customers on our Websites in addition to other endorsements. With your consent, we may post your testimonial along with your name on our Websites. If you wish to update or delete your testimonial, please contact us at firstname.lastname@example.org
If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies or fraudulent activities, or when we believe in good faith that disclosure is necessary to protect our rights, property, and safety, we may share your information as permitted or required by any applicable law, rule or regulation, including exchanging information with other entities for fraud protection and credit risk reduction. We will have no duty to notify you of such compliance with local law where applicable.
We may share your information with advertisers and investors for the purpose of conducting general business analysis. Additionally, we may share your personal with third parties necessary to provide you with services you have requested such as our hosting, email service, analytics, customer service, parcel delivery service, event or campaign management providers. These parties are authorized to use your personal data only as necessary to provide these services to us or on our behalf, and it is up to you whether or not you choose to provide it. We may also share your information with such third parties for marketing or remarketing purposes, as permitted by applicable law, rule or regulation. Where possible, we attempt to anonymize or pseudonymize your personal data to limit any potential for direct disclosure.
In the U.S. and other jurisdictions with similar laws, we will only share your personal information if you have not expressed your preference by opting out of having your information shared. In countries that are members of the European Union and all other jurisdictions with similar laws, we will only share your personal information if you have agreed to allow us to share your information with third parties. You have the opportunity to not receive such marketing materials from third parties by updating your subscription preferences.
Our Websites offer publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at email@example.com
Additionally, certain features on our Websites, specifically those for applying to a job opening at Refactr, you may use sign-in services such as LinkedIn or other OpenID providers. These services will authenticate your identity, provide you with the option to share certain personal information (such as your name and email address) with us, and to pre-populate our application form. Services like LinkedIn often give you the option to post information about your activities on our Websites to your profile page to share with others within your network.
We may also partner with other companies that offer products or services related to ours or that host or sponsor related events. In such instances, we may share your information with these business partners if you express interest in such products, services or events if you provide your personal information to event sponsors at their booths or presentations.
Note: In some cases, we may not be able to guarantee the removal of your personal data, in which case we will let you know if we are unable to do so and why.
Before visiting and providing any information to any third-party websites, we encourage you to inform yourself of the privacy policies and practices (if any) of the third party responsible for that website. You should take those steps necessary to protect the privacy of your information as you see fit. We are not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services or applications that may be linked to or from the Websites.
It’s worth noting that we have no authority to manage or control third party solicitations, and are not responsible for the content or actions of third parties with whom you share personal or sensitive data. If you no longer wish to receive correspondence, emails or other communications from any third parties, you are responsible for contacting such third parties directly.
We recognize, under the EU-US and Swiss-US Privacy Shield and the General Data Protection Regulation, that you have certain rights in regards to your personal data. We feel that your privacy and ability to preserve and exercise your rights is very important. You are encouraged to review and understand these rights as they pertain to you and your personal data. These rights include, but are not limited to:
In support of these rights, upon request Refactr will provide you with information about whether we hold any of your personal data. You may update, correct or delete information about you at any time by contacting us at firstname.lastname@example.org If you wish to delete or suspend your account, please contact us at email@example.com, but note that we may retain certain information as required by law or for legitimate business purposes. If you have become aware that an account has been created about you without your knowledge or consent, you may contact us at firstname.lastname@example.org to request deletion of that said account.
For your protection, we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. Please allow us a reasonable amount of time to respond to your request.
Note: We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may also retain cached or archived copies of your information for a certain period of time.
Refactr takes reasonable administrative, technical and physical security measures to help protect your personal data from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once it is received, taking into account the nature of such data and the risks involved in processing, and comply with applicable laws and regulations.
While we have taken reasonable steps to secure the personal data you provide to us, please be aware that despite our best efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal data via our Websites. To this end, you are free to transfer personal data to us through alternative means as necessary, e.g. by telephone or posted mail.
If you have any questions about security or any reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us at email@example.com
Our Websites and products are not intended for, nor designed to attract individuals under the age of eighteen (18). Refactr does not knowingly collect personally identifiable information from any person under the age of eighteen.
Our servers are located in the US. If you are located outside of the US, please be aware that any information provided to us, including personal information, will be transferred from your country of origin to the US. Except in the case of data transfers under the EU-US Privacy Shield, the Swiss-US Privacy Shield, and the General Data Protection Regulation (GDPR), your decision to provide such data to us, or allow us to collect such data through our Websites, constitutes your consent to this data transfer.
Refactr is committed to subjecting all personal data received from European Union (“EU”) member countries and Switzerland, in reliance on the Privacy Shield Framework (“Privacy Shield”), to the Privacy Shield’s applicable Principles. To learn more about the Privacy Shield Framework, and to view our certification page, please visit: https://www.privacyshield.gov
Refactr is responsible for the processing of personal data we receive, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on our behalf. Refactr complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including, unless we prove that we are not responsible for the event giving rise to the damage, the onward transfer of liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Refactr is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Refactr may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If these processes do not result in a resolution, you may then contact your local data protection authority, the U.S. Department of Commerce, and/or the Federal Trade Commission for assistance. Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted and upon written notice to Refactr at firstname.lastname@example.org
Refactr IT, Inc.
1411 4th Ave.
Seattle, WA 98101
Phone: +1 866.493.9367
At Refactr, security is our absolute highest priority. Therefore, we take myriad security measures to ensure that the data of our customers and partners is secure and safe. Refactr employs a layered and multi-faceted security strategy that encompasses the entire business and technology stack.
We aim to be transparent, disclosing some of the security measures we have put in place to defend and protect the Refactr Platform.
The cloud hosted version of the Refactr Platform has all traffic proxied through Azure WAF. We leverage Microsoft Azure Web Application Firewall (WAF) to protect the platform from:
All HTTP traffic to the Refactr Platform happens over an SSL-encrypted connection, and we only accept traffic on port 443. The status of our SSL configuration can be found here. All data transmitted within Refactr Platform is encrypted in transit.
During a user’s first site visit, Refactr sends a Strict Transport Security Header (HSTS) to the user that ensures that all future requests should be made via HTTPS even if a link to the Refactr Platform is specified as HTTP. Additionally, we use HSTS preload, guaranteeing that requests are never – not even the very first – made over a non-encrypted connection. Cookies are also set with a secure flag.
The cloud-hosted version of the Refactr Platform leverages Microsoft Azure and is managed within Microsoft data centers.
Refactr enforces strict controls over access to cloud services that the Refactr Platform runs on in Microsoft Azure.
The Refactr Platform’s back end is supported by a MongoDB database to persist data. All data at rest and associated keys are encrypted using the industry-standard AES-256 algorithm. The platform employs bcrypt encryption for user passwords and other authentication secrets. Only once an authorized user is granted access to their data will that subset of data be decrypted. Secret fields and credential data is encrypted in the database at a per-field resolution, and is decrypted for transmission at the latest possible stage.
The database disks are encrypted at rest using Azure Disk Encryption. For further details about encryption at rest please see Encryption at Rest in Microsoft Azure.
Static files, such as images and other documents are persisted using Microsoft Azure blob storage. All static files are encrypted before they’re stored so while at rest they are encrypted.
Microsoft Azure is certified for a growing number of compliance standards and controls and undergoes several independent third party audits to test for data safety, privacy, and security. Read more about the specific certifications on the Microsoft Azure compliance page.
More information about Microsoft Azure security can be found at Microsoft Azure Security Overview.
Refactr uses Microsoft Azure Security Center to quickly strengthen our security posture and to protect against threats. Refactr uses Microsoft Azure Monitor to monitor uptime and site availability 24/7/365, as well as for centralized log collection and analytics. Key employees receive automatic alerts in the case of downtime or emergencies.
Refactr works closely with the Center for Internet Security (CIS) and has integrated their CIS-CAT configuration assessment tool to run CIS and STIG benchmark assessments natively in the Refactr Platform and we use the tool for assessment on our own infrastructure and applications.
Recent Press with CIS on our integration with CIS-CAT.
Refactr performs internal compliance assessments on a recurring basis, using the following controls:
Refactr assesses its infrastructure and applications using the following automated benchmarks:
Refactr performs internal penetration testing at least once per year.
Refactr also commissions a 3rd-party cybersecurity company to penetration test on a recurring basis. Pen tests are performed by MindPoint Group.
The first 3rd-party penetration test is scheduled for September 2020.
Refactr performs automated vulnerability scanning of its source code on a continuous basis using scanning tools like GitHub Dependabot for static source code analysis. Findings are remediated within 48 hours or best effort depending on the level of findings.
Refactr performs Dynamic Application Security Testing (DAST) on a recurring basis using OWASP Zed Attack Proxy (ZAP).
The Refactr Platform includes per-project group and role-based access controls which allows administrators to limit the data certain users are allowed to see and the actions they are allowed to perform. It’s possible to prevent certain users from viewing some projects at all, as well as prevent them from modifying and executing pipelines within a given project.
Refactr invites all users of the Refactr Platform to notify us of issues they might find in our platform to further strengthen and secure our platform. All vulnerability report submissions are read within hours of receipt, and we aim to respond to all submissions within 48 hours.
We require all employees to use strong, unique passwords for Refactr accounts, company applications and to set up two-factor authentication with each device and service where available. All Refactr employees are required to use the industry-standard password manager LastPass to generate and store strong passwords, and are also required to encrypt local hard drives and enable screen locking for device security. All access to the Refactr Platform admin functionalities is restricted to a few key personnel of the Refactr engineering staff and is restricted by various security measures.
In the event of a security breach, we have created procedures for resolute reactions, including turning off access to the Refactr Platform, mass password reset and certificate rotations. If our platform is maliciously attacked, we will communicate this information to all of our users as quickly and openly as possible.
For security issues please email: email@example.com.