Our contractual commitments
Please note, this is a simplified summary of our commitments but does not replace our Terms of Service and Terms of Sales which alone can be opposed to us.GDPR
- No data resold, obviously.
- No statistics tool (tracker) integrated into the application
- Total anonymization of data recorded on the PERSO server (zero knowledge)
- the user’s IP address may be stored in the server logs
- Minimization of data accessible in clear text on the UpSignOn PRO server
- email address
- authorized devices
- password strength statistics by vault and shared vault
- url and login of shared vault accounts
- the user’s IP address may be stored in the server logs
- Our subcontractors
- hosting: OVH (French company)
- error log management: Sentry (American company)
- these logs may contain personal information (IP address, email address, device identifiers, device type, device name).
- support ticket management: Zendesk (American company)
- these tickets may contain personal information (email address, last name, first name, as well as information on the description of the problem).
Updates
Future updates to the application, server or extension will always be free.
However, we reserve the right to add certain paid features, disabled by default, which do not remove or prevent the use of already existing functionalities.
Transfer to another solution
CSV export allows you to export your passwords to another solution. This feature will never be deleted and will never be charged for. (It is disabled by default for PRO vaults for security reasons, but can be activated at any time from the supervision console).
SAAS Hosting
- Hosted by a French company (OVH) on data centers in France.
- Service Level Agreement: 99.6% of the time 24 hours a day, 7 days a week, subject to any breakdowns and maintenance interventions necessary for the proper functioning of the service, except in cases of force majeure. In the event of an interruption of the service, UpSignOn will inform the customer as soon as possible.
- Business continuity plan:
- continuity of service is made possible thanks to the Offline mode activated by default on the PRO vaults. In case of server unavailability, the application displays the last known version of the data. Modification and synchronization of vaults is no longer possible, but the users retain read access to their data.
- there is no server-side system to ensure immediate continuity of service in the event of a force majeure.
- Disaster recovery plan:
- A backup server, physically located in another data center in France, and not accepting any request in normal times in order to avoid intrusions, is ready to be connected in the event of a fault on the main. The standby server retrieves database status every hour. It is preconfigured and kept up to date to be fully ready when needed.
- In the event of a fault in the main server (destruction of the data center, compromise), the activation of the server backup would require a manual parameter change on the server (5 minutes) and a change of DNS settings (5 minutes). The service would then be restored in 1 hour maximum, the time for the new DNS settings to take effect. This period could possibly be shortened manually by users by clearing the DNS cache of their machines.
- In the event of activation of this disaster recovery plan, modifications made less than one hour before the service interruption would unfortunately be lost.
- If the backup server were also destroyed or compromised, we would be able to rebuild an operational server in 4 working hours and to put back in place a backup of the data from the day before, under reserve of availability of new machines in another data center.
Support and incidents
Our support can be reached by email or phone from Monday to Friday, excluding public holidays, from 9 a.m. to 12 p.m. and 2 p.m. at 5:30 p.m (french hours). (PRO customers only).
Definitions
- Major incident: access to the vaults is no longer possible and there is no workaround.
- Moderate incident: access to the vaults is possible but essential functionalities are not no longer available or are significantly degraded.
- Minor issue: There is an acceptable workaround or the affected functionality is not essential.
| Priority | Support | Analysis | Resolution |
|---|---|---|---|
| Major | 1h | 2h | 4 hours (excluding certification deadlines by stores) |
| Moderate | 1h | 2 working days | 4 working days (excluding certification deadlines by stores) |
| Minor | 1d | 4 working days | 8 working days (excluding certification deadlines by stores) |
In the event of an incident involving the server, an acceptable workaround would be, in most cases, to revert to an earlier version of the server. This would require manual action for the customers who have opted for self-hosting.
In the event of an incident involving the application, an acceptable workaround would be, most of the time, to manually force the reinstallation of an earlier version of the application. This workaround is possible on Windows and Linux, but not on other platforms.
Insurance
- Professional Civil Liability and Cyber Insurance: €100,000 per year
- Operating Civil Liability Insurance: €8,000,000 per claim
Sustainability of the solution
If the UpSignOn company were to be liquidated some day, the application code would be made open source on Github to allow its maintenance by the community.