Terms of Service and Policies Agreement
Welcome and thank you for your interest in Sero!. The Agreement described below is a binding contract. Please read it carefully before using Sero!.
These Terms of Service (the “Terms”) are between us and you:
- If you are an Individual Sero! account holder (Assessor or Taker), this Agreement is between you and Sero!.
- If you are opening a Sero! organizational level account or including this Agreement by reference in a purchase order, this agreement is between Sero! and your organization. You represent that you have the authority to bind your organization to this agreement.
Sero! has several policies (the “Policies”) that form these Terms:
- Acceptable Use Policy
- Billing Policy
- Security Policy
- Support Policy
- Trademark Policy
- Accessibility Statement
The “Agreement” refers to these Terms and the Policies together.
The general idea of this Agreement is that we grant you a license to use the Services, and in return you pay us (when required) and agree to abide by our terms and policies. Your failure to abide by your obligations under these policies constitutes grounds for suspension or termination of your account and revocation of your access to the Services.
In this Agreement:
- “Sero!,” “we,” and “us” means Sero! Learning Assessments, Inc.
- The “Services” means the Sero! services, including Assessor Module and Taker Module, and any other platforms, APIs, interfaces, related web sites, networks, embeddable widgets, downloadable software, and other services we provide.
- “Acceptable Use Policy” means the policy currently available at https://www.Sero!.com/legal/acceptable-use, as it may be updated by us from time to time.
- “Application” means an app you are running as an Enclave Containerized Service.
- “Sero! Marks” or “Marks” mean any trademarks, service marks, service or trade names, logos, and other designations of Sero! and its affiliates that we may make available to you in connection with this Agreement.
- “Sero! Site” means https://www.serolearn.com, http://www.serolearn.com, any subdomain owned or operated by Sero!, and any successor or related site designated by us.
- “Billing Policy” means the policy currently available at https://www.serolearn.com/billing-policy, as it may be updated by us from time to time.
- “Content” means software, data, text, audio, video, images or other content.
- Accesses or uses Your Content; or
- Otherwise accesses or uses the Services under your account.“End User” means any individual or entity that directly or indirectly through another user. The term “End User” does not include individuals or entities when they are accessing or using the Services or any Content under their own Sero! account, rather than your account.
- “High Risk Activity” means any activity where the failure of a supporting computer system could lead to death, personal injury, or severe physical or environmental damage, such as the operation of nuclear facilities, aircraft navigation, or direct life support systems.
You acknowledge and agree that, as provided in greater detail in this Agreement:
- The Services are licensed, not sold to you, and that you may use the Services only as set forth in this Agreement;
- The Services are provided “as is” without warranties of any kind, and Sero!’s liability to you is limited;
- You are solely responsible for protecting the privacy and legal rights of yourself and any End Users you designate;
- You are solely responsible for exporting Your Content from the Services prior to closing your Sero! account (contact email@example.com for instructions); and
- Disputes arising hereunder will be resolved by binding arbitration, and BY ACCEPTING THIS AGREEMENT, YOU AND SERO! ARE EACH WAIVING THE RIGHT TO A TRIAL BY JURY OR TO PARTICIPATE IN A CLASS ACTION. YOU AGREE TO GIVE UP YOUR RIGHT TO GO TO COURT to assert or defend your rights under this contract (except for matters that may be taken to small claims court). Your rights will be determined by a NEUTRAL ARBITRATOR and NOT a judge or jury and your claims cannot be brought as a class action. Please review the Arbitration Agreement below for the details regarding your agreement to arbitrate any disputes with Sero!.
This Agreement takes effect when you register your account, sign a contract that incorporates these terms by reference, or, if earlier, when you use any of the Services (the “Effective Date”).
We provide Sero! Services pursuant to a Service Level Agreement.
By agreeing to this Agreement, you represent and warrant to us that: (a) you are at least eighteen (18) years of age or have the expressed consent of your legal guardian to use Sero!; (b) you have not previously been suspended or removed from the Services; and (c) your registration and your use of the Services is in compliance with all applicable laws and regulations. If you are using the Services on behalf of an entity, organization, or company, you represent and warrant that you have the authority to bind that organization to this Agreement and you agree to be bound by this Agreement on behalf of that organization. Sero! may, in its sole discretion, refuse to offer the Services to any person or entity, and may change its eligibility criteria at any time.
Your Account and Use of the Services
To access the Services, you must create an Sero! Individual Assessor or Organizational user account or Taker user account.
When you register for an account, you may be required to provide us with some information about yourself, such as your email address and name. You agree that the information you provide to us is accurate and that you will keep it accurate at all times. You are responsible for all activities that occur under your accounts, regardless of whether the activities are undertaken by you, your employees, your End Users, or a third party (including your contractors or agents). Organizational account holders may create additional user accounts for users within their organization.
Each Sero! user account is protected by credentials. You are responsible for maintaining the security of your credentials. Sero! and our affiliates are not responsible for unauthorized access to your account, except to the extent caused by our breach of this Agreement. If you do not abide by your obligations, or if you violate our Acceptable Use Policy, we may determine your account to be not in good standing and may take Remedial Action pursuant to relevant sections. Good standing is determined at Sero!’s sole discretion.
SERO! RESERVES THE RIGHT TO DISABLE ANY USER’S ACCESS TO ANY PART OF THE SERVICE, AND TO TERMINATE ANY USER’S ACCOUNT.
You may terminate your account and this Agreement at any time in accordance with applicable sections.
A. Your obligations include, but are not limited to, the following:
- Your use of the Services must comply with all applicable laws, regulations, and ordinances, including any laws regarding the export of data or software.
- You will provide us with true and accurate information and responses in connection with your use of the Services.
- You will contact us immediately if you believe an unauthorized third party may be using your account or if your account information is lost or stolen.
- You will not attempt to gain access to Sero!’s internal administrative tools.
- You will not attempt to disrupt the Services.
- You will abide by the Acceptable Use Policy.
- You will abide by the restrictions in our Support Policy and Security Policy on how the Services may be implemented.
- You will remit payment timely for the Services, as specified in the Billing Policy and any purchase order you may execute.
B. Unauthorized uses. You will not violate, and will not allow third parties under your control to violate, our Acceptable Use Policy or other policies.
B. Your users’ privacy. You are responsible for protecting the privacy and legal rights of your End Users. Your obligations include but are not limited to:
- Properly configuring the Sero! Services, to protect your users’ information;
- Configuring and enforcing user access policies and permissions for the Sero! Services; and
Fees and Charges
A. Payments and pricing. You incur fees and charges based on your use of the Services. We bill as indicated in the Sero! Billing Policy or your purchase order, as applicable. We may invoice you in advance if we determine that your account is at risk of non-payment. Any outstanding balance becomes immediately due and payable upon termination of this Agreement for any reason.
All amounts payable are denominated in United States dollars, and you agree to pay all such amounts in United States dollars.
We may change our Billing Policy. In the event we do so, we will give you 30 days notice before the beginning of the billing cycle during which the revised policy will be applied.
Late payments may bear interest at the rate of 1.5% per month (or the highest rate permitted by law, if less). Charges are exclusive of taxes. You are responsible for paying all reasonable expenses and attorneys fees we incur collecting late payments. We reserve the right to discontinue the provision of the Services to you for any late payments.
We reserve the right to take Remedial Action if you are in breach of this Agreement, including if you are delinquent on your payment obligations by more than 15 days.
Fees are based on our measurements of your organizational size and/or Individual use. Our determination is final.
To the fullest extent permitted by law, you waive all claims relating to charges unless claimed within 60 days after the charge (this does not affect your credit card issuer rights). To the fullest extent permitted by law, refunds (if any) are at our discretion and only in the form of credit for the Services. Nothing in this Agreement obligates Sero! to extend credit to any party.
B. Taxes. You are responsible for paying all taxes and government charges and will pay us for the Services without any reduction. In the event that Sero! is obligated to collect or pay taxes, those taxes will be invoiced to you, unless you provide us with a timely and valid tax exemption certificate issued by the appropriate authority for each jurisdiction in which you claim exempt status.
If any deduction or withholding is required by law, you will notify us and will pay us any additional amounts necessary to ensure that the net amount that we receive, after any deduction and withholding, equals the amount we would have received if no deduction or withholding had been required. Additionally, you will provide us with documentation showing that the withheld and deducted amounts have been paid to the relevant taxing authority.
Suspension, Removal, and Remedial Action
Under some circumstances, you are obligated to suspend or remove Data from the Services and take remedial measures, such as if your Application is compromised or is being used to violate our Acceptable Use Policy.
In addition to your obligations, we reserve the right to suspend your account, suspend your access or your End Users’ access to the Services – i.e., take “Remedial Action”). Our right to take Remedial Action is in addition to our right to terminate this Agreement pursuant to relevant sections.
A. Your obligations. If you become aware that any End User’s use of an Application or data violates the Acceptable Use Policy, you will immediately suspend access to that End User and remove the applicable data to remedy the violation. If you fail to remedy the violation on your own, we will make a specific request that you do so. If you do not remedy the violation within the time period specified in our request (in no case later than 24 hours), we may take Remedial Action.
B. Our obligations. We will always try to resolve Acceptable Use issues within a mutually acceptable timeframe. We reserve the right to take unilateral Remedial Action at any time, however, to enforce our policies and ensure the safety and security of our customers and their users. If we take Remedial Action without prior notice, we will provide the reason to you as soon as is practically possible.
C. Effect of Remedial Action. If we take Remedial Action:
- You remain responsible for all fees and charges you have incurred through the date of the Remedial Action;
- You remain responsible for any applicable fees and charges for any Services to which you continue to have access;
- You remain responsible for applicable data storage fees and charges, and fees and charges for in-process tasks completed after the date of suspension; and
- You will not be entitled to any credits for any period of suspension.
A. Content. As between you and Sero!, you own Your Content. You are solely responsible for the development, operation, maintenance, and use of Your Content. For example, you are solely responsible for:
- Backing up and securing Content or to the extent backups or security controls are provided as part of the Services;
- Compliance of Content with the Acceptable Use Policy, other Policies, and any applicable laws or regulations;
- Any claims relating to Your Content; and
- Properly handling and processing notices sent to you (or any of your affiliates) by any person claiming that Your Content violates such person’s rights, including notices pursuant to the Digital Millennium Copyright Act.
You represent and warrant to us that:
- You or your licensors own all right, title, and interest in and to Your Content;
- You have all rights in Your Content necessary to grant the rights contemplated by this Agreement;
- None of Your Content, End Users’ use of Your Content or Applications, or the Services, will violate the Acceptable Use Policy; and
- You will set up a process to respond to notices of alleged infringement that comply with the Digital Millennium Copyright Act.
Sero! responds to notices of alleged copyright infringement and terminates accounts of repeat infringers according to the process set out in the U.S. Digital Millennium Copyright Act. We reserve the right to take Remedial Action upon receipt of a valid DMCA notice.
B. Proprietary rights. In general, except as expressly set forth elsewhere in this Agreement, this Agreement does not grant either party any rights, implied or otherwise, to the other’s Content or any of the other’s intellectual property. As between the parties, you own all intellectual property rights in your Applications and customer data, and we own all intellectual property rights in the Services.
Notwithstanding that general principle:
- You consent to our use of Your Content to provide the Services to you and any End Users;
- We may disclose Your Content to provide the Services to you or any End Users;
- We may disclose Your Content to comply with any request of a governmental or regulatory body (including subpoenas or court orders); and
- If you provide any suggestions to us, we will own all right, title, and interest in and to your suggestions, even if you have designated the suggestions as confidential. We and our affiliates will be entitled to use your suggestions without restriction. You hereby irrevocably assign us all right, title, and interest in and to your suggestions.
Digital Millennium Copyright Act
If you believe that your copyrighted work has been copied in a way that constitutes copyright infringement and is accessible via the Sero! Services, please notify our copyright agent, as set forth in the Digital Millennium Copyright Act of 1998 (“DMCA”). For your complaint to be valid under the DMCA, you must provide the following information in writing:
- An electronic or physical signature of a person authorized to act on behalf of the copyright owner;
- Identification of the copyrighted work that you claim has been infringed;
- Identification of the material that is claimed to be infringing and where it is located on the Service;
- Information reasonably sufficient to permit us to contact you, such as your address, telephone number, and, e-mail address;
- A statement that you have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or law; and
- A statement, made under penalty of perjury, that the above information is accurate, and that you are the copyright owner or are authorized to act on behalf of the owner.
Submit the above information to:
Sero! Learning Assessments, Inc.
Sero! will promptly terminate without notice the accounts of users that are determined by Sero! to be “repeat infringers.” A repeat infringer is a user who has been notified of infringing activity or has had Content removed from the Service at least twice.
This procedure is exclusively for notifying Sero! that your copyrighted material has been infringed. This policy is intended to protect and comply with Sero!’s rights and obligations under the DMCA, including 17 U.S.C. § 512(c), but does not constitute legal advice. You should contact an attorney for counsel regarding your specific legal rights and obligations.
Your Licenses from Sero!
A. License to access and use the Services. We grant you a limited, revocable, non-exclusive, non-sublicensable, non-transferrable license to access and use the Services solely in accordance with this Agreement. This license is valid only during the term of this Agreement, and is revoked upon termination. This license is subject to the following restrictions:
- Neither you nor any End User may use the Services in any manner or for any purpose other than as expressly permitted by this Agreement.
- Neither you nor any End User may, or may attempt to (a) modify, alter, tamper with, repair, or otherwise create derivative works of any software included in the Services (except to the extent software included in the Services are provided to you under a separate license that expressly permits the creation of derivative works), (b) reverse engineer, disassemble, or decompile the Services or apply any other process or procedure to derive the source code of any software included in the Services, (c) access or use the Services in a way intended to avoid incurring fees or exceeding usage limits or quotas, (d) resell or sublicense the Services, or (e) circumvent any security mechanisms used by Sero!, the Services, or any Applications running on the Services.
- All licenses granted to you in this Agreement are conditional on your continued compliance with this Agreement, and will immediately and automatically terminate if you do not comply with any term or condition of this Agreement.
- During and after the Term, you will not assert, nor will you authorize, assist, or encourage any third party to assert, against us or any of our affiliates, customers, vendors, business partners, or licensors, any patent infringement or other intellectual property infringement claim regarding any Services you have used.
B. License to re-use your Sero! documentation. Notwithstanding the above, we grant you a perpetual license to use, make, adapt, and distribute copies of Sero! documentation to affiliates, directors, officers, employees, or contractors, or as needed to comply with any request of a governmental or regulatory body or a partner. This license is limited to use for your own internal business purposes. You may not resell such materials, or use them (or let them be used) to develop competing products or services. Any distribution you make to third parties must include these restrictions. You are responsible for exporting such materials from Sero! before you cease to be a customer
C. Our trademarks. Sero! hereby grants you a limited, non-exclusive, royalty-free, non-transferable license, with no right to sub-license, to display the Sero! trademarks for the sole purpose of promoting or advertising that you use the Sero! Services. This license shall be exercised only in accordance with the current version of our Trademark Policy. You agree that all goodwill generated through your use of the Sero! trademarks shall inure to the benefit of Sero!.
Our Licenses from You
You hereby grant us a worldwide, non-sublicensable, non-transferable, non-exclusive, terminable, limited license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display, host, store, transfer, modify for the purpose of formatting for display, and distribute any data (including Your Content) for the sole purpose of enabling us to provide you with the Services.
Modification of the Services
You acknowledge and agree that the form and nature of the Services which Sero! provides may change from time to time without prior notice, subject to any other relevant terms. Changes to the form and nature of the Services will be effective with respect to all versions of the Services; examples of changes to the form and nature of the Services include without limitation changes to the Billing Policy, security patches, added functionality, and other enhancements.
The license granted in this Agreement will remain in effect, unless terminated earlier as set forth in this Agreement. The sections concerning Intellectual Property, Indemnification, Exclusion of Warranties, Limitations of Liability, Governing Law, Dispute Resolution and Arbitration, General Terms shall continue to be effective after this Agreement is terminated.
Unless you have a purchase order or other contractual commitment to Sero!:
- You may terminate this Agreement at any time by canceling your account, and
- We may, in our sole discretion for any or no reason, terminate this Agreement by canceling your account or any portion of your access to the Services
YOU ARE SOLELY RESPONSIBLE FOR EXPORTING YOUR CONTENT FROM THE SERVICES PRIOR TO CLOSING YOUR ACCOUNT. CONTACT SUPPORT@SEROLEARN.COM FOR INSTRUCTIONS. IF WE CANCEL YOUR ACCOUNT, WE WILL PROVIDE YOU A REASONABLE OPPORTUNITY TO RETRIEVE YOUR CONTENT, AS PERMITTED BY LAW.
You will not receive any refunds if you terminate this Agreement. If the Agreement is terminated, all of your rights under this Agreement immediately terminate and all fees and charges (including any applicable taxes) owed by you to us are due immediately, including fees and charges for in-process tasks completed after the date of termination.
Changes to these Terms
We reserve the right, at our discretion, to change these Terms, as well as the Policies, on a going-forward basis at any time.
If the changed Terms or Policies materially modify your rights or obligations, we may require you to provide consent by accepting the changed Terms or Policies, as applicable. If we require your acceptance of the changed Terms or Policies, changes are effective only after your acceptance.
In the event that a change to these Terms or Policies does not materially modify your rights or obligations, we will make reasonable efforts to notify you of such change. We may provide notice through a pop-up or banner within the Services, by sending an email to any address you may have used to register for an account, or through other similar mechanisms. These changes are effective upon publication of the changed Terms or Policies.
If you do not accept the changed Terms or Policies, we may terminate your access to and use of the Services. If you are under contractual commitment to Sero!, we may choose not to renew your contract.
Disputes arising under this Agreement will be resolved in accordance with the version of this Agreement that was in effect between the parties at the time the dispute arose.
A. Our Obligations to You. Sero! is obligated to provide Services in accordance with the terms of these Terms of Service and our Service Level Agreement.
B. Your Obligations to Us. You agree that you will be responsible for your use of the Services, and if you harm someone or get in a dispute with someone else, we will not be involved. You agree to defend and indemnify Sero! and its officers, directors, employees, consultants, affiliates, subsidiaries and agents (together, the ”Sero! Entities”) from and against every third-party claim, liability, damage, loss, and expense, including reasonable attorneys’ fees and costs, arising out of or in any way connected with: (a) your access to, use of, or alleged use of, the Services; (b) your violation of any portion of this Agreement, any representation, warranty, or agreement referenced in this Agreement, or any applicable law or regulation; (c) your violation of any third-party right, including any intellectual property right or publicity, confidentiality, other property, or privacy right; or (d) any dispute or issue between you and any third party. We reserve the right, at our own expense, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you (without limiting your indemnification obligations with respect to that matter), and in that case, you agree to cooperate with our defense of that claim. The assumption of such defense or control by us, however, shall not excuse any of your indemnity obligations.
EXCLUSION OF WARRANTIES
EXCEPT AS EXPRESSLY PROVIDED FOR HEREIN, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SERO! DOES NOT MAKE ANY OTHER WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR USE AND NONINFRINGEMENT. SERO! IS NOT RESPONSIBLE OR LIABLE FOR THE DELETION OF OR FAILURE TO STORE ANY CONTENT AND OTHER COMMUNICATIONS MAINTAINED OR TRANSMITTED THROUGH USE OF THE SERVICE. YOU ARE SOLELY RESPONSIBLE FOR SECURING AND BACKING UP YOUR APPLICATION AND CUSTOMER DATA, EXCEPT WHERE BACKUP OR SECURITY CONTROLS ARE EXPRESSLY PROVIDED AS FEATURES OF THE SERVICES. SERO! DOES NOT WARRANT THAT THE OPERATION OF THE SERVICES WILL BE ERROR-FREE, TIMELY, OR UNINTERRUPTED. SERO! DOES NOT WARRANT THAT THE SERVICES WILL BE SECURE, EXCEPT AS EXPRESSLY DOCUMENTED. THE SERVICES ARE NOT DESIGNED, MANUFACTURED, OR INTENDED FOR HIGH RISK ACTIVITIES. YOU UNDERSTAND THAT YOU USE THE SERVICES AT YOUR OWN DISCRETION AND RISK.
NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM THE SERVICES OR ANY MATERIALS OR CONTENT AVAILABLE THROUGH THE SERVICES WILL CREATE ANY WARRANTY REGARDING ANY OF THE SERO! ENTITIES OR THE SERVICES THAT IS NOT EXPRESSLY STATED IN THIS AGREEMENT. YOU ASSUME ALL RISK FOR ANY DAMAGE THAT MAY RESULT FROM YOUR USE OF OR ACCESS TO THE SERVICES AND ANY MATERIALS OR CONTENT AVAILABLE THROUGH THE SERVICES. YOU UNDERSTAND AND AGREE THAT YOU USE THE SERVICES, AND USE, ACCESS, DOWNLOAD, OR OTHERWISE OBTAIN MATERIALS OR CONTENT THROUGH THE SERVICE AND ANY ASSOCIATED SITES OR SERVICES, AT YOUR OWN DISCRETION AND RISK, AND THAT YOU ARE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR PROPERTY (INCLUDING YOUR COMPUTER SYSTEM OR MOBILE DEVICE USED IN CONNECTION WITH THE SERVICE), OR THE LOSS OF DATA THAT RESULTS FROM THE USE OF THE SERVICE OR THE DOWNLOAD OR USE OF THAT MATERIAL OR CONTENT.
SOME JURISDICTIONS MAY PROHIBIT A DISCLAIMER OF WARRANTIES AND YOU MAY HAVE OTHER RIGHTS THAT VARY FROM JURISDICTION TO JURISDICTION.
LIMITATIONS OF LIABILITY
IN NO EVENT WILL THE SERO! ENTITIES BE LIABLE TO YOU FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROFITS, GOODWILL, OR ANY OTHER INTANGIBLE LOSS) ARISING OUT OF OR RELATING TO YOUR ACCESS TO OR USE OF, OR YOUR INABILITY TO ACCESS OR USE, THE SERVICES OR ANY MATERIALS OR CONTENT ON THE SERVICES, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT ANY SERO! ENTITY HAS BEEN INFORMED OF THE POSSIBILITY OF DAMAGE.
YOU AGREE THAT THE AGGREGATE LIABILITY OF THE SERO! ENTITIES TO YOU FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THE USE OF OR ANY INABILITY TO USE ANY PORTION OF THE SERVICE OR OTHERWISE UNDER THIS AGREEMENT, WHETHER IN CONTRACT, TORT, OR OTHERWISE, IS LIMITED TO THE AMOUNT PAID BY YOU TO SERO! FOR ACCESS TO AND USE OF THE SERVICE IN THE 12 MONTHS PRIOR TO THE CLAIM.
SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES. ACCORDINGLY, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.
EACH PROVISION OF THIS AGREEMENT THAT PROVIDES FOR A LIMITATION OF LIABILITY, DISCLAIMER OF WARRANTIES, OR EXCLUSION OF DAMAGES IS TO ALLOCATE THE RISKS UNDER THIS AGREEMENT BETWEEN THE PARTIES. THIS ALLOCATION IS AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES. EACH OF THESE PROVISIONS IS SEVERABLE AND INDEPENDENT OF ALL OTHER PROVISIONS OF THIS AGREEMENT. THE LIMITATIONS IN THIS SECTION 15 WILL APPLY EVEN IF ANY LIMITED REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
The foregoing limitations of liability do not apply to breaches of confidentiality obligations, violations of a party’s intellectual property rights by the other party, or indemnification obligations.
We will provide technical support to you pursuant to our Support Policy. Custom Service Level Agreements or support agreements may be available.
As with any cloud service, you have ongoing security responsibilities to protect Your Content. You hereby agree to the terms of our Security Policy.
This Agreement is governed by the laws of the Commonwealth of Virginia without regard to conflict of law principles. If a lawsuit or court proceeding is permitted under this Agreement, then, unless another location is expressly specified in this Agreement, you and Sero! agree to submit to the personal and exclusive jurisdiction of the state courts and federal courts located within the Commonwealth of Virginia for the purpose of litigating any dispute.
Dispute Resolution and Arbitration
A. Generally. In the interest of resolving disputes between you and Sero! in the most expedient and cost effective manner, you and Sero! agree that every dispute arising in connection with this Agreement will be resolved by binding arbitration. Arbitration is more informal than a lawsuit in court. Arbitration uses a neutral arbitrator instead of a judge or jury, may allow for more limited discovery than in court, and can be subject to very limited review by courts. Arbitrators can award the same damages and relief that a court can award. Our agreement to arbitrate disputes includes all claims arising out of or relating to any aspect of this Agreement, whether based in contract, tort, statute, fraud, misrepresentation, or any other legal theory, and regardless of whether a claim arises during or after the termination of this Agreement. YOU UNDERSTAND AND AGREE THAT, BY ENTERING INTO THIS AGREEMENT, YOU AND SERO! ARE EACH WAIVING THE RIGHT TO A TRIAL BY JURY OR TO PARTICIPATE IN A CLASS ACTION.
B. Exceptions. We both agree that nothing in Agreement will be deemed to waive, preclude, or otherwise limit the right of either of us to: (a) bring an individual action in small claims court; (b) pursue an enforcement action through the applicable federal, state, or local agency if that action is available; (c) seek injunctive relief in a court of law; or (d) to file suit in a court of law to address an intellectual property infringement claim.
C. Arbitrator. Any arbitration between you and Sero! will be governed by the Commercial Dispute Resolution Procedures and the Supplementary Procedures for Consumer Related Disputes (collectively, “AAA Rules”) of the American Arbitration Association (“AAA”), as modified by this Agreement, and will be administered by the AAA. The AAA Rules and filing forms are available online at www.adr.org, by calling the AAA at 1-800-778-7879, or by contacting Sero!.
D. Notice; Process. A party who intends to seek arbitration must first send a written notice of the dispute to the other, by certified mail or Federal Express (signature required), or if we do not have a physical address on file for you, by electronic mail (“Notice”). Sero!’s address for Notice is:
Sero! Learning Assessments, Inc.
The Notice must: (a) describe the nature and basis of the claim or dispute; and (b) set forth the specific relief sought (“Demand”). We agree to use good faith efforts to resolve the claim directly, but if we do not reach an agreement to do so within 30 days after the Notice is received, you or Sero! may commence an arbitration proceeding. During the arbitration, the amount of any settlement offer made by you or Sero! must not be disclosed to the arbitrator until after the arbitrator makes a final decision and award, if any. If our dispute is finally resolved through arbitration in your favor, Sero! will pay you the highest of the following: (i) the amount awarded by the arbitrator, if any; (ii) the last written settlement amount offered by Sero! in settlement of the dispute prior to the arbitrator’s award; or (iii) $1,000.
E. Fees. If you commence arbitration in accordance with this Agreement, Sero! will reimburse you for your payment of the filing fee, unless your claim is for more than $10,000, in which case the payment of any fees will be decided by the AAA Rules. Any arbitration hearing will take place at a location to be agreed upon in Portland, Oregon, but if the claim is for $10,000 or less, you may choose whether the arbitration will be conducted: (a) solely on the basis of documents submitted to the arbitrator; (b) through a non-appearance based telephone hearing; or (c) by an in-person hearing as established by the AAA Rules in the county (or parish) of your billing address. If the arbitrator finds that either the substance of your claim or the relief sought in the Demand is frivolous or brought for an improper purpose (as measured by the standards set forth in Federal Rule of Civil Procedure 11(b)), then the payment of all fees will be governed by the AAA Rules. In that case, you agree to reimburse Sero! for all monies previously disbursed by it that are otherwise your obligation to pay under the AAA Rules. Regardless of the manner in which the arbitration is conducted, the arbitrator must issue a reasoned written decision sufficient to explain the essential findings and conclusions on which the decision and award, if any, are based. The arbitrator may make rulings and resolve disputes as to the payment and reimbursement of fees or expenses at any time during the preceding and upon request from either party made within 14 days of the arbitrator’s ruling on the merits.
F. No Class Actions. YOU AND SERO! AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. Further, unless both you and Sero! agree otherwise, the arbitrator may not consolidate more than one person’s claims, and may not otherwise preside over any form of a representative or class proceeding.
G. Modifications. If Sero! makes any future change to this arbitration provision (other than a change to Sero!’s address for Notice), you may reject the change by sending us written notice within 30 days of the change to Sero!’s address for Notice, in which case your account with Sero! will be immediately terminated and this arbitration provision, as in effect immediately prior to the amendments you reject, will survive.
H. Enforceability. If any part of this section is found to be unenforceable, then the entirety of this section will be null and void and, in that case, the parties agree that the exclusive jurisdiction and venue described in the Governing Law section will govern any action arising out of or related to this Agreement.
Notice to California Residents
If you are a California resident, under California Civil Code Section 1789.3, you may contact the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs in writing at 1625 N. Market Blvd., Suite S-202, Sacramento, California 95834, or by telephone at (800) 952-5210 in order to resolve a complaint regarding the Service or to receive further information regarding use of the Service.
A. Notices. All notices to Sero! must be in writing and addressed to firstname.lastname@example.org. Notice will be treated as given on receipt as verified by written automated receipt or by electronic log (as applicable).
You agree that Sero! may provide you with notices, including those regarding changes to this Agreement, by email, regular mail, or postings on the Sero! Services. By providing Sero! your email address, you consent to our using the email address to send you any notices required by law in lieu of communication by postal mail.
B. Assignment. You may not assign any part of this Agreement without our written consent. Notwithstanding the foregoing, either party may assign the entirety of its rights and obligations under this Agreement, without consent of the other party, to its affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets not involving a direct competitor of the other party.
C. Force Majeure. Sero! shall not be liable for failing or delaying performance of its obligations resulting from any condition beyond its reasonable control, including but not limited to, governmental action, acts of terrorism, earthquake, fire, flood or other acts of God, labor conditions, power failures, and Internet disturbances.
D. No Agency. This Agreement does not create any agency, partnership or joint venture between the parties.
E. No Waiver. You agree that any delay or failure of Sero! to exercise or enforce any legal right or remedy which is contained in this Agreement (or which we have the benefit of under any applicable law), for any reason, does not constitute a formal waiver of our rights and that those rights or remedies will still be available to us.
F. Severability. If any term (or part of a term) of this Agreement is invalid, illegal, or unenforceable, the rest of the Agreement will remain in effect.
G. No Third-Party Beneficiaries. This Agreement does not confer any benefits on any third party unless expressly stated.
H. Equitable Relief. Subject to Section 19 (Dispute Resolution and Arbitration), nothing in this Agreement will limit either party’s ability to seek equitable relief.
I. Amendments. Any amendment must be in writing, signed by both parties, and expressly state that it is amending this Agreement.
J. Entire Agreement. This Agreement supersedes all other agreements between the parties relating to its subject matter. In entering into this Agreement, neither party has relied on, and neither party will have any right remedy based on, any statement, representation or warranty (whether made negligently or innocently), except those expressly set out in this Agreement. The terms located at a URL referenced in this Agreement and the Documentation are hereby incorporated by this reference. After the Effective Date, Sero! may provide you with an updated URL in place of any URL in this Agreement.
K. Interpretation of Conflicting Terms. If there is a conflict among the documents that make up this Agreement, the documents will control in the following order: this Agreement, and the terms located at any URL.
Acceptable Use Policy
We need to make sure our customers use Sero! for beneficial purposes.
This policy describes prohibited uses of the Sero! Services. Capitalized terms used but not otherwise defined here are defined in the Sero! Terms of Service.
By using the Services, you agree to the latest version of this policy. If you violate this policy or authorize or help others to do so, we may suspend or terminate your use of the Services.
The examples described in this policy are not exhaustive. We may modify this policy at any time by posting a revised version on the Sero! Site.
WE RESERVE FULL AND FINAL DISCRETION AS TO WHETHER CERTAIN USES VIOLATE THIS ACCEPTABLE USE POLICY. YOU AGREE THAT OUR DETERMINATION IS FINAL.
No Illegal, Harmful, or Offensive Use or Content
You may not use, or encourage, promote, facilitate or instruct others to use, the Services for any illegal, harmful or offensive use, or to transmit, store, display, distribute or otherwise make available content that is illegal, harmful, or offensive.
Prohibited activities or content include:
- Illegal Activities: Any illegal activities, including advertising, transmitting, or otherwise making available gambling sites or services or disseminating, promoting or facilitating child pornography.
- Harmful or Fraudulent Activities: Activities that may be harmful to others, our operations or reputation, including offering or disseminating fraudulent goods, services, schemes, or promotions (e.g., make-money-fast schemes, Ponzi and pyramid schemes, phishing, or pharming), or engaging in other deceptive practices.
- Infringing Content: Content that infringes or misappropriates the intellectual property or proprietary rights of others.
- Offensive Content: Content that is defamatory, obscene, abusive, invasive of privacy, or otherwise objectionable, including content that constitutes child pornography, relates to bestiality, or depicts non-consensual sex acts.
- Harmful Content: Content or other computer technology that may damage, interfere with, surreptitiously intercept, or expropriate any system, program, or data, including viruses, Trojan horses, worms, time bombs, or cancelbots.
No High Risk Activities
You agree not to use the Services for High Risk Activities, as defined in the Sero! Terms of Service.
No Arms Dealing
You agree not to use the Services to process or store any data that is subject to the International Traffic in Arms Regulations maintained by the Department of State.
No Security Violations
You may not use the Services to violate the security or integrity of any network, computer or communications system, software application, or network or computing device (each, a “System”).
Prohibited activities include:
- Unauthorized Access: Accessing or using any System without permission, including attempting to probe, scan, or test the vulnerability of a System or to breach any security or authentication measures used by a System.
- Interception: Monitoring of data or traffic on a System without permission.
- Falsification of Origin: Forging TCP/IP packet headers, e-mail headers, or any part of a message describing its origin or route. This prohibition does not include the use of aliases or anonymous remailers.
- Hacking: Interfering with the security-related features of the Services
No Network Abuse
You may not make network connections to any users, hosts, or networks unless you have permission to communicate with them.
Prohibited activities include:
- Monitoring or Crawling: Monitoring or crawling of a System that impairs or disrupts the System being monitored or crawled.
- Denial of Service (DoS): Inundating a target with communications requests so the target either cannot respond to legitimate traffic or responds so slowly that it becomes ineffective.
- Intentional Interference: Interfering with the proper functioning of any System, including any deliberate attempt to overload a system by mail bombing, news bombing, broadcast attacks, or flooding techniques.
- Operation of Certain Network Services: Operating network services like open proxies, open mail relays, or open recursive domain name servers.
- Avoiding System Restrictions: Using manual or electronic means to avoid any use limitations placed on a System, such as access and storage restrictions.
- Domain Impersonation: Creating applications pointing at domains you do not own or lawfully control.
- Malware: Uploading or otherwise any disseminating viruses, adware, spyware, worms, or other malicious code.
Usage and Quotas
You agree not to exceed the following limits for Sero! Services:
- 3 TB bandwidth/month for Assessor accounts
- 2 TB bandwidth/month for all other accounts
These are soft limits: If you inadvertently exceed these limits, we will attempt to contact you. If you exceed these limits willfully, repeatedly, or by significant amounts, we may terminate your account.
You agree not to take any action (directly or indirectly) that imposes or may impose (as determined by Sero! in our sole discretion) an unreasonable or disproportionately large load on Sero!’s or its third party providers’ infrastructure.
You agree not to:
- Access the Services to bring an intellectual property infringement claim against Sero! or any of Sero!’s affiliates, customers, vendors, business partners, or licensors;
- Develop or create a competing product or service;
- Copy, modify, create a derivative work of, reverse engineer, decompile, translate, disassemble, or otherwise attempt to extract the source code of the Services or any component thereof;
- Sub-license, resell, or distribute the Services or any component thereof separate from any integrated application;
- Violate, or encourage others to violate, any right of a third party, including by infringing or misappropriating any third party intellectual property right
- Post, upload, or distribute any Content or other content that is unlawful, defamatory, libelous, inaccurate, or that a reasonable person could deem to be objectionable, profane, indecent, pornographic, harassing, threatening, embarrassing, hateful, or otherwise inappropriate;
- Perform any fraudulent activity, including impersonating any person or entity or claiming a false affiliation; misrepresenting the source, identity or content of information transmitted via the Services; accessing any other Service account without permission, or falsifying your age or date of birth.
Our Monitoring and Enforcement
We reserve the right, but do not assume the obligation, to investigate any violation of this policy or misuse of the Services. We may:
- Investigate violations of this policy or misuse of the Services or Sero! Site;
- Remove, disable access to, or modify any content or resource that violates this Policy or any other agreement we have with you for use of the Services or the Sero! Site; and
- Report any activity that we suspect violates any law or regulation to appropriate law enforcement officials, regulators, or other appropriate third parties. Our reporting may include disclosing appropriate customer information. We also may cooperate with appropriate law enforcement agencies, regulators, or other appropriate third parties to help with the investigation and prosecution of illegal conduct by providing network and systems information related to alleged violations of this policy.
Reporting of Violations of this Policy
If you become aware of any violation of this policy, you will immediately notify us and provide us with assistance, as requested, to stop or remedy the violation.
To report any violation of this policy, please email us at email@example.com.
This policy outlines how Sero! determines fees and charges, and performs billing.
Your Sero! account is a paid subscription that entitles you to all of Sero!’s current and future features. You may cancel it at any time.
We charge once per month, unless we determine your account is at risk of non-payment, in which case we may require that you pay for an annual subscription in advance.
Unless you cancel your Sero! account, we will continue to charge for your subscription every month on the anniversary of your first purchase.
Sero! prices are denominated in United States dollars.
Late payments stemming from an inability to charge to the credit card on file may bear interest at the rate of 1.5% per month (or the highest rate permitted by law, if less) determined and compounded daily from the date due until the date paid. You will reimburse any costs or expenses (including, but not limited to, reasonable attorneys’ fees) incurred by Sero! to collect any amount that is not paid when due. Amounts due from you under may not be withheld or offset by you against amounts due to you for any reason.
Other than federal and state net income taxes imposed on Sero! by the United States, you are responsible for paying all taxes, duties, and other governmental charges (“taxes”), pursuant to the Sero! Terms of Service. You will pay any additional amounts as are necessary to ensure that the net amounts received by Sero! after all such taxes are paid are equal to the amounts that Sero! would have been entitled to if the taxes did not exist.
Changes to Billing and this Policy
Any changes to this policy will be posted on this page and may not be provided directly to current subscribers. Sero! Learning Assessments may change subscription rates. Subscribers will be notified of any changes to subscription rates, with the option to cancel subscription effective immediately.
Your privacy is important to us at Sero!. We want to be clear how we use your information, and the ways in which you can protect your privacy.
- What information we collect and why we collect it.
- How we use that information and when we disclose it.
- How to access and update your information.
- The steps we take to protect your information.
Information We Collect
Information you provide to us
We collect the following information:
Content: We collect and store content that you create, input, submit, post, upload, transmit, or store in the process of using our Services, including information from End Users. Such content may include any personal or other sensitive information submitted using our Services.
Other submissions: We collect other data that you may submit to our Services or us directly, such as when you request customer support or communicate with us via email or social media sites.
Information we collect from your use of our Services
Web Logs and Analytics Information: We record certain information and store it in log files when you interact with our Services. This information may include Internet protocol (IP) or other device addresses or ID numbers as well as browser type, Internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, your mobile carrier, and system configuration information. We and our analytics providers also collect and store analytics information when you use our Services to help us improve our Services.
Information we collect from other sources
Information from third party services: We may obtain information, including personal information, from third parties such as our partners and service providers, and combine it with other information we collect from you.
How We Use Information We Collect
We may use the information we collect for a variety of purposes, including to:
- Provide, operate, maintain, improve, personalize, and promote our Services;
- Develop new products, services, features, and functionality;
- Enable you to access and use our Services;
- Process and complete transactions, and send you related information, including purchase confirmations and invoices(for Individual Assessor and Organizational Administrator accounts);
- Communicate with you, including responding to your comments, questions, and requests; providing customer service and support; providing you with information about services, including technical notices, updates, security alerts, administrative messages, or advertising or marketing messages; and providing other news or information about us and our select partners;
- Monitor and analyze trends, usage, and activities in connection with our Services; and
- Investigate and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities.
We may also use the information we collect for other purposes about which we notify you.
Information Sharing and Disclosures
We may share your information in the following ways:
With your express consent, we may share your personal information with companies, organizations, or individuals outside of Sero!.
When you use our Services, certain features (including future features such as sharing maps) may allow you to make some of your content accessible to the public or other users of the Services. We urge you to consider the sensitivity of any information prior to sharing it publicly or with other users.
Access by your Sero! Organizational administrator
Your Sero! account owner may be able to:
- Access information in and about your Sero! account;
- Disclose, restrict, or access information that you have provided or that is made available to you when using your Sero! account, including your content; and
- Control how your Sero! account may be accessed or deleted.
Service Providers, Business Partners and Others: We may share your information with service providers and other third parties who perform services on our behalf, such as infrastructure, analytics, marketing, and advertising services. We provide your payment information to our service providers for payment processing and verification. Service providers such as analytics providers may collect information about your online activities over time and across different online services when you use our Services.
Compliance with Laws and Law Enforcement Requests; Protection of Our Rights
We may disclose your information (including your personal information) to a third party if:
- We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request;
- To enforce our agreements, policies and terms of service;
- To protect the security or integrity of Sero!’s products and services;
- To protect the property, rights, and safety of Sero!, our customers or the public from harm or illegal activities;
- To respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person; or
- To investigate and defend ourselves against any third-party claims or allegations.
Business Transfers: We may share or transfer your information (including your personal information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will notify you of such a change in ownership or transfer of assets by posting a notice on our website.
Aggregate or Non-identifying Data: We may share aggregate or other non-personal information that does not directly identify you with third parties in order to improve the overall experience of our Services.
The Choices You Have With Your Information
You may decline to share certain personal information with us, in which case we may not be able to provide to you some of the features and functionality of our Services. Assessors and Organizational Administrators may update or correct your personal information at any time by accessing the account settings page on the website or within our platform. You may opt out of receiving promotional communications from Sero! by using the unsubscribe link within each email. Even after you opt out from receiving promotional messages from us, you will continue to receive administrative messages from us regarding the Services.
Our Services are usable by individuals under 18 years of age. We do not knowingly collect personal information from children under 18 years of age, except for email addresses and associated names that are provided by the primary account holder. If we become aware that a child under 18 has provided us with additional personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact us at firstname.lastname@example.org.
The core Sero! Services are hosted in the United States. You may use Sero! Services in non-U.S. regions, such as the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law. Please note that when you use Sero! Services, you are transferring your information outside of those regions to the United States for storage and processing. By providing your information, you consent to any transfer and processing in accordance with this Policy.
EU-U.S. Privacy Shield and U.S.-Swiss Safe Harbor Compliance
Sero! Learning Assessments, Inc. is where necessary a participant in the U.S. Department of Commerce’s EU-U.S. Privacy Shield and Swiss Safe Harbor programs, and has certified that we adhere to the EU-U.S. Privacy Shield and U.S.-Swiss Safe Harbor Privacy Principles. Sero! is subject to the investigatory and enforcement powers of the Federal Trade Commission.
For more information about the EU-U.S. Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website.
For more information about U.S.-Swiss Safe Harbor and to view our certification, visit theU.S. Department of Commerce’s Safe Harbor website.
EU-U.S. Privacy Shield Onward Transfers
For personal data transferred from the EU, if we transfer your personal data to a third party, we will ensure that the third party is contractually obligated to process your data only for limited, specific purposes consistent with this policy. We will also ensure that the third party will apply the same level of protection to that data as the EU-U.S. Privacy Shield Principles and will notify us if it makes a determination that it can no longer meet this obligation. Sero! may be potentially liable if these requirements are not met.
Complaints, Questions, and Arbitration
In compliance with the EU-U.S. Privacy Shield and U.S.-Swiss Safe Harbor Principles, we strive to resolve all complaints about privacy and the collection or use of customer information. If you have questions about our participation in the Privacy Shield or Safe Harbor programs or have a complaint, please send an e-mail to email@example.com.
Under the Privacy Shield and Safe Harbor programs, any unresolved privacy complaints can be referred to an independent dispute resolution mechanism. We use the International Centre for Dispute Resolution®/American Arbitration Association®. If you feel that we have not satisfactorily addressed your complaint, you can visit the ICRD/AAA website at https://apps.adr.org/webfile/ for more information on how to file a complaint. In some cases, you may be able to invoke binding arbitration.
California Privacy Rights
California Civil Code Section 1798.83 permits Sero! customers who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at firstname.lastname@example.org.
Please contact us with any questions or comments about this Policy, your personal information, our use and disclosure practices, or your consent choices by email at email@example.com.
This policy outlines: 1) Sero!’s security practices and resources, and 2) your security obligations.
Obligations under this policy (both ours and yours) are are incorporated by reference into the Sero! Terms of Service.
Our documentation may specify restrictions on how the Services may be configured. You agree to comply with any such restrictions or specifications.
You are responsible for properly configuring and using the Services and taking your own steps to maintain appropriate security, protection and backup of Your Content, which may include the use of encryption technology to protect Your Content from unauthorized access and routinely archiving Your Content. Sero! provides many built-in controls for you, as discussed herein. Where configurable or optional security controls (such as encryption) are offered as part of the Services, you are responsible for configuring or enabling those controls. You are ultimately responsible for determining whether the security controls applied to your Applications and data are sufficient for your requirements.
Sero! access credentials and private keys generated by the Services are for your internal use only. You may not sell, transfer or sublicense them to any other entity or person, except that you may disclose your private key to your agents and subcontractors performing work on your behalf.
Reporting Security Vulnerabilities
If you discover a potential security vulnerability, we strongly prefer that you notify us in private by sending an email to firstname.lastname@example.org. Publicly disclosing a security vulnerability without informing us first puts the community at risk. When you notify us of a potential problem, we will work with you to make sure we understand the scope and cause of the issue. Thank you!
Without limiting any provision of the Sero! Terms of Service, we will implement reasonable and appropriate measures designed to help you secure Your Content against accidental or unlawful loss, access or disclosure.
Our Security Practices
Sero! manages information security using the ISO/IEC 27001:2013 framework, which specifies the requirements for establishing, implementing, maintaining and continually improving a comprehensive information security management system and risk management capabilities.
1. Data Center Security
Sero! uses the Amazon Web Services global infrastructure platform.
AWS publishes an “Overview of Security Processes” whitepaper that serves as the reference material for this section. SOC 2 reports are available directly from AWS upon request.
1.A – Compliance
AWS computing environments are continuously audited, with certifications from accreditation bodies across geographies and verticals, including ISO 27001, FedRAMP, DoD CSM, and PCI DSS. Additionally AWS also has assurance programs that provide templates and control mappings to help customers establish the compliance of their environments running on AWS against 20+ standards, including the HIPAA, CESG (UK), and Singapore Multi-tier Cloud Security (MTCS) standards.
p. 6 – “Introduction to AWS Security – July 2015”
1.B – Physical Security
AWS data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
p. 5 – “Amazon Web Services: Overview of Security Processes – May 2017”
1.C – Environmental Security
AWS data center environmental controls include:
- Fire detection and suppression systems
- Redundant power systems, backed by Uninterruptible Power Supply units and generators
- Climate and temperature controls
- Active system monitoring
pp. 5-8 – “Amazon Web Services: Overview of Security Processes – May 2017”
2.A – Secure Architecture
Sero! Enclave stacks run in separate AWS Virtual Private Clouds. Each stack is an isolated network. Most services run in a private subnet. Only SSL/TLS endpoints and a bastion host are exposed to the Internet. Backend users connect to the stack through the bastion host, which restricts access to stack components and logs activity for review.
2.B – Firewalls
All public-facing EC2 instances use inbound Security Group rules configured in deny-all mode. Ports are opened as necessary for: administrative SSH access, Enclave SSH Portal Access, and Redis. Public-facing Enclave Endpoints (which consist in part of an AWS load balancer) are configured to allow traffic on all ports, but only listen on the specific ports required for functionality (e.g., 80 and 443 for an HTTPS Endpoint).
2.C – DDoS Protection and Mitigation
Enclave’s VPC-based approach means that most stack components are not accessible from the Internet, and cannot be targeted directly by a DDoS attack.
Enclave SSL/TLS endpoints include an AWS Elastic Load Balancer, which only supports valid TCP requests, meaning DDoS attacks such as UDP and SYN floods will not reach your app layer.
Should you need to add capacity to deal with a potential attack, you can instantly scale your stack using the Sero! dashboard or command line tool.
2.D – Port Scanning
AWS monitors and stops unauthorized port scanning. Because most of an Enclave stack is private, and all hosts run strict firewalls, port scanning is generally ineffective.
2.E – Spoofing & Sniffing
The AWS network prohibits a host from sending traffic with a source IP or MAC address other than its own. The AWS hypervisor will also not deliver any traffic to a host the traffic is not addressed to, meaning even an instance running in promiscuous mode will not receive or be able to “sniff” traffic intended for other hosts.
p. 13 – “Amazon Web Services: Overview of Security Processes – May 2017”
2.F – Network and Host Vulnerability Scanning
Sero! scans both the Internet-facing network and private network of a master reference stack each month. Sero! is responsible for network and host security, and remediates adverse findings without customer intervention, however you may request a scan of your dedicated VPC and its hosts as needed for your own security assessments and audits.
3. Enclave Platform Security
3.A – Configuration and Change Management
For app services that have an SSL/TLS endpoint attached, Enclave performs a health check on the container set before promoting it to the current release. If the health check fails, the container set is not promoted. Either way, the deploy is zero-downtime.
For any deploy, you can roll back to a previous codebase by pushing a different ref to your app’s Git endpoint.
3.B – Isolation
Dedicated Enclave environments are deployed on AWS VPC-based dedicated stacks, isolated at the customer level. The VPC, network, underlying instances, and AWS virtual infrastructure for your dedicated stack are not shared with any other tenant.
3.C – Logging and Monitoring
Sero! logs AWS and Sero! API activity, and host activity within your stack. Enclave monitors performance indicators such as disk, memory, compute, and logging issues, and automatically resolves them on your behalf.
3.D – Intrusion Detection & Prevention
You may choose to run a host-based intrusion detection or prevention system that can be managed externally, such as Threat Stack, as an add-on. Sero! will ensure the host agents run and can connect to your external management service. You are responsible for procuring a license and operating the system.
3.E – Host Hardening
Enclave host operating systems are hardened based on the Center for Internet Security’s Security Configuration Benchmark for the OS and version in use. For all operating systems:
- Operating systems are installed on hosts only from bare images, and only via automated configuration management. Services installed can be enumerated upon request.
- Host password logins are disabled. SSH root keys are not permitted.
- No user SSH keys are permitted on hosts by default. Sero! internal workforce user access is configured only on a per-user basis, and only when necessary to provide customer support.
- Swap is disabled to avoid writing in-memory secrets to unencrypted volumes.
- Command history for shell sessions is disabled.
- Non-default SSH ports are used.
- No password-based services are installed automatically. Password-based services (such as PostgreSQL) are provisioned only with unique, per-resource, Sero!-generated passphrases. No default passwords are permitted.
- Host security updates are automated.
- All host ports are opened only via whitelist.
3.F – Your Code
SSH public key authentication is used to limit access to your authorized backend users during git-based deploys. Following a successful push to an Sero! git endpoint, code is copied down to your stack’s build layer. The resulting images are pushed to a private stack registry, backed by AWS S3, which provides redundant, access-controlled storage.
3.G – Databases
Databases run in the database layer of your stack, on a private subnet accessible only from app or bastion layer. SSL/TLS is required if the database protocol supports it. Disk volumes backing databases are encrypted at the filesystem level using Sero!-managed AES encryption. You can check whether your database uses AES-192 or AES-256 in the Enclave dashboard. You can rekey the database by dumping/restoring it at any time. You may implement additional controls, such as database security policies or row-/column-level encryption with keys you manage.
4. Enclave Business Continuity
4.A – Backups
Sero! automatically backs up several different types of data:
- Customer Enclave app code and the container images built from that code are stored in private, redundant, access-controlled registries. Sero! recommends that you maintain the canonical version of your codebase in a distributed version control system, such as GitHub. In the event of an app-level outage, Enclave automatically restores services from registry backups.
- Customer metadata is stored in the Sero! APIs, backed by the Amazon Relational Database Service. This metadata includes customer account data (passwords, permissions, SSH keys), and Enclave configuration data, such as environmental variables. Backups are taken nightly and retained for one week.
- Enclave customer database disks are automatically backed up nightly and retained daily for 90 days, and monthly for 6 years. No customer action is required. Two backup copies are kept: One in the region where the database runs, to facilitate fast disaster recovery; the other in a separate geographic region to protect against loss of the original region. Customers may also take on-demand backups. Please see the Enclave database backup documentation for more information.
- For Enclave databases like PostgreSQL that support intermediate backups (e.g., write-ahead logs), Sero! configures these intermediate backups to span at least the time between daily backups, to enable fine-grained, point-in-time disaster recovery.
4.B – Fault Tolerance
AWS data centers are clustered into regions, and sub-clustered into availability zones, each of which is designed as an independent failure zone, meaning they are:
- Physically separated
- Located in lower-risk flood plains
- Equipped with independent uninterruptable power supplies and onsite backup generators
- Fed via different grids from independent utilities, and
- Redundantly connected to multiple tier-1 transit providers
For dedicated environments, Enclave automatically distributes app containers across availability zones when a service is scaled to more than one container.
4.C – High Availability
Enclave allows you to set up high-availability clustering for databases that support it.
App services on v2 stacks are automatically distributed across AWS availability zones as soon as they are scaled to more than one container.
4.D – Disaster Prevention and Recovery
Sero! monitors the stability and availability of customer infrastructure and automatically recovers from disruptions, including app and database failures. In the event of a disaster, Sero! restores apps from the last healthy build image and restores data from the last backup. In the event of a database outage, Enclave will automatically recover the underlying database instance and disk. If the disk is unavailable, Enclave will restore from a backup. Raw database snapshots and restored database clones are available upon request for testing and recovery.
5 – Sero! Internal Security
5.A – Sero! Access
We do not access or use Your Content for any purpose other than for developing and operating the Services and as required by law. As a routine matter, Sero! workforce members do not require access to data processed by your Enclave Containerized Services, such as data stored in your databases. Sero! workforce members are granted least-privilege access to customer environments only when a specific business need arises. Workforce members undergo criminal background screening before hire. In some cases, such as Enclave databases, you may encrypt Your Content using keys you manage.
5.B – Security Management
Sero! manages information security consistent with ISO 27001 and applicable legal and regulatory requirements. Sero!’s ISO 27001 certification for Enclave and Gridron.
Sero! conducts regular security and vulnerability assessments of stack hosts and our applications. Code undergoes automated testing and manual code review prior to being deployed to production. Our security team receives regular notifications of vulnerabilities and patches on a continuous basis.
This policy outlines Sero!’s support practices and resources. It also identifies your support obligations to your customers.
Obligations under this policy (both ours and yours) are incorporated by reference into the Sero! Terms of Service.
We offer several options for technical support. All accounts get the highest level of support as long as the account subscription remains in good standing.
Sero! support includes:
- Answering basic questions about Sero! services and features
- Troubleshooting Sero! services and products.
Send inquiries to email@example.com. Response times will vary, but should not exceed 48 hours.
Support Business Hours
Normal Sero! business hours are 9am-6pm Eastern time.
We will announce if we intend to discontinue or make backwards incompatible changes to any Service. We will always try to give you as much time as possible to make any necessary modifications to your applications or processes. This policy does not apply to versions, features, and functionality that we label as “beta” or “experimental.”
End User Support
Customer support extends to all End Users.
Sero!’s systems are continuously monitored by automated systems and health checks. In the event of any issue that adversely affects the performance, security, reliability, or integrity of the Services, we will receive notification and respond immediately.
This policy grants you limited permission to use the Sero! Marks in connection with your use of the Services.
These Sero! Trademark Guidelines (the “Trademark Guidelines”) form an integral part of the Sero! Terms of Service (the “Terms of Service”) between Sero!, Inc. (“Sero!,” “we,”“ ”us,“ or ”our“) and you or the entity you represent (”you“).
Obligations under this policy (both ours and yours) are are incorporated by reference into the Sero! Terms of Service.
The Sero! Marks are assets of significant value to us and these Trademark Guidelines are intended to preserve that value. These Trademark Guidelines provide you a limited permission to use the Sero! Marks (as defined below), in connection with your use of the Services (as defined in the Terms of Service), or in connection with software products designed to be used with the Services, on the terms set forth herein and in the Terms of Service, until such time as we may terminate such permission, which we may do at any time, in our sole discretion.
For the purposes of these Trademark Guidelines, “Sero! Marks” means the following trademarks, service marks, service or trade names, logos, product names, or designations of Sero! and its affiliates:
- The logo in the form shown below (the “Logo”); and
- “Sero!,” Sero! Learning Assessments, Inc., and any other Sero! Marks and Services made available from time to time.
Provided that you are in good standing with a current and valid account for use of the Services and provided, further, that you comply at all times with the terms of both the Terms of Service and these Trademark Guidelines, we grant you a limited, non-exclusive, non-transferable permission, under our intellectual property rights in and to the Sero! Marks, and only to the limited extent of our intellectual property rights in and to the Sero! Marks, to use the Sero! Marks for the following limited purpose, and only for such limited purpose:
You may utilize the Logo or the appropriate form(s) of the “for” or equivalent naming convention or URL naming convention, as set forth below, to:
- Identify your content and applications (as defined in the Terms of Service) as using the Services; or
- To identify software tools or applications that you create and distribute that are intended for use in connection with the Services.
Without limitation of any provision in the Terms of Service, you acknowledge that any use that you elect to make of the Sero! Marks, even if permitted hereunder, is at your sole risk and that we shall have no liability or responsibility in connection therewith.
Your permission to use the Sero! Marks is a limited permission and you may not use the Sero! Marks for any other purpose. You may not transfer, assign or sublicense your limited permission to use the Sero! Marks to any other person or entity.
Your use of the Sero! Marks shall comply with:
- The most up-to-date versions of the Terms of Service and this Policy; and
- Any other terms, conditions or policies that we may issue from time to time to govern use of the Sero! Marks.
Your permission to use the Sero! Marks hereunder shall automatically terminate and you must immediately stop using the Sero! Marks if at any time:
- The Terms of Service is terminated;
- Your content no longer uses any of the Services, or your applications cannot be used with any of the Services, as applicable; or
- Your account is closed, either by you or by us.
Modification and Termination
You understand and agree that, without prior notice to you and at our sole discretion:
- We may modify this Policy at any time;
- We may modify or terminate your limited permission to use the Sero! Marks, at any time in our sole discretion, for any reason or for no reason at all; and
- We reserve the right to take any and all actions including, without limitation, legal proceedings, against any use of the Sero! Marks that does not comply with the terms of the Terms of Service or this Policy.
No Affiliation or Endorsement
You will not display the Sero! Marks in any manner that implies that you are related to, affiliated with, sponsored or endorsed by us, or in a manner that could reasonably be interpreted to suggest that your content, application, web site, product or service, has been authored or edited by us, or represents our views or opinions.
You may only use the Sero! Marks in a manner designed to maintain the highest standard, quality and reputation that is associated with the Sero! Marks and you will not use the Sero! Marks to disparage us or our products or services.
No Dominant Display; Sero! Mark Differentiation
You may not display any Sero! Mark as the largest or most prominent trademark in any materials (including, without limitation, any web site or product literature) associated with your content, application, software tool or other software application. When using any Sero! Mark (other than the Logo, with respect to which the formatting requirements set forth below, or in a URL), you must distinguish the Sero! Mark from the name of your content and/or other surrounding text by capitalizing the first letter of the Sero! Mark, capitalizing or italicizing the entire Sero! Mark, placing the Sero! Mark in quotes, or using a different style or color of font for the Sero! Mark.
Formatting Requirements with Respect to the Logo
No Modification. We will make the Logo images available to you on the Sero! site. You may not remove, distort or modify any element of the Logo; provided however, you may transform the file format itself, for ease of use.
Colors. The Logo image must be represented in its original color scheme (the checkmark in [#48A448]; the lettering in [#778899]).
Spacing. The Logo must appear by itself, with reasonable spacing (at least the height of the Logo) between each side of the Logo and other graphic or textual elements.
Size. The Logo indicates the minimum size at which you may display it to ensure that the type and trademark notations are legible. The minimum size for the Logo shall be: Inches: 2.08″ x 0.52″ Pixels: 150×40, or Millimeters: 53×14.
Alt/Title Attribute. The Alternative Text (alt/title attribute of the image tag) should either be set to the following text or be left blank: “Assessed by Sero!”.
Permissible Uses of the Sero! Marks
Except for the Logo (with respect to which the formatting requirements are set forth above), you may only use the Sero! Marks: (i) in a relational phrase using “for” or one of the limited number of equivalent naming conventions , as set forth below; or (ii) to the right of the top level domain name in a URL in the format set forth below.
Example of Permissible Use: www.serolearn.com.
You shall link each use of the Sero! Marks directly to the following URL, wherever technically feasible: https://www.serolearn.com. You may open the URL in a new browser window. You may not link the Sero! Marks to any web site other than the primary URL for the applicable Service. You may not frame or mirror any of our web site pages.
You may not hyphenate, combine or abbreviate the Sero! Marks. You shall not incorporate the Sero! Marks into the name of your organization, or your services, products, trademark or logos. The foregoing prohibition includes the use of the Sero! Marks in the name of any application, service or product or in a URL to the left of the top-level domain name (e.g., “.com”, “.net”, “.uk”, etc.). For example, URLs such as Sero.mydomain.com”, “Seroplus.com” are expressly prohibited.
You must include the following statement in any materials that include the Sero! Marks: “Sero!, the Sero! logo, [and name any other Sero! Marks used in such materials] are trademarks of Sero!, Inc. or its affiliates in the United States and/or other countries.” In addition, the Sero! Marks must be designated with the ™/“tm” notice as indicated in Section 2 of this Policy.
No Misleading Use
You may not display the Sero! Marks in any manner that is misleading, unfair, defamatory, infringing, libelous, disparaging, obscene or otherwise objectionable as determined by us in our sole discretion.
You may not imitate the trade dress or “look and feel” of any of our web sites or pages contained in any of our web sites, including without limitation, the branding, color combinations, fonts, graphic designs, product icons or other elements associated with us.
Compliance with Law; Appropriate Activities
You may not use the Sero! Marks in any manner that violates any United States or foreign, federal, state, provincial, municipal, local or other, law or regulation. Without limiting the foregoing, or any provision in the Terms of Service, you may not display any Sero! Mark on your site if your site contains or displays adult content or promotes illegal activities, gambling, or the sale of tobacco or alcohol to persons under twenty-one (21) years of age.
Reservation of Rights
Except for the limited permission specified in Section 3 above, nothing in the Terms of Service or this Policy shall grant or be deemed to grant you any right, license, title or interest in or to any Sero! Mark or any of our or our affiliates’ other trademarks, service marks, trade names, logos, product names, service names, legends, other designations, or abbreviations of any of the foregoing. You acknowledge and agree that we and our affiliates retain any and all intellectual property and other proprietary rights in and to the Sero! Marks. All use by you of the Sero! Marks including any goodwill associated therewith, shall inure to the benefit of Sero!.
You agree that you will not, at any time, challenge or encourage, assist or otherwise induce third parties to challenge the Sero! Marks (except to the extent such restriction is prohibited by law) or our registration thereof, nor shall you attempt to register any trademarks, service marks, trade names, logos, product names, service names, legends, domain names, other designations, or abbreviations of any of the foregoing, or other distinctive brand features that are confusingly similar in any way (including, but not limited to, sound, appearance and spelling) to the Sero! Marks.
If you have questions regarding your obligations under this Policy or questions about any Sero! Mark, please email us at firstname.lastname@example.org.
Accessibility Statement for Serolearn.com and Sero! App
Version 2.0 – October 2020
Sero! Learning Assessments, Inc. is committed to ensuring digital accessibility for people with disabilities. We are continually improving the user experience for everyone, and applying the relevant accessibility standards.
The Web Content Accessibility Guidelines (WCAG) defines requirements for designers and developers to improve accessibility for people with disabilities. It defines three levels of conformance: Level A, Level AA, and Level AAA.
Serolearn.com is partially conformant with WCAG 2.1 level AA. Partially conformant means that some parts of the content do not fully conform to the accessibility standard.
The Sero! App is partially conformant with WCAG 2.1 level AA. Partially conformant means that some parts of the content do not fully conform to the accessibility standard.
We welcome your feedback on the accessibility of Serolearn.com and the Sero! App. Please let us know if you encounter accessibility barriers on either through email to email@example.com.