Technology Risk Management

Updated as of January 15th, 2020
Before using or subscribing to EAComposer.com, please review the following terms and conditions (the "Service Agreement") which define our service as well as your rights and responsibilities as a user of EAComposer.com.

A. DEFINITIONS

The following terms have the following meanings:

• "Software" WhiteCloud’s proprietary software known as EAComposer,
• "EAComposer Content" means any text, graphics, images, information, data, document, template, editorial and other content owned by us or provided to us by third party providers and forming part of the Service.
• "Member Content" means any text, graphics, images, information, data, document, template, editorial and other content that was either uploaded or created by the Member using the Service.
• "Subscribing Member" means a member that has subscribed and paid for a Standard, Corporate or an Enterprise Membership.
• "Service" or "EAComposer.com" means the internet service owned and operated by us at URL www.EAComposer.com.
• "Member" means a Trial Member, Invited Member or Subscribing Member.
• “Member Administrator” means a person who has the administrative rights within the Member account.
• "Submission" means any text, graphics, data, files, images, photos, videos, sounds, music, works of authorship, or any other information and materials posted to EAComposer.com by a Member.
• "we", "our" or "us" means WhiteCloud Software Ltd., the owner and operator of the Service.
• "Website" means our website available at URL www.eacomposer.com.
• "you" or "your" means any Member that accesses this Website.

B. USE OF SERVICE

Your use of the Service indicates that you are bound by this User Agreement with us. If you don't agree with any of these terms and conditions, don't use the Service.

• We may alter this Agreement at our discretion and your continued use after any change indicates your acceptance of that change. Changes to this Agreement will be communicated to Members 7 days in advance of the effective date of the change. During this period you have the right to respond to the proposed change. If you don't want to be bound by a change, you will be able to remove your data and discontinue use of the Service. If you choose to discontinue the Service because of the change we will refund to you the unused portion of your subscription payment.
• You may not use the Service if you are a person who is either barred or otherwise legally prohibited from receiving or using the Service.
• EAComposer Content is protected by copyright as a collective work and/or compilation, pursuant to Canadian copyright laws, international conventions, and other copyright laws and may only be used in accordance with this limited use license.
• Reselling of EAComposer Content is strictly prohibited.
• If you are a consulting or professional services firm or have a professional services business unit and wish to use EAComposer.com as part of a client engagement additional licensing is required. Please contact us at support@eacomposer.com if you have this request.
• You may print, copy or download EAComposer Content that is made available to you within your Member account.
• Violation of this User Agreement may result in immediate termination of your membership and may result in legal action for injunction, damages or both.

C. CONTENT SUBMISSIONS

• The Service permits Members to post appropriate content on EAComposer.
• EAComposer.com is designed for organizations to manage their IT architecture, architecture practice and architecture artifacts and all content submissions should be in support of this context.
• Members shall be solely responsible for their own Submissions and the consequences of posting or publishing them. In connection with Submissions, Members affirm, represent, and/or warrant that: they own or have the necessary licenses, rights, consents, and permissions to use and to authorize us to use all patent, trademark, trade secret, copyright or other proprietary rights in and to any and all Submissions and have all necessary consents to collect, use and disclose any personally identifiable information contained or displayed in any and all Submissions to enable inclusion and use of the Submissions in the manner contemplated by the Website and these Terms of Use.
• In connection with Submissions, Members further agree that they will not post material that is copyrighted, protected by trade secret or otherwise subject to third party proprietary rights, including privacy and publicity rights, unless such Members are the owner of such rights or have permission from their rightful owner and the necessary consents from any individuals whose personally identifiable information is contained in such material to post the material and to grant us all of the license rights granted herein.
• Members further agree that they will not, in connection with Submissions, submit material that is contrary to applicable local, national, and international laws and regulations.
• We do not endorse any Submissions or any opinion, recommendation, or advice expressed therein, and expressly disclaims any and all liability in connection with Submissions.
• We do not permit copyright infringing activities and infringement of intellectual property rights on our Website, and will remove all Submissions if properly notified that such Submissions infringe on another's intellectual property rights or contravenes any applicable privacy legislation.
• We reserve the right to remove Submissions without prior notice.

D. PERSONAL INFORMATION SECURITY

• Each Member account includes an administrator user account that acts as the gatekeeper for the Member account. Member Administrators have the ability to invite users to be become an Invited Member of the Service. Administrators can also disinvite an Invited Member at any time. Once you choose to disinvite an Invited Member, he/she will not be able to visit, view or contribute to your Member’s Content.
• Do not upload personal information like your telephone number or home address.
• EAComposer.com employees will not contact you and ask you for your password, email address, or other account information. Do not give out any personal information if someone contacts you pretending to be from EAComposer.com and contact us immediately. However, if you contact EAComposer.com, our employees may ask you for personal information to verify your identity.
• If you lost your password, EAComposer.com employees will not provide a new password to you on the phone. Follow the lost password procedure on our Website and a password will be sent to you via email.

E. DATA SECURITY

• We shall ensure that all information uploaded or created by subscribing Members is securely stored on computer servers. These servers shall be dedicated servers exclusively for EAComposer.com and are wholly under our ownership and/or control. We shall not use any shared hosting or cloud computing service to store such information.
• We will only use data center providers in the EU that have been awarded ISO/IEC 27001 accreditation and/or any other ISO accreditation relevant to the Service, it shall maintain this (or these) accreditation(s) throughout the term.
• All Member Content will be stored encrypted on our dedicated servers which are be backed-up daily.
• If we detect an actual or likely breach of information security that will (or is likely to) have a material impact on the Services or the integrity of any data or other information or any systems, we shall:
o immediately act to prevent or mitigate the effects of the breach or likely breach; o aim to restore the Service within 24 hours if the Service has become unavailable; o report the breach or likely breach and its underlying causes to Members as soon as reasonably practicable after detection; and o identify and take all steps required to ensure that the breach or likely breach does not re-occur and report it to the Members;

F. CONFIDENTIALITY

To prevent un-authorized access or use of data, we will:

• we establish and maintain information security measures and procedures consistent with ISO/IEC 27001, ISO/IEC 27000ff (whether certified or not) and/or Best Industry Practice.
• we ensure that access privileges for each individual and piece of equipment are reviewed regularly and that the minimum level of access privileges required to provide the Service are in place.
• EAComposer.com employees can only access your data when the Member Administrator added support@eacomposer.com as a user to the Member account. In all other cases EAComposer.com employees are not able to access your data.

G. INTELLECTUAL PROPERTY RIGHTS

• Any Member Content is the exclusive intellectual property of the Member.
• The Member grants access to their uploaded and created content (Member Content) for the purposes of enabling access and use of the Service as well as performing daily backups of their information and data.

H. LIABILITY DISCLAIMER

• The information, products, and services included on this Website may include inaccuracies or typographical errors. Changes are periodically made to the information herein. We and our third party suppliers provide our Content in this Service 'AS IS', and without any warranty of any kind.
• We, and our third party suppliers make no representations concerning the suitability, reliability or accuracy of EAComposer Content or the Service provided on the Service for any purpose. We and our third party suppliers disclaim all warranties, expressed or implied, in connection with the Content and the services provided on Website, including conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no case will we or our third party providers be liable for any direct, indirect, punitive, special or other damages including, without limitation, lost or delay of use, lost profits, loss of data or any other damage in contract, tort, equity or any other legal theory, even if advised of the possibility thereof. 

I. REGISTRATION AND SECURITY

• Members are responsible for all usage or activity on EAComposer.com via his/her password account. Distribution of your password to others for access to EAComposer.com is expressly prohibited and shall constitute a breach of this Agreement. Any fraudulent, abusive, or otherwise illegal activity may be grounds for termination of your account, at our sole discretion, and you may be referred to appropriate law enforcement agencies.
• As part of the registration process, you will select a username and password. You must keep the username and password secure and confidential.
• You must provide us with accurate, complete, and up-to-date registration information. Failure to do so will constitute a breach of this Agreement.
• You understand that you may not (i) select or use a name of another person with the intent to impersonate that person; (ii) use the rights of any person other than yourself without authorization; or (iii) use a name that we, in our sole discretion, deem inappropriate.
• WhiteCloud Software Ltd. operates in Canada and operated to be in compliance with the laws of the Canada. Access is governed by these Terms and Conditions under the laws of British Columbia and Canada.
• You shall notify us by regular mail or by e-mail at support(@)eacomposer.com of any known or suspected unauthorized use(s) of your account, or any known or suspected breach of security, including loss, theft, or unauthorized disclosure of your password or billing information.
• You are responsible for all usage or activity on EAComposer.com via your password account. Distribution of your password to others for access to EAComposer.com is expressly prohibited and shall constitute a breach of this Agreement. Any fraudulent, abusive, or otherwise illegal activity may be grounds for termination of your account, at our sole discretion, and you may be referred to appropriate law enforcement agencies.
• We will send electronic mail to you, for the purpose of informing you of changes or additions to us, or of any related products and services.

J. SERVICE LEVELS

WhiteCloud shall provide the following service levels with respect to any Software licensed hereunder and/or any hosting Services:

• With respect to any defects, nonconformities, errors, or problems that render the Software or inoperable, WhiteCloud shall provide a telephone or electronic response to Members within 6 hours after WhiteCloud’s receipt of notice of such errors. For inoperable system, WhiteCloud shall restore service within 4 hours to Members’ reasonable satisfaction. For application defects rendering only specific functionality inoperable, WhiteCloud shall restore functionality within two (2) business days said notice, correct the errors.
• With respect to any defects, nonconformities, errors, or problems that degrades the performance, or impairs a primary function, of the Software, WhiteCloud shall provide an electronic response within one business day after WhiteCloud’s receipt of notice of such errors. WhiteCloud will, within five (5) business days of said notice, correct the errors.
• Maintenance and support services with respect to Software also include the provision by WhiteCloud of any and all enhancements, updates, upgrades and/or modifications to the Software that are generally made available to WhiteCloud’s customers.
• • The maintenance and support period is covered by the subscription period (and the applicable maintenance and support fees are included with the annual subscription fees).

K. FEES AND PAYMENTS

• All Subscribing Members are billed annually also on a continuous service basis. Once payment has been received your subscription starts on the 1st of following month. For example a payment received April 15th would result in your subscription starting as of May 1st. In most cases your account will be upgraded immediately after receiving payment but the recorded subscription start date will be the 1st of the following month.
• Subscribing Members will receive a renewal invoice one month before the end of the subscription.
• Renewals shall be made pursuant to a written agreement or amendment signed by the parties’ authorized representatives. WhiteCloud further agrees that, upon any renewal, it will not increase subscription fees more than five percent (5%) over and above the subscription fees paid for the immediately preceding subscription period.
• Cancellation notice must be emailed to support@eacomposer.com one calendar month before the end date of the annual subscription. Annual subscriptions can only be cancelled during the transition of one year to the next.

L. TERMINATION

• Should you breach this Agreement we will revoke your license to use the Service and suspend your right of access. In such a case, no portion of your subscription payment will be refunded.

M. MODIFICATIONS TO THIS AGREEMENT AND THE SERVICE

• We have the right, at our sole discretion, to modify this Agreement or the Service, including the Content of the Service, at any time.
• Changes in Service will be posted on EAComposer.com, or sent via e-mail, or postal mail to you.
• If any portion of this Agreement or any change of this Agreement of the Service is unacceptable to you or will cause you to no longer be in compliance with the Agreement, you should cancel your subscription by sending an email to support@eacomposer.com. (See section regarding cancellation of subscription).
• Continued use of the Service now or following posted notices of changes in this Agreement, (notice is given by changing the date of last revision), means that you have accepted and are bound by the changes.

Updated as of January 16th, 2020

The safety and security of your information is very important, and protecting it is a priority to us. EAComposer software and infrastructure has been designed with the highest security among Cloud software environments.

Data Centers

Our data centers are all ISO/IEC 27001:2013, ISO 9001 (quality management), ISO 14001 (environment management), ISAE 3402 Type II, and IDW PS951 certified. Of course all the required physical, bio-metrical and logical access controls are in place at these locations. There are multiple layers of firewalls at these locations as well.

Data Access

All access to your data is using SSL encryption for the transport layer. We use encrypted keys for session management. All user passwords are stored encrypted in our database. Even our support staff can't access your data. All access to the database and file system from the application is using a dedicated security layer which has additional security access controls. When at rest on our servers your data is always encrypted.

Data Backup

We run daily backups of our databases and file storage, these backups are moved to a secure location off site. Each account has its own dedicated file storage location which is backed up nightly. The database is shared using a multi-tenant model (horizontal partitioning). All data inside the backups is AES256 encrypted.

Data Monitoring

We have real-time 24x7 monitoring & alerting at the application, server and network layers.

We have detailed security information available to all EAComposer customers on request.