Last updated 2023-05-01
These Terms of Service ("Terms") govern your access to and use of the Concid software-as-a-service platform ("Service") provided by Disruptor AS, a company registered in Norway with company registration number 915998771, having its principal place of business at Brinken 39J, OSLO, Norway ("Disruptor AS", "we", "us", or "our"). By accessing or using the Service, you, whether as an individual or a business entity ("you" or "your"), agree to be bound by these Terms.
To access and use the Service, you must create an account by providing a valid email address, your name, and a phone number. You are responsible for providing accurate and complete information during the registration process and for maintaining the confidentiality of your account login credentials. You agree to notify us immediately of any unauthorized use of your account or any other breach of security.
Subject to your compliance with these Terms, Disruptor AS grants you a limited, non-exclusive, non-transferable, non-sublicensable license to access and use the Service, whether on a free or paid basis, for your internal business purposes or personal use, as applicable. You agree not to use the Service for any illegal or unauthorized purposes, or in any manner that violates these Terms.
Access to and use of the Service may be subject to payment of fees as specified in the applicable subscription plan or as otherwise agreed between you and Disruptor AS. You are responsible for paying all applicable fees in a timely manner and for providing accurate billing information. All payment obligations are non-cancelable, and all amounts paid are non-refundable, If you terminate your account or your access to the Service, any fees paid for the current billing period are non-refundable. If you have prepaid for an annual plan, you will not be entitled to a refund for any unused portion of the subscription period.
Your use of the Service may involve the processing of personal data. The processing of personal data is subject to our Data Processing Addendum, which is incorporated into these Terms by reference.
All intellectual property rights in and to the Service, including any software, documentation, and other materials provided by Disruptor AS, are owned by Disruptor AS or its licensors. Except for the limited license granted to you under these Terms, no other rights, title, or interest in or to the Service are granted to you.
You may terminate your account and discontinue your use of the Service at any time by contacting our support team or following the account cancellation process within the Service, if applicable. We may terminate your access to and use of the Service at any time, with or without cause, by providing you with a written notice at least 30 days prior to the intended termination date. Upon termination, your right to use the Service will immediately cease. Sections 6, 8, 9, 10, 11, and 13 of these Terms shall survive any termination or expiration of these Terms.
The Service is provided on an "as is" and "as available" basis, without any warranties of any kind, either express or implied, including, but not limited to, warranties of merchantability, fitness for a particular purpose, or non-infringement. Disruptor AS does not warrant that the Service will be error-free, uninterrupted, secure, or available at all times.
In no event shall Disruptor AS be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits or revenues, whether incurred directly or indirectly, arising out of or in connection with your use of or inability to use the Service, even if Disruptor AS has been advised of the possibility of such damages.
You agree to indemnify, defend, and hold harmless Disruptor AS, its officers, directors, employees, and agents from and against any and all claims, liabilities, damages, losses, or expenses, including reasonable attorneys' fees, arising out of or in connection with your use of the Service, your breach of these Terms, or your infringement of any third-party rights.
We reserve the right to modify or discontinue, temporarily or permanently, the Service, or any features or portions thereof, without prior notice. We may also update these Terms from time to time. For minor changes that do not materially affect the nature or scope of the Service, we may make updates without providing notice. For significant changes that materially affect the nature or scope of the Service, we will notify you by posting the updated Terms on our website or through the Service, or by other appropriate means. By continuing to use the Service after any such changes, you agree to be bound by the updated Terms.
When using the Service, businesses can create teams or entities, and users may upload, store, or share content, including but not limited to documents, images, or other files ("User Content"). You, as a user or business, represent and warrant that you have all necessary rights and permissions to upload, store, or share any User Content through the Service, and that such User Content does not infringe upon any third-party rights, including but not limited to intellectual property rights, privacy, or publicity rights.
You are solely responsible for all User Content uploaded, stored, or shared through the Service and for any consequences arising from such actions. Disruptor AS does not claim ownership of, and assumes no responsibility or liability for, any User Content uploaded, stored, or shared by you or any other users of the Service.
These Terms and any disputes arising out of or relating to these Terms or your use of the Service shall be governed by and construed in accordance with the laws of Norway, without regard to its conflict of law principles. You agree to submit to the exclusive jurisdiction of the courts located in Oslo, Norway, to resolve any legal matter arising from these Terms or your use of the Service.
Last updated 2023-07-03
Where agreed upon by Disruptor AS and you, the Concid SaaS may be deployed as a self-hosted solution. In such cases, these Self Hosted-Terms of Service ("Hosted Terms") will apply in addition to the "Terms".
In the event of any conflict between the provisions in "Hosted Terms"" and "Terms" and/or "DPA", the provisions in "Hosted Terms" will take precedence for self-hosted solutions.
Implications of choosing a self-hosted solution in your Azure Cloud include:
We grant you a non-exclusive, non-transferable, non-sublicensable license to install and use the Software on your own infrastructure solely for your internal business purposes. This license is conditional on your compliance with all the terms and conditions stated in "Terms" and these "Self Hosted Terms".
As a part of the self-hosted solution, you, the client, are required to provide an isolated Azure DevOps Service Connection which Disruptor AS
will use to deploy the Concid SaaS. This includes ensuring that the Service Connection remains functional and secure for the purpose of ongoing maintenance and updates.
The subscription fee for the self-hosted solution includes up to five hours of support per month.
Any support requirements exceeding this limit, or any additional feature development, will be subject to separate discussions and agreements.
Additional features are typically priced at a flat rate of 15,000 NOK per feature.
Please remember that you bear responsibility for the maintenance, security, and overall management of the Azure Cloud infrastructure on which the Concid SaaS is deployed.
Any technical issues that arise from the infrastructure or any costs associated with the Azure subscription are your responsibility.
While using a self-hosted solution, you assume full responsibility for the data security, backups, and all aspects of data management related to the Service. You agree to adhere to all applicable laws and regulations, including data protection laws, and to handle all data processed and stored on your self-hosted solution in a lawful manner. Disruptor AS does not assume any responsibility for the data management practices on your self-hosted solution.
Both Disruptor AS and you may terminate the agreement for the self-hosted solution with a written notice of 30 days prior to the intended termination date. In the event of termination, your rights to use the Service, receive updates, and access support will cease immediately. Upon termination, Disruptor AS will cease to have any access to your Azure DevOps Service Connection and your deployed instance of Concid SaaS. You will be responsible for all data management, including data extraction and deletion, after the termination of the agreement. In the event of termination, any prepaid fees for the current billing period or any unused portion of the subscription period are non-refundable. Please note that Sections 6, 8, 9, 10, 11, and 13 of "Terms" still apply after termination.
Last updated 2023-05-11
This Data Processing Addendum ("DPA") is entered into by and between the Customer (the "Controller") and Disruptor AS, a company registered in Norway with company registration number 915998771, having its principal place of business at Brinken 39J, OSLO, Norway (the "Processor"), and is incorporated into the Terms of Service or other agreement governing the use of the Concid SaaS (the "Agreement"). The purpose of this DPA is to set forth the parties' respective rights and obligations concerning the processing of Personal Data under the Agreement.
For the purposes of this DPA, the following terms shall have the meanings set forth below:
Processor shall process Personal Data only on behalf of and in accordance with Controller's documented instructions, including the terms of this DPA and the Agreement. Processor shall not process Personal Data for its own purposes or for the benefit of any third party.
By entering into this DPA, Controller instructs Processor to process Personal Data for the following purposes:
The Data Controller shall:
The Data Controller has the right to:
The Processor shall:
For the purpose of this agreement, "standard requests" are defined as routine data subject requests for access, rectification, or erasure of personal data, which can be fulfilled using the Processor's standard tools and procedures, and without requiring significant additional effort or resources.
"Non-standard requests" are defined as data subject requests or other tasks that require significant additional effort, resources, or customization of the Processor's standard tools and procedures, or tasks that arise due to the Data Controller's fault. Examples of non-standard requests may include, but are not limited to, complex data searches, data extraction or conversion, addressing repeated or unfounded data subject requests, remedying issues caused by the Data Controller's failure to maintain accurate data or comply with their obligations under applicable data protection laws, or providing assistance with audit processes.
The Processor reserves the right to charge a reasonable fee for assistance with non-standard requests, as well as for support during audit processes initiated by the Data Controller. The Processor shall notify the Data Controller of any applicable fees in advance and obtain the Data Controller's consent before proceeding with such assistance.
The following list describes the authorized sub-processor
The data processor has the data controller’s general authorisation for the engagement of sub-processors. The data processor shall inform in writing the data controller of any intended changes concerning the addition or replacement of sub-processors at least 30 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). In the event of objection - the Controller is free to terminate the use of Concid in accordance with the Terms of Service.
Processor shall implement appropriate technical and organizational security measures to protect Personal Data, including:
Processor shall retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, as set forth in Section 2.2 of this DPA.
The Processor shall not transfer personal data to a third country or an international organization without the prior written consent of the Data Controller, unless required to do so by applicable law. In such a case, the Processor shall inform the Data Controller of that legal requirement before processing, unless the law prohibits such information on important grounds of public interest.
Where the Processor transfers personal data to a third country or an international organization with the Data Controller's consent, the Processor shall ensure that appropriate safeguards are in place to protect the personal data, in accordance with applicable data protection laws. Such safeguards may include the use of standard contractual clauses approved by the European Commission or other competent authority, binding corporate rules, or other legally recognized mechanisms to ensure an adequate level of protection for the personal data.
The Processor shall promptly inform the Data Controller of any changes in the legal status, adequacy decisions, or other circumstances that may impact the continued transfer of personal data to a third country or an international organization.
This DPA shall be governed by and construed in accordance with the same governing law as the Agreement. In the event of any conflict or inconsistency between this DPA and the Agreement, the terms of this DPA shall prevail.
Last updated 2023-05-22
The purpose of this Security Policy is to set forth the overall approach and commitment of Disruptor AS ("we", "us") to ensure the protection and integrity of data within our Software as a Service (SaaS) tool, Concid. This policy covers all data hosted within Concid and applies to all users of the Service.
We enforce access control mechanisms for our data. Only authorized personnel within Disruptor AS are granted access to customer data. Such access is granted on a need-to-know basis, and personnel are given the minimum access required to perform their roles effectively. Access to customer data is secured with two-factor authentication, adding an extra layer of security.
We understand the sensitive nature of the data handled by Concid and assure that we will never share any data about one client with other clients. We understand that some of our clients may be in direct competition with each other, and we ensure that each client's data is kept confidential and segregated.
Access to customer data within Concid is limited Disruptor AS. No contractors or partners are currently granted access to this data unless explicitly stated as a sub processor. In the event of any changes in personnel or partnership structure, we ensure that strict controls and procedures are maintained to preserve the confidentiality of customer data.
We take the security of your data seriously and use various measures to ensure that your data is protected. All of our data is stored on Microsoft Azure SQL databases, where it is encrypted at rest. Customer data is backed up regularly as part of Microsoft Azure's automated backup service.
Access to Concid is secured using out-of-the-box authentication mechanisms from Microsoft, reducing the risk of human errors. All communication between the user and Concid is conducted over HTTPS with automatically updated SSL certificates, further ensuring the privacy and security of data transmission. Communication between different components of Concid is also conducted over HTTPS and secured with industry-standard JSON Web Tokens (JWTs).
User management is conducted through Azure Active Directory (Azure AD), a highly secure, comprehensive identity and access management cloud solution.
All sensitive keys and secrets related to Concid are securely stored in Azure Key Vaults, which are only accessible to the production environment and authorized personnel. This ensures that the most sensitive elements of our system are effectively protected and accessible only when needed.
We adhere to a best-practices deployment process to ensure the integrity and security of our software. All updates and releases undergo testing in a separate Quality Assurance (QA) environment before they are promoted to the production environment.
Concid’s development, QA, and production environments are entirely isolated from each other, preventing any unauthorized or inadvertent access or modification of data across environments. This isolation extends to our code, build pipelines, and deployment processes, further enhancing our system's overall security.
This Information Security Policy will be reviewed annually or in response to significant incidents or changes to our systems or business. We will also update the policy to reflect changes in law or industry best practices.