UserZoom Go Overview
UserZoom Go’s SaaS Delivery Services comprise the complete set-up, delivery and administration of the Ordered Software Services (which in relation to this Exhibit shall be deemed to refer to UserZoom Go on servers operated and maintained by or at the direction of UserZoom. UserZoom will set up, manage, monitor, tune, and react to all aspects of the Ordered Software Services, including Customer Content, databases, network, servers, security components, internet links, etc. By managing all these services, Customer can access the Ordered Software Services via a secured connection from a web browser. UserZoom may delegate the performance of certain portions of the SaaS Delivery Services to third parties, provided UserZoom remains responsible to the Customer for the delivery of the Ordered Software Services. Capitalized terms used but not defined in this UserZoom Go’s SaaS Delivery Services Exhibit shall have the meanings given to them in the Agreement.
Security
Product security
SSO and 2FA
You can sign in via your Google account (optional 2FA via Google). You can also hookup your own authentication system via SAML 2.0 (on the Enterprise plan) and maintain full control.
Passwords
Local passwords are stored in an encrypted form using bcrypt according to our policy guidelines.
Authorization
Access to your data is safely kept behind your accounts login, only you and those you choose to share your data with can access your data. You can configure multiple roles with your organization.
Uptime
We aim for 4 nines of uptime (99.99%), and currently we are above that.
Software security
We rotate all our Operating System images, and dependent software on a weekly basis, using the latest distro with updated security patches.
Data retention
We take privacy seriously. All data deleted by the customer is either permanently deleted (including backups), or anonymized for privacy protection and GDPR requirements.
Network security
Hosting facility
We use Google Cloud Platform for our hosting needs. All data is stored in the U.S. Eastern region.
Redundancy & Backups
All data is redundant and backed up by default, with primary and secondary copies stored in multiple regions (U.S. Eastern).
Access and permissions
We run a deny all policy for all our applications and data for our staff. Access is granted only to those employees who require access to perform their duties.
Encryption
All data is encrypted in transit using TLS 1.2, and at rest with our platform partner, Google Cloud Platform.
Security testing
UserZoom Go uses an external 3rd party to run annual security and penetration testing on all our applications. Contact us at security@userzoomvalidately.com for more information.
Incident response
We monitor for incidents and have an incident and security breach plan in place in the event such a situation arises. To date we’ve had no such incidents.
Additional security
Policies
We have information security and privacy policies in place. All our staff are required to read and follow the guidelines.
Employee vetting
We perform background checks on all new employees in accordance with local laws. The background check includes employment verification and criminal checks for US employees.
Confidentiality
All employment contracts include a confidentiality clause.
PCI and payment data
We leverage Stripe.com for all our payment requirements. Stripe’s security page can be found here.
Availability of Ordered Software Services
UserZoom shall use commercially reasonable efforts to maintain each Ordered Software Service in a manner that minimizes errors and interruptions and to make such Ordered Software Service available 24 hours a day, seven days a week, but it is understood that an Ordered Software Service may be temporarily unavailable due to (a) maintenance, application of Updates (as defined below) and testing of systems, applications and networks within the Data Center (collectively, “Scheduled Maintenance”), or (b) Force Majeure Events. UserZoom will use all commercially reasonable efforts to provide Customer with at least 72 hours advance notice of any Scheduled Maintenance.
In the event of an outage of an Ordered Software Service other than Scheduled Maintenance where users experience no response (“Emergency Downtime”), UserZoom will follow its standard outage procedure set forth below:
- UserZoom will check audit logs to determine if any users were logged in at the time of the outage, and will promptly contact Customer and/or the effected user(s) to understand the impact
- Within 60 minutes of the identification of the outage, UserZoom will notify Customer via e-mail with a status and ETA for restoring service, if available.
- UserZoom will notify Customer via e-mail with status and ETA for restoring (if available), in accordance with UserZoom’s standard policies and procedures with respect to such
Configuration Management
Emergency, non-routine, and other configuration changes to existing UserZoom infrastructure are authorized, logged, tested, approved and documented in accordance with industry best practices for similar systems. Updates to UserZoom’s infrastructure are done to minimize any impact on the customer and their use of the services. UserZoom will communicate with customers when service use is likely to be adversely affected.
UserZoom applies a systematic approach to managing change so that changes to customer impacting services are thoroughly reviewed, tested, approved and well communicated. UserZoom’s change management process is designed to avoid unintended service disruptions and to maintain the integrity of service to the customer. Changes deployed into production environments are:
- Reviewed: Peer reviews of the technical aspects of a change are performed to ensure functionality, maintainability, and security.
- Tested: being applied will behave as expected and not adversely impact performance.
- Approved: to provide appropriate oversight and understanding of business impact.
Whenever possible, software changes are scheduled during regular Scheduled Maintenance/change windows. Emergency changes to production systems that require deviations from standard change management procedures are associated with an incident and are logged and approved as appropriate.
UserZoom Go Service Level Agreement
Monthly Availability Credit
UserZoom will use all reasonable efforts to minimize downtime of the Ordered Software Services and to ensure a Monthly Availability Percentage of 99.5%, except as set forth below. The Monthly Availability Credit is calculated on an aggregate Monthly basis as follows:
Monthly Availability Percentage = (total minutes in the month – total number of minutes that the Ordered Software Service is inoperable in that month) / total minutes in the month
So long as UserZoom takes commercially reasonable steps to restore service as rapidly as possible, the Monthly Availability Percentage excludes (1) periods of Scheduled Maintenance; (2) problems caused by use by Customer of the Ordered Software Services in a manner not in accordance with the Documentation; (3) outages due to problems with Customer Content; (4) outages due to system administration, commands, file transfers performed by Customer representatives; (5) outages due to denial of service attacks, natural disasters, changes resulting from government, political, or other regulatory actions or court orders, strikes of third parties or labor disputes of third parties, acts of civil disobedience, acts of war, acts against parties (including carriers and UserZoom’s other vendors), and other force majeure items; (6) lack of availability due to untimely response time of Customer to respond to incidents that require its participation for source identification and/or resolution; (7) outages due to Customer’s breach of its material obligations under the Agreement; and (8) outages due to failure of the Customer Access Equipment or other Customer hardware or software.
Remedy
If the Monthly Availability Percentage is less than 99.5% in any given month, Customer will be entitled to receive a refund of the Subscription Fees attributable to that particular month as follows:
Uptime Percentage | Credit Percentage |
97.50% - 99.49% | 5% |
95.50% - 97.49% | 8% |
92.00% - 95.49% | 10% |
Less than 92.00% | 15% |
Calculation of Refunds
The refund is calculated as a percentage of one-twelfth of the annual Subscription Fees paid in that year for the month during which the Data Center does not achieve the guaranteed 99.5% Monthly Availability Percentage set forth above.
Monthly Reports
Upon request, UserZoom will deliver to Customer’s designated principal contact person a report regarding the operations of the Data Center and the usage of the Ordered Software Service(s) in the prior month. Such report shall include, among others, a summary of the Monthly Availability Percentage for the Ordered Software Service(s) in the previous month, the amount of Scheduled Maintenance and Emergency Downtime.