Your Data Your Responsibilities

The Dacier service is hosted in multiple data centers to provide redundancy. The data centers are geographically distributed and highly redundant in themselves.

Access to Customer Data
Dacier personnel have access to customer data as necessary to support the platform and provide the service. Access is granted based on individual role and job responsibilities. Access to systems containing customer data is reviewed on a regular basis and is monitored on an ongoing basis.

Securing Data
Dacier is hosted on cloud-based infrastructure platforms. The cloud providers are responsible for the security of the underlying cloud infrastructure and Dacier takes the responsibility of securing the workloads deployed by Dacier inside the cloud infrastructure. Cloud providers monitor and audit environments continuously, with certifications from accreditation bodies across geographies and verticals, including ISO 27001, FedRAMP, DoD CSM, and PCI DSS. All data is encrypted in transit and any device storing any data is subjected to data-at-rest encryption.

Your Responsibilities as a User of the Dacier Platform
As a user of the Dacier platform, customers should be proactive in recognizing the sensitivity of the information provided by the service as well as the need to safeguard data. This document details customer responsibilities as they relate to use of the Dacier platform. It is the responsibility of Dacier users and customers to familiarize themselves with the information and procedures set forth below and comply with them.

Safeguard Assets and Information
To safeguard information assets and policy enforcement capabilities available in the Dacier service, customer processes should include end-user training regarding appropriate use and awareness of the need for securing access to their Dacier account credentials. Access to Dacier requires a login ID and password or integration with a Single-Sign-On (SSO) provider. When an organization subscribes to the Dacier service, it is the customer’s responsibility to manage which users should be given access to the service. Customers should also define when access should be removed. For example, removing access upon termination of employment. Only valid account credentials should be used by authorized users to access the Dacier service; users should not share authentication credentials.

The Dacier service should be considered sensitive and confidential by users. Users should follow information security best practices to ensure that access to their account credentials is appropriately limited, and the information and functionality provided by the Dacier service is protected from unauthorized use. Dacier users are responsible for maintaining the security and confidentiality of their user credentials (e.g., Login ID and Password), and are responsible for all activities and uses performed under their account credentials whether authorized by them or not. By establishing user credentials and accessing the platform, users of the Dacier service agree to comply with these requirements to safeguard assets and account information.

Termination of the Dacier Service
The Dacier service can be terminated at any time by contacting Support@CloudAutomation.com.

Password Management
The Dacier service is accessible via the Internet. As a result, care must be exercised by Dacier users in protecting their subscription against unauthorized access and use of their credentials. By establishing user credentials and accessing the service, users agree to proactively protect the security and confidentiality of their user credentials and never share account credentials, disclose any passwords or user identifications to any unauthorized persons, or permit any unauthorized person to use or access their Dacier accounts. Any loss of control of passwords or user identifications could result in the loss or disclosure of confidential information and the responsible account owner(s) may be liable for the actions taken under their service account credentials whether they authorized the activity or not. Additionally, when establishing Dacier account credentials, end users are required to establish strong passwords following password strength and complexity best practices.

Operational Issues
All Dacier services are monitored to meet our service commitments. All planned maintenance will be performed in accordance with Dacier’s maintenance plan, which is communicated to customers when they sign up for the service. If there is a need to perform emergency maintenance for a vulnerability or bug fix, we will notify customers prior to the work being performed. To get updates in real-time, customers can subscribe to email notifications from Dacier. On the occasion that Dacier customers observe performance issues, problems or service outages, they can contact Support@CloudAutomation.com to report such issues.

Incidents and Breaches
By establishing Dacier account credentials or accessing its service, customers agree to notify Dacier immediately of any security incident, including any suspected or confirmed breach of security. Also, users of the service agree to log out or exit the service immediately at the end of each session to provide further protection against unauthorized use. Dacier customers should also notify Dacier immediately if they observe any activity or communications in other forums that may indicate that other Dacier customers have had their accounts compromised. Lastly, Dacier encourages users to practice responsible disclosure by notifying Dacier of any potential or confirmed security vulnerabilities. Dacier is dedicated to providing secure services to clients, and will address all security vulnerabilities that are reported. Furthermore, Dacier will prioritize and fix security vulnerabilities in accordance with the risk that they pose.

Compliance
Dacier users agree to abide by regulatory requirements, industry mandates, and other compliance requirements imposed on their organizations and understand that use of cloud-based services does not exclude the organizations from responsibilities for restricting access to application information and functionality.

Disclosure Policy
Dacier is dedicated to keeping its cloud platform safe from all types of security issues. Data security is a matter of utmost importance and a top priority for us. If you believe you have discovered a security flaw in the Dacier service or its underlying infrastructure, we ask that you disclose the issue to us in a responsible manner. When reporting the security vulnerability to our team, please refrain from disclosing the vulnerability details to the public. Please provide the complete details necessary for reproducing the issue. We determine the risk of each vulnerability by assessing the ease of exploitation and business impact associated with the vulnerability. Please report security issues to Support@CloudAutomation.com.

Data Retention
By default, we will retain your data indefinitely. You can ask to close your account by contacting us at Support@CloudAutomation.com and we will delete your information upon request. We may, however, retain information, including personal information to the extent applicable, for any additional period as required under applicable laws, for legal, tax, or regulatory reasons, or for legitimate and lawful business purposes.