Terms & Conditions
By subscribing to the SaBRO Cloud services (the "Services") provided by Encoretel Ltd and its affiliates (collectively, "Encoretel") in relation with SaBRO Business Suite (the "Software"), you (the "Customer") are agreeing to be bound by the following terms and conditions (the "Agreement").
1. Term of the Agreement
The duration of this Agreement (the “Term”) shall be minimally one month and as specified in writing at the signature of this Agreement, beginning on the date of the signature. It is automatically renewed for an equal Term, unless either party provides a written notice of termination minimum 30 days before the end of the Term by registered mail to the other party.
User: Any active user account with access to the Software in creation and/or edition mode. Deactivated user accounts and accounts used by external people (or systems) who only have limited access to the Software through the portal facilities (known as "portal Users") are not counted as Users.
Bug: Is considered a Bug any failure of the Software that results in a complete stop, error traceback or security breach, and is not directly caused by a defective installation or configuration. Non-compliance with specifications or requirements will be considered as Bugs at the discretion of Encoretel Ltd (typically, when the Software does not produce the results or performance it was designed to produce, or when a country-specific feature does not meet legal accounting requirements anymore).
3. Access to Software
For the duration of this Agreement, Encoretel Ltd gives the Customer a non-exclusive, non-transferable license to use (execute, modify, execute after modification) the SaBRO Business Suite Software.
The Customer agrees to take all necessary measures to guarantee the unmodified execution of the part of the Software that verifies the validity of the usage and collects statistics for that purpose, including but not limited to the running of an instance, the applications installed and the number of Users.
Upon expiration or termination of this Agreement, this license is revoked immediately and the Customer agrees to stop using the software.
4. Service Level
4.1 Bug Fixing Service
For the duration of this Agreement, Encoretel Ltd commits to making all reasonable efforts to remedy any Bug of the Software submitted by the Customer through the appropriate channel (typically, Encoretel Ltd's service desk email address or website form), and to start handling such Customer submissions within 2 business days.
The Customer understands that Bugs caused by a modification or extension that is not part of the official Software will not be covered by this service.
Both parties acknowledge that as specified in the license of the Software and in the 7.3 Limitation of Liability section of this Agreement, Encoretel Ltd cannot be held liable for Bugs in the Software.
4.2 Support Service
Support Scope: For the duration of this Agreement, Encoretel Ltd offer a support service, with an unlimited number of tickets for bugs and functional questions: how to use and configure SaBRO for your specific needs.
This support service does not include support to customise SaBRO, develop new modules, or perform specific actions on your database on your behalf. (e.g. recording data, or configuring the system for you) Those services can be offered in extra through our Success Pack service offer.
Support Service: Support issues should be submitted online on https://www.encoretel.com/my/issues In case of emergency, you can call our support teams directly for a real time answer.
No guarantees are provided on the time to qualify or close a support ticket, it's based on our best efforts. But 95% of the tickets are qualified within 2 open days, and 90% of the critical bugs (when a user can not work on the system anymore) are processed within 2 hours.
The SaBRO portal allows you to track you support tickets.
4.3 Service Availability
Customer databases are hosted in the closest AWS data center. Each customer instance is replicated in real-time on a hot-standby system located in the same or another data center.
We work with different hosting providers worldwide (and we can switch at anytime), but they always deliver at least 99.9% uptime guarantee. These metrics refer to the availability of the platform itself for all customers. Individual databases may be temporarily unavailable for specific reasons, typically related to the customer's actions, customizations or upgrades.
Our data centers are Tier-III certified or equivalent, with N+1 redundancy for power, network and cooling.
4.4 Backups & Recovery
Our automated database backup system automatically creates a daily snapshot of your database. Automated backups are kept for 90 days (called the backup retention period). We can restore your database to any specific time during this retention period. Every backup is replicated in a minimum of 2 data centers at any point in time.
For a permanent disaster impacting one server only, our Disaster Recovery Plan has the following metrics:
RPO (Recovery Point Objective) = 5 minutes, i.e. can lose maximum 5 minutes of work
RTO (Recovery Time Objective) = 30 minutes, i.e the service will be back online after maximum 30 minutes (Standby promotion time + DNS propagation time included)
For data center disasters (one entire data center is completely and permanently down), Disaster Recovery Plan has these metrics:
RPO (Recovery Point Objective) = 24h, i.e. you can lose maximum 24h of work if the data cannot be recovered and we need to restore the last daily backup
RTO (Recovery Time Objective) = 24h, i.e. the service will be restored from the backup within 24 hours in a different data center
Database Security: Customer data is stored in a dedicated database - no sharing of data between clients. Data access control rules implement complete isolation between customer databases running on the same cluster, no access is possible from one database to another.
Password Security: Customer passwords are protected with industry-standard PBKDF2+SHA512 encryption (salted + stretched for thousands of rounds).
Encoretel staff does not have access to your password, and cannot retrieve it for you, the only option if you lose it is to reset it Login credentials are always transmitted securely over HTTPS.
System Security: All web connections to client instances are protected with state-of-the-art 256-bit SSL encryption. All our SSL certificates use robust 2048-bit modulus with full SHA-2 certificates chains. Our servers are kept under a strict security watch, and always patched against the latest SSL vulnerabilities, enjoying Grade A SSL ratings at all times.
All SaBRO Cloud servers are running hardened Linux distributions with up-to-date security patches. Installations are ad-hoc and minimal to limit the number of services that could contain vulnerabilities (no PHP/MySQL stack for example)
Only a few trusted Encoretel engineers have clearance to remotely manage the servers - and access is only possible using SSH key pairs (password authentication disallowed)
Firewalls and intrusion counter-measures help prevent unauthorized access. Automatic Distributed Denial of Service (DDoS) mitigation is implemented in EU and US data centers, and coming soon in Asia.
Staff Access: Encoretel helpdesk staff may sign into your account to access settings related to your support issue. For this they use their own special staff credentials, not your password (which they have no way to know).
This special staff access improves efficiency and security: they can immediately reproduce the problem you are seeing, you never need to share your password, and we can audit and control staff actions separately!
Our Helpdesk staff strives to respect your privacy as much as possible, and only access files and settings needed to diagnose and resolve your issue
Physical Security: The SaBRO Cloud servers are hosted in several data centers worldwide, that must all satisfy with our minimum physical security criterions: - Physical access to the data center area where SaBRO servers are located is restricted to data center technicians only - Security cameras are monitoring the data center locations.
Credit Cards Safety: When you sign up for a paid SaBRO Cloud subscription, we do not store your credit card information. Your credit card information is only transmitted securely between you and our PCI-Compliant payment acquirers: Stripe and GoCardless (even for recurring subscriptions)
Encoretel Ltd commits to sending a "Security Advisory" to the Customer for any security Bug that are discovered in the Software, at least 2 weeks before making the Security Advisory public, unless the Bug has already been disclosed publicly by a third party.
Security Advisories include a complete description of the Bug, its cause, its possible impacts on the Customer's systems, and the corresponding remedy for each Covered Version.
The Customer understands that the Bug and the information in the Security Advisory must be treated are Confidential Information as described in 6.4 Confidentiality during the embargo period prior to the public disclosure.
The SaBRO R&D processes have code review steps that include security aspects, for new and contributed pieces of code. SaBRO is designed in a way that prevents introducing most common security vulnerabilities:
- SQL injections are prevented by the use of a higher-level API that does not require manual SQL queries.
- XSS attacks are prevented by the use of a high-level templating system that automatically escapes injected data.
- The framework prevents RPC access to private methods, making it harder to introduce exploitable vulnerabilities.
- See also the OWASP Top Vulnerabilities section to see how SaBRO is designed from the ground up to prevent such vulnerabilities from appearing.
SaBRO is regularly audited by independent companies that are hired by our customers and prospects to perform audits and penetration tests. The SaBRO Security Team receives the results and takes appropriate corrective measures whenever it is necessary. We can't however disclose any of those results, because they are confidential and belong to the commissioners.
SaBRO also has independent security researchers, who continuously monitor the source code and work with us to improve and harden the security of SaBRO.
4.6 Upgrade Services
Upgrade Service for the Software: For the duration of this Agreement, the Customer can submit upgrade requests, in order to convert a database of the Software from one Covered Version of the Software to a more recent Covered Version (the "Target Version").
This service provided through an automated platform in order to allow the Customer to perform unattended upgrades once a previous version of the Customer's database has been successfully upgraded for a Covered Version. The Customer may submit successive upgrade requests for a database, and agrees to submit at least 1 upgrade request for testing purposes before submitting the final upgrade request.
It is the sole responsibility of the Customer to verify and validate the upgraded database in order to detect Bugs, to analyze the impact of changes and new features implemented in the Target Version, and to convert and adapt for the Target Version any extensions of the Software that were installed in the database before the upgrade (except where applicable as foreseen in section Upgrade Service for customizations).
The Customer may submit multiple upgrade requests for a database, until an acceptable result is achieved.
Upgrade Service for customisations: For the duration of this Agreement, the Customer may request optional upgrade services for extension modules of the Software, in addition to the regular Upgrade Services.
This optional service is subject to additional fees and includes the technical adaptation of extension modules installed in the Customer's database and their corresponding data in order to be compatible with the Target Version. The Customer will receive an upgraded version of all installed extension modules along with the upgraded database.
5. Charges and Fees
5.1 Standard charges
The standard charges for the SaBRO Cloud subscription, the Bug Fixing Service, Security Advisories Service and the Upgrade Service are based on the number of Users and applications used by the Customer, and specified in writing at the signature of the Agreement.
When during the Term, the Customer has more Users or applications than specified at the time of signature of this Agreement, the Customer agrees to pay an extra fee equivalent to the applicable list price (at the beginning of the Term) for the additional Users and applications, for the remainder of the Term.
5.2 Renewal charges
Upon renewal as covered in section 1 Term of the Agreement, if the per-User charges applied during the previous Term are lower than the most current applicable per-User list price, the per-User charges will increase by up to 7% per year.
5.3 Charges for custom features or extension modules
The additional charge for the Upgrade, Support and Bugfix Service for custom modules developed by Encoretel Ltd is a recurring price depending on the number of hours done to develop these custom features: 50 GBP per hour of development.
All fees and charges are exclusive of all applicable federal, provincial, state, local or other governmental taxes, fees or charges (collectively, "Taxes"). The Customer is responsible for paying all Taxes associated with purchases made by the Customer under this Agreement, except when Encoretel Ltd is legally obliged to pay or collect Taxes for which the Customer is responsible.
6. Conditions of Services
6.1 Customer Obligations
The Customer agrees to:
pay Encoretel Ltd any applicable charges for the Services of the present Agreement, in accordance with the payment conditions specified in the corresponding invoice.
appoint 1 dedicated Customer contact person for the entire duration of the Agreement.
6.2 No Soliciting or Hiring
Except where the other party gives its consent in writing, each party, its affiliates and representatives agree not to solicit or offer employment to any employee of the other party who is involved in performing or using the Services under this Agreement, for the duration of the Agreement and for a period of 12 months from the date of termination or expiration of this Agreement. In case of any breach of the conditions of this section that leads to the termination of said employee toward that end, the breaching party agrees to pay to the other party an amount of GBP (£) 50,000.00 (fifty thousand british pound).
Except where notified otherwise in writing, each party grants the other a non-transferable, non-exclusive, royalty free, worldwide license to reproduce and display the other party’s name, logos and trademarks, solely for the purpose of referring to the other party as a customer or supplier, on websites, press releases and other marketing materials.
Definition of "Confidential Information":
"All information disclosed by a party (the "Disclosing Party") to the other party (the "Receiving Party"), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. In particular any information related to the business, affairs, products, developments, trade secrets, know-how, personnel, customers and suppliers of either party should be regarded as confidential."
For all Confidential Information received during the Term of this Agreement, the Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own similar Confidential Information, but not less than reasonable care.
The Receiving Party may disclose Confidential Information of the Disclosing Party to the extent compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of the compelled disclosure, to the extent permitted by law.
In the event that either Party fails to fulfill any of its obligations arising herein, and if such breach has not been remedied within 30 calendar days from the written notice of such breach, this Agreement may be terminated immediately by the non-breaching Party.
Further, Encoretel Ltd may terminate the Agreement immediately in the event the Customer fails to pay the applicable fees for the Services within the due date specified on the corresponding invoice.
The sections "6.4 Confidentiality”, “7.2 Disclaimers”, “7.3 Limitation of Liability”, and “8 General Provisions” will survive any termination or expiration of this Agreement.
7. Warranties, Disclaimers, Liability
For the duration of this Agreement, Encoretel Ltd commits to using commercially reasonable efforts to execute the Services in accordance with the generally accepted industry standards provided that:
- the Customer’s computing systems are in good operational order and the Software is used in a suitable operating environment;
- the Customer provides adequate troubleshooting information and access so that Encoretel Ltd can identify, reproduce and address problems;
- all amounts due to Encoretel Ltd have been paid.
The Customer's sole and exclusive remedy and Encoretel Ltd's only obligation for any breach of this warranty is for Encoretel Ltd to resume the execution of the Services at no additional charge.
Except as expressly provided herein, neither party makes any warranty of any kind, whether express, implied, statutory or otherwise, and each party specifically disclaims all implied warranties, including any implied warranty of merchantability, fitness for a particular purpose or non-infringement, to the maximum extent permitted by applicable law.
Encoretel Ltd does not warrant that the Software complies with any local or international law or regulations.
7.3 Limitation of Liability
To the maximum extent permitted by law, the aggregate liability of each party together with its affiliates arising out of or related to this Agreement will not exceed 50% of the total amount paid by the Customer under this Agreement during the 12 months immediately preceding the date of the event giving rise to such claim. Multiple claims shall not enlarge this limitation.
In no event will either party or its affiliates be liable for any indirect, special, exemplary, incidental or consequential damages of any kind, including but not limited to loss of revenue, profits, savings, loss of business or other financial loss, costs of standstill or delay, lost or corrupted data, arising out of or in connection with this Agreement regardless of the form of action, whether in contract, tort (including strict negligence) or any other legal or equitable theory, even if a party or its affiliates have been advised of the possibility of such damages, or if a party or its affiliates' remedy otherwise fails of its essential purpose.
7.4 Force Majeure
Neither party shall be liable to the other party for the delay in any performance or failure to render any performance under this Agreement when such failure or delay is caused by governmental regulations, fire, strike, war, flood, accident, epidemic, embargo, appropriation of plant or product in whole or in part by any government or public authority, or any other cause or causes, whether of like or different nature, beyond the reasonable control of such party as long as such cause or causes exist.
8. General Provisions
8.1 Governing Law
Both parties agree that the laws of United Kingdom will apply, should any dispute arise out of or in connection with this Agreement, without regard to choice or conflict of law principles. To the extent that any lawsuit or court proceeding is permitted here in above, both parties agree to submit to the sole jurisdiction of the England court for the purpose of litigating all disputes.
In case any one or more of the provisions of this Agreement or any application thereof shall be invalid, illegal or unenforceable in any respect, the validity, legality and enforceability of the remaining provisions of this Agreement and any application thereof shall be in no way thereby affected or impaired. Both parties undertake to replace any invalid, illegal or unenforceable provision of this Agreement by a valid provision having the same effects and objectives.