TERMS OF SERVICE
Thank you for using Gibberfish Cloud Services by Gibberfish, Inc. These terms of service (the “Terms”) cover your use and access to the private cloud service we are hosting on your behalf (the “Cloud”).
These Terms have been drafted to outline this unique relationship between Gibberfish, Inc. and the Cloud users, so please review them carefully. We want you to read them and to understand them. Most terms of service are dense, difficult to read, and carefully designed to make sure no one quite knows what they agreed to. Gibberfish, Inc. does not operate that way, so please read our Terms – we wrote them for us and we wrote them for you.
Gibberfish, Inc. provides free Cloud instances with a goal of providing users with control over their privacy. To accomplish this goal, Gibberfish, Inc. has built a technical encrypted barrier between You and Gibberfish, Inc., as well as a legal barrier, which is outlined in these Terms. These barriers protect your privacy, but they also make it more difficult for us to host each Cloud. To solve this problem, Gibberfish, Inc. uses Administrators.
At the outset, Gibberfish, Inc. will set up server, which allows the initial Administrators to compile a Cloud instance. The Administrators can then create accounts for other ordinary users within their organization. The Administrators will be the only official point of contact with Gibberfish, Inc. going forward. It is up to the Administrators how much contact, including technical support, that they want. But a certain minimum level of contact is necessary in order to maintain the Cloud. It is not difficult to be an Administrator, and Gibberfish, Inc. has designed each Cloud to be user friendly, but it is a large amount of responsibility because each Administrator is responsible for both communicating with Gibberfish, Inc. and controlling which users have access to the Cloud.
Further, because Gibberfish, Inc. has no ability to access a Cloud once it has been created, Gibberfish, Inc. only makes minimal representations regarding how the Cloud will function. Thus, while Gibberfish, Inc. certainly intends for each Cloud to operate smoothly and securely, this is not a guarantee.
BETA TEST WARNING: If you are accessing Gibberfish, Inc. as a beta tester, one or more of these Terms may not apply. In particular, the purpose of beta testing is to work out issues with the Cloud instances, so there will be more communication between You and Gibberfish, Inc. than would be permitted ordinarily. When you join us as a beta tester, we will outline which security features are in place, and which are not, as well as explaining any deviations from these Terms.
- Parties: These Terms are an agreement between Gibberfish, Inc. and any person that accesses a Cloud that is hosted by Gibberfish, Inc. (hereinafter “You”). You have accepted these terms by either (i) agreeing to become an Administrator, as defined in Paragraph 4 below; or (ii) by logging into the Cloud using an account provided by an Administrator. If You do not agree to these Terms, You are not an Administrator, or You have not been provided an account by an Administrator, your access to the Cloud is unauthorized and unlawful.
- Zero Knowledge: Our Clouds are Zero Knowledge, meaning that we cannot access your data, or your account information. (We know that zero knowledge has a different definition in academic cryptography, but the phrase has acquired a second definition over time, which is how we use it here.) Your data is protected by strong encryption and we have not, and will not, build a backdoor in any of the Clouds. There are tradeoffs to this approach. On one hand, we believe this is the best way to protect your privacy and prevent unwanted access to your Cloud. On the other hand, it means we cannot help you in the same ways that an IT department for a business or university might. We cannot access your Cloud (and we do not want to be able to), we cannot help you recover specific files, and most importantly, we cannot replace your password if you forget. Really.
- Your Responsibilities: Every Cloud user, You, agrees to the following responsibilities:
a. You are responsible for maintaining the security of your account and you are fully responsible for all activities that occur when using this account. The Cloud is designed to be Zero Knowledge, as defined in Paragraph 2 above, which means that Gibberfish, Inc. cannot access your data (except in encrypted form for backup), cannot assist in recovering your data, and cannot provide you with a replacement password.
b. You agree that you will never provide any information to Gibberfish, Inc. regarding what you have placed on the Cloud or what you are using the Cloud for, unless Gibberfish, Inc. specifically requests such information from an Administrator, as defined in Paragraph 4 below, either to assist in responding to a warrant, subpoena, Digital Millennium Copyright Act (“DMCA”) takedown notice, or similar legal process, or to address one of the Prohibited Uses, as explained in Paragraphs 5 through 7 below. Gibberfish, Inc. will never contact ordinary users directly – in fact, Gibberfish, Inc. should not even know who the ordinary users are – contact will only be made through Administrators.
c. If You make any material accessible to others, either exclusively to other users in the Cloud or to the public in general, You are entirely responsible for the content of, and any harm resulting from, this material.
d. You agree that you will not use the Cloud for any prohibited use, as defined in Paragraph 7 below.
e. You will provide Gibberfish, Inc, with a non-exclusive copyright license to copy any data or information on the Cloud solely for the purpose of creating regular backups, which will be encrypted.
- Administrator Responsibilities: For every Cloud we host, there must be at least one person that agrees to administrate the Cloud (the “Administrator(s)”). Acting as an Administrator is an important responsibility, and each of these responsibilities must be taken seriously:
a. Each Administrator must provide Gibberfish, Inc. with at least two ways that they can be contacted (the “Contact Methods”). Gibberfish, Inc strongly suggests choosing encrypted communication methods, such as Signal, Tutanota, or Protonmail for the Contact Methods. In rare instances, such as those described in Paragraph 4(c) below, Gibberfish, Inc. may need to contact an Administrator using the Contact Methods, and if the Administrator fails to respond, Gibberfish, Inc. may need to disable the related Cloud. Therefore, each Administrator must monitor their chosen Contact Methods to ensure that they receive any notices from Gibberfish, Inc.
b. Each Administrator is responsible for creating non-Administrator user accounts, managing passwords for those accounts, and defining who has permission to access each part of the Cloud. The Administrator(s) must not lose their passwords; if they do, there will be no way to administrate the Cloud. Really.
c. In the event that Gibberfish, Inc. receives a warrant, subpoena, Digital Millennium Copyright Act (“DMCA”) takedown notice, or similar legal process, or receives notice that the Cloud is being used for one of the Prohibited Uses, as explained in Paragraphs 5 through 7 below, Gibberfish, Inc. will contact the Administrator(s) through the Contact Methods, and may need additional information regarding the Cloud and how it is being used. The Administrator(s) are under no obligation to furnish this information, but Gibberfish, Inc. may disable the Cloud if the requested information is not provided.
d. Each Administrator agrees to monitor the Gibberfish, Inc. Warrant Canary, which is available at www.gibberfish.org.
e. Each Administrator agrees to the responsibilities outlined in Paragraph 2 and any other Terms that apply to You, except to the extent that those responsibilities or Terms could be read to contradict the responsibilities in this paragraph, in which case this paragraph governs.
- Gibberfish, Inc. Responsibilities: Gibberfish, Inc. agrees to the following responsibilities:
a. Each Cloud is provided “as is” and Gibberfish, Inc. only represents that each Cloud is initially a compiled version of the code posted at https://gitlab.com/gibberfish/pancrypticon at the time of installation, or in the event of a new version, security patch, or upgrade, that each Cloud will be updated to that version (or an update to that version will be made available for installation by the Administrator(s)) within a reasonable period of time. Gibberfish, Inc. takes privacy very seriously, but we cannot 100% guarantee that a third party will not be able to defeat our security measures.
b. Gibberfish, Inc. will never deliberately create a security vulnerability or add a backdoor into any of the Clouds. To the extent that a law is passed that would require Gibberfish, Inc. to create a backdoor or to insert a security vulnerability, Gibberfish, Inc. will use its best efforts to deliver control over the hosting of each Cloud directly to the Administrators, rather than making any changes to the software that would comprise security.
c. Gibberfish, Inc. reserves the right to suspend access to or terminate a Cloud for any reason, but Gibberfish, Inc. will use its best efforts not to suspend access or terminate a Cloud for any reason except as provided for under these Terms. If Gibberfish, Inc. terminates or suspends a Cloud, Gibberfish, Inc. will use its best efforts to ensure that an encrypted copy of the Cloud is retained as a backup, for a reasonable period of time, and Gibberfish. Inc. will then provide a copy of this backup to an Administrator, if requested.
d. Gibberfish, Inc. will maintain a technical support forum. This forum is only for technical questions; do not use it to talk about what is stored on your own Cloud, or what You are using your own Cloud for.
e. Once Gibberfish, Inc. agrees to provide access to a Cloud to one or more Administrators, Gibberfish, Inc. will immediately dispose of any information obtained during the application process, unless prohibited by law. If Gibberfish, Inc. cannot dispose of this information for any reason, Gibberfish, Inc. will notify the Administrator(s), unless prohibited by law. The only information that will be retained, for any period of time, is: the Contact Methods described in Paragraph 3(a), the encrypted Cloud itself including any backups, any communications that the Administrators choose to engage in with Gibberfish, Inc., and any technical support communications described in Paragraph 4(d) above. The only information that will be retained permanently is the Contact Methods; all other information will be disposed on a regular basis.
f. If Gibberfish, Inc. receives a subpoena, notice, national security letter, or any other legal process of any kind that purports to require Gibberfish, Inc. to divulge any information, Gibberfish, Inc. will notify all Administrators using the Contact Methods, unless specifically prohibited by law. Gibberfish, Inc. can only provide information in response to valid legal process if it has that information.
- DMCA Notices: DMCA notices should be sent to Rickner PLLC, 233 Broadway, Suite 2220, New York, New York 10279. Section 512 of the DMCA sets out the legal requirements to formally report copyright infringement to a service provider like Gibberfish, Inc. Any person or organization sending a DMCA notice must provide the following information: (a) A signed document stating that you are a copyright owner or authorized to act on an owner’s behalf, and that the information in the notice is correct, all under penalty of perjury, (b) A clear and specific description of the exact work you claim is being infringed, (c) An explanation of exactly where the infringing work is being stored, sufficient to determine whether it is in fact stored on a Gibberfish, Inc. Cloud, and (d) Contact information, including a telephone number, email address, and business address. If Gibberfish, Inc. receives a DMCA notice, it will contact the appropriate Administrator(s), and will submit a counter-notice in response if necessary. If you send a copyright notice that is either fraudulent or in bad faith, Gibberfish, Inc. will pursue all available remedies.
- Prohibited Uses: Each Cloud may not be used for any purpose: (a) that violates any laws applicable anywhere in the United States of America, unless there is a good faith reason to believe that under the First Amendment any such violations are protected speech, or in the case of an alleged copyright violation, fair use; (b) that is discriminatory towards or encourages hatred of any group; or (c) that is designed to make a profit or support a for-profit business, including resale of any Clouds or access to any Clouds.
- Limitation on Liability: To the fullest extent allowed by law, Gibberfish, Inc. will not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits or revenues, whether incurred directly or indirectly, or any loss of data, use, goodwill, or other intangible losses resulting from either your lack of access to, use of, inability to access, or inability to use a Cloud.
- Choice of Law and Venue: You each agree to submit to personal jurisdiction in the State of Vermont in the United States of America, agree that any and all legal disputes will be venued in Vermont, and agree that these Terms will be governed by the laws in Vermont.
- Entire Agreement: These Terms constitute the entire agreement between You and Gibberfish, Inc. If any provision of these Terms is found to be unenforceable, the remaining provisions of these Terms will remain in full force and effect.
- No Waiver: No waiver of any provision of these Terms shall be a further or continuing waiver of that term. And Gibberfish, Inc.’s failure to assert any right or provision under these Terms does not constitute a waiver of that right or provision.
- Modification: Gibberfish, Inc. reserves the right to modify these Terms from time to time, and the most recent version of these Terms will be available through a link on the login screen of each Cloud. Gibberfish, Inc. will use its best efforts to post any modifications of these Terms for comment on its website at least 14 days before they take effect.