OnApp Information Security Policyv2.0 August 2017
1. In respect of private clouds which you have ordered as part of the OnApp Services (“Private Clouds”) you are permitted to configure the licensing service that normally supports your use of certain OnApp Services (“Licensing Service”) so that it does not contact the licensing server for extended periods of time. If you wish to do this it is your responsibility to configure the Licensing Services accordingly. If you do then:
1.1 the licensing response received by you, as a result (“Private Clouds Licensing Response”), will enable you to use Private Clouds without contacting the licensing server for extended periods of time; and
1.2 data collection will be turned off.
However, please note that if you so configure the Licensing Service only after you have already started to use your Private Clouds OnApp Service then we shall still collect the data described in clause 2 below that you had before you received the Private Clouds Licensing Response.
2. Except in respect of Private Clouds for which the Licensing Service has been disabled, the OnApp Licensing Service:
2.1 collects data on the state of the control panel application, including but not limited to: CPU cores, memory, data storage, number and types of hypervisors in use, and virtual machine statistics; and
2.2 sends commands via the licensing client to the control panel for the following purposes:
(a) license enforcement;
(b) configuration and code updates;
(c) non-personal data collection;
2.3 will send usage statistics of your product via a regularly scheduled update to its licensing server. The information collected from your cloud contains the number of hypervisors in use, and virtual machines statistics among other things;
3. We may modify any part of the Licensing Services client at any time without notice for the purposes listed above.
4. OnApp only logs in to client control panel hosts via ssh when requested to do so as part of the support process. Alternatively, if requested, OnApp can run a remote screen sharing tool. OnApp may run any command for debugging purposes when logged in.
5. It is your responsibility and solely your obligation to ensure that backups of your data are in place and OnApp does not accept any liability in respect of any loss of or damage caused to your data.
6. In your use of OnApp Services you should review and have regard to OnApp’s Lockdown and Security guide located at https://docs.onapp.com/display/MISC/Lockdown+and+Support+Access+Guide.
7. Any security breach by any user of the OnApp Systems to whom you allowed access shall be deemed to have been a breach by you. You shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the OnApp Services and/or their related documentation and shall promptly notify us of any such unauthorised access or use, of which you become aware.
8. You are responsible for all actions taken under your User ID and password and shall only use the OnApp Services using your own User ID and password. You must use every effort to keep your password safe and should not disclose it to any other person. You shall not transfer or sell your User ID to any other person. You shall also not permit, either directly or indirectly, any other person to use your User ID or password.
9. You further acknowledge and agree that:
9.1 If you are a Marketplace Seller, OnApp may assume access to log in for initial investigation of an issue, but will not make changes without a response to your issue;
9.2 When OnApp support is logged into your cloud to perform necessary investigations, it will not make changes without authorization from a representative of your organization.