Terms of Service
1. Introduction and Acceptance
1.1 Agreement
These Terms of Service ("Terms") constitute a legally binding agreement between you ("Customer," "you," or "your") and Oten ("Oten," "Oten KMS," "we," "us," or "our") governing your access to and use of the Key Management Service ("Oten KMS" or "Service").
1.2 Acceptance
By accessing or using the Service, you agree to be bound by these Terms. If you are using the Service on behalf of an organization, you represent that you have the authority to bind that organization to these Terms.
1.3 Modifications
We reserve the right to modify these Terms at any time. Material changes will be notified at least 30 days in advance. Continued use after changes take effect constitutes acceptance.
2. Service Description
2.1 Overview
Oten KMS is a cloud-based key management service that provides:
Customer Managed Key (CMK) creation and management
Cryptographic operations (wrap, unwrap, encrypt, decrypt, as authorized by Customer)
Key lifecycle management (rotation, versioning, status updates)
Integration with third-party services (Google Workspace CSE, Google Drive)
Trusted Execution Environment (TEE) support
Access control and policy management
Audit logging and compliance reporting
2.2 Service Components
The Service includes:
Oten KMS API and endpoints
Administrative console/dashboard
Documentation and technical support
Integration connectors
Audit and logging capabilities
2.3 Service Availability
We strive to maintain high availability. Service Level Agreements (SLAs) are defined in separate agreements where applicable.
3. Account Registration and Security
3.1 Account Creation
To use the Service, you must:
Provide accurate and complete registration information
Maintain the accuracy of your account information
Designate authorized administrators
3.2 Account Security
You are responsible for:
Maintaining the confidentiality of authentication credentials
Implementing appropriate access controls within your organization
Promptly notifying us of any unauthorized access or security breach
All activities that occur under your account
3.3 Authentication Requirements
Use of strong authentication methods is required
Multi-factor authentication (MFA) is strongly recommended
API keys and tokens must be securely stored and rotated regularly
4. Permitted Use
4.1 License Grant
Subject to these Terms, we grant you a limited, non-exclusive, non-transferable license to access and use the Service for your internal business purposes.
4.2 Acceptable Use
You agree to use the Service only for lawful purposes and in accordance with:
These Terms
Applicable laws and regulations
Our Acceptable Use Policy
Industry best practices for key management
4.3 Prohibited Activities
You shall NOT:
Use the Service for illegal activities or to facilitate illegal transactions
Attempt to gain unauthorized access to the Service or its systems
Interfere with or disrupt the Service or its infrastructure
Reverse engineer, decompile, or disassemble any part of the Service except to the extent permitted by applicable law
Resell, sublicense, or redistribute the Service without authorization
Use the Service to store or process prohibited content
Exceed rate limits or abuse API endpoints
Circumvent security controls or access restrictions
Use the Service to manage keys for malicious software or ransomware
5. Customer Data and Keys
5.1 Ownership
You retain all rights, title, and interest in:
Your Customer Managed Keys (CMKs)
Data encrypted using your keys
Configuration and policy data
Audit logs related to your use of the Service (excluding Oten system logs and analytics)
5.2 Customer Responsibilities
You are responsible for:
Backing up key metadata or recovery materials where supported by the Service
Configuring appropriate key lifecycle policies
Managing access permissions and conditions
Compliance with your own regulatory requirements
Data encrypted using keys managed through the Service
5.3 Key Management
Key creation, rotation, and deletion are Customer-controlled
We do not store or persist plaintext key material, and we are not able to access your plaintext key material in a human-readable form
Deleted keys cannot be recovered after the retention period as configured by Customer policies or as required by law
5.4 Data Processing
We process your data only as necessary to provide the Service and as described in our Privacy Policy.
6. Service Levels and Support
6.1 Availability Target
We strive to maintain high availability for the Service. Specific uptime commitments and service credits, if any, are defined in separate Service Level Agreements.
6.2 Scheduled Maintenance
Maintenance windows will be announced in advance
We will minimize disruption during maintenance
Emergency maintenance may occur without advance notice
6.3 Support
Support is provided according to your service tier:
Standard: Email support during business hours
Premium: 24/7 support with priority response
Enterprise: Dedicated support with SLA guarantees
Response times, if any, are defined in the applicable plan documentation or SLA.
6.4 Service Credits
Service credits for downtime are available according to the applicable SLA agreement.
7. Fees and Payment
7.1 Pricing
Fees are based on your selected service plan
Usage-based charges may apply for API calls, key operations, and storage
Current pricing is available on our website or in your service agreement
7.2 Payment Terms
Invoices are issued monthly/annually as agreed
Payment is due within 30 days of invoice date
Late payments may incur interest charges
7.3 Taxes
Fees are exclusive of applicable taxes. You are responsible for all taxes except those based on our net income.
7.4 Price Changes
Price changes will be notified at least 60 days in advance
Changes take effect at the next billing cycle after the notice period
8. Intellectual Property
8.1 Company IP
We retain all rights to:
The Service and its underlying technology
Our trademarks, logos, and branding
Documentation and training materials
Improvements and enhancements to the Service
8.2 Feedback
Any feedback, suggestions, or ideas you provide may be used by us without obligation or compensation to you.
8.3 Restrictions
You shall not:
Remove or alter any proprietary notices
Use our trademarks without authorization
Claim ownership of any part of the Service
9. Confidentiality
9.1 Confidential Information
Both parties agree to protect confidential information disclosed during the relationship, including:
Technical specifications and documentation
Pricing and business terms
Security configurations and audit results
9.2 Exclusions
Confidentiality obligations do not apply to information that:
Is publicly available
Was known prior to disclosure
Is independently developed
Is rightfully obtained from third parties
9.3 Required Disclosure
Disclosure is permitted if required by law, provided reasonable notice is given where legally permitted.
10. Warranties and Disclaimers
10.1 Company Warranties
We warrant that:
The Service will perform substantially as described in documentation
We will use commercially reasonable security measures
We have the right to provide the Service
10.2 Customer Warranties
You warrant that:
You have authority to enter into these Terms
Your use will comply with applicable laws
You will not use the Service for prohibited purposes
10.3 Disclaimers
EXCEPT AS EXPRESSLY PROVIDED, THE SERVICE IS PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
WE DO NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE, OR THAT VULNERABILITIES WILL NEVER OCCUR.
11. Limitation of Liability
11.1 Exclusion of Damages
TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, DATA, OR BUSINESS OPPORTUNITIES.
11.2 Liability Cap
OUR TOTAL LIABILITY SHALL NOT EXCEED THE FEES PAID BY YOU IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.
11.3 Exceptions
These limitations do not apply to:
Breach of confidentiality obligations
Violation of intellectual property rights
Gross negligence or willful misconduct
Indemnification obligations
12. Indemnification
12.1 By Company
We will indemnify you against third-party claims alleging that the Service infringes intellectual property rights, provided you:
Notify us promptly of the claim
Allow us to control the defense
Cooperate in the defense
This indemnity does not apply to claims arising from Customer modifications, misuse, or combination with non-approved systems.
12.2 By Customer
You will indemnify us against third-party claims arising from:
Your use of the Service in violation of these Terms
Your violation of applicable laws
Customer Data provided or generated through Customer’s use of the Service
Your end users' actions
13. Term and Termination
13.1 Term
These Terms are effective until terminated by either party.
13.2 Termination for Convenience
Either party may terminate with 30 days written notice.
13.3 Termination for Cause
Either party may terminate immediately if the other party:
Materially breaches these Terms and fails to cure within 30 days
Becomes insolvent or files for bankruptcy
Ceases business operations
13.4 Effect of Termination
Upon termination:
Your access to the Service will be suspended
You must pay all outstanding fees
We will provide a data export period of 30 days, subject to technical feasibility and security constraints provided Customer is current on all payment obligations
After the export period, your data will be securely deleted
Provisions that should survive (confidentiality, liability, etc.) will remain in effect
13.5 Key Material
You are responsible for exporting or backing up key material before termination
Keys will be scheduled for destruction after the export period
Destroyed keys cannot be recovered
14. Compliance and Audit
14.1 Regulatory Compliance
The Service is designed with controls and security principles aligned to widely recognized compliance frameworks and may support customer compliance efforts, subject to applicable agreements and certifications.
Including:
GDPR
CCPA
HIPAA (only when a Business Associate Agreement is executed)
SOC 2 (controls designed to align with Trust Services Criteria)
ISO 27001 (controls aligned; certification planned)
14.2 Audit Rights
On-site audits are subject to mutual agreement, scope definition, confidentiality obligations, and may be limited or declined where they pose security or operational risks. The customer may audit its own use through logs and reports available in the Service.
14.3 Customer Compliance
You are responsible for ensuring your use of the Service complies with applicable laws and regulations in your jurisdiction.
15. Third-Party Integrations
15.1 Google Workspace CSE Integration
Integration is subject to Google's terms and conditions
We are not responsible for Google service availability or changes
You must comply with Google's acceptable use policies
15.2 Google Drive Integration
File encryption/decryption operations are performed according to your policies
We are not responsible for data loss due to misconfiguration
Google Drive's terms apply to stored content
15.3 Other Integrations
Third-party integrations are provided "as is"
Changes to third-party services may affect functionality
Additional terms may apply for specific integrations
16. Dispute Resolution
16.1 Governing Law
These Terms are governed by the laws of Singapore, without regard to conflict of law principles.
16.2 Informal Resolution
Before initiating formal proceedings, parties agree to attempt informal resolution for 30 days.
16.3 Arbitration
Disputes not resolved informally shall be resolved by binding arbitration under the rules of SIAC, except for:
Intellectual property disputes
Injunctive relief requests
Small claims within jurisdiction limits
16.4 Class Action Waiver
You agree to resolve disputes individually and waive any right to participate in class actions.
17. General Provisions
17.1 Entire Agreement
These Terms, together with the Privacy Policy and any applicable SLA, constitute the entire agreement between the parties.
17.2 Severability
If any provision is found unenforceable, the remaining provisions shall continue in effect.
17.3 Waiver
Failure to enforce any provision does not constitute a waiver of that provision.
17.4 Assignment
You may not assign these Terms without our written consent. We may assign these Terms in connection with a merger or acquisition.
17.5 Force Majeure
Neither party is liable for delays caused by circumstances beyond reasonable control, including natural disasters, war, terrorism, or government actions.
17.6 Notices
Notices shall be sent to:
Customer: The email address on file for your account
Company: support@oten.live
17.7 Independent Contractors
The parties are independent contractors. Nothing in these Terms creates a partnership, joint venture, or agency relationship.
18. Contact Information
For questions about these Terms, contact: support@oten.com
19. Definitions
"API" means Application Programming Interface.
"CMK" or "Customer Managed Key" means encryption keys created and managed by Customer through the Service.
"Confidential Information" means non-public information disclosed by either party.
"Customer Data" means data provided by Customer or generated through Customer's use of the Service.
"HSM" means Hardware Security Module.
"Service" means the Oten KMS platform and related services provided by Oten.
"SLA" means Service Level Agreement.
"TEE" means Trusted Execution Environment.
By using the Oten KMS Service, you acknowledge that you have read, understood, and agree to be bound by these Terms of Service.
Last updated