Terms of Service

Last Updated: 2024-09-11

Welcome to Codebook Cloud, a service provided by Zetetic LLC (“Provider”, “Zetetic”). Codebook Cloud is an automatic synchronization service designed for use with the Codebook password manager, enabling you to securely store, synchronize, and share encrypted data across multiple devices. This agreement (“Agreement”) governs your use of Codebook Cloud (“Service”). By accessing or using the Service, you agree to be bound by the terms and conditions of this Agreement.

If you are using this Service on behalf of a third party (such as an organization, business, or another individual), you warrant that you are authorized to enter into this Agreement on their behalf.

1. Access and Use of the Service

1.1. License and Access

Zetetic grants you a non-exclusive, non-transferable license to access and use the Service in conjunction with the Codebook password manager on iOS, Android, Windows, and macOS, subject to the following conditions:

  • You must use the Service only in conjunction with the unmodified Codebook software.
  • Your use must comply with all terms in this Agreement, the applicable terms of use for the Codebook software, and any accompanying documentation and third-party terms governing access through third-party platforms (e.g., App Store, Google Play).
  • You must pay all applicable subscription fees for the Service.
  • You must be at least 13 years of age to use this Service.

1.2. Access Restrictions

You agree that you will not:

  • Share your account with others or allow others to use your login credentials.
  • Exceed the permitted number of authorized devices or users without obtaining additional licenses.
  • Copy, modify, reverse engineer, or decompile any part of the Service.
  • Access the service using any client or software other than the unmodified Codebook software.
  • Attempt to gain unauthorized access to the Service or related systems.
  • Use the Service in a manner that could disrupt, interfere with, or degrade the performance or security of the Service.
  • Use the Service to engage in illegal activities or to violate laws applicable to your jurisdiction, the State of New Jersey, or the United States.

1.3. Account Security

You are solely responsible for:

  • Ensuring the confidentiality and security of your account credentials (e.g., passwords)
  • Ensuring the confidentiality of your Codebook  data (Master Password and Sync Key, as defined in the Terms of Use and manual for the Codebook software).
  • Promptly notifying Zetetic if your account is compromised or if there is any unauthorized access to your account.
  • All activities that occur under your account, including use of any information, including access credentials for third-party systems, stored using the Codebook software or the Service.

1.4. Trial Services

If you are using a free trial or evaluation of the Service (“Trial Services”), the following terms apply:

  • Limited Access: During the trial period, Zetetic grants you a non-exclusive, non-transferable right to use the Service for evaluation purposes only. Trial Services are provided solely for your personal, non-commercial use, and are subject to this Agreement.
  • Trial Duration: The trial period will terminate at the earlier of (i) the end of the trial period specified by Zetetic or (ii) the start date of any purchased subscription.
  • Data Loss: Any data on the Service during the trial period may be deleted upon expiration of the trial unless you subscribe to the Service before the trial period ends. Zetetic is not responsible for any loss of data during or after the trial period.
  • No Warranty: Trial Services are provided “as is” without any warranties or guarantees of any kind. Zetetic disclaims all liability for issues arising from your use of the Trial Services.

2. Service Provided “As Is”

The Service is provided on an “as is” and “as available” basis. Zetetic makes no warranties or guarantees regarding the performance, security, or reliability of the Service, including its interaction with third-party services or vendors (e.g., AWS cloud hosting). Zetetic disclaims any warranties, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

Zetetic does not guarantee that the Service will be uninterrupted, error-free, or that any defects will be corrected.

3. Payment and Subscription

3.1. Payment Terms

If you subscribe to a paid plan, you agree to provide accurate billing information and pay all fees in a timely manner. Fees are non-refundable unless otherwise specified by Zetetic. If your payment is overdue, Zetetic may suspend or terminate your access to the Service.  Zetetic or its authorized payment processor will notify you in advance of any subscription renewals or changes to subscription fees.  If you authorize automatic payments of your subscription fees or automatic renewal of your subscription, Zetetic or its authorized payment processor will charge you fees as they come due, and notify you if any charge was not accepted.

3.2. Taxes

You are responsible for any taxes associated with your use of the Service. Fees quoted for the Service do not include applicable taxes, and you agree to pay any such taxes.

4. Data, Privacy, and Encryption

4.1. Data Ownership and Encryption

You retain ownership of all data you sync with the Service (“Customer Data”). The Service uses encryption to protect your data, which is secured using a secret Sync Key stored on your devices. Zetetic does not have access to your Sync Key and cannot view your unencrypted data.

You are solely responsible for safeguarding your Service Password, Device Master Password and Sync Key and ensuring that any devices on which you use the Codebook software or Services remain secure. You agree to follow security best practices when using the Service, including using strong passwords.

Zetetic will not be able to recover or restore your data if your Sync Key is lost or becomes unavailable.

4.2. Data Protection

Zetetic takes steps to protect your data in accordance with applicable data protection laws, including GDPR, CCPA, and any other relevant regulations. Your data may be stored and processed by third-party vendors (e.g., AWS) that comply with similar standards.

4.3. Communication and Marketing

You agree that Zetetic may contact you via email, phone, or mail regarding new products, services, and updates. Zetetic may also display advertisements or promotional content within communications sent through the Service.

Unless you inform us by emailing support@zetetic.net, you grant Zetetic permission to use your name in marketing materials, such as case studies, interviews, and customer lists, provided that such use accurately reflects the nature of the relationship.

4.4. Privacy Policy

For more details on how your data is handled, please review our Privacy Policy.

4.5. Data Protection Laws (GDPR, CCPA, etc.)

4.5.1. GDPR Compliance

If you are located in the European Economic Area (EEA), Switzerland, or the United Kingdom, you have certain rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws. As such, you have the following rights regarding your personal data:

  • Right of Access: You may request access to the personal data we hold about you.
  • Right to Rectification: You have the right to request correction of any inaccurate personal data we hold.
  • Right to Erasure: You may request the deletion of your personal data in certain circumstances.
  • Right to Data Portability: You can request that your data be provided to you or another controller in a machine-readable format.
  • Right to Object: You may object to certain processing activities, such as direct marketing, or request restrictions on processing.
  • Data Transfers: We rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to ensure that your data is protected when transferred outside the EEA.

4.5.2. CCPA Compliance

If you are a resident of California, the California Consumer Privacy Act (CCPA) grants you the following rights regarding your personal data:

  • Right to Know: You may request information about the categories of personal data collected, the purposes for which it is used, and the third parties with whom we share this data.
  • Right to Delete: You may request the deletion of your personal data under certain circumstances.
  • Right to Opt-Out: You have the right to opt out of the sale of your personal data (although we do not sell personal data).
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights under the CCPA.

Zetetic complies with its obligations under the GDPR, CCPA, and other relevant laws and regulations.  For all users, you can contact us at support@zetetic.net to exercise these rights.

If you use the Services to store, transmit, collect, or process the personal data of any third party, you are responsible for your compliance with all relevant laws and regulations, including without restriction the GDPR and the CCPA.

4.6. Data Security and Breach Notification

We implement industry-standard security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, no system can be completely secure, and we cannot guarantee the absolute security of your data.

In the event of a data breach that may affect your personal data, we will notify you without undue delay and within the timeframe required by applicable law. We will also take any actions required by applicable laws, including notifying relevant supervisory authorities and affected individuals if necessary.

4.7. Advertising and Marketing Compliance

We may use your contact details to send you marketing communications about our products, services, or special offers. These communications will be sent to you only if you have given your consent where required by law (e.g., under GDPR).

  • Opt-In for EU Users: If you are located in the EEA, we will send you marketing communications only if you have opted in to receive such communications.
  • Opt-Out for U.S. and Other Regions: You may opt out of receiving marketing communications from us at any time by following the unsubscribe instructions in the emails or contacting us directly.

We will comply with all applicable laws, such as the CAN-SPAM Act in the U.S., regarding email and electronic communications.

4.8. Children’s Online Privacy Protection Act (COPPA)

Our Service is not directed to children under the age of 13, and we do not knowingly collect personal data from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information from our records.

If you believe that we have collected personal information from a child under 13, please contact us at support@zetetic.net so that we can delete the information.

4.9. User Data Retention and Deletion

We retain your personal data for as long as necessary to provide you with the Service and fulfill the purposes for which the data was collected, unless a longer retention period is required by law.

Upon termination of your account or at your request, we may delete or anonymize your personal data, except where retention is required by law or for legitimate business purposes. You can request deletion of your data at any time by contacting us at support@zetetic.net or initiating a data deletion request through the Service.

Backup data may be retained indefinitely as part of our disaster recovery and legal obligations.

5. Acceptable Use and Prohibited Activities

5.1. Acceptable Use

You agree to use the Service only for lawful purposes and in compliance with this Agreement. You will not use the Service in any way that could harm Zetetic, disrupt the Service, or infringe on the rights of others.

5.2. Prohibited Activities

You may not:

  • Block or filter advertisements delivered through the Service.
  • Use automated means such as bots or scripts to interact with the Service.
  • Attempt to hack, modify, or disrupt the Service or its security protocols.
  • Access the Service via any means not authorized by Zetetic.
  • Transmit or distribute malware, viruses, or any harmful code through the Service.
  • Use the Service to send unsolicited messages (e.g., spam).
  • Violate any intellectual property or privacy rights of third parties.

6. Intellectual Property

6.1. Service Ownership

All rights, title, and interest in the Service, including all intellectual property, are retained by Zetetic. You do not acquire any ownership rights to the Service or any software used to provide or access the Service.

All content provided through the Service, including but not limited to software, designs, logos, and other intellectual property, remains the exclusive property of Zetetic or its licensors. Any unauthorized use of this intellectual property is prohibited.

You agree not to develop, market, or create any product or service that competes with Codebook Cloud without Zetetic’s prior written consent.

6.2. Feedback and Suggestions

If you provide any feedback or suggestions to Zetetic regarding improvements or changes to the Service, such suggestions, ideas, inventions, innovations, and concepts, and any inventions, improvements, or materials derived therefrom or based thereon shall become the property of Zetetic and Zetetic may use those suggestions without obligation to compensate you.

6.3. Third-Party Materials

The Service may contain third-party components or software governed by their own terms. Zetetic ensures that the inclusion of such third-party materials will not prevent you from using the Service as provided under this Agreement.

6.4. DMCA Compliance

Zetetic respects the intellectual property rights of others. If you believe that your work has been copied in a way that constitutes copyright infringement, please provide our designated DMCA agent with the following information:

  • A description of the copyrighted work that you claim has been infringed;
  • A description of where the material is located on the Service;
  • Your contact information (address, telephone number, and email address);
  • A statement that you have a good-faith belief that the use of the material is not authorized by the copyright owner, its agent, or the law;
  • A statement that the information in the notification is accurate, and under penalty of perjury, that you are authorized to act on behalf of the copyright owner; and
  • Your electronic or physical signature.

Our designated DMCA agent can be reached at:

Stephen Lombardo
PO BOX 5018
BRANCHBURG,  NJ 08876
support@zetetic.net

7. Limitation of Liability

7.1. No Liability for Damages

Zetetic is not liable for any indirect, incidental, special, or consequential damages arising from your use of the Service, including loss of data, profits, or goodwill. This includes, but is not limited to, loss of data, profits, goodwill, or any damages arising from loss of, unauthorized access to, or alteration of your data, even if Zetetic has been advised of the possibility of such damages.

7.2. Maximum Liability

In any case, Zetetic’s total liability to you under this Agreement will not exceed the amount you paid for the Service during the twelve (12) months before the claim arose.

7.3. Data Loss

While Zetetic strives to ensure the safety of your data, you acknowledge that data loss may occur, and Zetetic will not be liable for any such loss.

7.4. Indemnification

You agree to indemnify, defend, and hold Zetetic, its affiliates, directors, officers, employees, and agents harmless from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising from:

    1. Your use of the Service in violation of this Agreement or applicable law;
    1. Any content or data you provide or transmit through the Service that infringes upon the intellectual property, privacy, or other rights of a third party;
    1. Any breach of this Agreement by you or anyone using your account.

7.5  Remedy for Intellectual Property Infringement

If the Service becomes the subject of a claim of intellectual property infringement, Zetetic may, at its sole option and expense:

    1. Procure for you the right to continue using the Service;
    1. Replace or modify the Service to make it non-infringing;
    1. If the above options are not feasible, terminate your access to the Service and provide a refund of any pre-paid fees for the period following termination.

8. Termination

8.1. Termination by Zetetic

Zetetic reserves the right to terminate your account at any time, with or without cause, including if you:

  • Breach this Agreement.
  • Fail to pay any applicable subscription fees on time.
  • Engage in prohibited or unlawful activities using the Service.

8.2. Effects of Termination

Upon termination, your access to the Service will be immediately revoked, and Zetetic may delete your data. It is your responsibility to export or back up any data before your account is terminated.

9. Modifications to the Service and Terms

Zetetic reserves the right to update or modify this Agreement at any time. Such changes will be posted on the Codebook Cloud website, and continued use of the Service will constitute your acceptance of the updated terms.

10. Governing Law and Jurisdiction

10.1. Jurisdiction

This Agreement is governed by the laws of the State of New Jersey, United States, without regard to its conflict of law principles. Any disputes arising out of or related to this Agreement will be resolved exclusively in the state or federal courts located in New Jersey.

10.2. Export Control

You acknowledge that the Service, including any software, documentation, and technical data related to the Service, may be subject to U.S. export control laws and regulations, including the Export Administration Regulations (EAR) and sanctions administered by the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC). You agree to comply with all applicable export control laws and restrictions, and you shall not:

    1. Export, re-export, or transfer the Service to any country, individual, or entity prohibited by U.S. law, including but not limited to countries under embargo or individuals on the U.S. Government’s Denied Persons List, Entity List, or Specially Designated Nationals list;
    1. Use the Service for any purposes prohibited by U.S. law, including the development, design, manufacture, or production of nuclear, missile, or chemical or biological weapons.

You represent that you are not located in, or a national or resident of, any such prohibited country or on any such list.

11. Miscellaneous

11.1. Force Majeure

Zetetic will not be held responsible for delays or failures in performance due to causes beyond its control, including natural disasters, pandemics, war, or acts of terror or government.

11.2. Entire Agreement

This Agreement constitutes the entire understanding between you and Zetetic regarding the use of the Service and supersedes any prior agreements, whether written or oral.

11.3. Severability

If any provision of this Agreement is found to be invalid or unenforceable, the remaining provisions will remain in full force and effect.

11.4. Assignment

Zetetic may assign or transfer its rights and obligations under this Agreement, in whole or in part, to any affiliate, subsidiary, or as part of a merger, acquisition, or sale of all or substantially all of its assets, without your prior consent. Upon such assignment, Zetetic will provide notice to you.

You may not assign or transfer your rights or obligations under this Agreement, in whole or in part, without the prior written consent of Zetetic. Any attempted assignment or transfer in violation of this provision will be void and of no effect.

12. Data Protection and Processing Agreement

This section outlines the responsibilities between you (“Controller”) and Zetetic LLC (“Processor”) concerning the processing of personal data under the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable laws.

12.1. Definitions

For the purposes of this section, the following definitions apply:

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation or set of operations performed on personal data (e.g., collection, storage, use, deletion).
  • Controller: The entity that determines the purposes and means of the processing of personal data (you).
  • Processor: Zetetic LLC, the entity that processes personal data on behalf of the Controller.
  • Sub-Processor: Any third party engaged by the Processor to process personal data on behalf of the Controller.
  • Data Subject: An identified or identifiable individual whose personal data is being processed.
  • GDPR: The General Data Protection Regulation (EU) 2016/679.
  • EEA: The European Economic Area, which includes all EU member states as well as Iceland, Liechtenstein, and Norway.

12.2. Scope and Duration

Zetetic will process personal data solely for the purpose of providing the Codebook Cloud service as described in these Terms. This agreement remains in effect for as long as Zetetic processes personal data on behalf of the Controller.

12.3. Types of Personal Data and Categories of Data Subjects

  • Types of Personal Data: Zetetic may process the following types of personal data as part of the Codebook Cloud service: contact information (name, email address), account details, encrypted password data, and device information.
  • Categories of Data Subjects: The data subjects include users of the Codebook Cloud service and any authorized individuals or employees of the Controller.

12.4. Obligations of the Processor

  • 12.4.1. Processing Based on Instructions: Zetetic will only process personal data in accordance with the Controller’s documented instructions, unless required by law. The Controller’s instructions are contained in these Terms and may be updated by written agreement.
  • 12.4.2. Security Measures: Zetetic will implement appropriate technical and organizational measures to protect personal data, including encryption and access controls, to ensure confidentiality, integrity, and availability.
  • 12.4.3. Sub-Processors: Zetetic may engage sub-processors to assist with data processing activities. The Processor will ensure that all sub-processors are subject to the same data protection obligations outlined in this section. The Controller will be informed of any new sub-processors and may object on reasonable grounds.
  • 12.4.4. Data Breach Notification: If Zetetic becomes aware of any breach of personal data, it will notify the Controller without undue delay. The notification will include details about the nature of the breach, the affected data, the likely consequences, and the measures taken to mitigate the breach.
  • 12.4.5. Assistance with Data Subject Requests: Zetetic will assist the Controller in responding to data subjects’ requests to exercise their rights (e.g., access, correction, deletion, or data portability) under applicable data protection laws.

12.5. Obligations of the Controller

  • 12.5.1. Lawful Basis for Processing: The Controller is responsible for ensuring that it has a lawful basis for processing personal data, including obtaining any necessary consents from data subjects.
  • 12.5.2. Compliance with Data Protection Laws: The Controller must ensure that its use of the Codebook Cloud service and its processing of personal data complies with all applicable data protection laws, including GDPR and CCPA.

12.6. International Data Transfers

  • 12.6.1. EEA Transfers: Zetetic processes and stores personal data of European Economic Area (EEA) residents in the United States. When transferring personal data from the EEA to a third country (such as the US), Zetetic relies on legal mechanisms such as Standard Contractual Clauses (SCCs) as approved by the European Commission, or other appropriate safeguards, in compliance with the GDPR.
  • 12.6.2. Standard Contractual Clauses (SCCs): Zetetic will ensure that the transfer of personal data from the EEA to the United States is carried out in accordance with SCCs or any other transfer mechanism that provides adequate protection as required by GDPR Article 46. The SCCs ensure that the data is protected to the same standard as if processed in the EEA. These clauses form a legally binding commitment between Zetetic and the Controller to safeguard European user data.
  • 12.6.3. Adequacy Decision and Other Safeguards: Should the European Commission adopt an adequacy decision for the US, Zetetic will rely on such a decision for the transfer of personal data. In the absence of such a decision, Zetetic may also rely on Binding Corporate Rules or explicit consent from the data subject as appropriate.
  • 12.6.4. Data Subject Rights: Data subjects in the EEA whose personal data is transferred to the US will continue to have their GDPR rights (e.g., access, rectification, erasure) enforced. Zetetic will provide mechanisms for data subjects to exercise their rights, even when their data is hosted in the US.
  • 12.6.5. Transparency: Upon request, Zetetic will provide you with information regarding the safeguards implemented to ensure the lawful transfer of personal data from the EEA to third countries, including copies of relevant SCCs or other mechanisms relied upon. Requests for audits may be made no more than once per calendar year, and Zetetic reserves the right to charge a reasonable fee for facilitating audits.

12.7. Data Retention and Deletion

  • 12.7.1. Retention: Zetetic will retain personal data only as long as necessary to fulfill the purposes outlined in these Terms or as required by law. Backup data may be retained for [X] days after account termination.
  • 12.7.2. Deletion: Upon termination of the Controller’s account or upon request, Zetetic will securely delete or anonymize personal data, unless retention is required by law. You may request deletion of your personal data by contacting Zetetic.

12.8. Audits and Documentation

The Controller has the right to request audits to verify Zetetic’s compliance with this Data Protection and Processing Agreement. Zetetic will provide the necessary information to demonstrate compliance with data protection obligations.

12.9. Liability and Indemnification

  • 12.9.1. Liability: Zetetic’s liability concerning personal data processing is governed by the general liability provisions of the Terms of Service.
  • 12.9.2. Indemnification: The Controller agrees to indemnify and hold Zetetic harmless for any liabilities, claims, or damages arising from the Controller’s failure to comply with its data protection obligations.

12.10. Termination of Data Processing

Upon termination of the Controller’s use of the Codebook Cloud service, Zetetic will either delete or return all personal data to the Controller, unless legal obligations require the retention of the data. Backup data will be deleted within [X] days of termination.

12.11. Changes to the Data Processing Terms

Any changes to this Data Protection and Processing section must be agreed upon in writing by both parties.