SOC 2 Type II Compliant
Implementing IP restriction ensures better security. Users can be tagged to specific IPs and can only access the application from that IP. It is a robust approach to implementing security and avoid access to the application from unauthorized locations.
OTP (One Time Password)
One-time password systems provide a mechanism for logging on to a network or service using a unique password which can only be used once. One-time passwords are a form of so-called strong authentication, providing much better protection systems containing sensitive data.
Strong authentication systems address the limitations of static passwords by incorporating an additional security credential, for example, a temporary one-time password (OTP), to protect network access and end-users' digital identities.
- One-time passwords can be generated by users to provide access to the support team to address the queries of clients.
- A Duplicate login will be created by the system for the support team to simultaneously access the account and assist the user without the user having to release any sensitive data.
- The validity of the OTP generated by the user is 2 hours, post which the OTP will be rendered useless.
- The OTP will be sent to firstname.lastname@example.org to ensure additional security.
- All correspondence is enabled with end-to-end encryption.
Our data security doesn't rely on any single technology to make it secure. Our stack builds security through progressive layers that deliver true defense in depth. Data stored is automatically encrypted at rest and a secure data backup can be availed by our customers at regular intervals.
Google cloud infrastructure
Google develops and deploys infrastructure software using rigorous security practices. Their operations teams detect and respond to threats to the infrastructure from both insiders and external actors, 24/7/365.
PII Compliance (Personally Identifiable Information)
Ceipal de-identifies data wherever possible. Measures like anonymizing personally identifiable data. Ceipal additionally implements access controls wherever necessary and possible. Sensitive information is made accessible only to people who need it to do their jobs. Ceipal encrypts all sensitive information by default.
SOC2 Compliance (Instant Audit Report)
Ceipal has the distinction of being one of the first applicant tracking systems (ATS) to be SOC2 compliant, and one of the first software-as-a-service (SaaS) companies to utilise the SSAE 16/18 framework to provide security review. Ceipal undertakes an independent third party annual SOC2 audit that reviews certain of its internal controls and processes. The audit covers internal governance, production operations, change management, data backups, and software development processes. It evaluates that we have the appropriate controls and processes in place and that they are actively functioning appropriately in accordance with related standards.
The SOC2 program offers independent verification that our security practices offer a recognized standard of security measures. Furthermore, the program is designed to cover key elements of data processing and integrity, while maintaining auditing practices within our business and operational processes. As all customers are concerned with their data and its security, Ceipal has integrated its SOC controls into its operating procedures. These procedures span the
organization, teams or functions that provide service or support to our clients on our platform. The key components of our SOC2 controls environment include:
- Corporate Governance: how we provide oversight of our business and people
- Change Management: how we make sure changes are tracked and properly reviewed
- Access Control and Management: who has access to our platform operations and how this access is managed
- Data Redundancy and Backup: how data is kept safe and stored in the event of adversity
- Software Architecture and Development: oversight of the development effort around our platform
Master Subscription Agreement
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THIS SERVICE.
BY USING THE SERVICE OR CLICKING "AGREE" CUSTOMER IS AGREEING TO BE BOUND BY THIS AGREEMENT. IF YOU ARE AGREEING TO THIS AGREEMENT ON BEHALF OF OR FOR THE BENEFIT OF YOUR EMPLOYER, THEN YOU REPRESENT AND WARRANT THAT YOU HAVE THE NECESSARY AUTHORITY TO AGREE TO THIS AGREEMENT ON YOUR EMPLOYER'S BEHALF.
This agreement is between CEIPAL CORP., a Delaware corporation (CEIPAL), and the customer agreeing to these terms (Customer).
- SOFTWARE SERVICESThis agreement provides Customer access to and usage of an Internet based software service as specified on an order (Service).
- USE OF SERVICE
- Customer Owned Data: All data uploaded by Customer remains the property of Customer, as between CEIPAL and Customer (Customer Data). Customer grants CEIPAL the right to use the Customer Data solely for purposes of performing under this agreement. During the term of this agreement, CEIPAL may export the Customer Data as allowed by functionality in the Service, which is further descried at this link Data Backup.
- Access and Usage: Customer may allow its contractors to access the Service in compliance with the terms of this agreement, which access must be for the sole benefit of Customer. Customer is responsible for the compliance with this agreement by its contractors.
- Service Availability: CEIPAL will make all reasonable efforts to be available 24 hours a day, 7 days a week and 365 days a year except for the days that require maintenance, upgrades, and for emergency events which includes fire, floods, war, terrorist attacks, and all other emergency events. CEIPAL will make all the reasonable efforts to pre-schedule date and time for maintenance activities and communicate to all the customers using standard email communication channels. At times, for any emergency maintenance situations, CEIPAL will not be able to provide advanced notification.
- Disaster Recovery: CEIPAL maintains all the transactional data in the storage which is replicated across multiple regions. If there is any event of loss, all the applications will be pointed to the failover datacenter for accessing the data. In the event of disaster, CEIPAL will try to restore the services at the earliest possible time.
- Customer Responsibilities: Customer (i) must keep its passwords secure and confidential; (ii) is solely responsible for Customer Data and all activity in its account in the Service; (iii) must use commercially reasonable efforts to prevent unauthorized access to its account and notify CEIPAL promptly of any such unauthorized access; and (iv) may use the Service only in accordance with the Service's online help documents and applicable law.
- CEIPAL Support: CEIPAL must provide customer support for the Service under the terms of CEIPAL's Customer Support Policy (Support) which is located at www.ceipal.com/support.
- Trial Version: If Customer has registered for a trial use of the Service, Customer may access the Service for the time specified by CEIPAL. The Service is provided AS IS, with no warranty during this time period. All Customer data will be deleted after the trial period unless Customer converts its account to a paid Service.
- Data Security Measures:
- Reasonable Security Measures: In order to protect Customer's Confidential Information, CEIPAL will (i) implement and maintain all reasonable security measures appropriate to the nature of the Confidential Information including without limitation, technical, physical, administrative and organizational controls, and will maintain the confidentiality, security and integrity of such Confidential Information; (ii) implement and maintain industry standard systems and procedures for detecting, preventing and responding to attacks, intrusions, or other systems failures and regularly test or otherwise monitor the effectiveness of the safeguards' key controls, systems, and procedures; designate an employee or employees to coordinate implementation and maintenance of its Reasonable Security Measures; and (iv) identify reasonably foreseeable internal and external risks to the security, confidentiality and integrity of Customer Data that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information, and assess the sufficiency of any safeguards in place to control these risks (collectively, Reasonable Security Measures).
- Notice of Data Breach: If CEIPAL knows that Customer Confidential Information may have been accessed, disclosed, or acquired without proper authorization and contrary to the terms of this agreement, CEIPAL will alert Customer of any data breach within two business days, and immediately take such actions as may be necessary to preserve forensic evidence and eliminate the cause of the data breach. CEIPAL will give highest priority to immediately correcting any data breach and devote such resources as may be required to accomplish that goal. CEIPAL will provide Customer with all information necessary to enable Customer to fully understand the nature and scope of the data breach. To the extent that Customer, in its sole reasonable discretion, deems warranted Customer may provide notice to any or all parties affected by any data breach. In such case, CEIPAL will consult with Customer in a timely fashion regarding appropriate steps required to notify third parties. CEIPAL will provide Customer information about what CEIPAL has done or plans to do to minimize any harmful effect or the unauthorized use or disclosure of, or access to, Confidential Information.
- Warranty: CEIPAL warrants to Customer: (i) the functionality or features of the Service may change but will not materially decrease during any paid term; and (ii) that the Support may change but will not materially degrade during any paid term.
- DISCLAIMER: CEIPAL DISCLAIMS ALL WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE AND FITNESS FOR A PARTICULAR PURPOSE. WHILE CEIPAL TAKES REASONABLE PHYSICAL, TECHNICAL AND ADMINISTRATIVE MEASURES TO SECURE THE SERVICE, CEIPAL DOES NOT GUARANTEE THAT THE SERVICE CANNOT BE COMPROMISED. CUSTOMER UNDERSTANDS THAT THE SERVICE MAY NOT BE ERROR FREE, AND USE MAY BE INTERRUPTED. CUSTOMER UNDERSTANDS THAT ITS USE OF THE SERVICE DOES NOT CONSTITUTE COMPLIANCE WITH ANY LAW. CUSTOMER UNDERSTANDS THAT IT HAS AN INDEPENDENT OBLIGATION TO COMPLY WITH ANY LAWS APPLICABLE TO IT.
- Payment Customer must pay all monthly or annual fees in advance, and as further specified on the order. Customer is responsible for the payment of all sales, use, withholding, VAT and other similar taxes. This agreement contemplates one or more orders for the Service, which orders are governed by the terms of this agreement.
- MUTUAL CONFIDENTIALITY
- Definition of Confidential Information: Confidential Information means all non-public information disclosed by a party (Discloser) to the other party (Recipient), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure (Confidential Information). CEIPAL's Confidential Information includes without limitation the Service, its user interface design and layout, and any non-public pricing information.
- Protection of Confidential Information: The Recipient must use the same degree of care that it uses to protect the confidentiality of its own confidential information (but in no event less than reasonable care) not to disclose or use any Confidential Information of the Discloser for any purpose outside the scope of this agreement. The Recipient must make commercially reasonable efforts to limit access to Confidential Information of Discloser to those of its employees and contractors who need such access for purposes consistent with this agreement and who have signed confidentiality agreements with Recipient no less restrictive than the confidentiality terms of this agreement.
- Exclusions: Confidential Information excludes information that: (i) is or becomes generally known to the public without breach of any obligation owed to Discloser, (ii) was known to the Recipient prior to its disclosure by the Discloser without breach of any obligation owed to the Discloser, (iii) is received from a third party without breach of any obligation owed to Discloser, or (iv) was independently developed by the Recipient without use or access to the Confidential Information. The Recipient may disclose Confidential Information to the extent required by law or court order, but will provide Discloser with advance notice to seek a protective order.
- CEIPAL PROPERTY
- Reservation of Rights: The software, workflow processes, user interface, designs, and other technologies provided by CEIPAL as part of the Service are the proprietary property of CEIPAL and its licensors, and all right, title and interest in and to such items, including all associated intellectual property rights, remain only with CEIPAL. Customer may not remove or modify any proprietary marking or restrictive legends in the Service. CEIPAL reserves all rights unless expressly granted in this agreement.
- Restrictions: Customer may not (i) sell, resell, rent or lease the Service or use it in a service provider capacity for third parties; (ii) use the Service to store or transmit infringing, unsolicited marketing emails, libelous, or otherwise objectionable, unlawful or tortious material, or to store or transmit material in violation of third-party rights; (iii) interfere with or disrupt the integrity or performance of the Service; (iv) attempt to gain unauthorized access to the Service or its related systems or networks; (v) reverse engineer the Service; or (vi) access the Service to build a competitive service or product, or copy any feature, function or graphic for competitive purposes.
- TERM and Termination
- Termination: Each party can terminate service with CEIPAL with or without cause at any time of service. (i) CEIPAL is required to be notified 30 days in advance by the customer for notice of termination, and CEIPAL will continue to bill the customer until the last day of the notice period. (ii) CEIPAL can terminate a customer with a notice of 180 days with or without a cause, with the only exception being the customer is engaged in unscrupulous activities that cause reprehensible damage to CEIPAL or its customers warrant an immediate termination without any notice of time.
- Refunds: CEIPAL does not provide refunds if the subscription is cancelled during the subscription term. Subscription will be auto renewed based on the payment term, unless the notice is provided based on the terms specified in the 7 (A).
- Return of Customer Data.
- Within 30-days after termination, upon request CEIPAL will make the Service available for Customer to export Customer Data as provided in Section 2(a).
- After such 30-day period, CEIPAL has no obligation to maintain the Customer Data and may destroy it.
- Return CEIPAL Property Upon Termination: Upon termination of this agreement for any reason, Customer must pay CEIPAL for any unpaid amounts, and destroy or return all property of CEIPAL. Upon CEIPAL's request, Customer will confirm in writing its compliance with this destruction or return requirement.
- Suspension for Violations of Law: CEIPAL may temporarily suspend the Service or remove the applicable Customer Data, or both, if it in good faith believes that, as part of using the Service, Customer has violated a law. CEIPAL will attempt to contact Customer in advance.
- Suspension for Non-Payment: CEIPAL may temporarily suspend the Service if Customer is more than 30 days late on any payment due pursuant to an order.
- LIABILITY LIMIT
- Exclusion of indirect damages: CEIPAL is not liable for any indirect, special, incidental or consequential damages arising out of or related to this agreement (including, without limitation, costs of delay; loss of or unauthorized access to data or information; and lost profits, revenue or anticipated cost savings), even if it knows of the possibility of such damage or loss.
- Total limit on Liability: CEIPAL's total liability arising out of or related to this agreement (whether in contract, tort or otherwise) does not exceed the amount paid by Customer within the 6-month period prior to the event that gave rise to the liability.
- Indemnity If any third-party brings a claim against CEIPAL related to Customer's acts, omissions, data or information within the Service, Customer must defend, indemnify and hold CEIPAL harmless from and against all damages, losses, and expenses of any kind (including reasonable legal fees and costs) related to such claim.
- GOVERNING LAW AND FORUM This agreement is governed by the laws of the State of New York (without regard to conflicts of law principles) for any dispute between the parties or relating in any way to the subject matter of this agreement. Any suit or legal proceeding must be exclusively brought in the federal or state courts for Monroe County, New York, and Customer submits to this personal jurisdiction and venue. Nothing in this agreement prevents either party from seeking injunctive relief in a court of competent jurisdiction. The prevailing party in any litigation is entitled to recover its attorneys' fees and costs from the other party. Customer hereby expressly waives the application of New York General Obligation Law section 5-903 to any renewal of this agreement.
- OTHER TERMS
- Entire Agreement and Changes: This agreement and the order constitute the entire agreement between the parties and supersede any prior or contemporaneous negotiations or agreements, whether oral or written, related to this subject matter. Customer is not relying on any representation concerning this subject matter, oral or written, not included in this agreement. No representation, promise or inducement not included in this agreement is binding. No modification of this agreement is effective unless both parties sign it, however this agreement may be modified through an on-line process provided by CEIPAL. No waiver is effective unless the party waiving the right signs a waiver in writing.
- Bulk email service: Bulk email capability provides a customer to send out to solicited job seekers for job opportunity, promoting customer business with relevant and appropriate content and other email communication purposes. CEIPAL continues its efforts to educate customers in compliance with CAN-SPAM act, and client agrees to comply with the CAN-SPAM act and any other anti-Spam regulations. CEIPAL will monitor violations by the customer for compliance with anti-Spam policies. With failure to comply with anti-Spam usage, CEIPAL reserves the right to cancel the service without a notice. Customer is fully responsible for any legal, compliance, and all damages in failure to adhere with anti-Spam policies. CEIPAL at its own discretion can cancel this service without a notice if such act is required to maintain compliance with the law.
- Marketplace Integrations – Reliability & Support: CEIPAL is committed to deliver value by integrating various third-party platforms as Job boards, VMS portals, phone/voice/video channels, CRM and the list goes on to bring unique value to customers. While these platforms are external to CEIPAL, and any changes to these platforms do affect the end service with CEIPAL. While we do our best to restore the service or provide technical assistance to our customers, the outcome is not in the control of CEIPAL. The loss of time and business due to downtime of the external platforms is not a responsibility of CEIPAL.
- No Assignment: Neither party may assign or transfer this agreement or an order to a third party, except that this agreement with all orders may be assigned, without the consent of the other party, as part of a merger, or sale of substantially all the assets, of a party.
- Independent Contractors: The parties are independent contractors with respect to each other.
- Enforceability and Force Majeure: If any term of this agreement is invalid or unenforceable, the other terms remain in effect. Except for the payment of monies, neither party is liable for events beyond its reasonable control, including, without limitation force majeure events.
- Money Damages Insufficient: Any breach by a party of this agreement or violation of the other party's intellectual property rights could cause irreparable injury or harm to the other party. The other party may seek a court order to stop any breach or avoid any future breach.
- No Additional Terms: CEIPAL rejects additional or conflicting terms of any Customer form-purchasing document.
- Order of Precedence: If there is an inconsistency between this agreement and an order, the order prevails.
- Survival of Terms: Any terms that by their nature survive termination of this agreement for a party to assert its rights and receive the protections of this agreement, will survive (including without limitation, the confidentiality terms). The UN Convention on Contracts for the International Sale of Goods does not apply.
- Feedback: If Customer provides feedback or suggestions about the Service, then CEIPAL (and those it allows to use its technology) may use such information without obligation to Customer.