Terms of Service

Terms and conditions for using the LogFlux log management platform.

Terms & Conditions

Preamble

LogFlux (as defined in our Imprint), hereafter referred to as the “Service” operates a solution providing encrypted log management via its website logflux.io (“the Site”).

The purpose of these Terms and Conditions of Use is to define the terms of use of LogFlux Services. They constitute a legal and binding agreement between the Service and any user of the LogFlux platform (the “User”). By subscribing to or using the Site or the Services, the User will be deemed to have read and accepted without reservation the current version of these Terms and Conditions.

Any special conditions potentially negotiated between the Service and the User shall prevail over these Terms and Conditions.

Definitions

The terms used in this document are defined as follows:

  1. The “User” means any natural or legal person using the Service.

  2. The “Services” provided by the Service are the features made available to Users via the Site such as (but not limited to) log ingestion, storage, search, encryption, archival, providing APIs and technical features to provide the aforementioned features.

  3. The “data processor” is the company that performs data processing at the request of a data controller. Thus, the Service acts as a data processor to make its Services available to Users, who define the purpose and the means of the processing. The Service may also use secondary processors (“sub-processors”) to carry out data processing on its behalf.

  4. The “User’s data” is understood as log data and metadata processed by the Service on behalf of the Users within the framework of the performance of the Services subscribed.

  5. “Personal data” means information relating to an identified or identifiable natural person.

  6. The “Parties” shall mean the Service and the User.

1. Purpose of LogFlux Services

The Service provides solutions relating to encrypted log management and accompanying features, through its platform, marketed via the Site.

2. User accounts

The use of the LogFlux Services requires the creation of an online account.

The Users are responsible for the accuracy of the information they provide and undertake to update the information concerning them or to notify the Service without delay of any change affecting their situation.

The Users shall take all useful measures to maintain the confidentiality of access to their account.

In the event of fraudulent use of their account, the Users undertake to immediately notify the Service and change their access password without delay.

Any costs resulting from such unauthorised use shall be borne by the Users until the Service has been notified by them of such use.

The Service shall in no event be liable for material or immaterial damages resulting from the use of the account by a third party, with or without the Users’ permission.

The Service shall store the encrypted log data sent through its platform on behalf of the Users. The Service shall protect the integrity, confidentiality and administrative, material and technical security of the Users’ data and personal information.

3. Financial conditions

By subscribing to LogFlux Services, the Users agree to pay the price corresponding to the Services selected and to their country of residence.

Unless specifically otherwise stipulated, the prices of the Services subscribed shall be paid at the time of subscription and in the currency in which they were invoiced.

The prices displayed on the Site are exclusive of charges, and they do not include VAT. Additional charges shall be applied on the invoice according to the Users’ country of residence and applicable legal and regulatory provisions.

3.1. Refund Policy

Users may request a refund within the first 14 days of their subscription. Refunds will be processed minus any costs already incurred for services consumed during the period of use, including but not limited to log processing, storage, and infrastructure costs. Refund requests must be submitted through the LogFlux customer support portal or by contacting support directly. Refunds will be processed within 14 business days of approval and will be issued to the original payment method used for the subscription.

4. Use of the Services

4.1. Compliance with applicable regulations

Each Party declares that it shall respect the regulations applicable to its activity.

In general terms, the Users shall guarantee that the log data sent via the LogFlux Services does not contravene any legal or regulatory provision or a provision resulting from an international agreement applicable to them and in particular the provisions in force in Germany, in the State in which the User carries out their activity and in the State in which the data originates, nor the rights of third parties.

User’s intellectual property rights

The Users authorise the Service to use their name, brand and visual identity solely for the purpose of executing the Services.

The Users guarantee to the Service:

  • that they have full power and authority to exploit and grant intellectual and industrial property rights and that these rights are in no way assigned, hypothecated, encumbered or in any way vested in a third party
  • that they have not and will not, by assignment to a third party or by any other means, do anything likely to compromise the use of intellectual and industrial property rights
  • that they have not nor will not introduce into their log data any sequence, reproduction or reminiscence likely to infringe on the rights of third parties
  • that no litigation or proceedings are pending or about to be brought in relation to the intellectual property rights

In addition, the Users shall undertake to guarantee the Service against any claim by third parties as well as any penalty that the Service may find itself imposed against it resulting from any non-compliance with this article.

4.1.2. The Service’s intellectual and industrial property rights

All programs, services, processes, designs, software, technologies, trademarks and trade names and inventions appearing on the Site, accessible via the Site or via the LogFlux Services, are the property of the Service or its licensors.

The Users shall undertake not to use, in any way whatsoever, the Site, the Services or any of the elements set out above for purposes other than those provided for herein.

4.2. Protection of the personal data of third parties

For the purposes of providing the Services, the Service has access to log data uploaded by the Users via their personal account. This information may contain personal data concerning third parties.

4.2.1. Responsibility of the Users in relation to personal data

As controllers of the log data, the Users are responsible for the processing of any personal data appearing in those logs within the meaning of the applicable regulations. As such, if the Users are domiciled in the European Union, or if they are processing log data containing personal data of citizens of the European Union, the User guarantees to the Service that they shall comply with the provisions of the General Data Protection Regulation (the “GDPR”) and in particular:

  • that the personal data contained in the log files transmitted have been collected and processed in compliance with the applicable regulations
  • that the Users have informed the data subjects in accordance with the applicable rules
  • where appropriate, that the collection and processing have been consented to by the data subjects
  • that the data subjects shall be allowed to exercise their rights in accordance with the applicable rules
  • that the Users undertake that the information will be rectified, completed, clarified, updated or deleted if it is inaccurate, incomplete, ambiguous or out of date, or if the data subject wishes to prohibit its collection, use, communication or storage

It is specified that the Users are solely responsible for managing the retention periods of log data that they upload onto the Service’s platform, and that it is incumbent on them to delete the data as and when its retention period expires. The Service is responsible only for deleting this data at the end of its contractual relationship with the Users.

In addition, the Users shall undertake not to include in the log data uploaded to the Service’s platform any personal data known as “sensitive” within the meaning of Article 9 of the GDPR, and in particular no health data, but also no data relating to criminal convictions and offences, any social security number, or any bank card number. The Service can in no way be held responsible for the presence of such personal data on its platform, and the consequences that could result therefrom. In the event of a violation of this clause, the User shall be solely responsible for any consequences, and undertakes to guarantee, and if necessary indemnify, the Service.

4.2.2 Protection of the User’s personal data

The Service has taken all the necessary precautions to preserve the security of personal data and, in particular, to prevent it from being distorted or damaged or from unauthorised third parties having access to it.

These measures include the following:

  • Multi-level firewall
  • Proven anti-virus and detection of intrusion attempts
  • Encrypted data transmission using SSL/TLS/HTTPS technology
  • End-to-end encryption of log data
  • Tier 3 certified data centres

In addition, access to processing by the LogFlux Services requires authentication of the persons accessing the data, by means of an individual access code and password, sufficiently robust and regularly renewed.

Data transmitted over unsecured communication channels shall be subject to technical measures designed to make such data incomprehensible to any unauthorised person.

4.2.3. Conditions of the processing relationship

The Service acts as a data processor on behalf of the Users, and undertakes to respect the obligations described in the Annex “Agreement on the processing of personal data”.

In this context, it is specified that:

  • The Users can retrieve their log data at any time by logging on to their personal Service’s account
  • Personal data contained in the logs may only be disclosed to third parties in the following cases:
    • with the authorization of the Users certifying that the data subjects have themselves authorized this disclosure
    • at the request of the competent legal authorities, on judicial requisition, or in the context of a legal dispute

4.3. Prohibited uses

The use of the LogFlux Services resulting from the subscription to the said Services is strictly personal and may not be rented or transferred free of charge or for a fee to a third party. In the absence of prior authorisation, the use of the Service is limited to only one account per User.

Any use of the Services that may damage, disable, or overload the Service’s infrastructure or networks connected to the Service’s servers, or interfere with the enjoyment of the Services by other Users, is prohibited.

Any attempt to access, without authorisation, the Services, any other accounts, computer systems or other networks connected to a Service server or any of the Services via hacking or any other method is prohibited.

The use of the Services for the purpose of storing, processing or transmitting log data related to illegal or fraudulent activities or encouraging such activities and, in particular, without this list being exhaustive, activities related to illegal drugs, hacking programs, instructions for assembling or creating weapons, materials containing violence against children or which encourages violence is prohibited.

Any use of the Services contrary to the applicable rules relating to data protection, anti-spam, anti-phishing or personal data protection is prohibited.

Any use of the Services in violation of the rights of third parties is prohibited.

In the event of non-compliance with this article, the Service reserves the right to immediately block the Users’ access to their Services and to remove all information from their account without notice and without refund or any other form of compensation.

The Service reserves the right to refuse or limit service to accounts not complying with its Terms and Conditions or with laws regulating data processing companies, or accounts distributing unwanted communications.

5. Responsibilities and guarantees

5.1 Responsibilities and guarantees of the Service

Except in cases of force majeure, the Service guarantees to the Users the proper performance of its service rendered in compliance with these Terms and Conditions.

Any potential compensation due from the Service, to the User or to a third party, due to the liability of the Service, its subsidiaries or its partners, in respect of the performance of these conditions, shall not exceed the price paid by the User in return for the Service(s) giving rise to the said liability.

In no case shall the Service guarantee to the User the operational, performance or information returns that the latter may expect from using the log management services in the context of these conditions.

The Service does not control the content of log data sent by the Users, which remains the responsibility of the Users.

In no case can the Service be held responsible in any capacity whatsoever in relation to third parties for any damage resulting from the storage or processing of log data on behalf of the Users.

5.2 Responsibilities and guarantees of the Users

The Users shall solely be responsible for the content of log data uploaded or processed in the context of the performance of these conditions.

The Users may be held liable for non-compliance with these Terms and Conditions of Use, with the Service’s privacy and security policies or with any legal or regulatory provision or with a provision resulting from an applicable international agreement.

The Users guarantee the Service against any damage, any claim and any recourse of third parties resulting from a violation, by the Users, of the present Terms and Conditions of Use, of the privacy and security policies of the Service or of any legal or regulatory provision, or a provision resulting from an applicable international agreement.

6. Changes to the use conditions, to the Service’s policies and to the offer

The Service may modify these Terms and Conditions of Use, its security and privacy policies as well as its offer.

The Users will be informed of any changes by email or directly on their LogFlux account and invited to accept this change to continue using the Services.

The Service’s Terms and Conditions of Use, security and privacy policies as well as its offer updated with the latest changes are available at any time on the Site.

7. Duration – Termination

The present Terms and Conditions of Use are in force for an indefinite period.

The Users may terminate their Service’s account directly from the Site at any time.

In the event of termination by the Users, the sums paid in consideration of the LogFlux Services shall remain due to the Service even if the Users did not exhaust the acquired service quotas.

In the event of non-compliance by the Users with these Terms and Conditions of Use, with the Service’s privacy and security policies or with any legal or regulatory provision or one resulting from an applicable international agreement, the Service reserves the right to terminate the Users’ account subject to 7 days’ notice.

The termination will occur without notice in the event of non-compliance with the article “Use of Services” of these conditions.

8. Force majeure

The Parties shall not be held liable if the non-performance or delay in the performance of one of their obligations described in these Terms and Conditions of Use results from a force majeure event.

Force majeure means any external event which was impossible to prevent and which was unforeseeable as interpreted by the jurisprudence of the German courts, and which prevents one of the Parties from performing their obligations or makes the performance of the same excessively onerous.

Expressly, the following will be considered cases of force majeure, in addition to those usually considered by the jurisprudence of the German courts, and without this list being restrictive:

  • wars, armed conflicts, riots, insurrections, sabotage, acts of terrorism
  • general or partial strikes, internal or external to the company, affecting a supplier or a national operator, lockouts, blockades of transport facilities or procurement for any reason whatsoever
  • natural disasters resulting in the destruction of infrastructure, such as fires, storms, floods, water damage
  • governmental or legal restrictions, legal or regulatory changes to forms of data processing, cases involving the suspension, cancellation or revocation of any authorisation by any relevant competent authority
  • interruptions of the network of the Service, its subcontractor or its supplier, as a result of computer breakdowns, blocking of telecommunications means, whether resulting from external attacks, interruptions to services by the access provider or other persons, and any other event not attributable to the Service, its subcontractor or its supplier, preventing the normal performance of the services rendered
  • interruptions of the power supply of more than 48 hours

Each party shall notify the other party by registered letter with acknowledgement of receipt of any force majeure event.

9. Protection of personal data concerning the User

The information, including personal data, collected by the Service in the context of its business relationship with the Users is subject to computer processing detailed in the Service’s Privacy Policy.

10. Partial invalidity of the T&C

If individual clauses of this Agreement are or become invalid, this shall not affect the validity of the remaining clauses of this Agreement. In this case, the Parties shall replace the void clause with a legally binding clause which is in line with the other clauses of the Agreement, and which is similar to the economic aim of the invalid clause.

11. Applicable Law

The Terms and Conditions shall be governed by the law of the Federal Republic of Germany. Exclusive jurisdiction over any disputes arising from this Agreement shall vest with the courts of Berlin.

Amendments and additions to this Agreement are only binding if they are made in writing. This also applies for alterations to this written form requirement. Sec. 305b Civil Code (Bürgerliches Gesetzbuch – BGB) remains unaffected.

ANNEX 1 – Agreement on the processing of personal data

In the context of the Services provided to the User, the Service is required to carry out personal data processing operations on behalf of the User. This processing is carried out for the duration of the contractual relationship between the Service and the User.

The processing carried out by the Service on behalf of the User is described below:

  • Storage of log data uploaded by Users
  • Processing and analysis of log data for search and filtering
  • Retention and analysis of log ingestion and system performance data
  • Collection of user preferences and configuration data
  • Management of user authentication and authorization data

In this respect, the Service declares that it offers sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the GDPR and ensures the protection of the data subject’s rights, and undertakes to respect the following obligations:

1. The Service’s Obligations

a) User’s instructions

The Service undertakes to process personal data only for the purposes of performing the Services in accordance with the User’s instructions. Thus, the Service agrees not to concede, rent, transfer or otherwise communicate to another person, all or part of the personal data, even free of charge, and not to use the personal data for purposes other than those provided in the Terms and Conditions of Use.

In the event that the Service considers that an instruction given by the User constitutes a violation of an applicable law, the Service must immediately inform the User.

b) Confidentiality and security

The Service guarantees the confidentiality of personal data processed in connection with the Services. As such, it ensures (i) that personal data is communicated only to persons who need to know it, (ii) that these persons are aware of the User’s instructions and undertake to process the personal data entrusted to them only in strict compliance with the instructions and for no other purpose, (iii) that they are subject to an appropriate contractual or legal obligation of confidentiality, and (iv) that they receive the necessary training in the field of data protection.

The Service undertakes to implement the appropriate technical and organizational measures in order to preserve the confidentiality and security of personal data and, in particular, to prevent it from being distorted, damaged or communicated to unauthorised third parties, and more generally, to protect personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorised dissemination or access, as well as against any form of unlawful processing, it being specified that these measures must ensure, taking into account best practice and the costs associated with their implementation, a level of security appropriate to the risks presented by the processing and the nature of the data to be protected and, more generally, in order to guarantee a level of security of personal data appropriate to the risk.

c) Notification of violations of personal data

In the event of an accidental or unlawful breach of security resulting in the destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, personal data processed by the Service, the Service undertakes to immediately notify the User within 72 hours of the detection of the incident.

In such circumstances, and in consultation with the User, the Service undertakes to put in place the necessary data protection measures and to limit any negative effects on the data subjects.

The Service undertakes to provide the User with all reasonable information and assistance to enable the latter to comply with its obligations to notify the data protection authorities and, where applicable, the data subjects.

d) User support

The Service undertakes, as far as possible, to assist the User in fulfilling its own obligations. Thus, the Service shall:

  • respond promptly to any request from the User concerning the personal data processed, in order to enable the User to take into account, within the time limits set, any potential requests from data subjects (right of access, right of rectification, right of destruction, etc.), and more generally to take into account the nature of the processing and help the User through appropriate technical and organisational measures to comply with their obligation to respond to requests submitted by the data subjects with a view to exercising their rights
  • forward to the User, on receipt, requests from the data subjects to exercise their rights
  • assist and collaborate with the User in order to guarantee compliance with its obligations, in accordance with the applicable regulations on the matter, and in particular help the User to ensure the security of personal data, to comply with its obligations in the event of a security breach and to assist the User in carrying out any measures necessary prior to processing, such as the implementation of an impact analysis

e) Data access / deletion

At any time during the implementation of the Terms and Conditions of Use, the User may access the personal data processed by the Service or delete it directly from the Site using the export and integrated deletion features.

At the end of the contractual relationship, the Service undertakes, at the User’s request, to destroy all personal data, or to return it to the User or another data processor designated by them if technically feasible and within a maximum period of 3 months. The return must be accompanied by the destruction of existing copies in the Service’s information systems, unless any applicable law requires their retention. The Service undertakes to provide the User, on request, with proof of such destruction.

2. Audit

The Service undertakes to provide the User with all the information and documents necessary to demonstrate compliance with the obligations set out herein.

The Service authorises the User or any other external auditor not competing with the Service and mandated by the User to inspect and audit its personal data processing activities, and undertakes to accede to all reasonable requests made by the User to verify that the Service complies with the contractual obligations imposed by this Annex.

It is agreed that, subject to any requests from the regulators to this effect, such audits may take place no more than once (1) per contract year. In all cases, the User must give the Service a minimum notice of fifteen (15) days, and the audit must in no case disrupt the ongoing activities of the Service. The audit will be limited to the personal data processing activities performed by the Service on behalf of the User, and the User will not be able to access data concerning other customers of the Service.

The Service undertakes to communicate all supporting documentation proving the compliance of the processing with the User’s instructions, and that the appropriate security measures have indeed been put in place.

3. Sub-processing

The User is informed, and expressly accepts, that the Service may have recourse to sub-processors within the context of the Services, who will have access/process the personal data entrusted by the User on their behalf. The list of the relevant processors is as follows:

  • Paddle - Service: Payment processing
  • AWS - Service: Infrastructure hosting

The User is made aware that some of these sub-processors are located in countries outside the European Union, including in the United States, and, as such, the User expressly authorises the Service to transfer personal data outside the European Union. The Service undertakes to put in place all the necessary guarantees in order to supervise these transfers in compliance with the applicable rules.

In this context, the User shall expressly mandate the Service to sign, in its name and on its behalf, standard contractual clauses “data controller to data processor” with the sub-processors (see the standard clauses of the European Commission at the following address: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32010D0087&from=EN).

In the event of modification of the list of its sub-processors, the Service will notify the User by email or by notification through the customer account, and the User will have the possibility to cancel the subscription in the event of an objection. It is specified that this notification will include any information relating to possible transfers of personal data outside the European Union.

When the Service uses sub-processors to carry out specific processing activities on behalf of and on the instructions of the User, the same data protection obligations as those laid down in these T&C are imposed contractually on the sub-processors, in particular with regard to providing sufficient guarantees as to the implementation of the appropriate technical and organisational measures.

It is the Service’s responsibility to ensure that sub-processors provide sufficient guarantees to ensure that the processing meets the requirements of the GDPR. If the sub-processors do not fulfil their data protection obligations, it is recalled that the Service remains fully liable to the User for the performance by sub-processors of their obligations.

If the Service is required to make such transfers under the applicable law, it undertakes to immediately inform the User of this legal obligation before the processing, unless the applicable law prohibits such information for reasons of public interest.