Legal Workflow Specialists

Bayside Tech Terms of Use

• Last Updated April 14, 2017

Welcome to www.baysidetech.in, a service offered by Bayside Tech, LLP, a Limited Liability Partnership incorporated under the laws of India, (“Bayside”, “we”, or “us”). The following terms and conditions (the “Terms”) govern all use of this website (www.baysidetech.in) and all content (including User Content, defined below), services, and products available at or through this website, including, but not limited to, document assembly services, contract automation services, online uploads, display, delivery, acknowledgement, and limited storage services for documents (collectively, the “Services”). This website, content, and the Services are collectively defined as the “Website”.

The Website is offered to you subject to your accepting without modification all of the terms and conditions contained therein, and all other operating rules, policies (including, without limitation, Bayside’s Privacy Policy and procedures that may be published from time to time on this website by Bayside (collectively, the “Agreement”). If you do not agree to these Terms, do not use our Services. If these terms and conditions are considered an offer by Bayside, acceptance is expressly limited to these terms.

We reserve the right to make amendments, modifications, and changes to these Terms from time to time. When we do make such amendments, modifications, and changes, the “last updated” date given above will be amended accordingly. It is your responsibility to review these Terms frequently and to remain informed of any changes to them. The then-current version of these Terms will supersede all earlier versions. You agree that your continued use of the Website after such changes have been published to our Services constitutes your acceptance of such revised Terms.

1. Licence to Use Bayside Services
   
   1. Subject to these Terms, Bayside grants to you a limited, personal, non-exclusive, non-transferable licence to use our Services for your use and not for resale or further distribution. Your right to use our Services is limited by all terms and conditions set forth in these Terms. Except for your pre-existing rights and this licence granted to you, we and our licensors retain all right, title, and interest in and to our Services, including all related intellectual property rights of all nature whatsoever, whether now known or to be developed in the future.
   2. Our Services are protected by applicable intellectual property laws, including the laws of the Republic of India and international treaties. Except as otherwise explicitly provided in these Terms or as may be expressly permitted by applicable law, you will not, and will not permit or authorise any third party to: (i) reproduce, modify, translate, enhance, decompile, disassemble, reverse engineer, or create derivative works of any of our Services; (ii) rent, lease, or sub-licence access to any of our Services; (iii) circumvent or disable any security or technological features or measures of our Services, or (iv) use the Services in a manner that overburdens, or threatens the integrity, performance, or availability of our Services. Any rights not expressly granted herein are reserved by Bayside.
2. Your Bayside Account
   1. You are responsible for maintaining the security of your account, and you are fully responsible for all activities that occur under the account and any other actions taken in connection with your account. You must immediately notify Bayside of any unauthorised uses of your account or any other breaches of security. Bayside will not be liable for any acts or omissions by you, including any damages of any kind incurred as a result of such acts or omissions.
3. User Content
   1. You represent and warrant that: (i) any information you provide in connection with your use of the Website is true, accurate, and complete, and you will maintain and update such information regularly; and (ii) you will respect the intellectual property and other informational and other rights of Bayside and other users.
   2. In these Terms, the content you or other users upload to the Website, includes, but is not limited to, document layouts, source code, pictures, videos and other images, audio materials, graphics, document or data files, information relating to natural and other persons, messages, e-mail and other communications, files, texts, opinions, feedback, suggestions, ideas, personalisation settings and other information or content, which is or may be provided to Bayside or placed on the user’s Bayside profile page or inputted or uploaded by you via the Website or related means (“User Content”).
   3. Bayside disclaims any and all liability for your disclosure of personally identifiable or confidential information you submit via the Website to other users. It is your responsibility to ensure that Website users to whom you submit personally identifiable or confidential information will take appropriate security and non-disclosure measures.
4. Prohibited User Content
   Bayside has the right to remove User Content at our discretion and may terminate accounts of Users who violate the Terms. You agree that you will not under any circumstances transmit any User Content (including software, text, images, or other information) that:
   1. is unlawful or promotes unlawful activities;
   2. defames, harasses, abuses, threatens, or incites violence towards any individual or group;
   3. is pornographic, discriminatory, or otherwise victimises or intimidates an individual or group on the basis of religion, gender, sexual orientation, race, ethnicity, age, or disability;
   4. is spam, is machine- or randomly-generated, constitutes unauthorised or unsolicited advertising, chain letters, any other form of unauthorised solicitation, or any form of lottery or gambling;
   5. contains or installs any viruses, worms, malware, Trojan horses, or other content that is designed or intended to disrupt, damage, or limit the functioning of any software, hardware, or telecommunications equipment or to damage or obtain unauthorised access to any data or other information of any third party;
   6. infringes on any proprietary right of any party, including patent, trademark, trade secret, copyright, right of publicity, or other rights; or
   7. violates the privacy of any third party.
5. Review of User Content by Bayside
   1. Bayside cannot and does not undertake to screen, review, edit, censor, or otherwise filter or control User Content or the behaviour of users or User Content or the Website. Bayside may, but shall not be obliged to, review, either by manual or automated means, all User Content which is or may be uploaded on this site, and monitor or review any areas of this site where users transmit or post communications or communicate with each other or Bayside (as applicable). Bayside retains the right (but disclaims any obligation) to reject, not post, not use, remove, amend, deny access to and / or delete any User Content, without notification, which it, in its sole discretion, deems a breach to these Terms. Bayside retains the right to co-operate with any law enforcement authorities, or in response to court and other official requests directing that Bayside disclose the identity of anyone posting User Content.
6. Bayside Does Not Provide Legal Advice
   1. Part of the Services on the website may involve the making of contracts, or other legal relations. Bayside is not offering legal representation or advice. Bayside does not offer any legal advice, legal opinions, recommendations, referrals, or counselling. Bayside is not involved in any agreements you may draft using the Services or the Website, or any agreements between you and other users.
   2. Bayside is not qualified to, and does not, offer any form of legal advice or recommendation whatsoever. No product or service offered by Bayside or any part thereof should be construed or relied upon by anyone as a substitute for legal, commercial, or contractual advice by professionals. Bayside disclaims all liability for losses, damages and injuries that may result from any such reliance.
   3. The use of the Services may be governed by the laws of different countries or regions, and you agree to abide by such local laws.
7. Disclaimer of Liability
   1. Bayside is under no obligation to become involved in any dispute that you have with other users or in any incident that you are party to with other users, or that are affected by or otherwise related to the Website.
   2. Bayside disclaims all liability relating to any User Content, including any error, virus, defamation, libel, obscenity, or inaccuracy contained in any User Content, whether or not arising under the laws of copyright, defamation, privacy, or otherwise, any prohibited User Content and any other User Content.
   3. Bayside disclaims all liability for unauthorised use (by other users) of User Content, and disclaims (without limitation) all liability for use of User Content which breaches any copyright, trademark rights, or other intellectual property rights of any other user or person.
   4. You are solely responsible for any damage (including to the Website) resulting from use (or submission) of any User Content or the Website (including disputes and incidents described in the preceding sections) and related transactions or occurrences. Bayside shall have no responsibility for unauthorised access to your account, or automatic forwarding of messages and/or viruses (caused by viruses or otherwise).
8. No Liability for Lost Data
   1. Where Bayside provides web hosting or other services via the Website involving the provision of computer storage space, or in relation to other relevant Services, Bayside reserves the right to impose and vary limits and/or restrictions (temporary or otherwise) on the use of the Service, including, without limitation, limits on the storage provided by reference to storage space, time/age of files, number and/or size of files, amount of data down- or uploaded or any other criteria Bayside may specify. Without limiting the following paragraph, material, which exceeds any such limit, may be deleted or not accepted for such storage.
   2. Bayside shall not be liable for any loss, deletion, removal, or failure of delivery to the intended recipient of User Content, whether caused by computer virus, unauthorised access or otherwise. You are encouraged to retain a back-up copy of all User Content and you undertake that you shall do so in respect of all uploaded User Content. Bayside reserves the right to deny access to this site and delete User Content at any time without notice.
9. Disclaimer of Warranties and Limitation of Liability
   1. Given the very nature of software code and development, there may, despite all reasonable precautions and diligence on our part, be unforeseen errors, breakages, downtime, bugs, or crashes affecting the Website or the applications on the Website. Bayside does not make any representation, warranty or guarantee, whether on behalf of itself or third parties, that the applications, Website, products, functions or services offered or made available by it will be error-free or work uninterrupted, or that the Website, applications, or servers will be free of viruses or other harmful components, and you hereby expressly accept any and all associated risks involved with your use thereof. You agree and undertake that you are accessing the Website and application and transacting at your sole risk, using your best and prudent judgement.
      
      YOUR USE OF THE WEBSITE IS AT YOUR SOLE RISK, WHICH IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WE AND OUR SUPPLIERS AND LICENSORS EXPRESSLY DISCLAIM ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. WE DO NOT GUARANTEE THE ACCURACY, COMPLETENESS, OR USEFULNESS OF THE SERVICES OR ANY SERVICE CONTENT, AND YOU RELY ON THE SERVICES AND SERVICE CONTENT AT YOUR OWN RISK. ANY MATERIAL THAT YOU ACCESS OR OBTAIN THROUGH OUR SERVICES IS DONE AT YOUR OWN DISCRETION AND RISK AND YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OF ANY MATERIAL THROUGH OUR SERVICES.  SOME JURISDICTIONS MAY PROHIBIT A DISCLAIMER OF WARRANTIES AND YOU MAY HAVE OTHER RIGHTS THAT VARY FROM JURISDICTION TO JURISDICTION.
      
      TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, WE AND OUR SUPPLIERS AND LICENSORS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, OR OTHER INTANGIBLE LOSSES (EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF THESE DAMAGES), RESULTING FROM YOUR USE OF OUR SERVICES. UNDER NO CIRCUMSTANCES WILL THE TOTAL LIABILITY OF US AND OUR SUPPLIERS AND LICENSORS OF ALL KINDS ARISING OUT OF OR RELATED TO YOUR USE OF THE SERVICES (INCLUDING BUT NOT LIMITED TO WARRANTY CLAIMS), REGARDLESS OF THE FORUM AND REGARDLESS OF WHETHER ANY ACTION OR CLAIM IS BASED ON CONTRACT, TORT, OR OTHERWISE, EXCEED THE AMOUNTS, IF ANY, THAT YOU HAVE PAID TO US FOR YOUR USE OF THE SERVICES.
10. Indemnity
    1. You will indemnify and hold us, our suppliers and licensors, and our respective subsidiaries, affiliates, officers, agents, employees, representatives, and assigns harmless from any costs, damages, expenses, and liability caused by your use of the Website, including, without limitation, User Content, your violation of these Terms, or your violation of any rights of a third party through use of the Website or User Content.
11. Miscellaneous
    1. This Agreement constitutes the entire agreement between Bayside and you concerning the subject matter hereof, and they may only be modified by a written amendment signed by an authorised executive of Bayside, or by the posting by Bayside of a revised version.
    2. Except to the extent applicable law, if any, provides otherwise, this Agreement and any access to or use of the Website will be governed by the laws of the Republic of India, including its conflict of law provisions. Any dispute arising under this Agreement shall be subject to the exclusive jurisdiction of the courts at Mumbai, India.
    3. You agree that we may reference you as our customer, and that we may reasonably use, on a royalty-free basis, your trademark or logo for such purpose.
    4. If any part of this Agreement is held invalid or unenforceable, that part will be construed to reflect the parties’ original intent, and the remaining portions will remain in full force and effect. A waiver by either party of any term or condition of this Agreement or any breach thereof, in any one instance, will not waive such term or condition or any subsequent breach thereof.
    5. You may not assign your rights under this Agreement to any other party without Bayside’s express written consent; Bayside may assign its rights under this Agreement without condition. This Agreement will be binding upon and will inure to the benefit of the parties, their successors and permitted assigns.

Close

Bayside Tech Privacy Policy

• Last Updated February 1, 2017

This Privacy Policy sets forth the policy of Bayside Tech, LLP, a Limited Liability Partnership incorporated under the laws of India, whose LLPIN is AAI-5149 (“Bayside”) in regard to the collection and usage of personal or corporate information that you may provide to us through using this website, or by using any product or service provided by Bayside (the “Website”). This Privacy Policy is incorporated into and made a part of our Terms of Use, and by accepting these during registration and by using the Website, you agree to the use of your information in accordance with this Privacy Policy. We may revise this policy from time to time, and will post the most current version on the Website. If a revision meaningfully reduces your rights, we will notify you using the email provided by you.

This Privacy Policy has been drafted in accordance with the provisions of the Information Technology Act, 2000 and the Rules thereunder, including, without prejudice to the generality of the foregoing, the Information Technology “Reasonable security practices and procedures and sensitive personal data or information” Rules, 2011. Furthermore, the contents of this Policy are in compliance with the recommendations of the Report of the Group of Exports on Privacy, chaired by Justice A.P. Shah, dated October 16, 2012. The Report made certain recommendations and articulated nine ‘National Privacy Principles’, which are in line with the aforesaid the Information Technology Act, 2000 and the Information Technology “Reasonable security practices and procedures and sensitive personal data or information” Rules 2011. A copy of the Report is available at http://planningcommission.nic.in/reports/genrep/rep_privacy.pdf, and we would urge you to read the Report if you so wish. For the purposes of convenience, the nine National Privacy Principles are reproduced here; should you feel that this Policy does not meet any of the standards set out in the National Privacy Principles, please contact us at: info [at] baysidetech.in, and we will take the necessary steps to correct the mismatch between this Policy and the National Privacy Principles, if any.

The Nine National Privacy Principles:

Principle 1: Notice

Principle: A data controller shall give simple-to-understand notice of its information practices to all individuals, in clear and concise language, before any personal information is collected from them. Such notices should include:

1. During Collection
   • What personal information is being collected;
   • Purposes for which personal information is being collected;
   • Uses of collected personal information;
   • Whether or not personal information may be disclosed to third persons;
   • Security safeguards established by the data controller in relation to the personal information;
   • Processes available to data subjects to access and correct their own personal information;
   • Contact details of the privacy officers and SRO ombudsmen for filing complaints.
2. Other Notices
   • Data breaches must be notified to affected individuals and the commissioner when applicable.
   • Individuals must be notified of any legal access to their personal information after the purposes of the access have been met.
   • Individuals must be notified of changes in the data controller’s privacy policy.
   • Any other information deemed necessary by the appropriate authority in the interest of the privacy of data subjects.

Principle 2: Choice and Consent

Principle: A data controller shall give individuals choices (opt-in/opt-out) with regard to providing their personal information, and take individual consent only after providing notice of its information practices. Only after consent has been taken will the data controller collect, process, use, or disclose such information to third parties, except in the case of authorised agencies. The data subject shall, at any time while availing the services or otherwise, also have an option to withdraw his/her consent given earlier to the data controller. In such cases the data controller shall have the option not to provide goods or services for which the said information was sought if such information is necessary for providing the goods or services. In exceptional cases, where it is not possible to provide the service with choice and consent, then choice and consent should not be required. When provision of information is mandated by law, it should be in compliance with all other National Privacy Principles. Information collected on a mandatory basis should be anonymised within a reasonable timeframe if published in public databases. As long as the additional transactions are performed within the purpose limitation, fresh consent will not be required.

Principle 3: Collection Limitation

Principle: A data controller shall only collect personal information from data subjects as is necessary for the purposes identified for such collection, regarding which notice has been provided and consent of the individual taken. Such collection shall be through lawful and fair means.

Principle 4: Purpose Limitation

Principle: Personal data collected and processed by data controllers should be adequate and relevant to the purposes for which they are processed. A data controller shall collect, process, disclose, make available, or otherwise use personal information only for the purposes as stated in the notice after taking consent of individuals. If there is a change of purpose, this must be notified to the individual. After personal information has been used in accordance with the identified purpose it should be destroyed as per the identified procedures. Data retention mandates by the government should be in compliance with the National Privacy Principles.

Principle 5: Access and Correction

Principle: Individuals shall have access to personal information about them held by a data controller; shall be able to seek correction, amendments, or deletion of such information where it is inaccurate; be able to confirm that a data controller holds or is processing information about them; be able to obtain from the data controller a copy of the personal data. Access and correction to personal information may not be given by the data controller if it is not, despite best efforts, possible to do so without affecting the privacy rights of another person, unless that person has explicitly consented to disclosure.

Principle 6: Disclosure of Information

Principle: A data controller shall not disclose personal information to third parties, except after providing notice and seeking informed consent from the individual for such disclosure. Third parties are bound to adhere to relevant and applicable privacy principles. Disclosure for law enforcement purposes must be in accordance with the laws in force. Data controllers shall not publish or in any other way make public personal information, including personal sensitive information.

Principle 7: Security

Principle: A data controller shall secure personal information that they have either collected or have in their custody, by reasonable security safeguards against loss, unauthorised access, destruction, use, processing, storage, modification, deanonymisation, unauthorised disclosure (either accidental or incidental) or other reasonably foreseeable risks.

Principle 8: Openness

Principle: A data controller shall take all necessary steps to implement practices, procedures, policies and systems in a manner proportional to the scale, scope, and sensitivity to the data they collect, in order to ensure compliance with the privacy principles, information regarding which shall be made in an intelligible form, using clear and plain language, available to all individuals.

Principle 9: Accountability

Principle: The data controller shall be accountable for complying with measures which give effect to the privacy principles. Such measures should include mechanisms to implement privacy policies; including tools, training, and education; external and internal audits, and requiring organizations or overseeing bodies extend all necessary support to the Privacy Commissioner and comply with the specific and general orders of the Privacy Commissioner.

Please note that this Policy is only applicable to our online users and data gathered on our website baysidetech.in and not to any other information or website.

PLEASE READ THE POLICY CAREFULLY TO FULLY UNDERSTAND THE NATURE AND PURPOSE OF GATHERING INFORMATION, USAGE, DISCLOSURE, SECURITY PROCEDURE AND SHARING OF SUCH INFORMATION.

1. Information we Collect

   We collect “Non-Personal Information” and “Personal Information.” Non-Personal Information includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks. “Personal Information” is information which can be used to identify you as an individual; at present, this includes your email, address, billing information, company and identity information and any other information which you submit to us through the registration process for the Website.

   1. Information Collected via Technology: To view our Website you do not need to submit any Personal Information other than your name, general geographic location, profession or industry that you operate in, and email address. You may also submit more details about your business like the name of your company. In an effort to improve the quality of the Website, we track information provided to us by your browser or by our software application when you view or use the Website, such as the website you came from (known as the “referring URL”), the type of browser you use, the device from which you connected to the Website, the time and date of access, and other information that does not personally identify you. We track this information using cookies, or small text files which include an anonymous unique identifier. Cookies are sent to a user’s browser from our servers and are stored on the user’s computer hard drive. Sending a cookie to a user’s browser enables us to collect Non-Personal information about that user and keep a record of the user’s preferences when utilising our services, both on an individual and aggregate basis. For example, Bayside may use cookies to store the following information: session data, email address, username, and preferences. Bayside may use both persistent and session cookies; persistent cookies remain on your computer after you close your session and until you delete them, while session cookies expire when you close your browser.
   2. Information you Provide us by Registering for an Account: In addition to the information provided automatically by your browser when you visit the Website, to become a subscriber to the Website you may need to provide us with Personal information we use to populate that profile. By registering, you are authorising us to collect, store, and use your email address, and other such information you provide during registration, in accordance with this Privacy Policy. If you use an external application account (like Google) to sign in to the Website, we will collect and store your user ID. The privacy practices of these external applications are set forth in their privacy policies, and Bayside has no control over the uses of your ID by such parties.
   3. Information you Provide by Using the Website: You may submit User Content (as defined in the Terms of Use) to the Website, including certain information via online forms. We will not sell the information obtained in any User Content.
   4. Information you Send to Other Users: This Privacy Policy only addresses the use and disclosure of information we collect from you. If you disclose your information to other parties using the Website, or visit other websites linked through the Website, different rules may apply to their use or disclosure of the information you disclose to them. Since Bayside does not control the privacy policies of third parties, or other individuals’ actions, you are subject to the privacy policies of that third party or those individuals. We encourage you to be sure the recipients are authenticated to your satisfaction before you send them any documents or sensitive information.
2. How We Use and Share Information

   Except as otherwise stated in this Privacy Policy, we do not sell, trade, rent, or otherwise share for marketing purposes your Personal Information with third parties without your consent.

   We may share Personal Information and User Content with vendors who are performing services for Bayside, (such as the servers for our email communications who are provided access to user’s email address for purposes of sending emails from us; authentication systems, and fraud detection). We may share Personal Information such as your name, billing address, and credit card number with vendors who assist us with payment processing. Our vendors are contractually obligated to use your Personal Information obtained from us, only at our direction and in a manner that is consistent with our Privacy Policy.

   In general, the Personal Information you provide to us is used to help us communicate with you. For example, we use Personal Information to contact users in response to questions, solicit feedback from users, provide technical support, and inform users about promotional offers.

   Bayside will offer individuals the opportunity to choose (opt out) whether their personal information is to be used for any purpose other than what it was collected for.

   We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. In response to a verified request by law enforcement or other government officials relating to a criminal investigation or alleged illegal activity, we can (and you authorise us to) disclose your name, city, state, telephone number, email address, UserID history, fraud complaints, and usage history, in connection with an investigation of fraud, intellectual property infringement, piracy, or other unlawful activity.

   In the event we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Information may be among the assets transferred or examined during the due diligence process. You acknowledge and consent that such transfers may occur and are permitted by this Privacy Policy, and that any acquirer of our assets may continue to process your Personal Information as set forth in this Privacy Policy. If our information practices change at any time in the future, we will post the policy changes to the Site so that you may opt out of the new information practices. We suggest that you check the Website periodically if you are concerned about how your information is used.

3. How We Protect Information
   1. Security: We implement security measures designed to protect your information from unauthorised access. Your account is protected by your account password and we urge you to take steps to keep your personal information safe by not disclosing your password and by logging out of your account after each use. We further protect your information from potential security breaches by implementing certain technological security measures including encryption, firewalls, and secure socket layer technology. However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software. In addition, while we take reasonable measures to ensure that other entities who provide us with payment processing services keep your information confidential and secure, such entities’ practices are ultimately beyond our control. By using our Website, you acknowledge that you understand and agree to assume these risks.
   2. Data Integrity: Bayside will use personal information and User Content only for purpose of delivering the services made available in the Website, within the confines of document generation and electronic execution, and to facilitate the services you request related thereto.
   3. Access: Bayside will allow individuals to access their personal information. Further, Bayside will allow the individual to correct, update, or delete information. Individuals who wish to make an access request or remove personal information from our records, or if you have any questions in regard to this policy or believe that Bayside has not complied with the provisions of this policy, should direct such a request to our Privacy Officer at the address provided below or by sending an email to us at [email protected]

      Hemant Krishna V.
      1804 Sicily, Raheja Exotica,
      Patil Wadi, Madh Island,
      Malad West, Mumbai - 400061.

Close

Security Measures

• Last Updated November 24, 2017

Bayside Tech LLP (“Bayside Tech”) takes the confidentiality of customer data very seriously. These are some of the measures we've put in place to ensure that your data remains secure and only accessible to authorised users:

1. Servers
   
   1. Our servers are hosted on Microsoft Azure, an industry leader and the most certified cloud provider globally, trusted by some of the largest companies in the world as well as the U.S. Government.
      This page details the many security features that have been implemented by Azure internally to safeguard users' data both, while at rest and while in transit:
      https://www.microsoft.com/en-us/trustcenter/security/azure-security
   2. Carta servers are based on the latest, standard Ubuntu Linux operating system images and are automatically updated for security fixes.
   3. Bayside Tech does not have physical access to Carta servers. Electronic access to the servers is provided to only a core set of authorised Bayside Tech personnel.
   4. All Carta servers are protected by a firewall, exposing only the ports required for users to access the application, thereby reducing the attack surface.
2. Audit
   1. We regularly undergo audits by Acunetix (https://www.acunetix.com/), a leading third party web application scanner. We strive to implement fixes for any dangerous vulnerabilities that may compromise confidential data.
3. Application, systems, and software security
   1. When you use Carta, all communication between your browser and our servers is over HTTPS - which means it is encrypted to prevent interception while in transit. This is the same level of encryption used by leading banks and government agencies.
   2. Each Carta client organisation is isolated from the others. A user can only see templates from their own organisation and can only see drafts they have created themselves.
   3. The production environment is completely isolated from all others (e.g. testing and development environment).
   4. Rigorous testing is practiced to check for vulnerabilities in the application logic and APIs. New test cases are added to the test suite as and when new features are developed or the threat landscape changes.
   5. Data at rest is safeguarded using Azure’s Storage Service Encryption which encrypts all data at rest using 256-bit AES encryption, one of the strongest block ciphers available.
   6. All practice data is regularly backed up and redundancy is enabled to maintain high availability.
   7. We follow industry best practices to avoid loopholes in the security policy of the application and the underlying systems and to prevent common web attack vectors.
   8. Access to customer draft or template data to Bayside Tech staff is only provided if authorised by the customer concerned, and if required while resolving customer issues, bug fixes, and uploading templates.
4. Authentication
   1. User passwords are never stored in plaintext, but only as a strong one-way hash.
   2. Login attempts to Carta are rate-limited to thwart brute-force attacks.
   3. All access to the Carta backend system is on a need-to-know basis. Only the minimum set of developers who need to perform administrative functions have access.
   4. All Bayside Tech employees follow security best practices such as 2-factor authentication, SSH keys to access servers, complex passwords generated by password managers, etc.
5. Continuous Security
   Maintaining security is an ongoing process. We monitor and implement security routinely via audits and other trackers to ensure your information remains guarded. New features are tested to rule out potential attacks before being deployed to production. Bayside Tech ensures high availability via frequent backups and robust infrastructure.
   Bayside Tech treats security as not just a priority, but a fundamental requirement to the success of our business.
6. Reporting a vulnerability
   If you’ve found a vulnerability in Carta, we urge you to report it to us immediately at [email protected].
   Please do not publicly disclose these details without express written consent from Bayside Tech. It could be used for malicious attacks compromising your own as well as others’ data.

Close