Rules and Protections for Your Personal and Dedoose Data
SocioCultural Research Consultants (“SCRC”) respects the intellectual property of others, and SCRC requires its users to do the same. SCRC may, in its sole and absolute discretion, disable and/or terminate the accounts of users who may be infringing the intellectual property rights of others.
If you believe that your work has been copied in a way that constitutes copyright infringement, or your intellectual property rights have been otherwise violated, please provide the SCRC Copyright Agent identified below with the following information:
If you are seeking permission to use SCRC trademarks, logos, service marks, trade dress, slogans, screenshots, copyrighted designs, or other brand features, please contact SCRC at specified below.
The SCRC Copyright Agent, to whom notice of claims of copyright or other intellectual property infringement can be directed, may be reached as follows:
When you register with SCRC, we ask for your name, e-mail address, physical address, telephone numbers and, in some cases, credit card information when you order services online. Some of our customers use SCRC to include teams of researchers, colleagues, or others to use SCRC services. Some of our customers include other institutions, businesses, or organizations as collaborators. Our customers will sometimes list business offices, individuals in those offices, or others involved in payment or business transactions on behalf of the customer. SCRC may store this information on behalf of our customers as necessary to fulfill our obligations to our customers. SCRC requires that all such customers use, hold and process such PII in accordance with applicable privacy laws.
SCRC also automatically receives and records information regarding your IP address, cookie information, and the page(s) you requested.
SCRC routinely collects information that cannot be identified to a particular individual such as time-stamps and logs events (like features used, number of participants, etc.) This data is used for accounting/billing purposes as well as for performance and optimization of the SCRC services.
Some of our customers will store information on their Dedoose database that may identify the names, addresses, telephone numbers, or other identifying information linked to individuals, groups, or organizations that they have included in their information database. SCRC tries to ensure that such records are viewed only by the customer and others authorized by the customer to access such records. However, SCRC is not responsible for any unauthorized access which may result from actions beyond the sole and exclusive control of SCRC. Each SCRC customer represents that he, she, or it, has the full authority to transmit to SCRC all of the information actually transmitted.
SCRC will not sell or rent your PII except as authorized under this policy.
You can direct SCRC to edit, correct, or erase your PII, at any time, except as otherwise provided for in this policy. To request such account maintenance, send your e-mail request to [email protected]. You may also indicate that you do not wish to receive messages from SCRC regarding our services or update your information relating to such messages at [email protected]. Following your request for either type of data editing, your information will be changed within a reasonable amount of time in SCRC’s databases after we receive the information necessary to process your request.
SCRC strongly recommends that you carefully guard any passwords issued by SCRC for use of the websites or applications. It is the policy of SCRC to require that each customer identify one, and only one, individual to whom an administrative password will be issued (the “Account Administrator”). The Account Administrator is solely and exclusively responsible for guarding their password. Any additional passwords authorized for multiple users of Dedoose will be issued to the Account Administrator, who will have sole and exclusive responsibility to provide any additional passwords to other authorized users. SCRC is not responsible for any unauthorized acquisition and use of passwords or unauthorized access to Dedoose resulting from such acquisition and use after the Account Administrator is provided the administrative password issued by SCRC.
The Account Administrator may choose to relinquish a password at any time. However, such relinquishment will only be effective if done so according to SCRC’s policies and procedures. Within thirty (30) days of service termination, SCRC will terminate all passwords issued to the Customer.
By using the pages in this site, you agree to these terms and conditions. If you do not agree, you should not use this website or any applications or services contained on, or downloaded from this website. These terms and conditions may be changed or updated from time to time.
1. Restricted Use of this Product and Disclaimer
The Software is designed exclusively for customers of SCRC who have properly subscribed to this service and been specifically authorized in writing by SCRC to access and use the website and the Software. THE MATERIALS, INFORMATION, AND DOCUMENTS CONTAINED IN THE SOFTWARE ARE SOLELY APPLICABLE TO THE AUTHORIZED USERS HOLDING AN APPROVED PASSWORD.
2. Software Product License
The Software is protected by copyright laws, as well as other intellectual property laws. The Software is licensed, not sold. You may view and use the Software on the terms and conditions specified herein. You may not store, copy, replicate, or otherwise save any portion of the Software. You may not reverse engineer, de-compile, disassemble, modify, translate, make any attempt to discover the source code of the Software, or create derivative works from the Software. The Software is licensed as a single product. Its component parts may not be separated for use on more than one computer. You may not rent, sub-license, or lease the Software. You may not transfer the Software or any rights you may have as a user under this Agreement to another person or entity.
3. Intellectual Property Rights
The following provisions shall apply with respect to copyrightable works, proprietary, development, technical, assessment methodologies, artwork, presentation materials, manuals, computer programming techniques and all record bearing media containing or disclosing such information and techniques, ideas, discoveries, inventions, applications for patents, and patents (collectively, “Intellectual Property”).
SCRC personally holds an interest in and solely owns the Intellectual Property that is described herein. Intellectual Property will include but not be limited to those products and services, including but not limited to the Software developed by SCRC and/or its affiliates before, during and after services provided and described in this Agreement. Any improvements to Intellectual Property items listed herein, further inventions or improvements, and any new items of Intellectual Property discovered or developed by SCRC (or its employees or agents,) during the term of this Agreement shall be the sole and exclusive property of SCRC. You will not acquire any rights or interest in any way in such Intellectual Property by virtue of the development, experimentation, modification, or adaptation of any portion of the Software.
SCRC grants you a non-exclusive, written license to use SCRC’s intellectual property embodied in the Software needed to exploit the rights granted under this Agreement. Nothing in this Agreement shall constitute a waiver of any patents, trademarks, service marks, ownership interests, or copyrights that SCRC has in the Software.
You agree that you will not distribute the Intellectual Property or software of SCRC contained in the Software to any person or entity other than as contemplated in this Agreement. You agree to undertake your best efforts to prevent transmission of usernames or passwords provided by SCRC to any person or entity except as provided in this Agreement.
4. Title and Protection
All rights, title, and interest in and to the Software are and shall remain at all times the property of SCRC and/or SCRC’s suppliers. You agree to take all reasonable steps to protect the Intellectual Property rights of SCRC, including, but not limited to distributing unauthorized passwords, storing any portion of the Software, streaming content or media, or otherwise taking any actions to dilute the Intellectual Property rights of SCRC.
All titles and copyrights in and to the Software, the accompanying printed materials, and any copies of the Software, are owned by SCRC or its suppliers. The Software is protected by U.S. and international copyright laws. Therefore, you must treat the Software like any other copyrighted material.
U.S. GOVERNMENT RESTRICTED RIGHTS.
The Software and documentation are provided with restricted rights. Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 or subparagraphs (c)(1) and (2) of the Commercial Computer Software Restricted Rights at 48 CFR 52.227-19, as applicable. The Manufacturer is SCRC 10565 Blythe Avenue, Los Angeles, Ca 90064.
6. No Warranties and Indemnification
YOU UNDERSTAND AND AGREE THAT THE SOFTWARE AND WEBSITE ARE PROVIDED “AS IS” AND SCRC, ITS AFFILIATES, SUPPLIERS AND RESELLERS EXPRESSLY DISCLAIM ALL WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. SCRC, ITS AFFILIATES, SUPPLIERS AND RESELLERS MAKE NO WARRANTY OR REPRESENTATION REGARDING THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE SOFTWARE, REGARDING THE ACCURACY OR RELIABILITY OF ANY INFORMATION OBTAINED THROUGH THE SOFTWARE, REGARDING ANY GOODS OR SERVICES PURCHASED OR OBTAINED THROUGH YOUR USE OF THE SOFTWARE OR THE WEBSITE, REGARDING ANY TRANSACTIONS ENTERED INTO THROUGH THE SOFTWARE OR THAT THE SOFTWARE WILL MEET ANY USER'S REQUIREMENTS, OR BE UNINTERRUPTED, TIMELY, SECURE OR ERROR FREE. USE OF THE SOFTWARE IS AT YOUR SOLE RISK. ANY MATERIAL AND/OR DATA DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF THE SOFTWARE OR WEBSITE IS AT YOUR OWN DISCRETION AND RISK. YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOU RESULTING FROM THE USE OF THE SOFTWARE. THE ENTIRE RISK ARISING OUT OF USE OR PERFORMANCE OF THE SOFTWARE REMAINS WITH YOU.
You agree to indemnify, defend and hold harmless SCRC, its affiliates, officers, directors, employees, members, managers, insurers, consultants, agents, and suppliers from any and all third party claims, liability, damages and/or costs (including, but not limited to, attorneys fees) arising from your use of the Software, whether such claim arises from the sole, active, or passive negligence of SCRC, your violation of this Agreement, upon theories of express or implied warranty, strict products liability, disclosure of confidential information, violation of the Health Insurance Portability and Accountability Act (HIPAA), human subject protection laws, or Institutional Review Board (IRB) agreements, other fault of SCRC, its agents, and/or employees or the infringement or violation by you or any other user of your account, of any intellectual property or other right of any person or entity.
7. Limitations of Liabilities
TECHNICAL OR OTHER SUPPORT SERVICES, WHETHER ARISING IN TORT (INCLUDING NEGLIGENCE) CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SCRC, ITS AFFILIATES, SUPPLIERS OR RESELLERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ANY CASE, SCRC'S, ITS AFFILIATES’, AND SUPPLIERS’ MAXIMUM CUMULATIVE LIABILITY AND YOUR EXCLUSIVE REMEDY FOR ANY CLAIMS ARISING OUT OF OR RELATED TO THIS AGREEMENT WILL BE LIMITED TO THE AMOUNT ACTUALLY PAID BY YOU FOR THE SOFTWARE (IF ANY) IN THE PREVIOUS 12 MONTHS. Because some states and jurisdictions do not allow the exclusion or limitation of liability, the above limitation may not apply to YOU.
8. Data Security, Backups, and Retention
Although no computer system is completely secure, Dedoose incorporates several levels of industry-standard physical and electronic security measures designed to protect data used by investigators. However, data security and integrity is dependent on the level of diligence of each user. This document details some of the protocols and tools SCRC incorporates into the Dedoose application to assist users in protecting their data. Most of these tools are contained in the Dedoose Security Center. SCRC recommends that users strictly adhere to the security protocols and practices described in this document.
For each project, there is one and only one project administrator (often a research project’s principal investigator) who is responsible for project administration. SCRC provides the principal investigator a unique username and password for access to their account and project. The project administrator then arranges for separate and unique username/password combinations for each user to be linked to their project. Dedoose recommends that the username/password combinations for each user follow a protocol similar to that set by the Microsoft Corporation for server security which encourages the use of strong passwords (relatively long and complex), changing passwords at regular intervals, using different passwords for different accounts, avoiding the recording of passwords in unsecure locations, never sharing passwords with others, and changing passwords immediately if there is any indication they may have been compromised.
The Dedoose Security Center allows the project administrator to create project user groups. The project user groups define all view, create, modify, and delete data access privileges for each individual user. The project administrator then assigns other project users to an appropriate group depending on their role. All data transmission between user's local computers and the server database is fully encrypted based on applicable industry standards.
All project data are backed up in full nightly, encrypted using AES-256, and transferred automatically to 3 separate Geo-redundant storage volumes. One of these volumes is on-site, while the other 2 are off-site and replicated across the geographic region. All project file data are encrypted and stored in an Azure Geo-redundant fault tolerant storage volume, and for added safety, this storage volume is encrypted and mirrored in real-time to an Amazon S3 storage volume in the same geographic region. To ensure these processes are working as expected, a program runs every day downloading the most recent backup from each storage volume, verifies the backup is correct, and a simulated database restoration is run to assure data integrity. Following each of these procedures, an automatically generated report is sent via email to the Dedoose Admin team every morning with details on the results.
Both Microsoft's Azure Cloud Platform and Amazon's S3 Storage platform are fully SAS 70 Type II / SSAE 16 SOC & HIPAA compliant.
All data communication through Dedoose occurs through a 2-lock system. First, Dedoose sets up an AES (Advanced Encryption Standard)-256 CBC (Cipher Block Chaining) Encrypted SSL (Secure Sockets Layer) tunnel using a premium SSL-EV certificate. All communication following this channel is encrypted. The user is not prompted for login information until this communication channel is established. In order to prevent transfer of login details, Dedoose employs a one-way, non-reversible encryption algorithm known as SHA-2 (Secure Hash Algorithm)—designed by the United States National Security Agency. Dedoose does not store user passwords. Rather, the system stores the known result of this algorithm against the username and password and then compares that result to the result the Dedoose client sends to the server for authentication.
Dedoose is hosted on commercial servers with all project data backed-up in-full on a nightly basis, encrypted using AES-256 processes, and transferred automatically to three Geo-redundant storage volumes. One of these volumes is on-site, while the other 2 are off-site and replicated across geographic regions. All project file data are encrypted and stored in a Microsoft Azure Geo-redundant fault tolerant storage volume, and for added safety, this storage volume is encrypted and mirrored in real-time to a Amazon S3 storage volume in the same geographic region. Both Microsoft's Azure Cloud Platform and Amazon's S3 Storage platform are fully SAS 70 Type II / SSAE 16 SOC and HIPAA compliant. To ensure these processes are working as designed, an automated program runs daily which includes: a) downloading the most recent backup files from each storage volume, b) verification the backup file is the correct version, c) a full test restoration of the database to assure data integrity, and c) email reporting of all backup and restoration process results to key members of the Dedoose Admin team.
Following the expiration of all Dedoose user licenses with authorized administrative access to a project's data on a particular client account, users can regain access to the project after re-activating their subscription for as long as SCRC continues to archive the project data. The following details SCRC’s data retention policy for Dedoose:
SCRC provides industry standard protection for personally identifying information. SCRC would only disclose personally identifiable information about users or information about your project to third parties in limited circumstances: (1) with your consent; or (2) when we have a good faith belief it is required by law, such as pursuant to a subpoena or other governmental, judicial, or administrative order.
If SCRC is required by law to disclose personally identifying or project data, SCRC will attempt to provide you with notice (unless we are prohibited from doing so) that a request for your information has been made in order to give you an opportunity to object to the disclosure. We will attempt to provide this notice by email, if you have given us an email address, and/or by postal mail if you have provided a postal address. Even if you challenge the disclosure request, we may still be legally required to turn over the personally identifying information and/or project data.
SCRC hosts all data within the continental U.S. unless agreed upon and determined as needed on a project-by-project basis. SCRC has a systematic plan for response and notification of any breach in data security. Upon the detection of any breach in data security, SCRC technical staff, lead by the SCRC Chief Technical Officer, will immediately assess the size, scope, and severity of the breach. Following this assessment, SCRC will notify all project administrators of projects that may have been involved and communicate the response plan within 2 business days of the discovery. Depending on the nature and cause of the breach, SCRC will take appropriate action to prevent any future breach and then, to the extent reasonably practicable, restore the integrity of all Dedoose project data that had been affected. Further details about this notification and response plan will be provided upon request.
SCRC cannot and does not guarantee complete data security and integrity for project-related data. However, the tools described above are designed to provide industry-standard security and SCRC recommends that users strictly adhere to the security protocols described in this document and are diligent in their protection of the data for which they are responsible.
You agree that SCRC may charge to your credit card or other payment mechanism selected by you and approved by SCRC for all amounts due and owed, including service fees, set up fees, subscription fees, overage fees, consulting fees or any other fee or charge associated with your use of the Software or other SCRC services. SCRC may change prices at any time without prior notice. You agree that in the event SCRC is unable to collect the fees owed to SCRC, SCRC may take any other steps it deems necessary to collect such fees and that you will be responsible for all costs and expenses incurred by SCRC in connection with such collection activity, including collection fees, court costs and attorneys’ fees. You further agree that SCRC may collect interest at the lesser of 1.5% per month or the highest amount permitted by law on any amounts not paid when due.
10. Termination By Customer
You may terminate this Agreement by providing written notice to SCRC via email to [email protected] Such termination will be effective on the last day of the billing cycle, subject to (30) days prior written notice.
11. Export Restriction
You acknowledge that the Software, or portion thereof may be subject to the export control laws of the United States. You will not export, re-export, divert, transfer or disclose any portion of the Software or any related technical information or materials, directly or indirectly, in violation of any applicable export law or regulation.
12. Injunctive Relief
You acknowledge that any use of the Software contrary to this Agreement, or any transfer, sublicensing, copying or disclosure of technical information or materials related to the Software, may cause irreparable injury to SCRC, its affiliates, suppliers and any other party authorized by SCRC to resell, distribute, or promote the Software, and under such circumstances SCRC will be entitled to equitable relief, without posting bond or other security, including, but not limited to, preliminary and permanent injunctive relief.
13. Choice of Law and Forum
This Agreement shall be governed by and construed under the laws of the State of California, U.S.A., as to the exclusive jurisdiction and venue of the courts located in and serving Los Angeles, California.
14. Waiver and Severability
Failure by either party to exercise any of its rights under, or to enforce any provision of, this Agreement will not be deemed a waiver or forfeiture of such rights or ability to enforce such provision. If any provision of this Agreement is held by a court of competent jurisdiction to be illegal, invalid or unenforceable, that provision will be amended to achieve as nearly as possible the same economic effect of the original provision and the remainder of this Agreement will remain in full force and effect.
15. Entire Agreement
This Agreement embodies the entire understanding and agreement between the parties respecting the subject matter of this Agreement and supersedes any and all prior understandings and agreements between the parties respecting such subject matter. SCRC may change the terms of this Agreement at any time by posting modified terms on its website. This Agreement has been prepared in the English Language and such version shall be controlling in all respects and any non-English version of this Agreement is solely for accommodation purposes. All notices or other correspondence to SCRC under this Agreement must be sent to the address provided here [email protected] above, or other address as provided by SCRC for such purpose. Any and all rights and remedies of SCRC upon your breach or other default under this Agreement will be deemed cumulative and not exclusive of any other right or remedy conferred by this Agreement or by law or equity on SCRC, and the exercise of any one remedy will not preclude the exercise of any other. The captions and headings appearing in this Agreement are for reference only and will not be considered in construing this Agreement.
16. Responsibility for Content of Your Communications
You agree that you are solely responsible for the content of all visual, written or audible communications sent by you and you will not use this website to send unsolicited commercial email outside your company or organization in violation of applicable law. You further agree not to use this website to communicate any message or material that is harassing, libelous, threatening, obscene, indecent, or would violate the intellectual property rights of any party or is otherwise unlawful, that would give rise to civil liability, or that constitutes or encourages conduct that could constitute a criminal offense, under any applicable law or regulation or that violates your agreed upon responsibilities to other entities including Institutional Review Boards or HIPAA. You also agree that SCRC may delete any such communications in its sole and absolute discretion without notice.
17. Termination By SCRC
Without prejudice to any other rights, SCRC may terminate this Agreement if you fail to comply with any of the terms or conditions of this Agreement. You have been, or will be, provided with a username and password. You are not allowed, under any circumstances to share your username and password with any other person or entity. Doing so terminates any rights you have under this Agreement. It is the policy of SCRC to require that each customer identify one, and only one, individual to whom an administrative password will be issued (the Account Administrator”). The Account Administrator is solely and exclusively responsible for guarding their password. Any additional passwords authorized for multiple users of Dedoose will be issued to the Account Administrator, who will have sole and exclusive responsibility to provide any additional passwords to other authorized users. SCRC is not responsible for any unauthorized acquisition and use of passwords or unauthorized access to Dedoose resulting from such acquisition and use after the Account Administrator is provided the administrative password by SCRC.
18. Telephone Lines and Internet Connection
This website transmits signals over telephone company lines, cables or other Internet communication media. SCRC cannot, and does not, maintain or repair telephone or Internet connection lines and equipment or computer or networking equipment. Under no circumstances shall SCRC or its agents be liable for any network interruptions, including without limitation, any downtime regarding computer servers or interruption of Internet service providers. You assume responsibility for all phone line or Internet access charges or excessive abuse of the Internet-based portion of the Software.
SCRC shall have the right to assign this Agreement in its entirety and the right to change or reassign various duties regarding the operation and performance of any duties imposed by this Agreement.
20. Force Majeure
Inability or delay in providing access to the Software resulting from cause beyond the control of SCRC, including but not limited to interruption of communication lines, labor disputes, acts of terrorism, government action or order, laws, or acts of God or war shall not constitute a breach of contract and the parties hereto agree to resolve any resulting issues by mutual agreement, including, without limitation an extension of service, additional service or credit on a pro rata basis.
21. Compliance with Law
Each of the parties to this Agreement shall exert every reasonable effort in the performance of their respective obligations hereunder to comply with all applicable municipal, county, state and federal laws, ordinances and regulations.
22. Reservation of Rights
Copyright © 2014-2017 SocioCultural Research Consultants, LLC. All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form or by any means, electric or mechanical, including photocopying, recording, and broadcasting, or by any information storage and retrieval system, without permission in writing from SCRC. Dedoose, www.dedoose.com, SCRC logos, Dedoose Logos, SCRC Seal(s), are registered trademarks of SCRC, registered in the State of California, Federal registry and/or other jurisdictions. All other trademarks referenced are the trademark, service mark, or registered trademark of the respective holders. The software and technology used to implement the Software contain trade secrets that SCRC considers to be confidential and proprietary information, and your right to use this material is subject to the restrictions in this Agreement under which you obtained it. Companies, names, products and data used in the examples illustrating SCRC products and Dedoose, and in the training materials and demonstrations of Dedoose are fictitious. Any resemblance to existing companies, persons, or products is coincidental and unintentional.