Responsive image

 

General terms and conditions of use

 

By using the SpotLMS.com web site ('Service'), you are agreeing to be bound by the following terms and conditions ('Terms of Service').

The Terms of Service together with the Order Form, accessed and selected, by visiting the internet accessible learning management solution service, under the name SpotLMS, constitute the Agreement between Cyrus HD (“We”, “Supplier” or “SpotLMS”), and “You” (the “Customer”) ordering the “Services”. Cyrus HD SAS means the Cyrus HD SAS entity, which is a party to this Agreement, being Cyrus HD, a FRENCH based company, having its registered office at 21 rue marc Donadille, 13013 Marseille, FRANCE, SIRET: 80373327800011, as applicable. “Services” means Supplier’s hosted internet accessible learning management solution service, under the name SpotLMS, made available to You on a subscription term basis under the Agreement at a website address provided to You (“Portal”). An Authorized User means any Customer employee, contractor, agent or any other individual authorized by Customer to access and use the Services, via Customer’s purchased subscriptions, for the purpose specified herein. You are responsible for Authorized Users’ compliance with this Agreement.

Cyrus HD reserves the right to update and change the Terms of Service from time to time without notice. Any new features that augment or enhance the current Service, including the release of new tools and resources, shall be subject to the Terms of Service. Continued use of the Service after any such changes shall constitute your consent to such changes. You can review the most current version of the Terms of Service at any time at Terms of Service.

Violation of any of the terms below will result in the termination of your Account. While Cyrus HD prohibits such conduct and Content on the Service, you understand and agree that SpotLMS cannot be responsible for the Content posted on the Service and you nonetheless may be exposed to such materials. You agree to use the Service at your own risk.

Account Terms

  1. You must be a human. Accounts registered by 'bots' or other automated methods are not permitted.
  2. You must provide your legal full name, a valid email address, and any other information requested in order to complete the signup process.
  3. Your login may only be used by one person - a single login shared by multiple people is not permitted. You may create separate logins for as many people as your plan allows.
  4. You are responsible for maintaining the security of your account and password. Cyrus HD cannot and will not be liable for any loss or damage from your failure to comply with this security obligation.
  5. You are responsible for all Content posted and activity that occurs under your account (even when Content is posted by others who have accounts under your account).
  6. One person or legal entity may not maintain more than one free account.
  7. You may not use the Service for any illegal or unauthorized purpose. You must not, in the use of the Service, violate any laws in your jurisdiction (including but not limited to copyright laws).

Payment, Refunds, Upgrading and Downgrading Terms

  1. A valid credit card or a Paypal account is required for paying accounts. Free accounts are not required to provide a credit card number.
  2. The Service is billed in advance on a monthly basis or annual basis and is non-refundable. There will be no refunds or credits for partial months or annual of service, upgrade/downgrade refunds, or refunds for months unused with an open account. In order to treat everyone equally, no exceptions will be made.
  3. All fees are exclusive of all taxes, levies, or duties imposed by taxing authorities, and you shall be responsible for payment of all such taxes, levies, or duties.
  4. For any upgrade or downgrade in plan level, a credit card or account Paypal will be charged.
  5. Downgrading your Service may cause the loss of Content, features, or capacity of your Account. Cyrus HD does not accept any liability for such loss.
  6. The change from a paying plan to a upper paying plan is possible at anytime. The cost of the new plan will be decreased in proportion of the remainig time of the old plan.
  7. The change from a paying plan to a free or lower plan will not give rise to a refund. It will be immediately taken into account if new plan conditions are filled. The number of courses has to correspond to the chosen plan. If the number of courses is too big regarding to the chosen plan, the administrator will have to eliminate courses so that the plan can be taken into account.
  8. At the end of a paying plan not renewed the account will be changed to free plan. If conditions do not allow it (too many courses or users) the account will be blocked, the account administrator will contact a responsible Cyrus HD by email to proceed the reactivation.

Cancellation and Termination

  1. You are solely responsible for properly cancelling your account. An email or phone request to cancel your account is not considered cancellation. The Account screen provides a simple no questions asked cancellation link.
  2. If you cancel the Service before the end date, your cancellation will take effect immediately. You lose definitively without possibility of refunding the remaining period.
  3. SpotLMS, in its sole discretion, has the right to suspend or terminate your account and refuse any and all current or future use of the Service at any time and without prior notice in case of (a) fraudulent, criminal, grossly negligent, willful, or otherwise intentional misconduct, or violation of any law or regulation, in connection with the performance of your obligations hereunder and/or (b) demonstrated usage negatively impacting the performance of the Service and/or (c) breach of the herein Service terms and conditions. Such termination of the Service will result in the deactivation or deletion of your Account or your access to your Account, and the forfeiture and relinquishment of all content in your Account or any other similar action deemed appropriate.
  4. In the case of a paid subscription, SPOT LMS proceeds to the immediate execution of the service from the validation of your order and as such you expressly waive your right of withdrawal in accordance with the provisions of the article L.221-28 1° of the consumer code

Modifications to the Service and Prices

  1. Prices of all Services, including but not limited to monthly/yearly subscription plan fees to the Service, are subject to change upon 30 days notice from us. Such notice may be provided at any time by posting the changes to the Service itself.
  2. SpotLMS shall not be liable to you or to any third party for any modification, price change, suspension or discontinuance of the Service.

Content and Personal Data

  1. You own all content (including Personal Data) inputted by You and Authorized Users for the purpose of using the Services (“Content”) and You are solely responsible for the legality, reliability, integrity, accuracy and quality of the Content. SpotLMS may suspend or terminate use of Services and this Agreement immediately upon receipt of any notice, which alleges that You and/or Authorized User has used Services for any purpose that violates any local, state, federal or law of other nations, including but not limited to the posting of information that may violate third party rights, that may defame a third party, that may be obscene or pornographic, that may harass or assault others, that may violate hacking or other criminal regulations, etc. You hereby acknowledge and agree that Our performance of this Agreement requires that We process, transmit and store Personal Data under your documented instructions and as further specified in the 'Privacy Policy', which forms an integral part to this Agreement.
  2. You hereby also acknowledge and agree that We process data related to Your employees or representatives that is collected and used by Us, as well as connection data created through the use and operation of the Services, in order to administer or manage Our delivery of Services, or Your account, for Our business purposes. Such Data may include Personal Data and information about the contractual commitments between Us and You, whether collected at the time of the initial registration or thereafter in connection with the delivery, management or administration of Services, including billing and collecting of payments. You hereby acknowledge and agree that We also process Personal Data that We collect, when You submit a request for support services or other troubleshooting, including information about the Service, Your Portal and other details related to the support incident, such as authentication information, information about the condition of the Services, and error-tracking files. We process such Personal Data in order to respond to the request and solve the problem eventually reported.
  3. We shall process the aforementioned Personal Data for Our own business purposes for as long as it is necessary in relation to the purposes stated above, namely for the duration of Agreement and until collection of the payments, unless processing is necessary for compliance with a legal obligation by mandatory statutory law or for the establishment, exercise or defense of legal claims.
  4. You hereby acknowledge and agree that We shall process Your name and email address to communicate with You for the presentation and promotion of the Services or of new services. You may at any time, free of charge, unsubscribe from such electronic communication, easily by clicking the button “unsubscribe” contained in the electronic communication. You acknowledge that some priority messages cannot be unsubscribed, as an alert before the destruction of your account, A regulation to make to avoid the stop of the Service, ...

Cookies

  1. We use cookies to ensure the persistence of connection sessions to the Service. By continuing to use the Service, you accept the use of cookies. It is not possible to use the Service without a Cookie.

Copyright and Content Ownership

  1. We claim no intellectual property rights over the material you provide to the Service. Your profile and materials uploaded remain yours.
  2. Cyrus HD does not pre-screen Content, but Cyrus HD and its designee have the right (but not the obligation) in their sole discretion to refuse or remove any Content that is available via the Service.
  3. Inappropriate content is considered the posting, uploading, sharing, submitting, or otherwise providing content that: a) Infringes SpotLMS’s or a third party’s intellectual property or other rights, including any copyright, trademark, patent, trade secret, moral rights, privacy rights of publicity, or any other intellectual property right or proprietary or contractual right b) You don’t have the right to submit c) Is deceptive, fraudulent, illegal, obscene, defamatory, libelous, threatening, harmful to minors, pornographic (including child pornography, which we will remove and report to law enforcement, including the National Center for Missing and Exploited Children), indecent, harassing, hateful; encourages illegal or tortious conduct or that is otherwise inappropriate. d) Attacks others based on their race, ethnicity, national origin, religion, sex, gender, sexual orientation, disability, or medical condition e) Contains viruses, bots, worms, scripting exploits, or other similar materials f) Is intended to be inflammatory g) Could otherwise cause damage to SpotLMS or any third party
  4. The look and feel of the Service is copyrighted. You may not duplicate, copy, or reuse any portion of the HTML/CSS, Javascript, or visual design elements or concepts without express written permission from SpotLMS.

General Conditions

  1. Your use of the Service is at your sole risk. The service is provided on an 'as is' and 'as available' basis.
  2. Technical support is only provided to paying account holders and is only available via email or live chat.
  3. You understand that Cyrus HD uses third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run the Service.
  4. You must not modify, adapt or hack the Service or modify another website so as to falsely imply that it is associated with the Service.
  5. You agree not to perform misrepresentation of yourself, or disguising the origin of any content (including by “spoofing”, “phishing”, manipulating headers or other identifiers, impersonating anyone else, or falsely implying any sponsorship or association with SpotLMS or any third party).
  6. You agree not to reproduce, duplicate, copy, sell, resell or exploit any portion of the Service, use of the Service, or access to the Service without the express written permission by Cyrus HD.
  7. You agree not to violate the privacy of others, including publishing or posting other people's private and confidential information without their express permission, or collecting or gathering other people’s personal information (including account names or information) from SpotLMS.
  8. We may, but have no obligation to, remove Content and Accounts containing Content that we determine in our sole discretion are unlawful, offensive, threatening, libelous, defamatory, pornographic, obscene or otherwise objectionable or violates any party's intellectual property or these Terms of Service.
  9. We retain the right to contact you from time-to-time via email. You can remove yourself easily from the related communication list
  10. Verbal, physical, written or other abuse (including threats of abuse or retribution) of any Cyrus HD customer, employee, member, or officer will result in immediate account termination.
  11. SpotLMS won’t allow: (a) Compromising the integrity of our systems. This could include probing, scanning, or testing the vulnerability of any system or network that hosts our services. (b) Tampering with, reverse-engineering, or hacking our services, circumventing any security or authentication measures, or attempting to gain unauthorized access to the services, related systems, networks, or data. (c) Modifying, disabling, or compromising the integrity or performance of the services or related systems, network or data. (d) Deciphering any transmissions to or from the servers running the services. (e) Overwhelming or attempting to overwhelm our infrastructure by imposing an unreasonably large load on our systems that consume extraordinary resources (CPUs, memory, disk space, bandwidth, etc.).
  12. You must not upload, post, host, or transmit unsolicited email, SMSs, or 'spam' messages.
  13. You must not transmit any worms or viruses or any code of a destructive nature.
  14. You must not use meta-tags or any other “hidden text” including SpotLMS’s or our suppliers’ product names or trademarks.
  15. You must not access or search any part of SpotLMS by any means other than our publicly supported interfaces.
  16. SpotLMS does not warrant that (i) the service will meet your specific requirements, (ii) the service will be uninterrupted, secure, or error-free, and (iii) the quality of any products, services, information, or other material purchased or obtained by you through the service will meet your expectations.
  17. You expressly understand and agree that SpotLMS shall not be liable for any direct, indirect, incidental, special, consequential or exemplary damages, including but not limited to, damages for loss of profits, goodwill, use, data or other intangible losses resulting from: (i) the use or the inability to use the service; (ii) the cost of procurement of substitute goods and services resulting from any goods, data, information or services purchased or obtained or messages received or transactions entered into through or from the service; (iii) unauthorized access to or alteration of your transmissions or data; (iv) statements or conduct of any third party on the service; (v) or any other matter relating to the service.
  18. The failure of SpotLMS to exercise or enforce any right or provision of the Terms of Service shall not constitute a waiver of such right or provision. The Terms of Service constitutes the entire agreement between you and SpotLMS and govern your use of the Service, superseding any prior agreements between you and SpotLMS (including, but not limited to, any prior versions of the Terms of Service).
  19. SpotLMS (in its sole discretion) determines that a user has violated these Terms of Service.
  20. Questions about the Terms of Service should be sent to: contact at SpotLMS dot com

Online storage space

The online storage space is used for your course resources, your users, your dedicated videos, your shared chats and documents, your virtual class recordings, the automatic backup of your data,...., in short, for the registration of everything related to your SPOT LMS customer account. The commercial offer you have determines which services are active or not. A non-active service does not use storage space.

The amount of storage space available depends on the nature of the data stored. For hosting on a shared server (excluding custom offers with dedicated servers), the maximum storage space limit per customer is as follows:

  • 100 GB: for chats and shared documents (chat server),
  • Depending on the commercial offer: for dedicated videos (stream server),
  • 100 GB: for virtual class registrations (virtual class server),
  • 100 GB: for video conferences (video conference server),
  • 200 GB: for course resources, user data, (all data of a different nature than above).

For offers on dedicated servers, the volume of storage space is adapted to your needs by sizing the servers according to your resources.

Volumetry of virtual classes

Virtual classrooms allow you to organize synchronous training sequences with a group of learners, simulating the configuration of a classroom. The number of virtual classes is limited to a certain number per month depending on the commercial offer. Reset is done at the beginning of the calendar month. Virtual classes are very CPU and bandwidth intensive. Excessive use of virtual classes by a single customer on a shared server would cause an impossibility to use this service for other customers, thus causing damage. To avoid this situation, the number of simultaneous virtual classes is limited. The limitation depends on the subscribed commercial offer. Example: If the commercial offer limits the parallel launch of virtual classes to 2, it will not be possible to launch a third virtual class if 2 virtual classes are already running. We advise you to close a virtual class in order to free a slot to launch another virtual class, otherwise a virtual class will automatically close 6 hours after its launch. If your need exceeds the limits of existing commercial offers, you can request a commercial offer adapted to your intensive use, by setting up a dedicated virtual class server.

Limiting the number of API REST transactions

The SPOT LMS course server is used by many users. We place limits on API requests to protect the system from receiving more data than it can handle and to ensure an equitable distribution of resources among users.
The limits are dependent on the characteristics of the server, its load determined by the number of users present on the server, their activities, ...
. The limit is defined by the maximum number of API transactions possible during the last 10 seconds. It is specific to each server. It is sent back during an API call of type Token.
If you need to make more API requests than the limit imposed, a more powerful server should be used as part of an appropriate commercial offer.

Date of last update: 11/05/2021

 

Privacy Policy

 

Introduction

SPOT LMS is committed to a continuous process of compliance with the General Data Protection Regulation of 27 April 2016. With this new regulation SPOT LMS reinforces its policy of personal data protection so that the data of our customers is protected. users are collected and used in a transparent, confidential and secure manner.

Personal data protection policy from 25 May 2018

Our Personal Data Protection Policy describes the how SPOT LMS processes the personal data of visitors and users (hereinafter referred to as "SPOT LMS"). after the "Users") when browsing our site www.spotlms.com (hereinafter the "Site"). The Personal Data Protection Policy is an integral part of the General Conditions of Use of the Site.

SPOT LMS pays constant attention to our Users' data. We can thus be to modify, supplement or update the Privacy Policy. We're here to help We invite you to regularly consult the latest version in force, accessible on our Site. If any major changes are made, we will inform you by email or by our services for you allow these amendments to be reviewed before they take effect. If you continue to use our Services Following Publication or Notification of Changes to the protection of personal data, this means that you accept updates.

What personal data is collected and for what purposes?

When you use our platform and/or during your registration, we collect and process personal data concerning you such as:  your surnames and forenames.

We will also ask you to send us your email address in order to use this data for the creation of an account, sending emails for information and notifications, as well as for the newsletter.

We also collect your nickname, avatar, mailing address, sex, phone number, email address, phone number, e-mail address, and email address. IP address, and some information available on your social networks. We will also ask you to send us a mini biography, or a biography, on an optional basis.

SPOT LMS uses Learning Analytics methods to analyze the courses taken, the quizzes and controls, routes, etc... We use this data for the analysis and the display. This data is used for various purposes, including gathering your experience user and track your progress, set up a follow-up and statistics according to your motivation.

When you register on the platform, you can register thanks to the form of creation of account and/or user.

As part of satisfaction surveys, we can use a satisfaction measurement tool for clients (Net Promoter Score). You will be asked via this tool to write an opinion on the use of the service SPOT LMS.

Why do we use cookies?

Definition of "cookie" and its utilization. A "cookie" is a text file that is placed on your computer at the time of the visit our platform. In your computer, cookies are managed by your internet browser.

We use cookies on our Site for the purposes of your browsing, optimization and marketing. personalization of our Services on our platform by memorizing your preferences. Cookies us also show how our platform is used. We automatically collect your IP address and information relating to the use of our Site. Our platform can thus be remember your identity when a connection has been established between the server and the web browser. The information previously provided in a web form can thus be kept.

Different types of cookies are used on our Site:

  • Cookies that are strictly necessary for the operation of our platform. They allow you to to use the main features of our platform (for example access to your account). Without these cookies, you will not be able to use our platform normally.
  • Analytical" cookies: in order to improve our services, we use cookies from audience measurements such as the number of pages viewed, the number of visits, the activity of Users and their return frequency, notably thanks to Google Analytics services. These cookies allow only the establishment of statistical studies on the traffic of Users on our platform, the results of which are completely anonymous to allow us to know the use and the performance of our platform and improve its operation. Accepting these cookies is a necessary condition for the use of our platform. If you refuse them, we can't give you guarantee normal use on our platform.
  • Functional Cookies: These are cookies that allow us to personalize your experience on our platform by memorizing your preferences. These cookies may be placed by a third party party on our behalf, but it is not authorized to use them for purposes other than those described.

Types of cookies used. The following types of cookies are used on this Site:

  • Temporary" Cookies: This type of cookie is active in your browser until you leave our platform and expire if you do not access the Site for a certain period of time.
  • Permanent" or "tracking" cookies: this type of cookie remains in your browser's cookie file. browser for a longer period, depending on your web browser settings. The Permanent cookies are also called tracker cookies.

Use of third-party cookies. We may use third party partners, such as Google Analytics, to track visitor activity on our platform or to identify your interests on our platform and customize the offer that is addressed to you on our platform or outside our platform. Information that may thus be collected by third party advertisers may include data such as geo-location data or contact information, such as e-mail addresses. The privacy policies of these third party advertisers provide privacy protection to advertisers. additional information on how cookies are used.

We ensure that partner companies agree to process the information collected on our website. platform exclusively for our needs and in accordance with our instructions, in compliance with the European regulations and undertake to implement appropriate safety and security measures. data privacy protection.

Disabling cookies. You can deactivate cookies at any time by selecting ` the appropriate settings in your browser to disable cookies (the section of the browser used specifies the procedure to follow).

We draw your attention to the fact that disabling cookies can reduce or prevent accessibility to all or part of certain functions.

With regard to promotional emails: You may withdraw your consent at any time by (i) unchecking the relevant box in your account, (ii) clicking the unsubscribe link provided in each of our communications or (iii) by contacting us.

With regard to targeted advertising on third-party sites (only for free accounts): you can refer to our Policy about Cookies to understand how to withdraw your consent.

We collect the information you provide to us, including when:

  • you navigate on our platform and applications
  • you create, modify and access your personal account
  • you fill in a contact form
  • you use notifications
  • contact our Customer Service

Is your data shared with third parties?

The personal data concerning you collected on our platform are intended for own use by SPOT LMS and can be transmitted to companies subcontractors that SPOT LMS may use in the performance of its services.

SPOT LMS does not sell or rent your personal information to third parties for marketing purposes, in any manner whatsoever. case.

We also work closely with third party companies who may have access to your personal data, in particular:

  • When you expressly request it;
  • When we use search engine and analytical solutions providers to improve and optimize our platform;
  • When we have a legal obligation to do so or if we believe in good faith that it is necessary to (i) respond to any claim against SPOT LMS, (ii) comply with the SPOT LMS (iii) to enforce any contract entered into with our members, such as the Terms of Use and this Privacy Policy (iv) in the event of an emergency involving the public health or physical integrity of a person, (v) in the (vi) to ensure rights, property and safety; or SPOT LMS, its members and more generally any third party;
  • In addition, SPOT LMS does not disclose your personal data to third parties, except if (1) you (or your account administrator acting on your behalf) make the request or authorize the disclosure; (2) disclosure is required to process transactions or provide services that you have (3) SPOT LMS is required to do so by a government authority or a regulation, in case of judicial requisition, subpoena or any other requirement or to establish or defend a legal claim; or (4) the acts as agent or subcontractor for SPOT LMS in the performance of the Services (by For example, SPOT LMS uses the services of a telecommunications company).

If SPOT LMS or all or part of its assets are acquired by a third party, the data in our possession will, where applicable, be transferred to the new owner.

Upon request, we can provide you with a list of the countries where we keep your data and those where we do not. they transit occasionally.

We keep your data in the European Union but we also transfer them outside the Union European to the United States. The U.S. entities to which we transfer your data have Privacy Shield or we have entered into specific contracts and clauses with them established by the European Commission to supervise and secure the transfer of your data. data to these providers. We may use the services of U.S. companies to whom we have access. subcontract your data to respond to your requests, provide online payment tools, we will provide commercial and advertising services or emailing and SMS services.

How are your personal data protected?

SPOT LMS applies technological security measures generally recognized so that the personal data collected are not, lost, misused, accessed, altered or disclosed by unauthorized third parties unless the communication of such data is imposed by the regulations in force, in particular at the request of an authority judicial, police, gendarmerie or any other authority empowered by law.

The security of personal data also depends on the Users. Users who are members SPOT LMS are committed to maintaining the confidentiality of their login and password. The members also agree not to share their account and to declare to SPOT LMS any use of their account. unauthorized use of said account as soon as they become aware of it.

How long do SPOT LMS users keep their personal data?

The personal data provided by the SPOT LMS users will be deleted after a certain period and depending on the data processed.

1 year after your last use of our platform, the customer account and all user accounts of the account customer are deleted without the possibility of restoration.

We do not retain any of your data after the customer account is deleted.

Are you a minor?

Our goal being to make education accessible to all, minors can access the Site to search for information.

Before accessing the Site, the consent of minors under 16 years of age must be given by the owner of the Site. parental authority.

Our platform does not provide for the registration, collection or storage of information relating to any person 13 years of age or younger.

You should read this Privacy Policy with your parents or guardian. legal representative to ensure that you and your parents or legal representative understand it.

When you have given your consent when you were minors, personal data you were collected.

You will be able to exercise your right to forget if you no longer wish your personal data to be stored. in our databases.

What are your rights ?

In accordance with the regulations in force, the Users of our platform have the following rights following :

  • right of access and rectification ;
  • update, user data completeness ;
  • right to block or delete the personal data of Users, when they are is inaccurate, incomplete, ambiguous, out of date, or whose collection, use, disclosure or storage is prohibited;
  • right to withdraw consent at any time ;
  • right to limit the processing of Users' data ;
  • right to object to the processing of personal data ;
  • the right to the portability of the data that the Users will have provided, when these data make the object of automated processing based on their consent or a contract.

If you wish to know how SPOT LMS uses this personal data, ask to rectify it or to oppose a treatment you can send an email to the address data-protection@spotlms.com or send to a letter to the following address: Cyrus HD - Data Protection Officer, 21 rue marc donadille, 13013 Marseille France. Finally, SPOT LMS Users can file a complaint with the authorities of control, and in particular CNIL)

Your requests will be processed within 30 days. In addition to your request, we will ask you to contact a photocopy of a proof of identity so that SPOT LMS can verify your identity.

How to contact us - contact details data protection officer

If you have any questions or complaints, or if you have any questions wish to provide SPOT LMS with recommendations or comments to improve our Policy of personal data protection you can send an email to the address data-protection@spotlms.com or send to a letter to the following address: Cyrus HD - Data Protection Officer, 21 rue marc donadille, 13013 Marseille France.

 

Security at SPOT LMS

Protecting your data is our highest priority

 

Overview

As users of our own product, we understand how important the security and privacy of your data is.
We are committed to providing our customers with a highly secure and reliable environment for its cloud-based application. We have therefore developed a security model that covers all aspects of cloud-based SPOT LMS systems.

The security model and controls are based on international protocols and standards and industry best practices, such as ISO/IEC 27001, the standard for information security management systems (ISMS) and ISO/IEC 27018 , Security techniques - Code of practice for protection of personally identifiable information in public clouds.

As part of the company’s focus on security issues, the company security team performs on a regular basis:
  • Monitoring and analyzing the infrastructure for suspicious activities and potential threats.
  • Issuing periodic security internal review.
  • Dynamically updating the security model and addressing new security threats.
  • Systematically examining the organization's information security risks, taking into account threats and vulnerabilities.
  • Designing and implementing a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address the risks that are deemed unacceptable.
  • Adopting an overarching management process to ensure that the information security controls continue to meet the organization's evolving information security needs.

Protecting Customer Data

Our systems are hosted on OVH infrastructure. They've devoted an entire portion of their site to explaining their security measures, which you can find in the following links:
https://www.ovh.com/world/about-us/security

No one other than our directors can access the data of clients and this is only done by a director if it is necessary to solve client-related issues.

Authorizing Access

Customer data is stored only in the production environment. Directors only have approval to access user data in order to solve client requests, issues or bugs. All logs of SSH connections to our production environment are saved and archived. Attachments in your account are encrypted and delivered on a per-user-access controlled basis.
We know the data you share in SPOT LMS is private and confidential. We have strict controls over our directors' access to internal data and we are committed to ensuring that your data is never seen by anyone who should not see it.

Secure Software Design

Any new feature or code that will be implemented into our system starts with an in-depth analysis of security and privacy risks. All code is saved into a version control repository and evaluated in a test environment before deploying it into our production environment. All code is reviewed by a second developer to ensure code quality.

Physical Security Protocols

Security controls at OVH data centers are based on standard technologies and follow the industry’s best security practices. The physical security controls are constructed in such a way as to eliminate the effect of single points of failure and retain the resilience of the computing center.

Environmental Controls

A variety of environmental controls are implemented at the data center facilities.
  • Servers are locked inside the infrastructure in a designated area.
  • The server area is cooled by a separate air conditioning system, which keeps the climate at the desired temperature to prevent service outage.
  • The facilities are protected by a fire suppression system, which protects the computing equipment and has built-in fire, water, and smoke detectors.
  • The facilities have on-site generators, which serve as an alternative power source.
  • There is 24-hour video surveillance of all entrances and exits, lobbies, and ancillary rooms. The videos are recorded and monitored, and retained for later use.

Network Security

Firewalls: Applications in the hosting and cloud have firewalls installed to shield them from attack and prevent the loss of valuable customer data. The firewalls are configured to serve as perimeter firewalls to block ports and protocols.
DDoS mitigation: All application access, including direct application access and API access, are protected by a DDoS mitigation service to ensure high availability at all times, as well as prevent attacks and malicious activities.

Encryption in Transit and at Rest

SPOT LMS ensures the security and privacy of user information by encrypting data on all servers at rest and in transit.
Our systems are designed to ensure data is protected at all times. Specifically, we're using TLS v1.2 with strong ciphers to protect data in transit, and AES-256 to encrypt data at rest. User passwords are hashed and salted with a modern hash function.
SPOT LMS’s cloud-based solution is deployed using dedicated servers of OVH, enabling us to guarantee high security through utilizing a series of high tech, best in the industry solutions that work to ensure the safety of all user data on the OVH network.

External Security Audits and Penetration Tests

We work closely with industry leaders in web app and infrastructure security who perform penetration tests and audits of SPOT LMS. We monitor our product for security vulnerabilities automatically as the product grows.

System Monitoring, Logging and Alerting

SPOT LMS monitors servers to retain and analyze a comprehensive view of the security state of its production infrastructure. SPOT LMS collects and stores production servers logs for analysis. Logs are stored and indexed in a separate network.

Backup

All of the data is backed up daily to multiple disks. Backups are encrypted and distributed to various locations. Backups are saved for a period of 30 days.

Incident Management

To handle security incidents effectively, SPOT LMS has constructed incident response and notification procedures. SPOT LMS employs an Incident Handling team that responds to security incidents and mitigates risks. The team uses monitoring and tracking tools and performs real-time analysis. Additionally, the team has clear procedures in place for communicating the incidents to any involved party and for handling escalations. Every incident is forwarded to the security team leader for assessment and analysis.The level of severity is a measure of its impact on, or threat to, the operation or integrity of the institution and its information. It determines the priority for handling the incident, who manages the incident, and the timing and extent of the response.

Personnel Security

SPOT LMS realizes that the malicious activities of an insider could have an impact on the confidentiality, integrity, and availability of all types of data and has therefore formulated policies and procedures concerning the hiring of IT administrators or others with access to important and crucial systems. SPOT LMS has also formulated policies and procedures for the ongoing periodic evaluation of IT administrators or others with system access. User permissions are continuously updated and adjusted so when a user's job no longer involves infrastructure management, the user's console access rights are immediately revoked.

Security Awareness and Training

In order to help ensure that SPOT LMS employees are aligned with the security practices and aware of their duties, SPOT LMS conducts multiple information security awareness campaigns. In addition, the security obligations of users and the entity’s security commitments to users are communicated on an annual basis through the company policy.
Our engineering and operation teams keep their skills up to date regarding security best practices. We have coded many different online systems and are experienced in infrastructure security and systems security.

PCI DSS, ISO 27001 and SOC1/2

OVH's data centers have a PCI DSS certification, ISO/IEC 27001 certification, SOC 1 Type II and SOC 2 Type II certifications, service auditor’s report as the result of an indepth audit of the centers’ control objectives and control activities, including controls over information technology and all other related processes. Please visit the following links:
https://www.ovh.com/world/about-us/certifications

 

Legal Mentions

 

Legal Mentions

Cyrus HD is a simplified joint stock company (SAS) with a capital of 200€ registered in the RCS of Marseille under the SIRET 80373327800011 and whose registered office is located at 21 rue marc donadille, 13013 Marseille, France. Cyrus HD is represented by Mr Léopold COHEN, its Chairman.

Cyrus HD is an application software company and we provide our services as a SAAS platform.

The Director of Publication of the platform is Mr Laurent MICHEL.

The site is hosted by OVH whose address is the following : OVH - 2 rue Kellermann - 59100 Roubaix - France

Contact us

  • By email : contact@spotlms.com
  • By mail : Cyrus HD, 21 rue marc donadille, 13013 Marseille, France

You have the right to access and rectify information concerning you, which you may exercise by email at the address data-protection@spotlms.com or by mail (address above). You may also, for legitimate reasons, object to the processing of your personal data. data you concerning.

For more information on all your rights you can refer to our "Privacy Policy".