Kaltura Customer Agreement
This Kaltura Customer Agreement (this “Agreement”) contains the terms and conditions that govern your access to and use of the Service Offerings (as defined below) and is an agreement between Kaltura, Inc. (“Kaltura,” “we,” “us,” or “our”) and you or the entity you represent (“you”). This Agreement takes effect when you click an “I Accept” button or check box presented with these terms or, if earlier, when you use any of the Service Offerings or Execute an Order Form referencing this Agreement (the “Effective Date”). You represent to us that you are lawfully able to enter into contracts (e.g., you are not a minor). If you are entering into this Agreement for an entity, such as the company you work for, you represent to us that you have legal authority to bind that entity. Please see Section 14 for definitions of certain capitalized terms used in this Agreement.
1.1 Generally. You may access and use the Service Offerings in accordance with this Agreement. You will adhere to all laws, rules, and regulations applicable to your use of the Service Offerings, including the Acceptable Use Policy and the other Policies as defined in Section 14.
1.2 Your Account. To access the Services, you must create a Kaltura account associated with a valid e-mail address. Unless you activate a Kaltura Multi-Account, you may only create one account per legal entity. You are responsible for all activities that occur under your account(s), regardless of whether the activities are undertaken by you, your employees or a third party (including your contractors or agents) and, except to the extent caused by our breach of this Agreement, we and our affiliates are not responsible for unauthorized access to your account. You will contact us immediately if you believe an unauthorized third party may be using your account or if your Account Information is lost or stolen. You may terminate your account and this Agreement at any time in accordance with Section 7.
1.3 Support to You. If you would like support for the Services other than the support we generally provide to other users of the Services without charge, you may contact-us for premium support packages.
1.4 Third Party Content. Third Party Content, such as software applications or application services provided by third parties, may be made available directly to you by other companies or individuals under separate terms and conditions, including separate fees and charges. Because we may not have tested or screened the Third Party Content, your use of any Third Party Content is at your sole risk.
We may change, discontinue, or deprecate any of the Service Offerings (including the Service Offerings as a whole) or change or remove features or functionality of the Service Offerings from time to time. We will notify you of any material change to or discontinuation of the Service Offerings. However, if we change, discontinue or deprecate any APIs for the Services, we will use commercially reasonable efforts to continue supporting the previous version of any API changed, discontinued, or deprecated for 12 months after the change, discontinuation, or deprecation (except if such support (a) would pose a security or intellectual property issue, (b) is economically or technically burdensome, or (c) would violate the law or requests of governmental entities).
3.1 Kaltura Security. Without limiting the scope of Section 10 or your obligations under Section 4.2, we will implement reasonable and appropriate measures designed to help you secure Your Content against accidental or unlawful loss, access or disclosure.
3.2 Data Privacy. You consent to the processing and storage of Your Content in, and transfer of Your Content into, the U.S. To the the extent we process any Personal Data (as such term is defined in the Kaltura Customer DPA) for or on behalf of You in the course of providing the Service Offerings, the Kaltura Customer DPA is hereby incorporated by reference and shall apply. You will ensure that You are entitled to transfer the relevant personal data to us, so that we may lawfully use, process, and transfer the Personal Data in accordance with the Service Offerings on Your behalf. You will ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer, to the extent required by Your country’s data protection laws and regulations.
3.3 School Accounts. Kaltura maintains policies and procedures designed to comply with applicable requirements of student privacy laws including, without limitation, GDPR and the Family Educational Rights and Privacy Act (FERPA) and applicable state laws (collectively, the “Student Privacy Laws”). The Student Privacy Laws may provide students or their parents with certain rights in their personal information. If you are a parent or student and you have questions about the Student Privacy Laws or your related rights, please contact your school administration. Kaltura will not use any student data for marketing or advertising purposes, or any other commercial purpose, except to provide the Service Offerings to you and to your End Users. If you are a school, school district, school administrator or a teacher — you represent and warrant that you have been duly authorized by your school or school district to create an account, to use the Services Offerings, and to agree to these contract terms. You further agree to use your account solely for educational purposes and solely for the benefit of your school or school district and its students. To the extent Your Content includes any “education records” (as defined in FERPA), Kaltura shall be deemed a “school official” (as defined in FERPA), and Kaltura’s use and maintenance of such education records shall be solely for the purpose of providing the Service Offerings to you and to your End Users in accordance with your instructions.
4.1 Your Content. You are solely responsible for the development, content, operation, maintenance, and use of Your Content. For example, you are solely responsible for:
(a) the technical operation of Your Content, including ensuring that calls you make to any Service are compatible with then-current APIs for that Service;
(b) compliance of Your Content with the Acceptable Use Policy, the other Policies, and the law;
(c) any claims relating to Your Content; and
(d) promptly and properly handling and processing notices sent to you (or any of your affiliates) by any person claiming that Your Content violate such person’s rights, including notices pursuant to the Digital Millennium Copyright Act.
4.2 Other Security and Backup. You are responsible for properly configuring and using the Service Offerings and taking your own steps to maintain appropriate security, protection and backup of Your Content, which may include the use of encryption technology to protect Your Content from unauthorized access and routine archiving Your Content. Kaltura log-in credentials and private keys generated by the Services are for your internal use only and you may not sell, transfer or sublicense them to any other entity or person, except that you may disclose your private key to your agents and subcontractors performing work on your behalf.
4.3 End User Violations. You will be deemed to have taken any action that you permit, assist or facilitate any person or entity to take related to this Agreement, Your Content or use of the Service Offerings. You are responsible for End Users’ use of Your Content and the Service Offerings, whether authorized or unauthorized. You will ensure that all End Users comply with your obligations under this Agreement and that the terms of your agreement with each End User are consistent with this Agreement. If you become aware of any violation of your obligations under this Agreement by an End User, you will immediately terminate such End User’s access to Your Content and the Service Offerings.
4.4 End User Support. You are responsible for providing customer support or service (if any) to End Users. We do not provide any support or services to End Users unless we have a separate agreement with you or an End User obligating us to provide support or services.
5.1. Service Fees. We calculate and bill fees and charges monthly. We may bill you more frequently for fees accrued if we suspect that your account is fraudulent or at risk of non-payment, or less frequently, at our discretion. You will pay us the applicable fees and charges for use of the Service Offerings as described on the Kaltura Site using one of the payment methods we support. You agree that Kaltura may charge to your credit card (or other payment mechanism selected by you and approved by Kaltura) all amounts due and owing for the Service Offerings, including taxes and service fees, set up fees, subscription fees, or any other fee or charge associated with your account. All amounts payable under this Agreement will be made without setoff or counterclaim, and without any deduction or withholding. Fees and charges for any new Service or new feature of a Service will be effective when we post updated fees and charges on the Kaltura Site unless we expressly state otherwise in a notice. We may increase or add new fees and charges for any existing Services by giving you at least 30 days’ advance notice. We may charge you interest at the rate of 1.5% per month (or the highest rate permitted by law, if less) on all late payments.
5.2 Taxes. All fees and charges payable by you are exclusive of applicable taxes and duties, including VAT and applicable sales tax. You will provide us any information we reasonably request to determine whether we are obligated to collect VAT from you, including your VAT identification number. If you are legally entitled to an exemption from any sales, use, or similar transaction tax, you are responsible for providing us with legally sufficient tax exemption certificates for each taxing jurisdiction. We will apply the tax exemption certificates to charges under your account occurring after the date we receive the tax exemption certificates. If any deduction or withholding is required by law, you will notify us and will pay us any additional amounts necessary to ensure that the net amount that we receive, after any deduction and withholding, equals the amount we would have received if no deduction or withholding had been required. Additionally, you will provide us with documentation showing that the withheld and deducted amounts have been paid to the relevant taxing authority.
5.3 Order Forms. Notwithstanding Section 5.1 above, if you purchase a subscription to the Service Offerings via an Order Form signed by you and us then the billing terms set forth in this Section 5.3 and the applicable Order Form will apply. Minimum commitments in Order Forms are (a) based on Services purchased and not actual usage; (b) non-cancelable; and (c) cannot be decreased during the specified term. Fees paid for minimum commitments and actual usage are not refundable. Your payments of fees are neither (x) contingent on the delivery of any future functionality or features nor (y) dependent on statements not set forth in the Agreement.
6.1 Generally. We may suspend your or any End User’s right to access or use any portion or all of the Service Offerings immediately upon notice to you if we determine:
(a) your or an End User’s use of or registration for the Service Offerings (i) poses a security risk to the Service Offerings or any third party, (ii) may adversely impact the Service Offerings or the systems or Content of Kaltura or any other Kaltura customer, (iii) may subject us, our affiliates, or any third party to liability, or (iv) may be fraudulent;
(b) you are, or any End User is, in breach of this Agreement, including if you are delinquent on your payment obligations for more than 15 days;
(c) the credit card you authorized us to charge in connection with your account is invalid or otherwise unavailable for the processing of payments; or
(d) you have ceased to operate in the ordinary course, made an assignment for the benefit of creditors or similar disposition of your assets, or become the subject of any bankruptcy, reorganization, liquidation, dissolution or similar proceeding.
6.2 Effect of Suspension. If we suspend your right to access or use any portion or all of the Service Offerings:
(a) you remain responsible for all fees and charges you have incurred through the date of suspension;
(b) you remain responsible for any minimum commitments specified in an Order Form;
(c) you remain responsible for any applicable fees and charges for any Service Offerings to which you continue to have access, as well as applicable data storage fees and charges, and fees and charges for in-process tasks completed after the date of suspension; and
(d) you will not receive a refund of any pre-paid fees for the applicable service period.
Our right to suspend your or any End User’s right to access or use the Service Offerings is in addition to our right to terminate this Agreement pursuant to Section 7.2.
7.1. Term. The term of this Agreement will commence on the Effective Date and will remain in effect until terminated by you or us in accordance with Section 7.2.
(a) Termination for Convenience. You may terminate this Agreement for any reason by: (i) providing us notice and (ii) closing your account for all Services for which we provide an account closing mechanism.
(b) Termination for Cause.
(i) By Either Party. Either party may terminate this Agreement for cause upon 30 days advance notice to the other party if there is any material default or breach of this Agreement by the other party, unless the defaulting party has cured the material default or breach within the 30 day notice period.
(ii) By Us. We may also terminate this Agreement immediately upon notice to you (A) for cause, if any act or omission by you or any End User results in a suspension described in Section 6.1, (B) if our relationship with a third party partner who provides software or other technology we use to provide the Service Offerings expires, terminates or requires us to change the way we provide the software or other technology as part of the Services, (C) if we believe providing the Service Offerings could create a substantial economic or technical burden or material security risk for us, (D) in order to comply with the law or requests of governmental entities, or (E) if we determine that use of the Service Offerings by you or any End Users or our provision of any of the Services to you or any End Users has become impractical or unfeasible for any legal or regulatory reason.
7.3. Effect of Termination. Upon any termination of this Agreement:
(i) all your rights under this Agreement immediately terminate;
(ii) you remain responsible for all fees and charges you have incurred through the date of termination, including fees and charges for in-process tasks completed after the date of termination;
(iii) you will immediately return or, if instructed by us, destroy all Kaltura Content in your possession;
(iv) you will not receive a refund of any pre-paid fees, including without limitation any pre-purchased credits or minimum commitments;
(v) you remain responsible for any minimum commitments specified in an Order Form; and
(vi) Sections 4.1, 5.2, 7.3, 8 (except the license granted to you in Section 8.3), 9, 10, 11, 13 and 14 will continue to apply in accordance with their terms.
8.1 Your Content. As between you and us, you, your End Users or your licensors own all right, title, and interest in and to Your Content. Except as provided in this Section 8, we obtain no rights under this Agreement from you or your licensors to Your Content, including any related intellectual property rights. You consent to our use of Your Content to provide the Service Offerings to you and any End Users.
8.2 Adequate Rights. You represent and warrant to us that: (a) you or your licensors own all right, title, and interest in and to Your Content and Your Submissions; (b) you have all rights in Your Content and Your Submissions necessary to grant the rights contemplated by this Agreement; and (c) none of Your Content, Your Submissions or End Users’ use of Your Content, Your Submissions or the Services Offerings will violate the Acceptable Use Policy.
8.3 Service Offerings License. As between you and us, we or our affiliates or licensors own and reserve all right, title, and interest in and to the Service Offerings. We grant you a limited, revocable, non-exclusive, non-sublicensable, non-transferrable license to do the following during the Term: (i) access and use the Services solely in accordance with this Agreement; and (ii) copy and use the Kaltura Content solely in connection with your permitted use of the Services. Except as provided in this Section 8.3, you obtain no rights under this Agreement from us or our licensors to the Service Offerings, including any related intellectual property rights.
8.4 License Restrictions. Neither you nor any End User may use the Service Offerings in any manner or for any purpose other than as expressly permitted by this Agreement. Neither you nor any End User may, or may attempt to, (a) modify, alter, tamper with, repair, or otherwise create derivative works of any software included in the Service Offerings (except to the extent software included in the Service Offerings are provided to you under a separate license that expressly permits the creation of derivative works), (b) reverse engineer, disassemble, or decompile the Service Offerings or apply any other process or procedure to derive the source code of any software included in the Service Offerings, (c) access or use the Service Offerings in a way intended to avoid incurring fees or exceeding usage limits or quotas, or (d) resell or sublicense the Service Offerings (unless you are expressly authorized to do so in an Order Form). All licenses granted to you in this Agreement are conditional on your continued compliance this Agreement, and will immediately and automatically terminate if you do not comply with any term or condition of this Agreement.
8.5 Suggestions. If you provide any Suggestions to us or our affiliates, we will own all right, title, and interest in and to the Suggestions, even if you have designated the Suggestions as confidential. We and our affiliates will be entitled to use the Suggestions without restriction. You hereby irrevocably assign to us all right, title, and interest in and to the Suggestions and agree to provide us any assistance we may require to document, perfect, and maintain our rights in the Suggestions.
9.1. General. You will defend, indemnify, and hold harmless us, our affiliates and licensors, and each of their respective employees, officers, directors, and representatives from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of or relating to any third party claim concerning: (a) your or any End Users’ use of the Service Offerings (including any activities under your account and use by your employees and personnel); (b) breach of this Agreement or violation of applicable law by you or any End User; (c) Your Content or the combination of Your Content with other applications, content or processes, including any claim involving alleged infringement or misappropriation of third-party rights by Your Content or by the use, development, design, production, advertising or marketing of Your Content; or (d) a dispute between you and any End User. If we or our affiliates are obligated to respond to a third party subpoena or other compulsory legal order or process in relation to any of the claims described above, you will also reimburse us for reasonable attorneys’ fees, as well as our employees’ and contractors’ time and materials spent responding to the third party subpoena or other compulsory legal order or process at our then-current hourly rates.
9.2. Process. We will promptly notify you of any claim subject to Section 9.1, but our failure to promptly notify you will only affect your obligations under Section 9.1 to the extent that our failure prejudices your ability to defend the claim. You may: (a) use counsel of your own choosing (subject to our written consent) to defend against any claim; and (b) settle the claim as you deem appropriate, provided that you obtain our prior written consent before entering into any settlement. We may also assume control of the defense and settlement of the claim at any time.
THE SERVICE OFFERINGS ARE PROVIDED “AS IS.” WE AND OUR AFFILIATES AND LICENSORS MAKE NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE REGARDING THE SERVICE OFFERINGS OR THE THIRD PARTY CONTENT, INCLUDING ANY WARRANTY THAT THE SERVICE OFFERINGS OR THIRD PARTY CONTENT WILL BE UNINTERRUPTED, ERROR FREE OR FREE OF HARMFUL COMPONENTS, OR THAT ANY CONTENT, INCLUDING YOUR CONTENT OR THE THIRD PARTY CONTENT, WILL BE SECURE OR NOT OTHERWISE LOST OR DAMAGED. EXCEPT TO THE EXTENT PROHIBITED BY LAW, WE AND OUR AFFILIATES AND LICENSORS DISCLAIM ALL WARRANTIES, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR QUIET ENJOYMENT, AND ANY WARRANTIES ARISING OUT OF ANY COURSE OF DEALING OR USAGE OF TRADE.
WE AND OUR AFFILIATES OR LICENSORS WILL NOT BE LIABLE TO YOU FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, OR DATA), EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. FURTHER, NEITHER WE NOR ANY OF OUR AFFILIATES OR LICENSORS WILL BE RESPONSIBLE FOR ANY COMPENSATION, REIMBURSEMENT, OR DAMAGES ARISING IN CONNECTION WITH: (A) YOUR INABILITY TO USE THE SERVICE OFFERINGS, INCLUDING AS A RESULT OF ANY (I) TERMINATION OR SUSPENSION OF THIS AGREEMENT OR YOUR USE OF OR ACCESS TO THE SERVICE OFFERINGS, (II) OUR DISCONTINUATION OF ANY OR ALL OF THE SERVICE OFFERINGS, OR, (III) WITHOUT LIMITING ANY OBLIGATIONS UNDER THE SLAS, ANY UNANTICIPATED OR UNSCHEDULED DOWNTIME OF ALL OR A PORTION OF THE SERVICE OFFERINGS FOR ANY REASON, INCLUDING AS A RESULT OF POWER OUTAGES, SYSTEM FAILURES OR OTHER INTERRUPTIONS; (B) THE COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; (C) ANY INVESTMENTS, EXPENDITURES, OR COMMITMENTS BY YOU IN CONNECTION WITH THIS AGREEMENT OR YOUR USE OF OR ACCESS TO THE SERVICE OFFERINGS; OR (D) ANY UNAUTHORIZED ACCESS TO, ALTERATION OF, OR THE DELETION, DESTRUCTION, DAMAGE, LOSS OR FAILURE TO STORE ANY OF YOUR CONTENT OR OTHER DATA. IN ANY CASE, OUR AND OUR AFFILIATES’ AND LICENSORS’ AGGREGATE LIABILITY UNDER THIS AGREEMENT WILL BE LIMITED TO THE AMOUNT YOU ACTUALLY PAY US UNDER THIS AGREEMENT FOR THE SERVICES THAT GAVE RISE TO THE CLAIM DURING THE 12 MONTHS PRECEDING THE CLAIM.
We may modify this Agreement (including any Policies) at any time by posting a revised version on the Kaltura Site or by otherwise notifying you in accordance with Section 13.6. The modified terms will become effective upon posting or, if we notify you by email, as stated in the email message. By continuing to use the Service Offerings after the effective date of any modifications to this Agreement, you agree to be bound by the modified terms. It is your responsibility to check the Kaltura Site regularly for modifications to this Agreement. We last modified this Agreement on the date listed at the end of this Agreement.
13.1 Confidentiality and Publicity. You may use Kaltura Confidential information only in connection with your use of the Service Offerings as permitted under this Agreement. You will not disclose Kaltura Confidential Information during the Term or at any time during the 5 year period following the end of the Term. You will take all reasonable measures to avoid disclosure, dissemination or unauthorized use of Kaltura Confidential Information, including, at a minimum, those measures you take to protect your own confidential information of a similar nature. You will not issue any press release or make any other public communication with respect to this Agreement or your use of the Service Offerings without our prior written consent. You will not misrepresent or embellish the relationship between us and you (including by expressing or implying that we support, sponsor, endorse, or contribute to you or your business endeavors), or express or imply any relationship or affiliation between us and you or any other person or entity except as expressly permitted by this Agreement.
13.2 Force Majeure. We and our affiliates will not be liable for any delay or failure to perform any obligation under this Agreement where the delay or failure results from any cause beyond our reasonable control, including acts of God, labor disputes or other industrial disturbances, systemic electrical, telecommunications, or other utility failures, earthquake, storms or other elements of nature, blockages, embargoes, riots, acts or orders of government, acts of terrorism, or war.
13.3 Independent Contractors; Non-Exclusive Rights. We and you are independent contractors, and neither party, nor any of their respective affiliates, is an agent of the other for any purpose or has the authority to bind the other. Subject to the provisions of Section 13.1, both parties reserve the right (a) to develop or have developed for it products, services, concepts, systems, or techniques that are similar to or compete with the products, services, concepts, systems, or techniques developed or contemplated by the other party and (b) to assist third party developers or systems integrators who may offer products or services which compete with the other party’s products or services.
13.4 No Third Party Beneficiaries. This Agreement does not create any third party beneficiary rights in any individual or entity that is not a party to this Agreement.
13.5 Import and Export Compliance. You acknowledge that the Service Offerings, or a portion thereof, is subject to the Export Administration Regulations, 15 C.F.R. Parts 730-774, of the United States and may be subject to other applicable country export control and trade sanctions laws (“Export Control and Sanctions Laws”). Kaltura will provide the U.S. export classification(s) applicable to its Services upon request. You and your End Users may not access, use, export, re-export, divert, transfer or disclose any portion of the Service Offerings or any related technical information or materials, directly or indirectly, in violation of Export Control and Sanctions Laws. You represent and warrant that: (i) you and your End Users (a) are not citizens of, or located within, a country or territory that is subject to U.S. trade sanctions or other significant trade restrictions (including without limitation Cuba, Iran, North Korea, Syria, and the Crimea region of Ukraine) and that you and your End Users will not access or use the Service Offerings, or export, re-export, divert, or transfer the Service Offerings, or any part thereof, in or to such countries or territories; (b) are not persons, or owned 50% or more, individually or in the aggregate by persons, identified on the U.S. Department of the Treasury’s Specially Designated Nationals and Blocked Persons List or Foreign Sanctions Evaders Lists; and (c) are not persons on the U.S. Department of Commerce’s Denied Persons List, Entity List, or Unverified List, or U.S. Department of State proliferation-related lists; (ii) you and your End Users located in China, Russia, or Venezuela are not Military End Users and will not put the Service Offerings to a Military End Use, as defined in 15 C.F.R. 744.21; (iii) Your Content is not subject to any restriction on disclosure, transfer, download, export or re-export under the Export Control and Sanctions Laws; and (iv) you and your End Users will not take any action that would constitute a violation of, or be penalized under, U.S. antiboycott laws administered by the U.S. Department of Commerce or the U.S. Department of the Treasury. You are solely responsible for complying with the Export Control and Sanctions Laws and monitoring them for any modifications.
(a) To You. We may provide any notice to you under this Agreement by: (i) posting a notice on the Kaltura Site; or (ii) sending a message to the email address then associated with your account. Notices we provide by posting on the Kaltura Site will be effective upon posting and notices we provide by email will be effective when we send the email. It is your responsibility to keep your email address current. You will be deemed to have received any email sent to the email address then associated with your account when we send the email, whether or not you actually receive the email.
(b) To Us. To give us notice under this Agreement, you must contact Kaltura as follows: (i) by facsimile transmission to + 1 (646) 560 5579; or (ii) by personal delivery, overnight courier or registered or certified mail to Kaltura Inc., 250 Park Avenue South, New York, NY 10003. We may update the facsimile number or address for notices to us by posting a notice on the Kaltura Site. Notices provided by personal delivery will be effective immediately. Notices provided by facsimile transmission or overnight courier will be effective one business day after they are sent. Notices provided by registered or certified mail will be effective three business days after they are sent.
(c) Language. All communications and notices to be made or given pursuant to this Agreement must be in the English language.
13.7 Assignment. You will not assign this Agreement, or delegate or sublicense any of your rights under this Agreement, without our prior written consent. Any assignment or transfer in violation of this Section 13.7 will be void. Kaltura may assign this Agreement or any of its rights or obligations hereunder without requiring your consent, (a) to an affiliate, or (b) to any third party acquiring all or substantially all of the assets relating to this Agreement or a controlling interest in the voting stock or voting interest of Kaltura. Subject to the foregoing, this Agreement will be binding upon, and inure to the benefit of the parties and their respective successors and assigns.
13.8 No Waivers. The failure by us to enforce any provision of this Agreement will not constitute a present or future waiver of such provision nor limit our right to enforce such provision at a later time. All waivers by us must be in writing to be effective.
13.9 Severability. If any portion of this Agreement is held to be invalid or unenforceable, the remaining portions of this Agreement will remain in full force and effect. Any invalid or unenforceable portions will be interpreted to effectuate the intent of the original portion. If such construction is not possible, the invalid or unenforceable portion will be severed from this Agreement but the rest of the Agreement will remain in full force and effect.
13.10 Contracting Entity. In the event your Kaltura account reflects a bill to/sold to address in the United Kingdom or European Union, the contracting entity under this Agreement will be Kaltura Europe Ltd., a wholly-owned subsidiary of Kaltura organized under the laws of England and Wales.
13.11 Government Terms. We provide the Service Offerings, including related software and technology, for ultimate federal government end use solely in accordance with this Agreement. If you (or any of your End Users) are an agency, department, or other entity of any government, the use, duplication, reproduction, release, modification, disclosure, or transfer of the Service Offerings, any part thereof, or any related documentation of any kind, including technical data, software, and manuals, is restricted by this Agreement. All other use is prohibited and no rights other than those provided in this Agreement are conferred. The Service Offerings were developed fully at private expense.
13.12 Agreement to Arbitrate; Waiver of Class Action. If You are located in the United States, You agree to resolve disputes only on an individual basis, through arbitration pursuant to the provisions set forth in Exhibit A. The Parties expressly waive any right to bring any action, lawsuit, or proceeding as a class or collective action, private attorney general action, or any other proceeding in which any party acts or proposes to act in a representative capacity.
13.13 Governing Law; Venue. This Agreement shall be governed by and construed under the laws of the State of New York. Except as provided in Section 13.12 (Agreement to Arbitrate), any legal suit, action, or proceeding arising out of or related to this Agreement or the Service Offerings shall be instituted in either the state or federal courts of New York, NY and we each consent to the personal jurisdiction of these courts.
13.14 Entire Agreement; English Language. This Agreement includes the Policies and is the entire agreement between you and us regarding the subject matter of this Agreement. This Agreement supersedes all prior or contemporaneous representations, understandings, agreements, or communications between you and us, whether written or verbal, regarding the subject matter of this Agreement. Notwithstanding any other agreement between you and us, the security and data privacy provisions in Section 3 of this Agreement contain our and our affiliates’ entire obligation regarding the security, privacy, and confidentiality of Your Content. We will not be bound by, and specifically object to, any term, condition or other provision which is different from or in addition to the provisions of this Agreement (whether or not it would materially alter this Agreement) and which is submitted by you in any order, receipt, acceptance, confirmation, correspondence or other document. If the terms of this document are inconsistent with the terms contained in any Policy, the terms contained in this document will control.
“Acceptable Use Policy” means the policy currently available at https://corp.kaltura.com/legal/tos/acceptable-use-policy, as it may be updated by us from time to time.
“Account Information” means information about you that you provide to us in connection with the creation or administration of your Kaltura account. For example, Account Information includes names, usernames, phone numbers, email addresses, and billing information associated with your Kaltura account.
“API” means an application program interface.
“Content” means software (including machine images), data, text, audio, video, or images.
“Documentation” means the developer guides, getting started guides, user guides, quick reference guides, and other technical and operations manuals and specifications for the Services located at the Kaltura Site, as such documentation may be updated by us from time to time.
“End User” means any individual or entity that directly or indirectly through another user: (a) accesses or uses Your Content; or (b) otherwise accesses or uses the Service Offerings under your account.
“Kaltura Confidential Information” means all nonpublic information disclosed by us, our affiliates, business partners or our or their respective employees, contractors or agents that is designated as confidential or that, given the nature of the information or circumstances surrounding its disclosure, reasonably should be understood to be confidential. Kaltura Confidential Information includes: (a) nonpublic information relating to our or our affiliates or business partners’ technology, customers, business plans, promotional and marketing activities, finances and other business affairs; (b) third-party information that we are obligated to keep confidential; and (c) the nature, content and existence of any discussions or negotiations between you and us or our affiliates. Kaltura Confidential Information does not include any information that: (i) is or becomes publicly available without breach of this Agreement; (ii) can be shown by documentation to have been known to you at the time of your receipt from us; (iii) is received from a third party who did not acquire or disclose the same by a wrongful or tortious act; or (iv) can be shown by documentation to have been independently developed by you without reference to the Kaltura Confidential Information.
“Kaltura Content” means Content we or any of our affiliates make available in connection with the Services or on the Kaltura Site to allow access to and use of the Services, including Documentation; sample code; software libraries; command line tools; and other related technology. Kaltura Content does not include the Services.
“Kaltura Customer DPA” means the terms and conditions of the data processing agreement available at https://corp.kaltura.com/Kaltura-data-processing-agreement.
“Kaltura Marks” means any trademarks, service marks, service or trade names, logos, and other designations of Kaltura and its affiliates that we may make available to you in connection with this Agreement.
“Kaltura Site” means http://corp.kaltura.com/ and any successor or related site designated by us.
“Order Form” means an ordering document supplied by Kaltura that references this Agreement.
“Policies” means the Acceptable Use Policy, all restrictions described in the Kaltura Content and on the Kaltura Site, and any other policy or terms referenced in or incorporated into this Agreement.
“Services” means all Kaltura products and services that you order from Kaltura via the Kaltura Site, your use of your Kaltura account, or pursuant to an Order Form signed by you and Kaltura. This also includes Kaltura services provided to you on a trial basis or otherwise free of charge.
“Service Offerings” means the Services (including associated APIs), the Kaltura Content, the Kaltura Marks, the Kaltura Site, and any other product or service provided by us under this Agreement. Service Offerings do not include Third Party Content.
“Suggestions” means all suggested improvements to the Service Offerings that you provide to us.
“Term” means the term of this Agreement described in Section 7.1.
“Third Party Content” means Content made available to you by any third party on the Kaltura Site or in conjunction with the Services.
“Your Content” means Content that you or any End User transfers to us for processing, storage or hosting by the Services in connection with your Kaltura account, any computational results that you or any End User derive from the foregoing through their use of the Services and any integrated services that you offer to your End Users leveraging the Service Offerings. Your Content does not include Account Information.
Last updated: August 1, 2021
Kaltura Acceptable Use Policy
This Acceptable Use Policy (this “Policy”) describes prohibited uses of the services offered by Kaltura, Inc. and its affiliates (the “Services”) and the website located at www.kaltura.com (the “Kaltura Site”). The examples described in this Policy are not exhaustive. We may modify this Policy at any time by posting a revised version on the Kaltura Site. By using the Services or accessing the Kaltura Site, you agree to the latest version of this Policy. If you violate the Policy or authorize or help others to do so, we may suspend or terminate your use of the Services.
No Illegal, Harmful, or Offensive Use or Content
You may not use, or encourage, promote, facilitate or instruct others to use, the Services or Kaltura Site for any illegal, harmful or offensive use, or to transmit, store, display, distribute or otherwise make available content that is illegal, harmful, or offensive. Prohibited activities or content include:
Do not violate the integrity of the Services, Including
Reporting of Violations of this Policy
If you become aware of any violation of this Policy, you will immediately notify us and provide us with assistance, as requested, to stop or remedy the violation.
Last updated: August 1, 2021
Last updated: December 9, 2020
Kaltura Free Trial Service Agreement
THIS FREE TRIAL SERVICE AGREEMENT (“AGREEMENT”) GOVERNS YOUR ACQUISITION AND USE OF ANY FREE TRIAL SERVICE MADE AVAILABLE BY KALTURA, INC. BY CLICKING A BOX INDICATING YOUR ACCEPTANCE OF THIS AGREEMENT OR OTHERWISE USING THE FREE TRIAL SERVICE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERMS “YOU” OR “YOUR” SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE FREE TRIAL SERVICE.
You may not access the Free Trial Service if You are Our direct competitor, except with Our prior written consent. In addition, You may not access the Free Trial Service for purposes of monitoring its availability, performance or functionality, or for any other benchmarking or competitive purposes. This Agreement was last updated on August 22, 2019. It is effective between You and Us as of the date of You accepting this Agreement.
1.1 “Free Trial Service” means the application(s), technology, and/or services provided under this Agreement.
1.2. “Account” means an account assigned to you by Kaltura at the time you sign up for a Free Trial Service.
1.3. Documentation” means Our online user guides, documentation, and help and training materials, as updated from time to time, and which may be accessible via the Kaltura Knowledge Center. Your use of the Free Trial Service shall be subject to any notice and licensing information in the Documentation.
1.4. “Content” means any content uploaded to the Kaltura platform via your Account.
1.5. “Users” means individuals who are authorized by You to use the Free Trial Service via your Account, and have been supplied user identifications and passwords by You (or by Us at Your request). Users may include but are not limited to employees, consultants, contractors, and agents of You or Your affiliates.
1.6. “We,” “Us” or “Our” means Kaltura, Inc., a Delaware corporation with principal offices located at 250 Park Avenue South, 10th Floor, New York, NY 10003.
1.7. “You” or “Your” means the company or other legal entity for which you are accepting this Agreement and any affiliates of that company or entity.
2. Kaltura Website
3. Website and Service Access
4. Intellectual Property Rights
5. User Submitted Media
6. Warranty Disclaimer
YOU AGREE THAT YOUR USE OF THE KALTURA WEBSITE AND/OR SERVICE SHALL BE AT YOUR SOLE RISK. TO THE FULLEST EXTENT PERMITTED BY LAW, KALTURA, ITS OFFICERS, DIRECTORS, EMPLOYEES, AND AGENTS DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, IN CONNECTION WITH THE WEBSITE AND/OR SERVICE AND YOUR USE THEREOF. KALTURA MAKES NO WARRANTIES OR REPRESENTATIONS ABOUT THE ACCURACY OR COMPLETENESS OF THE WEBSITE’S CONTENT OR THE CONTENT OF ANY SITES LINKED TO THE WEBSITE AND ASSUMES NO LIABILITY OR RESPONSIBILITY FOR ANY (I) ERRORS, MISTAKES, OR INACCURACIES OF CONTENT, (II) PERSONAL INJURY OR PROPERTY DAMAGE, OF ANY NATURE WHATSOEVER, RESULTING FROM YOUR ACCESS TO AND USE OF THE WEBSITE, (III) ANY UNAUTHORIZED ACCESS TO OR USE OF OUR SERVERS AND/OR ANY AND ALL PERSONAL INFORMATION, FINANCIAL INFORMATION AND/OR ANY OTHER DATA STORED THEREIN, (IV) ANY INTERRUPTION OR CESSATION OF TRANSMISSION TO OR FROM OUR WEBSITE OR SERVICE, (IV) ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE WHICH MAY BE TRANSMITTED TO OR THROUGH OUR WEBSITE OR SERVICE BY ANY THIRD PARTY, AND/OR (V) ANY ERRORS OR OMISSIONS IN ANY CONTENT OR FOR ANY LOSS OR DAMAGE OF ANY KIND INCURRED AS A RESULT OF THE USE OF ANY CONTENT POSTED, EMAILED, TRANSMITTED, OR OTHERWISE MADE AVAILABLE VIA THE WEBSITE OR SERVICE. KALTURA DOES NOT WARRANT, ENDORSE, GUARANTEE, OR ASSUME RESPONSIBILITY FOR ANY PRODUCT OR SERVICE ADVERTISED OR OFFERED BY A THIRD PARTY THROUGH THE WEBSITE OR ANY HYPERLINKED WEBSITE OR FEATURED IN ANY BANNER OR OTHER ADVERTISING, AND KALTURA WILL NOT BE A PARTY TO OR IN ANY WAY BE RESPONSIBLE FOR MONITORING ANY TRANSACTION BETWEEN YOU AND THIRD PARTY PROVIDERS OF PRODUCTS OR SERVICES. AS WITH THE PURCHASE OF A PRODUCT OR SERVICE THROUGH ANY MEDIUM OR IN ANY ENVIRONMENT, YOU SHOULD USE YOUR BEST JUDGMENT AND EXERCISE CAUTION WHERE APPROPRIATE.
7. Limitation of Liability
You agree to defend, indemnify and hold harmless Kaltura, its subsidiaries, officers, directors, employees, and agents, from and against any and all claims, damages, obligations, losses, liabilities, costs or debt, and expenses (including but not limited to attorneys’ fees) arising from or related to: (i) your use of and access to the Website and/or Service; (ii) your violation of any term of these Terms; (iii) your violation of any third party right, including without limitation any copyright, property, or privacy right; or (iv) any claim that your User Submitted Media caused damage to a third party. This defense and indemnification obligation shall survive the termination and/or expiration of this Agreement.
9. Ability to Accept Terms
You affirm that you are either more than 18 years of age, an emancipated minor, or that You possess legal parental or guardian consent, and that You are fully able and competent to enter into the terms, conditions, obligations, affirmations, representations, and warranties set forth in these Terms, and to abide by and comply with these Terms. In any case, you affirm that you are over the age of 13, as the Kaltura Website and Service are not intended for children under the age of 13. If you are under 13 years of age, then please do not use the Kaltura Website or Service—there are lots of other great websites for you. Talk to your parents about what sites are appropriate for you.
These Terms, and any rights and licenses granted hereunder, may not be transferred or assigned by you, but may be assigned by Kaltura without restriction.
12. Participation in Virtual Events
Without limiting the generality of the foregoing, the following terms and conditions apply when you register, attend, and/or participate in any virtual event (each an “Event”) that you access via the Website and/or the Services. As used in this agreement, the term “Attendee” shall mean all participants in an Event, including attendees, speakers, and sponsors. By registering, attending, or participating in an Event, you acknowledge and accept the terms below.
a. Code of Conduct. To help create a safe, productive, and welcoming Event experience for everyone, Kaltura requests that all Attendees comply with the following Code of Conduct.
All Attendees shall:
Attendees shall not:
b. Reporting Code of Conduct Violations. If you have been (or notice that someone else has been) impacted by an Attendee failing to adhere to the Code of Conduct or otherwise have concerns about inappropriate or prohibited behavior, please contact a member of the Kaltura team or by emailing [email protected].
c. Consequences of Violating the Code of Conduct. Unacceptable behavior will not be tolerated at any Event. If you violate the Code of Conduct, Kaltura reserves the right to cancel your Event registration without warning and/or deny you access to the Event. You may also be prohibited from registering for or attending future Events.
13. Multimedia Policy
Attendees may not record or broadcast any sessions of any Event. In addition, Attendees may not make any audio or video recordings of any meetings, breakout room discussions, virtual networking sessions, or any other activity with other Attendees during any Event without the prior written consent of all other Attendees participating in such activity. By attending an Event, you acknowledge and agree that Kaltura may record, film, live stream, photograph, or otherwise capture any portion of the Event, including your voice and/or image, in any media. Kaltura may edit such media, use such media alone or together with other materials, or authorize others to use such media for marketing and promotional purposes and for any other lawful purpose in the ordinary course of its business.
14. Guest Speakers
Kaltura may invite guest speakers from various industries to share their perspectives on relevant topics. Guest speakers are not Kaltura employees or representatives. Guest speaker views and opinions are entirely their own and do not necessarily reflect Kaltura’s views and opinions.
15. Data Protection and Personal Information
Last Updated September 7, 2021
These privacy notices provide important information about how Kaltura, Inc. (“Kaltura”) collects, uses, processes, protects, and discloses information when you use the Kaltura Websites and the Kaltura Platform.
Our Privacy Notice for the Kaltura Websites details the kinds of Personal Information we collect when you visit the various websites that we operate and how we manage and use that information.
Our Privacy Notice for the Kaltura Platform details the kinds of Personal Information that are collected when you use or interact with the Kaltura Platform through an Account Owner’s account.
These notices include legal information about your privacy rights, how you can exercise your legal rights, and how to contact Kaltura.
Kaltura may update these Privacy Notices at any time without prior notice. Any such changes will become effective prospectively from the date of publication. These Privacy Notices were last updated on March 1, 2021. We encourage you to check this page frequently for any changes to our Privacy Notices.
Any inquiries, concerns, or requests regarding the use or disclosure of your Personal Information should be directed to Kaltura’s data protection officer at: [email protected].
Privacy Notice for the Kaltura Websites
This privacy notice contains important information about how Kaltura, Inc. (“Kaltura”) collects, uses, processes, protects, and discloses information when you use the Kaltura Websites.
This policy describes how Kaltura treats Personal Information that we collect, receive, process, store, distribute, and display via the Kaltura Websites, including email, text, and other electronic communications between you and Kaltura.
For our privacy notice on information collected on the Kaltura Platform visit: Privacy Notice for the Kaltura Platform.
In this policy, “you” means any person or organization that is authorized to use the Kaltura Platform or Website; “we” or “us” means Kaltura, including our subsidiaries and affiliates.
The “Kaltura Websites” or “Websites” are websites and apps belonging to Kaltura.
“Marketing Partners” are trusted third parties providing us with services and data for marketing purposes or conducting joint marketing activities with us.
“Personal Information” is information about you that is personally identifiable by name or can be linked to you through a personal identifier like your address, e-mail address, phone number, or location. This definition is given here for the purpose of this notice only, and some laws may use a different definition. If you are asserting your rights under law, the applicable legal definition governs your rights.
In general, Kaltura collects Personal Information about you in the following situations:
Provision of this information to Kaltura is not mandatory. However, you will not be able to access and use the Kaltura Websites and communicate with Kaltura without disclosing some Personal Information to Kaltura.
Through the Kaltura Websites, we may collect Personal Information that you voluntarily provide, such as your name, email address, location, professional title and affiliation, and interests. We also record your communications preferences when you sign up to receive email communications from Kaltura.
In addition, like most other websites, when you visit any of the Kaltura Websites, Kaltura automatically receives and records information from a variety of sources, such as information from your browser, device, Kaltura and third-party cookie information, web beacons, VAST tags, pixel tags, social media buttons, URL links, and other methods. Information collected automatically through these sources include your activity on the Kaltura Websites and unique identifiers such as your IP address and device ID.
We collect Personal Information about potential business customers and partners from our Marketing Partners and public sources.
Although some information collected automatically is not personally identifiable, we or our Marketing Partners may, to the extent permitted by applicable law, aggregate or combine this information with information from other sources, both public and non-public (such as data brokers and organizers of conferences you attended who have your permission to transfer information to us, and information available publicly on the Internet). Combining information from various sources could make anonymous information identifiable as Personal Information or add to the Personal Information we already have about you.
We use your Personal Information from the Kaltura Websites solely for certain legitimate business purposes, which include some or all of the following:
The Kaltura Websites are not intended for children and we do not permit children to register on Kaltura Websites.
If we become aware that we have inadvertently received or collected Personal Information pertaining to a child under the age of consent in the jurisdiction where the child is located without valid consent, we will delete such information from our records.
When you visit Kaltura Websites, our servers or an authorized third party may place a cookie on your browser. The cookie can collect information, including Personal Information, about your online activities. Cookies allow us to track usage of the Kaltura Websites and provide you with a better browsing experience.
We also use web beacons on the Kaltura Websites. For example, web beacons may be placed in marketing emails to notify us when you click on a link in the email and are directed to a Kaltura Website. Web beacons are used to improve the Kaltura Websites, enhance our email communications, and track the success of our promotional campaigns.
Please see below for details about how we use different categories of cookies and other tracking technologies, as well as how you can manage cookie settings:
You can review, correct, edit, or delete the information that you provided to us by sending us an e-mail request at [email protected]. Please note that we may need to verify your identity before processing your request. You may elect to “opt out” of receiving direct marketing or being included in market research information. You can opt out of receiving email communications by following the instructions through the unsubscribe option in Kaltura’s emails. You may also opt out at any time, edit your account information, or delete your account entirely by sending an e-mail request to [email protected] (please indicate “Opt Out” in the subject line).
New categories of communication and notification might be added to the Preferences page of the Kaltura Community Forum from time to time. You can opt out of receiving future communications from these new categories or you can unsubscribe and block future messages by following instructions through the unsubscribe option in those messages.
If you are a Kaltura Platform Account Owner, you will continue to receive certain communications pertaining to your Kaltura Platform account such as service announcements and administrative messages even if you opt out of marketing communications from Kaltura.
While we will try to comply with any request pertaining to your Personal Information in accordance with applicable law, please be aware that we may not be able to fulfill requests pertaining to information already shared with third parties. Some information may be retained on our systems for recordkeeping purposes, and some residual digital information cannot be removed or changed.
We do not sell, disclose, or share Personal Information about you with third parties except under the following circumstances and for the following purposes:
Kaltura and its affiliates are located in different regions around the world, and Kaltura works with strategic partners across different industries, categories of business, and in different jurisdictions. By accessing the Kaltura Websites, your information may be transferred outside of your local jurisdiction.
We may retain your information (including Personal Information) for any lawfully permitted period of time, and as necessary to comply with our legal and contractual obligations, enforce our agreements, and enable us to investigate events and resolve disputes.
If you participate in a Kaltura blog, discussion forum, or other parts of our Websites that allow you to post your comments, you should be aware that the information you provide there may be made broadly available to others, potentially inside and outside Kaltura, who have access to that blog or discussion forum. Blogs and discussion forums are monitored by Kaltura, and we reserve the right to remove your content at our discretion. Each participant’s opinion on a blog or discussion forum is his or her own.
The Kaltura Websites include links to other websites owned or operated by third parties, such as our channel partners who provide products and services that can be used together with Kaltura’s products and services. Kaltura is not responsible for the privacy or security practices of any third-party websites, which are governed by their own privacy policies.
We take great precautions to protect the integrity of your Personal Information. However, no data transmission over the Internet or any other network can be guaranteed to be 100% secure. While we strive to protect information transmitted on or through our Websites, we cannot and do not guarantee the security of any information you transmit.
To learn more about security, including the security measures we have taken and steps you can take to enhance the security of your information when using the Kaltura Websites, please contact us at [email protected].
If you are a resident of the State of California in the United States, you are entitled to certain rights under the California Consumer Privacy Act of 2018 (CCPA). The categories of Personal Information we collect about or from you are described in section 3 above, and the business purposes for which we collect such Personal Information are described in section 4 above.
As a business subject to the CCPA, Kaltura does not sell Personal Information. Kaltura may share Personal Information with third-party service providers or business partners for our own business purposes as described in section 8 above. However, we disclose your Personal Information to these third parties only where you have consented to disclosure of Personal Information to such third parties or where such third parties have agreed to contractual limitations around their use, retention, and disclosure of Personal Information.
As a resident of the State of California, you have the following rights under the CCPA:
To exercise any of these rights, you may contact Kaltura by following the instructions in section 16 below. We may need to verify your identity before we are able to process your requests.
If you are in one of the EU/EEA countries, you are entitled to certain rights under the General Data Protection Regulation (GDPR) EU Regulation 2016/679 and applicable national data protection regulations.
By visiting the Kaltura Websites or communicating with Kaltura, you acknowledge that we may process your Personal Information for the purposes described above, either on the basis of your consent or if we have other lawful grounds to do so. Under the GDPR, you have the following rights with respect to your Personal Information:
To exercise any of these rights, you may contact Kaltura by following the instructions in section 16 below. We may need to verify your identity before we are able to process your requests.
Kaltura’s representative in the EU for the purposes of compliance with the GDPR is Kaltura Germany GmbH, Kaltura’s Germany-based subsidiary, which may be contacted at:
Kaltura Germany GmbH
c/o Mazars GmbH & Co. KG
60596 Frankfurt am Main
Tel: +1 800 871 5224
Email: [email protected]
To learn more about your rights under the GDPR you can visit the European Commission’s page on Protection of Personal Data, at: http://ec.europa.eu/justice/data-protection/index_en.htm
Kaltura is a global organization headquartered in the United States and has legal entities, business functions, and systems in countries around the world.
We may share your Personal Information within Kaltura and transfer it to countries in the world where we do business, including to the United States. Therefore, your Personal Information may be processed in countries with privacy laws that are different from privacy laws in your country or in countries that are not subject to an adequacy decision by the European Commission. Regardless of location, Kaltura handles Personal Information as described here, and we take care to ensure that our employees, agents and strategic partners in other countries act in a manner consistent with this privacy notice. Kaltura ensures that the recipient of your Personal Information provides appropriate safeguards, including by entering into data processing agreements incorporating, where required, standard contractual clauses or an alternative mechanism for the transfer of personal data as approved by the European Commission or other applicable regulator.
Any inquiries, concerns, or requests regarding the use or disclosure of your Personal Information should be directed to Kaltura’s data protection officer at: [email protected].
You may also send inquiries to the following address:
250 Park Avenue South, 10th Floor
New York, NY 10003
Attention: Legal Counsel
Privacy Notice for the Kaltura Platform
This privacy notice explains how Kaltura, Inc. (“Kaltura”) collects, uses, processes, protects, and discloses information on the Kaltura Platform.
This policy describes how Kaltura handles Personal Information on the Kaltura Platform.
For our privacy notice on information related to the Kaltura Websites and other communications with Kaltura go to: Privacy Notice for the Kaltura Websites.
In this policy, “you” means any User that is authorized to use the Kaltura Platform through an Account Owner’s account; “we” or “us” means Kaltura, including our subsidiaries and affiliates.
“Account Owner” means the individual(s) or organization(s) that have permission to use the Kaltura Platform to provide services and distribute media from their account.
“Kaltura Platform” means the cloud-based hosted services, APIs, plug-ins, applications, media players, custom websites, and storage provided by Kaltura to Account Owners.
“Partner” means trusted third parties and business associates that provide us with some of the services that we provide to you. For example, our Partners include content distribution networks (CDNs), third-party platforms that are integrated with the Kaltura Platform via APIs or plug-ins, and third-party services you can access through the Kaltura Platform.
“Personal Information” is information about you that is personally identifiable by name or can be linked to you through a personal identifier like your address, e-mail address, phone number, or location, and which is not otherwise publicly available. This definition is given here for the purpose of this notice only, and some laws may use a different definition. If you are asserting your rights under law, the applicable legal definition governs your rights.
“Users” are those individuals (such as, customers, subscribers, viewers, employees, staff, faculty, student, members, or other persons) who are authorized by an Account Owner to access video, audio, and/or other content from their account.
The Kaltura Platform is a set of online hosted software (“SaaS”) tools for hosting, managing and distributing video content over the Internet. We make accounts on the Kaltura Platform available to Account Owners that are paying customers, free trial users, and business partners. Information uploaded and stored on the Kaltura platform is associated with a given account. In each case, the Account Owner is the Data Controller of the Personal Information of its Users on that account. Kaltura is the Data Processor carrying out data processing activities and instructions on behalf of each Data Controller.
Account Owners use the Kaltura Platform to store, process, and distribute videos and other information belonging to them or their Users through their websites, apps, or other comparable means. Depending on the configuration of the Kaltura Platform selected by the Account Owner, media and other information on the Account Owner’s account may be viewable to the general public or to limited audiences. As the controller of Personal Information on the Kaltura Platform, Account Owners are responsible for maintaining the privacy of Personal Information pertaining to their Users. Kaltura is not responsible for disclosures of information made by Account Owners and their Users through such Account Owners’ respective accounts. When we process your Personal Information on behalf of an Account Owner, it is that Account Owner’s responsibility to protect your privacy.
If you are concerned about your privacy while interacting with services provided by a Kaltura Account Owner, you should address requests and inquiries relating to your Personal Information directly to that Account Owner. If you contact us regarding information associated with an Account Owner’s account, we may forward your requests or inquiries to the relevant Account Owner.
When you interact with the Kaltura Platform through an Account Owner’s account, Kaltura collects your Personal Information. Examples of activities where you might interact with the Kaltura Platform include:
When you use the Kaltura Platform as a User through an Account Owner’s account, the following categories of Personal Information may be collected and processed:
Contact and billing information – If you are a Kaltura Account Owner, we collect your contact and billing information.
We use your information solely for the following purposes:
The activity on the Kaltura Platform production servers is logged within the system for the purpose of providing Kaltura Account Owners and Partners with statistical analysis of use, and to enable us to monitor the system, perform security audits, track errors, report activity via the system, and to comply with data retention rules and internal policies.
We use commercially reasonable methods to keep production logs secure and do not use them for any other purpose or share them with third parties except for permitted disclosures to third parties as detailed below.
We rely on certain trusted third-party Partners to provide part of the services and functions that make up the Kaltura Platform. For example, we transmit video content via third party content delivery networks (CDNs).
Kaltura does not share your information, including Personal Information, with any third parties other than our Partners except in the limited circumstances detailed below. Our Partners do not have permission to use your Personal Information for any purpose other than to provide to Kaltura the services we require to serve our Account Owners.
The Kaltura Platform is designed to interoperate with different systems. Our Account Owners may choose to integrate the Kaltura Platform with their own systems or with other third-party services of their designation. Kaltura is not responsible for systems connected to the Kaltura Platform that are not under our control.
The Kaltura Platform uses certain persistent first-party cookies to provide the best user experience and remember your preferences on the Kaltura Platform.
The Kaltura Platform does not place third-party cookies on your devices. However, elements of the Kaltura Platform, such as the Kaltura player may send information about your activities on the Kaltura Platform to cookies placed by others (such as ad networks) on your devices through web beacons, VAST tags, and other technologies. Other parties’ cookies are subject to their own privacy policies.
Most Internet browsers have options for controlling, disabling, and deleting cookies on your computer. To learn how to control cookies using your browser settings, visit https://www.aboutcookies.org/. In addition, many ad networks have joined the Digital Advertising Alliance’s self-regulatory program to provide a single opt-out tool at: http://www.aboutads.info and at the European Interactive Digital Advertising Alliance (EDAA) website: http://youronlinechoices.eu. However, Kaltura does not guarantee that using these tools will prevent online behavioral tracking using cookies through the Kaltura Platform.
Your Personal Information on a Kaltura Platform account is controlled by the Account Owner. We do not disclose your Personal Information to third parties except under the following circumstances and for the following purposes:
Kaltura integrates with third-party services (e.g., Zoom, Webex, YouTube) to automate ingestion of media assets from the third-party service to the Kaltura Platform. Media assets ingested from third-party services and associated with an Account Owner’s account are processed according to the same guidelines that apply to the Account Owner’s other media assets and data stored on the Kaltura Platform. Retention of media assets ingested from third-party services is controlled by the Account Owner, who may choose to retain such media assets even after ending its relationship with the third-party service.
We may retain your information (including Personal Information) on the Kaltura Platform for any lawfully permitted period of time, and as necessary to comply with our legal and contractual obligations, enforce our agreements, and enable us to investigate events and resolve disputes.
We take great precautions to protect the integrity of your Personal Information. However, no data transmission over the Internet or any other network can be guaranteed to be 100% secure. While we strive to protect information on the Kaltura Platform, we cannot and do not guarantee the security of any information you transmit.
To learn more about security, including the security measures we have taken and steps you can take to enhance the security of your information when using the Kaltura Platform, please contact us at [email protected]
If you are a resident of the State of California in the United States, Kaltura has certain obligations as a service provider towards Account Owners regarding your Personal Information under the California Consumer Privacy Act of 2018 (CCPA). As a service provider, Kaltura processes Personal Information solely for the purpose of providing the services specified in the contracts between Kaltura and the Account Owners. Kaltura does not process Personal Information collected through an Account Owner’s account for any other purpose.
If you are concerned about your privacy while interacting with services provided by a Kaltura Account Owner, you should address requests and inquiries relating to your Personal Information directly to that Account Owner. If you contact us regarding information associated with an Account Owner’s account, we may forward your requests or inquiries to the relevant Account Owner.
To learn more about your rights under the CCPA, you can visit the California Office of the Attorney General’s page on the CCPA at: https://oag.ca.gov/privacy/ccpa.
If you are in one of the EU/EEA countries, Kaltura has certain obligations as a data processor towards Account Owners regarding your Personal Information under the General Data Protection Regulation (GDPR).
The Account Owners, as data controllers, will be responsible for protecting your rights under the GDPR.
If you are concerned about your privacy while using services provided by a Kaltura Account Owner, you should address requests and inquiries relating to your Personal Information directly to that Account Owner. If you contact us regarding information on an Account Owner’s account, we may forward your requests or inquiries to the relevant Account Owner.
To learn more about your rights under the GDPR you can visit the European Commission’s page on Protection of Personal Data, at: http://ec.europa.eu/justice/data-protection/index_en.htm.
The Kaltura Platform hosts and processes information in the United States and in other countries around the world. In addition, Kaltura staff may remotely access the Kaltura Platform from other countries where we conduct business operations.
In providing the Kaltura Platform and processing your Personal Information on behalf of an Account Owner, your Personal Information may be transferred to the United States or to other countries. Therefore, your Personal Information may be processed in countries with privacy laws that are different from privacy laws in your country or in countries that are not subject to an adequacy decision by the European Commission. Regardless of location, Kaltura handles Personal Information as described here, and we take care to ensure that our employees, agents and Partners in other countries act in a manner consistent with this privacy notice. Kaltura ensures that the recipient of your Personal Information provides appropriate safeguards, including by entering into data processing agreements incorporating, where required, standard contractual clauses or an alternative mechanism for the transfer of personal data as approved by the European Commission or other applicable regulator.
Any inquiries, concerns, or requests regarding the use or disclosure of your Personal Information should be directed to Kaltura’s data protection officer at: [email protected]
You may also send inquiries to the following address:
250 Park Avenue South, 10th Floor
New York, NY 10003
Attention: Legal Counsel
Q: What is the GDPR?
A: The General Data Protection Regulation (GDPR) is an act of EU legislation intended to harmonize and strengthen privacy law across EU countries. The European Parliament approved the GDPR on April 14, 2016, and its requirements became mandatory on May 25, 2018. Kaltura is committed to complying fully with the GDPR and supporting our customers in their own GDPR compliance process.
Q: What categories of personal data does Kaltura process in connection with providing its products and services to customers?
A: The categories of personal data collected and/or processed by Kaltura will depend on the specific configuration and use case of the customer’s account. Kaltura is a data processor to our customers with respect to their users’ personal information. Kaltura’s collection and processing of personal data is solely for the purpose of providing its services to the customer. Kaltura does not collect or process personal data from end users except as necessary for the performance of its services.
Kaltura typically processes the following categories of personal data from a customer’s end-users:
A customer’s media content and metadata hosted on Kaltura’s SaaS platform may also contain personal data. However, please note that Kaltura is a platform. It does not screen or monitor customer content or metadata uploaded to the platform to determine whether it contains personal or sensitive data.
Q: What kind of cookies are used by the Kaltura platform and player?
Kaltura also uses a cookie to collect analytics where non-authenticated users interact with MediaSpace. Customers with a use case involving non-authenticated users may wish to enable Kaltura’s Privacy Banner module, which requests user consent before placing the analytics cookie. If the cookie is declined, the user may still interact with MediaSpace, but individualized analytics for that user will not be collected.
Some Kaltura customers leverage third-party analytics cookies (such as Google Analytics, Omniture, or ComScore) and/or third-party advertising or marketing automation cookies (such as Marketo or Eloqua), and these third-party cookies have been enabled to interoperate with the Kaltura platform. If a customer is using third-party analytics or advertising tools in connection with the Kaltura platform, the customer should consider whether it needs to provide notice to users about those cookies.
Q: What tools does Kaltura offer to facilitate GDPR compliance?
A: Kaltura’s SaaS platform includes various configuration options and tools, such as anonymization, to address privacy concerns and support customers’ compliance with data protection regulations. For example, we offer a First Login Disclaimer module that can be customized to display privacy notices and/or document consent when the end user accesses the Kaltura platform for the first time. To learn more about the tools and configuration options available, please contact your Kaltura representative.
As a data processor to our customers, Kaltura offers a Data Processing Agreement that contains relevant GDPR terms. Customers may access the Kaltura Data Processing Agreement at https://corp.kaltura.com/Kaltura-data-processing-agreement.
Q: Where does Kaltura process customer data?
A: Kaltura’s SaaS platform and associated customer data are currently hosted in the US. Regional cloud environments hosted in the EU, Singapore, Australia and Canada are also available for customers who have special requirements with respect to the hosting location. In appropriate circumstances, customized regional hosting options can be configured for components of the Kaltura solution (such as single-tenant hosting on a public cloud provider’s data center). However, such deployment options require careful technical planning and may require significant additional costs for the customer. To learn more about Kaltura’s regional cloud environments and/or customized hosting options, please contact your Kaltura representative.
Additional processing of customer data (e.g. transmission over a content delivery network or temporary caching on local proxy servers) may take place in jurisdictions where the customer’s end users upload media content or call content for playback.
Members of Kaltura’s R&D, customer support, and business operations teams located in the EU, the United Kingdom, Israel, and the US may access customer data solely for troubleshooting, maintaining the services, and providing customer support and account management. Kaltura also engages personnel in other locations to provide support, development, and testing services.
Q: How does Kaltura address the issue of transferring personal data outside of the European Union?
A: For transfers of data to the US data centers hosting Kaltura’s SaaS platform, as well as remote access to customer data by Kaltura’s technical and customer support personnel, Kaltura relies on the European Commission’s set of Standard Contractual Clauses, which remain a valid approach to transfers of personal data across borders. Once signed, an agreement incorporating the Standard Contractual Clauses commits cloud service providers to complying with the EU’s data protection principles. Customers can access the Kaltura Data Processing Agreement incorporating the Standard Contractual Clauses at https://corp.kaltura.com/Kaltura-data-processing-agreement. For transfers of data to Kaltura’s R&D and customer support teams in Israel, Kaltura relies on the European Commission’s adequacy decision of January 31, 2011 (2011/61/EU).
Q: What technical and organizational security measures does Kaltura have in place?
A: Kaltura implements appropriate technical and organizational security measures to safeguard the confidentiality and integrity of customer data. These measures include user authentication, session verification, access control settings, transportation layer encryption and security, and more. Some technical security measures are non-default and can be implemented by the customer through the Kaltura platform’s administrator settings. The US and regional cloud data centers hosting Kaltura’s SaaS platform conduct SSAE16 SOC-1 Type II and SOC-2 Type II assessments and reporting. In addition, Kaltura holds ISO27001 and ISO27799 certifications. For more information regarding Kaltura’s security measures, including Kaltura’s disaster recovery and business continuity plans, please contact your Kaltura representative.
Q: Does Kaltura have an incident response plan?
A: Kaltura has detailed policies and procedures in place to evaluate, respond to, report, and document all incidents involving the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data. For more information about our incident response procedures, please contact your Kaltura representative.
Q: What is Kaltura’s data retention policy?
A: In general, customer content and user data are retained throughout the entire contract term. However, if the customer’s administrative users mark specific content for deletion, that content will be deleted from our database. Customers may also set custom deletion rules and schedules for their content. In addition, if a customer instructs Kaltura to delete user data relating to a specific user, we will promptly comply with the request.
If a customer terminates their contract with Kaltura, customer content and user data will be deleted at the end of the subscription term. In the event of termination, the customer can always migrate their data to another storage location or medium for retention purposes. Migration can be performed directly by the customer through Kaltura APIs or with the assistance of our Professional Services team. Upon termination, data recorded in Kaltura’s production logs and information relating to Kaltura’s business transactions with the customer are retained in accordance with Kaltura’s data retention policies.
Q: How will Kaltura address data subject requests?
A: Data subject requests are handled on a case-by-case basis. Customers are able to seek assistance for data subject requests through Kaltura’s online customer care portal. Upon request by the customer, Kaltura is able to generate a copy of personal data in a commonly used and machine-readable format. Kaltura is also able to selectively delete personal data stored/processed. Unless otherwise required by applicable law, any requests regarding personal information that Kaltura receives directly from the end user will be promptly forwarded to the relevant customer, and Kaltura will proceed only as instructed by the customer. For more information, please refer to the Kaltura Data Subject Access Request Policy and Procedures, a copy of which is available upon request.
Q: Does Kaltura engage any sub-processors?
A: Kaltura currently engages sub-processors to provide cloud infrastructure and hosting services, to carry out data delivery to end users over a content delivery network (CDN), and to provide video enrichment functions (such as content transcription, captioning, and translation services), and to provide various customer support, CRM, accounting, payment, and similar services to our customers. For media and telecom customers utilizing Kaltura’s Cloud TV platform, Kaltura may engage additional sub-processors depending on the scope of the deployment.
The exact sub-processors used in any given case depends on the specific deployment and combination of products and services purchased. Customers may request details about the particular sub-processors used in their deployment. Customers can also request that they be notified of changes to those sub-processors and given a chance to object to any changes in the applicable sub-processors. Please submit these requests to your Kaltura representative or to Kaltura’s DPO (email: [email protected]).
Q: Does Kaltura maintain a record of data processing activities?
A: Kaltura maintains a central record of data processing activities in connection with the products and services we provide to our customers. The record of processing activities is reviewed and updated on an ongoing basis (such as when new functionalities are introduced or when new partners are brought on as sub-processors). The record of processing activities applicable to any particular customer can be provided upon request.
A: Kaltura has privacy policies regarding how Kaltura collects, uses, process, protects, and discloses data through the Kaltura websites and the Kaltura SaaS platform. Kaltura’s privacy policies can be accessed at https://corp.kaltura.com/privacy-policy.
Q: Does Kaltura have an EU data protection representative?
A: Kaltura has appointed its wholly-owned German subsidiary, Kaltura Germany GmbH, as its EU data protection representative. The contact information for Kaltura’s EU data protection representative is as follows:
Kaltura Germany GmbH
c/o Mazars Tax GmbH
Phone: +1 800 871 5224
Email: [email protected]
Q: How can I learn more about Kaltura’s privacy program?
A: For additional information about Kaltura’s privacy program, please contact Kaltura’s Data Protection Officer (email: [email protected]). Legal inquiries can be directed to Emily Dong, Legal Counsel, CIPP/E (email: [email protected]).
Last Updated: February 2021
Reporting Claims of Copyright Infringement
Kaltura, Inc. (“Kaltura”) respects the intellectual property rights of others and expects its users to do the same.
We will respond to notices of alleged copyright infringement that comply with applicable law. If you believe any materials accessible on or from this site (the “Website”) or through the Kaltura service infringe your copyright, you may request removal of those materials (or access to them) by submitting written notification to our copyright agent designated below. In accordance with the Online Copyright Infringement Liability Limitation Act of the Digital Millennium Copyright Act (17 U.S.C. § 512) (“DMCA”), the written notice (the “DMCA Notice”) must include substantially the following:
Our designated copyright agent to receive DMCA Notices is:
250 Park Avenue South, 10th Floor, New York, NY 10003
+1 (646) 290-5445
If you fail to comply with all of the requirements of Section 512(c)(3) of the DMCA, your DMCA Notice may not be effective.
Please be aware that if you knowingly materially misrepresent that material or activity is infringing your copyright, you may be held liable for damages (including costs and attorneys’ fees) under Section 512(f) of the DMCA.
It is our policy in appropriate circumstances to disable and/or terminate the accounts of users who are repeat infringers.
It is the policy of Kaltura Inc. and its subsidiaries (“we,” or the “Company”) to comply with all applicable anti-corruption laws and regulations in all countries in which the Company does business. This Policy addresses what we must do in order to comply with those laws and regulations. Any questions concerning this Policy should be referred to the Company’s Vice President of Legal Affairs.
While local standards and practices may vary with respect to what is considered bribery, the Company’s policy can be summarized as follows: you may not improperly provide (or offer to provide), directly or indirectly, anything of value to anyone to obtain or retain business, to obtain a commercial advantage, or to receive favored treatment, anywhere in the world. Violations of this Policy may constitute violations of applicable anti-bribery and anti-corruption laws and may subject the Company and Covered Persons (as defined below) to serious penalties, including fines and even imprisonment.
This Policy is mandatory and applies to all directors, officers and employees of the Company, all contractors who devote all or substantially all of their time to the Company, and Covered Business Associates (as defined below) (collectively, “Covered Persons”). Any Covered Persons shall be provided with a copy of this Policy and shall certify their compliance with it pursuant to procedures established by the Vice President of Legal Affairs.
For purposes of this Policy, bribery is defined as the promising, offering, giving, requesting, agreeing to receive, accepting, or authorizing the giving or receiving, whether directly or indirectly, of any advantage (not necessarily financial) to induce or reward behavior that is “improper” (i.e., illegal, unethical, or a breach of a duty or expectation that a person will act in good faith, impartially, or in accordance with a position of trust). The Company is committed to carrying out its business worldwide ethically and without the use of bribery.
Covered Persons are prohibited from offering, promising, giving, providing, or authorizing, whether directly or indirectly, the provision of anything of value to obtain or retain business, an improper advantage, or favored treatment from any third party, or any other person with whom the Company does or anticipates doing business. Similarly, Covered Persons are prohibited from soliciting, receiving, or authorizing, whether directly or indirectly, the receipt of anything of value from anyone, including business partners and other third parties, doing business with or seeking to do business with the Company, for the purpose of obtaining an improper advantage with the Company or having an improper influence over a Covered Person’s judgment.
The term “anything of value” is very broad. It includes not only obvious bribes and kickbacks (e.g., rebating a portion of a contract payment to third parties or using consulting agreements to funnel payments to third parties), but also improper benefits, such as inappropriate gifts, educational assistance, potentially the hiring of relatives, unreasonable travel and entertainment expenses, medical care, and any financial or other advantage.
Even if bribes may be a customary and accepted way of doing business in a particular country, they are prohibited. A bribe does not have to be fully effectuated to be a violation of this Policy – offering a bribe that is never accepted, or never paid, is still a violation of this Policy.
Covered Persons are specifically prohibited from offering, promising, giving, or authorizing the giving of, anything of value, whether directly or indirectly, to Government Officials without the prior written approval of the Vice President of Legal Affairs.
For the purposes of this Policy, the term “Government Official” is broad and includes any officer or employee of a government or any department, agency, or instrumentality or of a public international organization, or any person acting in an official capacity for or on behalf of such person. In addition, Government Official includes any: (i) officer, employee or person acting in an official capacity on behalf of a political party; (ii) a candidate for political office; (iii) an officer or employee of a state-owned or state-controlled company, regardless of the officer’s or employee’s rank or title; (iv) uncompensated honorary officials who have influence in the award of business; (v) members of royal families; (vi) any entity hired to review or accept bids for a government agency; (vii) officials, whether elected, appointed or under a contract, permanent or temporary, who hold a legislative, administrative, or judicial position of any kind in a country or territory; (viii) any person who performs public functions in any branch of the national, local, or municipal governments of a country or territory or who exercises a public function for any public agency or public enterprise of such country or territory; and (ix) spouses and other immediate family members of any of the persons listed above. A Government Official may also include any executive, officer, agent or employee acting in a business (even if privately owned) providing a service to the general public.
Facilitation payments are modest payments made to a Government Official for the purpose of expediting or securing the performance of a routine, non-discretionary governmental action, such as expediting licenses or scheduling (but not approving) inspections.
While facilitation payments are permissible under certain applicable laws, such as the U.S. Foreign Corrupt Practices Act of 1977 (“FCPA”), Covered Persons are prohibited from making such payments. This Policy prohibits such payments except for in extreme circumstances (e.g., exigent circumstances in which an individual’s health, safe passage, or personal safety is threatened).
Payments are not prohibited when they are in response to an imminent threat of physical harm. However, economic coercion, no matter how serious, does not constitute extortion or duress and is prohibited. Mere solicitation of a payment does not constitute extortion or duress.
If a payment is demanded under threat of imminent physical harm, such a payment should be made and promptly reported to the Company’s Vice President of Legal Affairs, detailing the circumstances. The payment must also be properly recorded in the Company’s books and records.
The Company recognizes that accepting and providing reasonable and proportionate gifts and entertainment are a normal part of business, and this Policy does not prohibit such gifts and entertainment. The term “reasonable and proportionate” is not precisely quantified and requires the exercise of common sense. If a gift would be considered extravagant or excessive or if the gift would likely affect the recipient’s judgment, for example, in the context of an upcoming decision, approval or contract award, then the gift will be deemed unreasonable. Gifts in the form of cash or gift certificates are prohibited.
Prior to giving gifts or paying for entertainment or hospitality above certain threshold values as defined in the Gifts and Entertainment Expenses Approval document issued by the Vice President of Legal Affairs the expense must be approved by the appropriate person named in that document. Any questions regarding whether a gift is appropriate irrespective of value should be directed to the Company’s Vice President of Legal Affairs.
Similarly, Covered Persons must ensure that the decisions they make on behalf of the Company are free from third-party influence. Accordingly, Covered Persons must promptly report any gifts of significant value offered to or received by them to the Company’s Vice President of Legal Affairs, who will assess the propriety of keeping the gift.
The Vice President of Legal Affairs will determine the threshold values from time to time and such values will be specified in the Gifts and Entertainment Expenses Approval document and communicated to Covered Persons.
Covered Persons may offer or receive infrequent, reasonable and appropriate business meals or entertainment, provided that business is discussed at those events and that the activity has a clear business purpose. An example would be the promotion, demonstration or explanation of the Company’s products or services, or the negotiation, execution or performance of a contract. Such activity shall not involve excessive expenditures. The guidelines for reasonable and appropriate activities shall be normal industry practice in the relevant locality consistent with local legal requirements. Further, reimbursement of such expenses will be subject to the Company’s procedures such as stating the participants and the purpose of the meeting. The Vice President of Legal Affairs will determine the threshold values from time to time and such values will be specified in the Gifts and Entertainment Expenses Approval document and communicated to Covered Persons. In the event that the estimated cost of certain business entertainment is expected to exceed such estimate, prior written approval from the Vice President of Legal Affairs is required.
There are occasions in which it may be appropriate for the Company to provide reasonable, bona fide hospitality to customers/potential customers, including Government Officials, such as paying for travel, meals, and business entertainment expenses (i.e., beyond occasional business meals or entertainment covered above). Such hospitality shall require written approval of the Vice President of Legal Affairs in advance and be subject to the following general guidelines, to be applied on a case-by-case basis:
Under no circumstances will hospitality consist of cash payments, and hospitality must never be offered or provided in exchange for any commercial advantage or favored treatment.
Company money, assets, property or other things of value may not be contributed, loaned, or made available to any foreign candidate, party, or political committee. The Company may, from time to time, make charitable contributions, which are limited to reasonable amounts as determined by the Company’s Vice President of Legal Affairs. Under no circumstances should charitable contributions be made in an attempt to influence any decision or obtain an advantage. Also, the Company is prohibited from making contributions to a charity owned or controlled by a Government Official. Contributions to political parties or candidates by Covered Persons, acting solely in their personal capacities during their private time, may not involve the use of any Company funds, time, equipment, supplies or facilities.
It is the Company’s policy not to pursue or accept government grants. Any exception to this general prohibition must be approved in writing by the Vice President of Legal Affairs.
Channel program partners, including resellers, referral partners, and original equipment manufacturer (OEM) partners, as well as all consultants, sales representatives and other third parties that act on behalf of the Company are referred to herein collectively as “Business Associates.” Business Associates that interact with a Government Official for or on behalf of the Company or that refer or engage with potential or actual customers of the Company (each, a “Covered Business Associate”) shall be required to abide by this Policy and/or to demonstrate that they are subject to a policy determined to be at least equally protective of the Company by the Vice President of Legal Affairs. Other Business Associates shall be required to abide by this Policy if so directed by the Vice President of Legal Affairs.
All payments made to a Business Associate must be reasonable in relation to the products sold to, or bona fide services rendered by, such Business Associate to or on behalf of the Company. Payments to a Business Associate should never be made in cash and should be made to the Business Associate’s bank account in the country where the services are performed or where the Business Associate’s offices are located. No payments shall be made to a Business Associate without detailed invoices that fully and accurately describe the services and expenses incurred.
Furthermore, the Company will conduct risk-based anti-bribery and anti-corruption due diligence prior to the engagement of a Covered Business Associate to ensure that it is a bona fide and legitimate entity, is qualified for the purpose of its engagement, and generally maintains standards consistent with the ethical and reputational standards of the Company. The Company recognizes that corruption risks can vary by location, type of transaction and customer, and, accordingly, this Policy requires enhanced diligence procedures for engaging with Business Associates in circumstances that present a higher perceived risk of corruption. The due diligence will be conducted in accordance with the due diligence guidelines attached to this Policy as Annex A.
Information identified and received during the due diligence process will be reviewed by the Finance and/or Accounting and/or Legal Departments, and/or by the Company’s Compliance Officer as applicable, and should be maintained by the Finance, Accounting, Legal or Compliance Department in a due diligence file regarding the potential Covered Business Associate.
Other appropriate measures to ensure the Company’s and Business Associates’ compliance with applicable law shall include the insertion of appropriate anti-bribery provisions in contractual agreements with such Business Associates. Prior to the Company entering into corporate acquisitions, joint ventures, and similar arrangements, Covered Persons will perform risk-based anti-corruption due diligence with respect to the potential transaction as a part of the Company’s standard due diligence procedures.
A “red flag” is a fact pattern, situation, request, or other circumstance that indicates a possible anti-corruption compliance risk. Annex B to this Policy includes examples of “red flags”, which are not exhaustive. In case of doubt whether a certain fact or information known to a Covered Person constitutes a “red flag”, please consult the Vice President of Legal Affairs.
Covered Persons are required to monitor for and promptly report any “red flags” that raise anti-corruption concerns to the Vice President of Legal Affairs.
The Company will maintain books and records that accurately reflect its transactions, use of Company assets, and other similar information, along with a reasonable system of internal controls. Covered Persons must ensure that: (i) gifts, business entertainment, hospitality, and other expenses are properly reported and recorded; (ii) payments made on behalf of the Company are supported by appropriate documentation; (iii) no payments to third parties are made in cash, unless pursuant to proper petty cash disbursements, and (iv) no Covered Person shall create or help to create any documents for the purpose of concealing any improper activity.
The success of this Policy in preventing corruption relies on the diligence and commitment of all Covered Persons. Covered Persons must report any suspected violation of this Policy to the Vice President of Legal Affairs. Covered Persons may also report such suspected violations anonymously. The Vice President of Legal Affairs will maintain a log of all inquiries and suspected violations in connection with this Policy.
All such reports may be made in person or by letter, telephone, facsimile, e-mail, or other means and will be treated as confidential, to be used only for the purpose of addressing the specific problem(s) the reports concern. Such reports will be shared with the Company’s management, board of directors, and other authorized individuals only on a need-to-know basis. All Covered Persons shall cooperate fully, truthfully, and candidly with any inquiry conducted by or on behalf of the Company. Failure to provide such cooperation may result in disciplinary action, including termination of employment.
The Company will take no adverse action against Covered Persons who report violations of this Policy honestly and in good faith.
The Vice President of Legal Affairs will establish and conduct a suitable training program to help effectuate the compliance goals of this Policy, and will maintain records documenting the date and content of the training and names of attendees. In addition, all Covered Persons will be required to sign certifications of compliance with this Policy. The Vice President of Legal Affairs will review this Policy at least annually to ensure it is effective and in accordance with current best practices, and will revise and update this Policy, as necessary.
The Vice President of Legal Affairs may from time to amend the Annexes attached to this Policy.
Please contact the Vice President of Legal Affairs if you have any questions regarding the scope and reach of applicable anti-corruption laws and regulations, whether a particular payment or gift would be consistent with this Policy or otherwise relating to this Policy.
The Vice President of Legal Affairs may delegate any of his or her duties under this Policy to appropriate legal, compliance or other officials in the Company.
The Vice President of Legal Affairs may authorize any approvals required under this Policy or any related form(s) to be provided electronically, by email or otherwise, or in such other form as he or she considers appropriate.
The purpose of conducting due diligence on Covered Business Associates in the context of this Policy is to verify, to the extent reasonably possible, their integrity and past track record in relation to bribery and corruption. The Company shall not enter into any business relationship with any Covered Business Associate, unless and until:
(a) the due diligence process has been completed for the Covered Business Associate, and
(b) the due diligence process has not revealed activities by the Covered Business Associate which would be inconsistent with the Company’s zero tolerance for bribery and corruption.
If exceptional circumstances exist in which the start of a relationship with a Covered Business Associate must begin before the completion of the due diligence process, written approval of the Vice President of Legal Affairs is required and the process must be completed as promptly as possible and any temporary arrangement with the Covered Business Associate must be made contingent upon successful completion of the process. The nature of the due diligence will depend, among other things, on the nature of the relationship with and cooperation of the Covered Business Associate, the availability of public domain information and records on the Business Associate, and the cultural and political environment in which the Covered Business Associate is operating. For purposes of assessing the cultural and political environment in which a Business Associate is operating, the Company will refer to objective sources of information such as Transparency International (“TI”), which is available at http://www.transparency.org/.
Basic due diligence is required for screening all Covered Business Associates and shall include, at minimum, completion of an internal due diligence questionnaire pertaining to the potential Covered Business Associate by the Covered Person proposing to engage it, verification of the corporate registration of the entity, or the expertise of a person, the business address and general corporate history/structure that is publicly available. The Vice President of Legal Affairs may exempt certain individual Covered Business Associates, or categories of Covered Business Associates from the requirement for an internal due diligence questionnaire or other aspects of this requirement based on an assessment that the potential risk for such Covered Business Associate or category of Covered Business Associates is sufficiently low to warrant such exemption.
Enhanced due diligence is required if any issues of concern or “red flags” are identified in the basic due diligence and for all Covered Business Associates in regions which are generally known for corrupt practices, even if basic due diligence does not identify any “red flags” or issues of Jurisdictions in which the Company currently conducts business or may be conducting business that require enhanced due diligence. In addition, enhanced due diligence is required for all transactions that involve government or state-owned customers.
Enhanced due diligence shall include, at minimum: (i) the Covered Business Associate’s completion of a detailed due diligence questionnaire and provision of relevant information and documents supporting the replies to the questionnaire, and (ii) completion of an internal due diligence questionnaire pertaining to the potential Covered Business Associate by the Covered Person proposing to engage it and shall include such other steps as may be directed by the Vice President of Legal Affairs. The forms of due diligence questionnaires will be determined by the Vice President of Legal Affairs from time to time.
For the avoidance of any doubt, the due diligence process described in the Policy and the forms provided by the Vice President of Legal Affairs from time to time are solely to determine compliance with the Policy, and do not constitute commercial due diligence as to the commercial health and stability of the target person or entity. Such commercial due diligence may need to be conducted separately, in addition to due diligence under this Policy.
Please note that the following examples are illustrative. This is not an exhaustive list.
A request for payment in advance or prior to an award of a contract, license, concession, or other business.
A request for reimbursement of unusual, extraordinary, poorly documented, or last minute expenses.
A request for payment in cash (or otherwise untraceable funds) to a numbered account or to an account in the name of someone other than the appropriate party.
A request for payment in a country other than the one in which the parties are located, especially if it is a country with limited banking transparency.
A refusal by a party to certify that it will comply with the requirements and prohibitions of applicable anti-corruption laws and rules or this Policy.
A refusal, if asked, to disclose shareholders, partners, or principals. Use of shell or holding companies that obscures a transaction partner’s ownership without credible explanation.
A request for a fee or kickback for the use of Company products and services at the requestor’s facility.
A request for political or charitable contributions, particularly if the request is for cash.
A request by a Government Official (e.g., an employee of a state-owned educational institution or public broadcasting company) to hire a family member of the Government Official or to engage a particular Business Associate.
As measured by local customs or standards, or under circumstances particular to the party’s environment, the party’s business is understaffed, ill-equipped or inconceivably located to undertake its proposed relationship with the Company (e.g., pre-award technical activities or logistical assistance, and post-award activities such as assistance with customs, permits, financing and licenses).
The party appears to have insufficient know-how or experience to provide the services the Company needs.
Company wire transfers that do not disclose the identity of the sender or recipient.
In the case of engaging a Business Associate, the potential Business Associate:
Last Updated: October 26, 2016
Modern Slavery Act Statement — 2021
Kaltura is a global provider of online video technology products and services. This statement is made pursuant to Section 54 of the UK Modern Slavery Act 2015 (the “Act”). It describes the steps Kaltura has taken or will take in order to ensure that slavery and human trafficking are not taking place in any part of its supply chain. Kaltura is committed to acting ethically and responsibly in all of its business dealings and to implementing systems to prevent modern slavery.
Kaltura, Inc., a Delaware corporation, is the parent company of Kaltura Europe Limited, a London-based company incorporated under the laws of England and Wales. Kaltura, Inc. has other subsidiaries in Germany, Brazil, Singapore, and Israel. Kaltura, Inc. and its subsidiaries engage with suppliers from time to time in order to procure goods and services necessary for the operation of Kaltura’s business. Such engagements are subject to review by Kaltura’s legal, procurement, and finance departments and are documented in written contracts. Kaltura expects its suppliers to strictly comply with all applicable laws and regulations and conducts due diligence and risk assessments where appropriate to ensure that it engages with suppliers that meet its standards. Many of Kaltura’s major suppliers, such as its cloud computing infrastructure, hardware, CRM and content delivery network (CDN) providers, have detailed policies and codes of conduct in place to ensure prevention of modern slavery and human trafficking in the operation of their respective businesses.
Kaltura is committed to taking the following steps toward the prevention of modern slavery in its business:
This statement has been approved by the Board of Directors of both Kaltura Europe Limited and Kaltura, Inc. Kaltura will post this statement on its corporate website and ensure that all current employees and new hires have access to it.
CEO and Chairman, Kaltura, Inc.
Kaltura is committed to making our website as accessible as possible to everyone, regardless of ability. We continuously and actively work toward improving the accessibility of our website to ensure we provide equal access to all of our customers and web users.
Kaltura works with industry partners, clients, and members of the community to stay at the forefront of accessibility, for our website and for video specifically. This includes striving to fulfill accessibility guidelines such as 508, CVAA, and WCAG 2.0 AA.
With this in mind, we’ve put effort into:
Additionally, Kaltura is committed to accessibility within our products, and we work to promote our mindset across the industry with the goal of delivering video that is accessible to all. You can learn more about Kaltura’s video accessibility here.
We are continuing our efforts to improve the website’s accessibility, and we strive to stay up to date with all accessibility optimization.
If you would like to contact us regarding our accessibility, or if you have any feedback, you are welcome to contact us at [email protected].
Kaltura’s online video platform offers advanced video publishing, management, syndication, and monetization solutions suitable for many verticals, including education, enterprise, government, media and entertainment, advertsing, and many others.
Kaltura’s flexible platform and APIs allow publishers and organizations to build video applications, widgets, and plug-ins rapidly and cost-effectively, as well as add core video services to their existing offerings.
Kaltura recognizes the need for security in all our platforms and products, and views the security of the customer media and data stored in the Kaltura platform as a paramount concern in the relationship with our customers and subcontractors. We know that customers rely on Kaltura as a central repository for their proprietary media and want assurances that that this information safeguarded with industry standard practices and tools. This is why Kaltura has built-in physical, architectural, and application security measures that provide end-to-end protection for your assets and information, thus ensuring various ways to effectively implement the right level of security for your needs.
The Kaltura Security FAQ provides transparency on Kaltura’s security stance and processes. It explains various security measures enforced throughout the company’s product development stages and ongoing operations.
Whether you publish video on the web or use it only for internal audiences, and whether you deploy a SaaS, on-premises, or hybrid solution, it is important for you to address the security aspects of your online video strategy. Kaltura is committed to help you implement the security measures you need, while assuring an intuitive and smooth experience for your end users.
This guide is intended for public distribution to anyone who wishes to learn about Kaltura’s security practices. The target audience includes directors of IT security, Chief Information Security Officers, Data Protection Officers, and others who are responsible for cybersecurity and data privacy in their organizations.
It contains many of the basic questions that customers have about Kaltura’s information security policies, practices, and procedures.
If you require further information about an aspect of Kaltura’s corporate security, contact a Kaltura representative or fill out this form http://corp.kaltura.com/company/contact-us.
Kaltura is committed to safeguarding the confidentiality, integrity, and availability of all physical and electronic information assets of the organization to ensure that regulatory, operational, and contractual requirements are fulfilled.
The overall goals for Kaltura information security include:
Kaltura incorporates information security into every area of operations. As a cloud-based service, we understand the assurance that customers require that their data and media assets are protected and only available to authorized and authenticated users.
Kaltura’s robust security program is based on the International Organization for Standardization’s (ISO) 27001 standards, as well as the requirements of relevant data protection/data privacy laws and industry best practices.
The security measures put in place include implementing preventative and detective security mechanisms that mitigate external and internal risks.
Kaltura’s security infrastructure is led by an expert team that brings a wealth of experience and knowledge to application and operation security planning and enforcement.
Kaltura has a designated Chief Information Security Officer (CISO) who is responsible for defining the information security strategy and the annual information security program. The CISO works with team of skilled and experienced security professionals, who are responsible for establishing strong security practices via governance, risk management, policy, education, security engineering, security awareness and compliance, and security operations.
This security team includes the Director of Security and Privacy, Director of DevOps, Director of Corporate IT, and senior management to ensure that the implementation of, and ongoing compliance with, Kaltura’s security policies. This team also oversees application security through the implementation of Kaltura’s Secure Development Policy, which applies to the development and maintenance of all services, architecture, software, and systems.
Kaltura’s SaaS platform offers robust storage and hosting services operating from state-of-the-art data centers with high levels of stability, redundancy, and security.
Within Kaltura, we implement measures, in line with industry best practices, to safeguard our internal networks against intrusion.
Kaltura’s SaaS platform is deployed in AWS Virtual Private Cloud, Amazon’s cloud computing resources that are hosted in multiple locations worldwide. Each region is a separate geographic area and has multiple, isolated locations known as Availability Zones (AZ).
By using AWS, Kaltura is running on a robust, elastic, and scalable infrastructure that enables the Kaltura SaaS platform to accommodate our customers’ increasing usage and growth in our business operations. Kaltura benefits from a number of key features of AWS Cloud infrastructure, including:
Yes. AWS is an industry leader in cloud computing, and takes its security very seriously. As a result, Kaltura benefits from AWS’s own commitment to information security.
AWS spends countless hours considering potential threats and designing, implementing, and testing controls to ensure the systems, technology, and people all work in unison to counteract risk.
Virtual Private Cloud (VPC) security is provided by AWS security groups, which act as a virtual firewall for every Kaltura instance and controls inbound and outbound traffic. When an instance is launched in a VPC, up to five security groups can be applied to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet providing a Kaltura service can be assigned to a different set of security groups.
Kaltura’s AWS-based SaaS platform is a multi-tenant, shared infrastructure.
All customer content and metadata stored on Kaltura’s multi-tenant platform is logically segregated from the content of other customers by assigning each item to a unique ID associated with the customer account in the Kaltura SaaS platform database.
Access to the Kaltura business logic, and the content and data maintained in the system, can only be achieved through the Kaltura API. The Kaltura API includes a security mechanism to ensure that only authorized users and systems can perform any actions through the API. Every interaction with the platform uses a Kaltura Session token with a customer ID, thus preventing the application from accessing any other customer data. Customers can access content associated with their account only.
Kaltura takes numerous measures to protect its physical assets from outside intrusions and attempts to access secured information. These assets include Kaltura’s offices around the world and the data centers that store customer data.
Access to buildings: A designated guard is available during building operating hours to verify building access. During non-operating hours, the building’s emergency alert systems are monitored by a 24/7 monitoring service.
Access to offices: Kaltura offices are equipped with a door access control system using electronic chip ID cards. Access to all Kaltura offices is controlled through an industry-standard employee badge system that regulates access to offices and secured areas. Offices have an office alarm system that is activated and monitored during non-working hours. Access and alarm codes are known only to Kaltura employees and are not shared with visitors or other external entities. Employees are required to carry their badges at all times while they are on site.
Visitor access to the Kaltura offices is also highly controlled. Visitor identification details are recorded upon entering the worksite. Visitors and contractors are allowed into the office by a Kaltura employee and are escorted within office areas during their visit. Visitors arriving to provide unattended maintenance/repair work are verified before they are allowed to conduct their work within the office area.
Kaltura data are housed in AWS facilities. These facilities are secured by design with built-in access controls. Physical access to AWS data centers is strictly controlled both at the perimeter and at building ingress points and includes, but is not limited to, professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means.
Authorized staff utilize multi-factor authentication mechanisms to access data centers. Ingress and egress points to server rooms are secured with devices that sound alarms to initiate an incident response if the door is forced or held open.
Electronic intrusion detection systems are installed within the data layer to monitor, detect, and automatically alert appropriate personnel of security incidents. Door alarming devices are also configured to detect instances where an individual exits or enters a data layer without providing multi-factor authentication. Alarms are immediately dispatched to 24/7 AWS Security Operations Centers for immediate logging, analysis, and response.
For further information about AWS physical access controls, see https://aws.amazon.com/compliance/data-center/controls/.
Kaltura is foremost a company of people dedicated to continually improving the quality and security of the live and on-demand video solutions that we provide to thousands of organizations around the world.
The Kaltura Human Resources department maintains a personnel security program to ensure that all employees understand the importance of security and how to perform their work in a security-conscious way. The Human Resources team implements this program through processes and training that takes place when people join Kaltura and continue throughout their employment.
Kaltura undertakes pre-hiring screening for all prospective employees in the U.S. These screenings include verifying:
Kaltura employees in other locations undergo similar pre-hiring screening procedures, subject to standard practices and applicable laws in each relevant jurisdiction.
Candidates receive an employment offer only after the screening steps have been completed to the satisfaction of the Human Resources team.
As part of Kaltura’s security governance, Kaltura conducts annual security awareness training to ensure that employees understand common security risks, the security implications of their actions, and how to incorporate security awareness into their activities to decrease the likelihood of a security incident. Employees can receive the security awareness training through external/internal courses, extension studies, day seminars, and online guides. For each training method, there is an effectiveness check to measure how well employees understood the material presented.
Kaltura employees are required to complete security training immediately after hiring. All employees must read and acknowledge the company’s information security policy after attending security training.
Kaltura’s CISO periodically reviews training records to ensure that all staff members complete their requisite training.
All Kaltura employees sign standard confidentiality agreements that require employees to maintain the confidentiality of Kaltura and customer data. The confidentiality agreements also forbid employees from using any Kaltura or customer data for any unauthorized purpose.
Upon termination of an employee’s contract, Kaltura’s IT department revokes the employee’s access and passwords and collects company property, laptops, and access card.
The Kaltura platform is certified as compliant with the ISO27001 and ISO27799 information security management standards.
The scope of certification encompasses Kaltura’s production environments, corporate environments, and operations.
Kaltura’s solution is hosted on Amazon Web Services (AWS) infrastructure, which is SOC-1 (formerly SSAE 16) and SOC-2 Type II certified. Reports are available from AWS Artifact directly at: https://aws.amazon.com/artifact/.
Kaltura monitors regulatory developments closely in all jurisdictions where we do business and maintains compliance with all applicable legal requirements.
Kaltura’s standard SaaS deployment is not intended for hosting of PHI. If a HIPAA use case is contemplated, customized configurations can be scoped and configured to meet the customer’s requirements.
Kaltura does not store or process payment card information in providing services to our customers, and the Kaltura SaaS platform is not intended for hosting or processing of payment card information.
A range of authentication and authorization options are available in the Kaltura platform. Single sign on (SSO) can be set up to ensure that the user only has to log in once, with authentication through the customer’s existing user management systems and methodologies, such as LDAP, CAS, or Local DB. LDAP integration can be used to allow the user to log in with his credentials from the Active Directory or another identity service communicating over LDAP. It is also possible to set up a SAML 2.0 integration. For more information, see this overview of authentication and authorization solutions for Kaltura Media Space.
Yes, the Kaltura platform inherently supports two-factor authentication (2FA). This capability can easily be enabled by a Kaltura Administrator. If the platform is connected to your SSO solution and your solution uses multi-factor authentication, then the authentication functions would reside within your SSO.
Data at rest is encrypted using AES-256 encryption. Content is delivered using TLS 1.2 encryption.
Sensitive information sent by email can be encrypted via Azure Identity Protection, a Microsoft solution, that works with Outlook email clients.
Data at rest, including data production server application logs, are encrypted via AES-256.
Encryption is on a per rendition level, with the encryption done as part of the transcoding process. Content is securely transitioned and stored thought the whole ingest/transcoding process.
Kaltura manages encryption keys through Amazon Web Services’ Key management service.
In many cases, organizations are interested in restricting access to content. You may want or need to employ broad controls such as allowing access only from a specific geographic location, domains, or you may want to restrict access to specific assets to certain authorized individuals only. Kaltura offers several features that are designed to help you achieve the right level of access control to your media.
For more detail, see Kaltura’s Online Video Security Capabilities.
The Kaltura online video platform was designed with privacy and security standards in mind, while at the same time providing the openness and flexibility of Kaltura’s technology as an open-source platform with integration models for open and free applications as well as highly secured and restricted applications.
Kaltura maintains a Secure Development Policy that aims to minimize overall risk. In particular, the policy defines:
Kaltura follows an agile software development methodology that includes multiple validation and review control points.
The development process begins with a system requirements analysis that considers user needs. The security requirement for any changes must be defined as part of the development process. In addition, the analysis must account for any changes in user roles and permissions, as well as the categories of data impacted by the change. In particular, where a change involves the processing of personal data, the change is evaluated for compliance with relevant data privacy laws.
As any application changes moves from analysis to design, the design review must ensure that the design changes address any changes to data security.
After system construction, manual and automated testing is performed at a unit or module level is performed by the system and software developers. Security considerations are always a consideration during this testing phase to confirm that no vulnerabilities have been overlooked in the final design.
Securing customer data is also built into Kaltura’s Change Management Policy. This policy lays out the methodology for integrating system and application changes.
All application changes are carried out in accordance with the Kaltura Secure Development Policy.
Changes to applications or systems patches must be approved by a change committee prior to implementation. Part of the change committee’s review process involves evaluating assurances that the proposed change will not compromise customer data.
Additionally, data security is an integrated part of the testing procedures performed in a QA environment with production quality security controls. If any vulnerability is discovered, the issue is corrected, and the entire application retested for product security.
Kaltura maintains a Patch Management Policy, which includes risk assessment, patch testing, patch approval, patch deployment, and patch verification. The Policy mandates using centralized or automated systems for vulnerability detection and patch deployment over manual or other patching methods wherever possible.
Kaltura’s IT Department and Director of Security monitor security mailing lists for notification of vulnerabilities, patches, and updates, as well as notifications from vendors themselves.
Patches are reviewed and categorized into four tiers (critical, high-risk, medium, and low risk, and no risk). Those that are approved are implemented according to the specific timelines for each tier.
Kaltura leverages industry standard tools and performs regular third-party vulnerability testing, hardening, and monitoring.
Kaltura conducts regular external and internal vulnerability scans of information systems that are open to outside connections. In addition, Kaltura uses a vulnerability management solution to continuously detect and protect against attacks.
Kaltura conducts regular infrastructure and application penetration tests to examine the system’s resistance to internal and external security risks. A qualified internal resource or a reputable third-party service provider carries out controlled penetration tests.
Customers may set automatic content deletion rules and schedules in the Kaltura platform. The system “delete” function marks data for deletion and that data is wiped/purged in periodic cycles. A custom system command can be configured to purge items immediately upon deletion (this would apply to both redundant storage locations). Content can be deleted by the customer using the platform’s delete and bulk delete functions. Upon customer request, Kaltura can certify in writing that the customer’s data has been erased or destroyed.
The Kaltura SaaS platform supports industry standard logical deletion methods. Advanced deletion methods such as degaussing are not supported on Kaltura’s SaaS environment since the hard disk drives (HDDs) are shared with other SaaS resources.
Upon termination of a contract, we generally work with the customer on an orderly migration plan that addresses the removal and/or disposal of customer data. Absent any other customer instructions, Kaltura may retain customer data at the termination of a contract for up to 60 days before it is deleted.
Kaltura’s services are hosted by Amazon Web Services (AWS), which is responsible for maintaining its servers for their entire duration. AWS classifies media storage devices used to store customer data as critical, meaning they are installed, serviced, and eventually destroyed according to stringent requirements. When a storage device has reached the end of its useful life, the device is decommissioned in accordance with NIST 800-88 standards.
Kaltura maintains a Business Continuity Plan (BCP) that includes a list of designated roles and responsibilities during a disaster. The BCP details timelines for actions to be taken within an hour of discovery of the disruption event, actions to be taken within the first 24 hours, and onward. The BCP also outlines testing procedures for evaluating and improving emergency incident management.
Kaltura is a cloud-based company. Our employees are located in multiple locations globally and we have a mix of office-based and remote employees. In the event of an emergency in one of our locations, we would direct employees to work from home. If equipment is damaged or lost, our employees will be sent replacements from the nearest IT team.
The Kaltura platform operates and serves our customers and their end users without any dependency on regular communication to any facility. Our platform has various levels of redundancy, as it relies on the structure and advantages of AWS Availability Zones. Each Zone holds its own data layer operations which are continuously synchronized using parallel methods: log shipping, mirroring, and daily snapshots. AWS Auto Scaling is used to deploy new virtual hosts as needed.
In addition, on the site level, Kaltura deploys a complete 1+1 network architecture including disk connectivity, FW, and LB. Parallel to that, Kaltura deploys N+1 server redundancy for browser and TVP API interface servers.
Kaltura’s Recovery Time Objective (RTO) is 3 hours, and our Recovery Point Objective (RPO) is 60 minutes.
Kaltura engages third-party technology providers, consultants, and other vendors in a variety of capacities. We maintain an External Party Management Policy to ensure and monitor our external parties’ regulatory compliance with security requirements.
Yes. Kaltura conducts security assessments and business due diligence before formally engaging any external party to ensure the external party’s capability and suitability to provide the relevant service to Kaltura.
Kaltura requires third parties to provide sufficient contractual and technical assurances of their information security, data protection practices, and privacy and confidentially compliance programs to the extent relevant in the context of their products and services. During the course of a contractual relationship, Kaltura conducts periodic reviews of our third-party suppliers to ensure adherence to contractual obligations.
Third-party providers are provided IT access according to the “least privilege” principle, with access authorization only to what is required for the third-party to perform its contracted services. Upon termination of a contract with a third-party provider, all access is revoked, and any equipment provided during the contract is returned to Kaltura.
Kaltura conducts verification checks and retains security agreements with all third-party vendors that are engaged to provide customer services.
Kaltura follows a documented and audited Security Incident Response Policy that defines incidents, responsibilities, immediate responses and reporting chains, investigations, and communication plans. The Chief Information Security Officer, together with a response team of senior Kaltura officials, are responsible for verifying whether a security incident has in fact occurred and assessing the scope of affected customers, records, and personal information disclosed or corrupted by the breach.
In cases of a verified security incident, Kaltura’s response team will prepare a communications plan to provide updates and information to affected customers about the incident. Impacted customers will be notified within 24 hours of discovery, with as much available information as possible at that time about the affected customers, users, and records involved.
You don't have credit card details available. You will be redirected to update payment method page. Click OK to continue.