Terms and Conditions

Welcome to CoHost Podcasting!

These terms and conditions outline the rules and regulations for the use of Quill Inc's Website, located at https://www.cohostpodcasting.com.

By accessing this website we assume you accept these terms and conditions. Do not continue to use CoHost Podcasting if you do not agree to take all of the terms and conditions stated on this page.

The following terminology applies to these Terms and Conditions, Privacy Statement and Disclaimer Notice and all Agreements: "Client", "You" and "Your" refers to you, the person log on this website and compliant to the Company's terms and conditions. "The Company", "Ourselves", "We", "Our" and "Us", refers to our Company. "Party", "Parties", or "Us", refers to both the Client and ourselves. All terms refer to the offer, acceptance and consideration of payment necessary to undertake the process of our assistance to the Client in the most appropriate manner for the express purpose of meeting the Client's needs in respect of provision of the Company's stated services, in accordance with and subject to, prevailing law of Netherlands. Any use of the above terminology or other words in the singular, plural, capitalization and/or he/she or they, are taken as interchangeable and therefore as referring to same.


Cookies

We employ the use of cookies. By accessing CoHost Podcasting, you agreed to use cookies in agreement with the Cohostpodcasting’s Privacy Policy. 

Most interactive websites use cookies to let us retrieve the user's details for each visit. Cookies are used by our website to enable the functionality of certain areas to make it easier for people visiting our website. Some of our affiliate/advertising partners may also use cookies.

‍‍

License

Unless otherwise stated, Cohostpodcasting and/or its licensors own the rights to collect data for all the podcasts hosted on CoHost Podcasting. All intellectual property rights are reserved. You may access this from CoHost Podcasting for your own personal use subjected to restrictions set in these terms and conditions.

You must not:

    • Republish material from CoHost Podcasting

    • Sell, rent or sub-license material from CoHost Podcasting

    • Reproduce, duplicate or copy material from CoHost Podcasting

    • Redistribute content from CoHost Podcasting

This Agreement shall begin on the date hereof February 1st, 2022

Parts of this website offer an opportunity for users to post and exchange opinions and information in certain areas of the website. Cohostpodcasting does not filter, edit, publish or review Comments prior to their presence on the website. Comments do not reflect the views and opinions of Cohostpodcasting,its agents and/or affiliates. Comments reflect the views and opinions of the person who posts their views and opinions. To the extent permitted by applicable laws, Cohostpodcasting shall not be liable for the comments or for any liability, damages or expenses caused and/or suffered as a result of any use of and/or posting of and/or appearance of the comments on this website.

Cohostpodcasting reserves the right to monitor all comments and to remove any comments which can be considered inappropriate, offensive or causes breach of these Terms and Conditions.

You warrant and represent that:

    • You are entitled to post the comments on our website and have all necessary licenses and consents to do so;

    • The comments do not invade any intellectual property right, including without limitation copyright, patent or trademark of any third party;

    • The comments do not contain any defamatory, libelous, offensive, indecent or otherwise unlawful material which is an invasion of privacy

    • The comments will not be used to solicit or promote business or custom or present commercial activities or unlawful activity.

You hereby grant Cohostpodcasting a non-exclusive license to use, reproduce, edit and authorize others to use, reproduce and edit any of your Comments in any and all forms, formats or media.‍

Hyperlinking to our Content

The following organizations may link to our Website without prior written approval:

    • Government agencies;

    • Search engines;

    • News organizations;

    • Online directory distributors may link to our Website in the same manner as they hyperlink to the Websites of other listed businesses; and

    • System wide Accredited Businesses except soliciting non-profit organizations, charity shopping malls, and charity fundraising groups which may not hyperlink to our Website.

These organizations may link to our home page, to publications or to other Website information so long as the link: (a) is not in any way deceptive; (b) does not falsely imply sponsorship, endorsement or approval of the linking party and its products and/or services; and (c) fits within the context of the linking party's site.

We may consider and approve other link requests from the following types of organizations:

    • commonly-known consumer and/or business information sources;

    • dot.com community sites;

    • associations or other groups representing charities;

    • online directory distributors;

    • internet portals;

    • accounting, law and consulting firms; and

    • educational institutions and trade associations.

We will approve link requests from these organizations if we decide that: (a) the link would not make us look unfavorably to ourselves or to our accredited businesses; (b) the organization does not have any negative records with us; (c) the benefit to us from the visibility of the hyperlink compensates the absence of Cohostpodcasting; and (d) the link is in the context of general resource information.

These organizations may link to our home page so long as the link: (a) is not in any way deceptive; (b) does not falsely imply sponsorship, endorsement or approval of the linking party and its products or services; and (c) fits within the context of the linking party's site.

If you are one of the organizations listed in paragraph 2 above and are interested in linking to our website, you must inform us by sending an email to alison@quillit.io. Please include your name, your organization name, contact information as well as the URL of your site, a list of any URLs from which you intend to link to our Website, and a list of the URLs on our site to which you would like to link. Wait 2-3 weeks for a response.

Approved organizations may hyperlink to our Website as follows:

    • By use of our corporate name; or

    • By use of the uniform resource locator being linked to; or

    • By use of any other description of our Website being linked to that makes sense within the context and format of content on the linking party's site.

No use of Cohostpodcasting's logo or other artwork will be allowed for linking absent a trademark license agreement.

Content Liability

We shall not be held responsible for any content that appears on your Website. You agree to protect and defend us against all claims that are rising on your Website. No link(s) should appear on any Website that may be interpreted as libelous, obscene or criminal, or which infringes, otherwise violates, or advocates the infringement or other violation of, any third party rights.

Your Privacy

Please read Privacy Policy

Reservation of Rights

We reserve the right to request that you remove all links or any particular link to our Website. You approve to immediately remove all links to our Website upon request. We also reserve the right to amend these terms and conditions and it's linking policy at any time. By continuously linking to our Website, you agree to be bound to and follow these linking terms and conditions.

Removal of links from our website

If you find any link on our Website that is offensive for any reason, you are free to contact and inform us any moment. We will consider requests to remove links but we are not obligated to or so or to respond to you directly.

We do not ensure that the information on this website is correct, we do not warrant its completeness or accuracy; nor do we promise to ensure that the website remains available or that the material on the website is kept up to date.

Disclaimer

To the maximum extent permitted by applicable law, we exclude all representations, warranties and conditions relating to our website and the use of this website. Nothing in this disclaimer will:

    • limit or exclude our or your liability for death or personal injury;

    • limit or exclude our or your liability for fraud or fraudulent misrepresentation;

    • limit any of our or your liabilities in any way that is not permitted under applicable law; or

    • exclude any of our or your liabilities that may not be excluded under applicable law.

The limitations and prohibitions of liability set in this Section and elsewhere in this disclaimer: (a) are subject to the preceding paragraph; and (b) govern all liabilities arising under the disclaimer, including liabilities arising in contract, in tort and for breach of statutory duty.

As long as the website and the information and services on the website are provided free of charge, we will not be liable for any loss or damage of any nature.

PII DATA

Cohostpodcasting recognizes its need to maintain the confidentiality of Personal Identity Information (PII) and understands that such information is unique to each individual. The PII covered by this policy may come from various types of individuals performing tasks on behalf of the company and includes employees, applicants, independent contractors and any PII maintained on its customer base. The scope of this policy is intended to be comprehensive and will include company requirements for the security and protection of such information throughout the company and its approved vendors both on and off work premises.

Departments named in this policy have delegated authority for developing and implementing procedural guidance for ensuring that their departmental responsibilities under this policy are communicated and enforced.

Key Elements 

Personal Identity Information (PII): Unique personal identification numbers or data, including:

  • Full name
  • Email

As is standard practice on many corporate websites, Cohostpodcasting also logs non-personally identifiable information which includes, without limitation, IP address, profile information, aggregate user data, device type and browser type at login for security purposes. Cohostpodcasting will not use the information collected to market directly to that person. This non-personally-identifiable information may be shared with third-parties to provide more relevant services and advertisements to users. User IP addresses are unlinkable to the personally identifying information of any particular user.

Cohostpodcasting may use pixel tags (tiny graphic images) to tell us what parts of the Cohostpodcasting Websites (an upcoming feature), Cohostpodcasting embeds and Cohostpodcasting Campaigns (an upcoming feature) have been visited or to measure the effectiveness of searches users perform. Pixel tags also enable us to send email messages in a format users can read, and they also tell us whether emails have been opened to assure that we’re only sending email messages that are of interest to our users. Cohostpodcasting stores all of this information in the AWS RDS database.

We also use Google Analytics, a web analytics service. Google Analytics uses cookies to help us analyze how visitors use our main website as well as the application website. The information generated by cookies about your use of the Cohostpodcasting Products and Services (including your IP address) will be transmitted to and stored by a Google server in the United States. Google uses this information for the purpose of evaluating your use of our platform, compiling reports on site activity for site operators, and providing site operators with other services relating to site activity and Internet usage. You can prevent the storage of data relating to your use of Cohostpodcasting products by downloading and installing the browser plug-in available here. You can obtain additional information on Google Analytics’ collection and processing of data and data privacy and security at the following links: How Google Uses Information From Sites Or Apps That Use Our Services and Analytics Help.

PII may reside in hard copy or electronic records; both forms of PII fall within the scope of this policy.

Vendors: Individual(s) or companies that have been approved by the Contracts Department as a recipient of organizational PII and from which the Contracts Department has received certification of their data protection practices conformance with the requirements of this policy. Vendors include all external providers of services to the company and include proposed vendors. No PII information can be transmitted to any vendor in any method unless the vendor has been pre-certified for the receipt of such information.

PII Retention: Cohostpodcasting understands the importance of minimizing the amount of PII data it maintains and retains such PII only as long as necessary. A joint task force comprising members of the Legal, Finance, IT, Contracts and Human Resources departments maintains organizational record retention procedures, which dictate the length of data retention and data destruction methods for both hard copy and electronic records. In case a user decides to move away from the platform, PII data is retained for 14 days after which all the electronic data related to the user is removed from our database.

PII Training: All new hires entering the company who may have access to PII are provided with introductory training regarding the provisions of this policy. Employees in positions with regular ongoing access to PII or those transferred into such positions are provided with training reinforcing this policy and procedures for the maintenance of PII data and shall receive annual training regarding the security and protection of PII data and company proprietary data

PII Audit(s): Cohostpodcasting conducts audits of PII information maintained by the company in conjunction with fiscal year closing activities to ensure that this policy remains strictly enforced and to ascertain the necessity for the continued retention of PII information. Where the need no longer exists, PII information will be destroyed in accordance with protocols for destruction of such records and logs maintained for the dates of destruction. The audits are conducted by Finance, IT, Contracts and Human Resources departments under the auspices of the Legal department.

Data Breaches/Notification: Databases or data sets that include PII may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, the company will notify all affected individuals whose PII data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible and in no event be later than the commencement of the payroll period after which the breach was discovered.

The Legal department will handle breach notifications(s) to all governmental agencies to whom such notice must be provided in accordance with time frames specified under these laws. Notices to affected individuals will be communicated by Human Resources after consultation with the Legal department and within the time frame specified under the appropriate law(s).

Data Access: Cohostpodcasting maintains multiple IT systems where PII data may reside; thus, user access to such IT systems is the responsibility of the IT department. The  IT department has created internal controls for such systems to establish legitimate access for users of data, and access shall be limited to those approved by IT. Any change in vendor status or the termination of an employee or independent contractor with access will immediately result in the termination of the user’s access to all systems where the PII may reside.

Data Transmission and Transportation

1. Company Premises Access to PII: The Finance, Human Resources and IT departments have defined responsibilities for on-site access of data that may include access to PII; IT has the oversight responsibility for all electronic records and data access capabilities. Finance and Human Resources have the operational responsibility for designating initial access and termination of access for individual users within their organizations and providing timely notice to IT.

2. Vendors: Cohostpodcasting may share data with vendors who have a business need to have PII data. Where such inter-company sharing of data is required, the IT department is responsible for creating and maintaining data encryption and protection standards to safeguard all PII data that resides in the databases provided to vendors. Approved vendor lists will be maintained by the Contracts department, and Contracts have responsibility to notify IT of any changes to vendor status with the company.

3. Portable Storage Devices: Cohostpodcasting reserves the right to restrict PII data it maintains in the workplace. In the course of doing business, PII data may also be downloaded to laptops or other computing storage devices to facilitate company business. This data is protected through data obfuscation and encryption. The IT department has responsibility for maintaining data encryption and data protection standards to safeguard PII data that resides on these portable storage devices.

4. Off-Site Access to PII: Cohostpodcasting understands that employees may need to access PII while off site or on business travel, and access to such data shall not be prohibited, subject to the provision that the data to be accessed is minimized to the degree possible to meet business needs and that such data shall reside only on assigned laptops/approved storage devices that have been secured in advance by the IT department.

Regulatory Requirements: It is the policy of the company to comply with any international, federal or state statute and reporting regulations. Cohostpodcasting has delegated the responsibility for maintaining PII security provisions to the departments noted in this policy. Cohostpodcasting Legal department shall be the sole entity named to oversee all regulatory reporting compliance issues. If any provision of this policy conflicts with a statutory requirement of international, federal or state law governing PII, the policy provision(s) that conflict shall be superseded.

Employee Hotline: If an employee has reason to believe that his or her PII (please refer to what constitutes PII) data security has been breached or that company representative(s) are not adhering to the provisions of this policy, an employee should contact support@cohostpodcasting.com, cc: abhinav@quillit.io immediately.

Confirmation of Confidentiality: All company employees must maintain the confidentiality of PII as well as company proprietary data to which they may have access and understand that such PII is to be restricted to only those with a business need to know. Employees with ongoing access to such data will sign acknowledgement reminders annually attesting to their understanding of this company requirement.

Violations of PII Policies and Procedures: Cohostpodcasting views the protection of PII data to be of the utmost importance. Infractions of this policy or its procedures will result in disciplinary actions under the company’s discipline policy and may include suspension or termination in the case of severe or repeat violations. PII violations and disciplinary actions are incorporated in the company’s PII onboarding and refresher training to reinforce the company’s continuing commitment to ensuring that this data is protected by the highest standards.

Security Policy

HTTPS and HSTS for secure connections 

Cohostpodcasting forces HTTPS for all services using TLS (SSL), including our public website and Cohostpodcasting Application.

We regularly audit the details of our implementation, including the certificates we serve, the certificate authorities we use, and the ciphers we support. We use HSTS to ensure that browsers interact with Cohostpodcasting only over HTTPS. Cohostpodcasting is also on the HSTS preloaded lists for both Google Chrome and Mozilla Firefox.

Encryption of sensitive data and communication 

All passwords are encrypted at rest with Argon 2. Decryption keys are managed using AWS KMS and rotated every 60 days. We use AWS RDS for storing our data which is encrypted at rest. For temporary data storage, we use AWS Elasticache which is protected at rest and at transit. All our critical servers (database, key management, document store etc.) lie behind a bastion server which can be only accessed through a specific location and SSH key. Only our app servers are exposed to the internet and can be only accessed via a load balancer. 

Reporting vulnerabilities 

Vulnerabilities should be reported directly to the CTO at abhinav@quillit.io with the subject line Vulnerability detected - {short description of the vulnerability}

Ineligible Vulnerabilities

Cohostpodcasting does not consider the following to be eligible vulnerabilities:

Account squatting by preventing users from registering with certain email addresses

Attacks requiring MITM or physical access to a user’s device

Best practice reports without a valid exploit (for example, use of “weak” TLS ciphers)

Clickjacking on pages with no sensitive actions

Comma Separated Values (CSV) injection without demonstrating a vulnerability

Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS

Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no sensitive actions

Denial of service

Disclosure of server or software version numbers

Hypothetical subdomain takeovers without supporting evidence

Issues that require unlikely user interaction

Missing best practices in Content Security Policy

Missing best practices in SSL/TLS configuration

Missing email best practices (invalid, incomplete or missing SPF/DKIM/DMARC records, and so on)

Missing HttpOnly or Secure flags on cookies

Open redirect - unless an additional security impact can be demonstrated

Perceived security weaknesses without concrete evidence of the ability to compromise a user (for example, missing rate limits, missing headers, and so on)

Previously known vulnerable libraries without a working Proof-of-Concept

Public Zero-day vulnerabilities that have had an official patch for less than 1 month will be awarded on a case by case basis

Rate limiting or bruteforce issues on non-authentication endpoints

Reports exploiting the behavior of, or vulnerabilities in, outdated browsers

Reports of spam

Self-XSS

Session invalidation or other improved-security related to account management when a credential is already known (for example, password reset link does not immediately expire, adding MFA does not expire other sessions, and so on)

Social engineering

Software version disclosure / Banner identification issues / Descriptive error messages or headers (for example, stack traces, application or server errors)

Tabnabbing

Unconfirmed reports from automated vulnerability scanners

User/merchant enumeration

Vulnerabilities only affecting users of outdated or unpatched browsers (less than 2 stable versions behind the latest released stable version)

Operational security

Security at Cohostpodcasting is at the heart of any feature development on the platform

Vulnerability management

Cohostpodcasting uses various open source softwares to scan for vulnerabilities on a regular basis. Our Nginx proxy is constantly updated to follow the latest guidelines and our code is scanned regularly using SAST methodologies. We subscribe to OWASP top 10 security bulletin as well as Rails specific CVE alerts.

Malware prevention

An effective malware attack can lead to account compromise, data theft, and possibly additional access to a network. All files uploaded to Cohostpodcasting are scanned using ClamAV software for malware.

Monitoring

Cohostpodcasting’s security monitoring program is focused on information gathered from internal network traffic, employee actions on systems, and outside knowledge of vulnerabilities. Internal traffic is inspected for suspicious behavior, such as the presence of traffic that might indicate botnet connections, at many points across our global network, using an open-source software.

We Obey The Law

We may also share your data to third parties as necessary to comply with applicable laws or to protect the security of Cohostpodcasting services, its corporate parents, affiliates and subsidiaries.

If you listen to a podcast through an app or a third-party website, your data may also be collected by that app or website, and you should check the privacy policy of the podcast app/website that you use.

Sub-Processors

Quill may engage sub-processors to process Customer Data. A list of sub-processors currently engaged by Quill and authorized by Customer is available upon request. Quill shall notify Customer in advance of any changes to the list of sub-processors, thereby giving Customer the opportunity to object to the engagement of new sub-processors.

If you have any questions regarding the above, we’d love to help. Contact us today at support@cohostpodcasting.com.