SERVICE LEVEL AGREEMENT
Aria will use commercially reasonable efforts to avoid and remedy situations in which Customer is unable to transmit and receive information by means of the Service. This Service Level Agreement (“SLA”) describes the remedies available to Customer in the event Customer is unable to access the Service for some period of time.
In order for this SLA to apply, Customer must maintain both a primary and a backup connection to Aria at every Customer location. If the backup connection is over the public internet, it is Customer’s responsibility to provide a static IP address for the internet‐facing port of the backup router. If the backup connection is down for any reason, this SLA will not be applicable.
2. SERVICE AVAILABILITY
Aria shall make all Services (voice and data, where applicable) available for access and use by Customer 24 hours per day, 7 days per week, excluding any scheduled Downtime or downtime due to a Force Majeure Event, each as defined below. “Service Availability” is calculated by subtracting from 100% the result of the number of minutes of Unscheduled Downtime in a calendar month divided by the total number of minutes in such calendar month.If the monthly Service Availability is less than 99.99%, Service Level Credits are provided under Section 3 below.
3.1. “Downtime” is defined as the inability for Aria to receive and process inbound telephone calls for thirty (30) continuous minutes or longer as reported by Aria.
3.2. “Scheduled Downtime” is Downtime for which advance notice is given to the Customer. Aria shall endeavor to provide seventy‐two (72) hours advance notice to Customer for all Scheduled Downtime; however, Aria may schedule maintenance with less notice if deemed necessary by Aria at its sole discretion to ensure the safe, continued operation of the Service. Planned maintenance does not count towards Downtime and shall take place during off peak business hours (EST). The duration of Scheduled Downtime is measured in minutes and equals the amount of elapsed time from when the Service is not accessible to when the Service is accessible. Any single event that exceeds the scheduled duration will result in an outage and the amount of time that the outage exceeded the scheduled time will be counted toward the Service Availability level in the month in which the event occurred.
3.3. “Unscheduled Downtime” means time outside of Scheduled Downtime when the Service is not accessible or available to Customer for reasons other than Force Majeure Events, as defined below.
3.4. “Force Majeure Events” means any event or condition that directly or indirectly prevents Aria from performing the Services here-under, is beyond the reasonable control of Aria, and could not, by the exercise of due diligence, have been avoided in whole or in part by Aria, and shall include, subject to the foregoing and without limitation: any act of God, natural disaster, earthquake, war, riot, civil war, blockade, insurrection, terrorism, sabotage, acts of public enemies, civil disturbances or general restraint or arrest of government and people, boycott, strike (including a general strike), lockout or other similar industrial disturbance, service interruption by a telecommunications services provider, or connectivity delays with internet providers outside of Aria’s reasonable control.
4. SERVICE LEVEL CREDIT
Aria shall make a report available online to Customer which details the Service Availability for the Services during the previous month within ten (10) days after the end of such month. If the monthly Service Availability is less than 99.99%, and Customer requests a credit in writing within thirty (30) calendar days of Customer’s access to such report, Aria shall credit Customer the applicable amount indicated below as a Service Level Credit, and not as a penalty.
a. Aria shall award Customer no Service Level Credit if the monthly Service Availability is at least 99.99% (rounded to four significant figures).
b. Aria shall award Customer a Service Level Credit in an amount equal to five percent (5%) of the monthly Service Fee if the monthly Service Availability is 99.50% to 99.98% (inclusive).
c. Aria shall award Customer a Service Level Credit in an amount equal to ten percent (10%) of the monthly Service Fee if the monthly Service Availability is 99.00% to 99.49% (inclusive).
d. Aria shall award Customer a Service Level Credit in an amount equal to fifteen percent (15%) of the monthly Service Fee if the monthly Service Availability is less than 99.00%.
5. TERMINATION FOR REPEATED UNSCHEDULED DOWNTIME
Notwithstanding the foregoing, if the monthly Service Availability is less than 99.00% in any two (2) consecutive calendar months or three (3) times in any consecutive six (6) month calendar period (each a “Triggering Event”) Customer shall have thirty (30) days from the last day of the month in which the Triggering Event occurred to terminate the Services for cause by providing thirty (30) days written notice of termination. Upon receipt of a proper notice of termination, Aria shall provide Customer up to thirty (30) days of continued Services (“Transition Services”) and all fees and credits called for under the Agreement shall be in full force and effect during the Transition Services period.
IP Telephony System Architecture
While organizations can take many steps to secure their network infrastructure prior to deploying IP telephony, choosing a phone system that is inherently secure is a critical success factor. Security is inherent in the Aria system because of its fundamental architecture, including an embedded platform, distributed intelligence, and
network-independent call control.
Aria call control runs on Cisco operating system, which is the leading embedded operating system in the market. The new Aria Cisco run call control, voice mail and automated attendant on an embedded Linux operating system. All this runs on the Cisco voice switches, which are embedded devices with no moving parts other
than a fan. Altogether, Cisco voice switches deliver five-nines of availability (99.999%).
IT managers should be wIPary of systems that use Microsoft Windows for call control for obvious security reasons. Given the frequency of vulnerabilities discovered on Microsoft Windows platforms and the never-ending cycle of patching, relying on a Microsoft Windows-based IP telephony system creates a significant security risk.
IT managers should also be wary of systems that rely on server-based systems with hard disk inside their call- control platforms, because the disk is the least reliable system element and will not deliver five-nines of availability.
Aria call control is completely distributed and has no single point of failure. Since there is no single device involved with the basic telephony, the system delivers
levels of availability unmatched by even legacy PBX vendors. As with the Internet itself, its distributed nature makes it impossible to take down the entire network.
Aria also supports N+1 redundancy on a site basis as well as a system wide basis. For instance, if you need 10 Cisco voice switches, you simply add an 11th device anywhere on the network. In the event a Cisco is lost, the spare Cisco will automatically pick up the load. IP phones affected will automatically re-register with the new Cisco voice switch. If a phone call is in progress, the call will remain up until the user hangs up and only at that point will the phone re-register. Larger accounts often design N+2 redundancy by placing one spare Cisco at headquarters and another spare Cisco at a disaster recovery site.
In addition to call control being distributed, voice mail and automated attendant are distributed to Cisco voice switches as well. In fact, all the applications including voice mail, automated attendant, unified message, unified communications, operator consoles, FTP hosts and mobility services can be distributed across the network. This off-loads the wide area network of traffic as well as provides remote survivability.
If a WAN outage occurs, sites run independently. PSTN failover ensures that workers can still take calls and even retain features like four-digit dialing among offices in the event of a WAN outage. Outbound calls, including 911 calls, can still be placed via trunk lines since each location has telephones, trunks, and the intelligence to make and take calls. In the unlikely event a Cisco voice switch fails, the other switches on the network automatically take on the call-processing load.
Approaches that centralize PBX intelligence into a server inherently impact system reliability and are more vulnerable to system-wide outages because of an attack.
• Network Independent Call Control
Aria call control is independent of many networking elements. With Aria, if a router crashes or becomes congested because of data traffic from worms, viruses or DoS attacks, the system continues to operate since it is distributed and runs on embedded devices dedicated to telephony.
IP telephony systems that are integrated with the router are inherently more vulnerable to network-based attacks. Worms, viruses and DoS attacks can simultaneously cripple voice and data communications when the router is compromised since it represents a single point of failure.
The Aria system supports secure management sessions and multiple levels of administrator permissions. This way, organizations can limit control for internal administrators and ensure that only authorized outside partners are permitted to access and manage the Aria system.
• SSL Secure Management: Aria supports secure management. Sessions are encrypted using Secure Sockets Layer (SSL), which is the same protocol that is used to protect online banking sessions. SSL secures communications from the browser to and from the main Cisco server as well as between the main Cisco server and to all distributed Cisco servers.
• Multi-level System Management: PME can be deployed with multiple levels of administration, which protects critical system components from accidental or malicious threats yet grants local access for day to day changes. Typically companies reserve complete system access for a few key IT professionals and grant responsibility for moves, adds and changes (MAC) for a site to local individuals. In addition, PME supports multiple simultaneous active sessions all with user ID and password protection.
• Password Change: To ensure tight user security, passwords for both the Call Manager and voice mail telephone user interface must be changed when a worker first logs in to the system. Passwords must also meet the length requirements established by the system administrator.
• Single Sign-on: Aria provides integration with Active Directory supporting single sign using network credentials. Not only is this a simplification for the end user, it also allows you to leverage your password policy (retention, re-use, etc.) all in one place.
• Secure Firmware Delivery: To ensure only certified versions of firmware are delivered to Cisco Telephones and Cisco voice switches, all files are installed automatically on a secure FTP site on the Cisco Director and Distributed servers. Unlike TFTP servers that are open for read / write access, the Aria servers feature a secure read- only FTP site.
IP Telephony Device Registration
The Aria system is designed to ensure unauthorized IP end points cannot access system resources, while still providing plug- and-play deployment.
When an IP telephone is plugged into the network, it is automatically discovered by the Aria system and granted minimal privileges. The telephone has no feature privileges, is not able to make outbound calls, and cannot receive inbound calls. To become active with features, a user must login to the telephone with a valid user id and password configured by the administrator.
When a SIP trunk or SIP extension comes on the network, it is authenticated by the Aria system with a user id and password. Rogue SIP devices do not receive service from the Aria system.
Best Practices for Securing IP Telephony
Iron-clad IP telephony security is built on top of strong network security. Here are best practices for securing IP telephony in the WAN, the campus and local networks, and for remote users working from home or the road.
Best practices for deploying secure IP telephony over the WAN include:
• Use a VPN Between Sites. When interconnecting multiple locations, organizations may use managed networks point-to-point communications or an IP service provider. Whatever WAN connection you choose, use VPN tunnels between locations to encrypt communications.
• Use Firewalls. Use a firewall to protect your internal network from the threats coming in from the WAN and public Internet. Make sure the firewall has the performance to handle the real-time needs of VoIP traffic. Specifically, the firewall must be able to handle a large number of small packets without introducing a lot of latency. Aria has done interoperability testing and has certified Juniper/NetScreen and SonicWall firewalls.
Best practices for secure IP telephony in the local network include:
• Use Ethernet Switches. Use Ethernet switches for your all voice devices, including IP phones, SoftPhones, Cisco voice switches and Cisco servers to reduce the possibility of snooping into the voice traffic. In a switched environment, traffic flows between the two devices and cannot be observed by non-malicious users. Do not use Ethernet hubs, as it is easy to observe traffic on this shared resource.
• Put Voice in Separate VLANs. Organizations can set up separate VLANs for voice traffic, which eliminates broadcast domains and segregates traffic for improved performance and security. Using VLANs can limit the number of ports for which voice traffic is destined, adding to security. With Aria, VLANs
IDs can be set automatically using DHCP, which saves time. Aria phones also support Link Layer Discovery Protocol (LLDP) which is an open standard method to assign VLAN tags at Layer 2.
• Prioritize Voice Over Data (LAN). The VLAN can be used to prioritize voice over data on the local area network, which can allow the voice traffic to get through even when data traffic is intense — including some network attacks. Check your network switches to ensure they can prioritize based on VLAN (or DiffServ) tags and that they support multiple queues.
• Prioritize Voice Over Data (LAN/WAN). DiffServ should be used to prioritize voice over data on the LAN and the WAN to ensure the voice traffic gets through even when data traffic is intense—including some network attacks. Check your WAN access devices to ensure they can prioritize based on DiffServ and that they support multiple queues.
• Rate Limiting. Critical network elements like routers and switches should use rate limiting to make sure a single traffic flow cannot consume the entire resource, such as CPU, memory, or bandwidth, in the face of a DoS attack.
• Port Lockdown. For stronger security, companies can lock down VoIP traffic on physical switch ports so that only devices with specified MAC addresses may transmit over the specified port. This process is labor-intensive but it can mitigate local threats. Some Ethernet switch vendors have software to automate this process.
• Prevent Eavesdropping. A malicious employee or intruder who has penetrated your network can use snooping tools to capture a session before the call is initiated and play back the communications later. Attackers can fake the MAC address of a client, pretending to be a legitimate device, and gain access to the network. With port mirroring, all the traffic on one switch port is simultaneously sent to a network analyzer connected to another port. An intruder can use then snoop the network traffic.
Aria system supports 128-bit AES media encryption which is the ultimate protection against electronic eavesdropping and replay attacks. Even if someone successfully taps the media stream, they cannot decode and understand the conversation.
Best practices for deploying secure IP telephony on campus networks, on building floors and in workgroups include:
• Use VPNs Between Buildings. Use a VPN between buildings on a campus or floors in a building. Because the traffic is encrypted, the information inside the VPN tunnel is protected from eavesdropping.
• Use VPNs for Departments. Deploy VPNs between key departments, such as human resources, finance, executives or legal, whose conversations are often company confidential.
• Use Encryption for Important Individuals. Use the media stream encryption feature to protect communications for extremely important users like generals or CEOs. Media stream encryption is more cost effective and simpler to deploy than VPNs.Best practices for deploying secure IP telephony to remote workers include:
• Use Software VPNs for Soft Phones. Employees working from home or on the road connect to the corporate network over untrusted connections, be it cable or DSL from home or from a Wi-Fi hotspot at the hotel or coffee shop. Remote workers using the Aria IP SoftPhone should use a software-based VPN.
• Use Built-in SSL VPN for IP phones. Remote workers using IP phones should use the built-in SSL VPN capability available on the 230g, 560g and 565g telephones. These phones feature the industry’s first built-in SSL VPN client (not IPSEC) that terminates on the Cisco VPN Concentrator. Unlike IPSEC tunnels that are typically blocked by firewalls, SLL tunnels look like web traffic and pass through corporate networks. This flexibility allows the phones to be deployed even at shared or temporary office locations.
Telephony Class of Service Protects Against Service Thefts
The IP telephony system itself should protect companies against service thefts such as toll fraud and feature abuse. That protection is built right into the Aria system. With Aria, anything that costs your organization money or can lead to feature abuse can be controlled through class of service. This includes the ability to restrict calling (i.e., long distance and international), overhead paging, trunk-to-trunk transfers, and transferring and forwarding to external numbers. Aria gives administrators complete control over telephony, call and voice mail feature permissions.
Users are placed into user groups which in turn are assigned telephony, call, and voice mail permissions. The following telephony permissions can be controlled:
• Maximum Number of Calls
• Maximum Buddies per User
• Maximum Parties in Make Me Conference
• Allow Inter-site Video Calls
• Allow Call Pickup
• Allow Trunk-to-Trunk Transfer
• Allow Overhead and Group Paging
• Allow Make Hunt Group Busy
• Allow Extension Reassignment
• Allow PSTN Failover
• Show Caller ID Name and Number on Monitored Extensions
• Allow Customization of IP Phone Buttons and Call Manager Monitor Windows
• Show Extensions with Different Prefixes in Directory
• Allow Collaboration Features
• Allow Recording of Own Calls
• Allow Directed Intercom / Paging
• Accept Director Intercom / Paging
Allow Barge In
• Accept Barge In
• Allow Record Other's Calls
• Accept Record Other's Calls
• Allow Silent Monitor Other's Calls
• Accept Silent Monitor Other's Calls
• Allow Call Handling Changes
• Allow External Call Forwarding and Find Me Destinations
The following call permissions can be controlled:
• Internal Only
• Local Only
• National Long Distance
• National Mobile
International Long Distance
• Wildcards allow complete customization of outbound calling
The following voice mail permissions can be controlled:
• Maximum Incoming Messages
• Incoming Message Length
• Outgoing Message Length
• Saved / Unheard Message Retention Period
• Heard Message Retention Period
• Lifespan of Voice Mail Password
• Allow Access to Broadcast Distribution List
• Allow Access to System Distribution Lists
• Allow Message Notification
• Allow Message Notification to External Number
In addition, the Aria system can change class of service permissions by time of day, which is important for vertical markets like manufacturing and education that need more restrictive permissions during off hours. For instance, in manufacturing it is common to allow long distance during the day when the supervisor is present but restrict long distance in the evenings and weekends when cleaning personnel are in the building.
The Aria system also supports authorization codes and associated reporting. This allows users with the proper authorization to place outbound calls from restricted telephones.
The Aria system has been purposely designed not to provide dial tone to any calling party from the voice mail user interface. This eliminates the chance of someone hacking the PIN code on a mailbox and having free calling anywhere in the world. Other systems that support “Direct Inward System Access (DISA)” expose the customer to potential toll fraud.
Preventative DoS and Hacking Approach
As mentioned, the inherent distributed nature of the Aria architecture makes the system robust
in the face of denial of service attacks.
In addition, Aria Performance Engineers use advanced tools to purposely attack the system to find any vulnerabilities. Aria Design Engineers than correct any concerns prior to each and every release.
Aria also disabled Telnet on all Cisco voice switches. Only with UserID and Password can Telnet be enabled and then only from a specific source. This has the benefit of allowing advanced troubleshooting when needed but locks down any possibility of hackers gaining access.
Denial of Service (DoS) Attack — An assault on a network that floods it with so many additional requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worm, which can cause severe damage to databases, a denial of service attack interrupts network service for some period. VoIP is susceptible to several types of DoS attacks, including malformed requests, media, flood attacks and load-based attacks. These DoS attacks include:
• Malformed Request DoS — Carefully crafted protocol requests can be used to exploit a known vulnerability resulting in a partial or complete loss of service.
• DoS on Media — VoIP media is carried within Real Time Protocol (RTP) packets and is vulnerable to any attack that congests the network or slows the ability of a phone or gateway to process packets in real time. An attacker who has access to the network where media is present can inject large numbers of media packets or high quality of service packets, which will contend with legitimate media packets.
• Load-based DoS Attacks — Flooding a target with legitimate requests can easily overwhelm a system. Even without an actual VoIP request, a DoS attack such as TCP SYN Flood can prevent a device from being able to accept calls for long periods of time.
Intrusion Detection System (IDS) — Software that detects an attack on a network or computer. IDS monitor traffic for signatures of known attacks or look for derivations of normal routines as an indication of an attack.
Intrusion Prevention System (IPS) — Software that prevents an attack on a network or computer. An IPS stops the attack from damaging or retrieving data, whereas an intrusion detection system passively monitors threats.
Internet Protocol Security (IPSEC) — A suite of protocols for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream.
Firewall — A firewall allows or blocks traffic into and out of a private network, keeping it secure from intruders. To effectively support VoIP, look for a firewall that can perform deep packet inspection and transformation of embedded IP addresses and port information.
SPAM — E-mail that is not requested. Spam is used to advertise products or to broadcast some political or social commentary.
SPIT — Spam over Internet telephony (SPIT) is unsolicited bulk messages broadcast over VoIP to phones connected to the Internet. It is a small but growing program. IP telephony makes an effective channel for commercial voice mail messages because the sender can send messages in bulk instead of dialing each number separately. Unscrupulous marketers can use spambots to harvest VoIP addresses or may hack into a computer used to route VoIP calls.
Secure Sockets Layer (SSL) — The leading security protocol on the Internet, SSL is widely used to validate the identity of a Web site and to create an encrypted connection for sending credit card and other personal data.
Trojan Horse — A program that appears legitimate, but performs some illicit activity when it is run. A Trojan horse is similar to a virus, except that it does not replicate itself. It stays in the computer doing its damage or allowing somebody from a remote site to take control of the computer.
Virtual LAN (VLAN) — A group of devices on one or more LANs that are configured so that they can communicate as if they were attached to the same wire, when actually located on different LAN segments.
Virtual Private Network (VPN) — Enterprises use VPNs to secure communications over site-to-site connections to branch offices and to allow mobile users to dial up to their company networks. Communications are encrypted using IPSec or SSL.
Worm — A destructive program that replicates itself throughout disk and memory, using up the computer's resources and eventually taking the system.
Our Web server automatically recognizes the consumer's domain name of each visitor to our Web site, but the individual user remains anonymous. We do this in order to analyze data for statistics and trends.
We collect the e-mail addresses of those who communicate with us via e-mail.
The information we collect is used by us to contact consumers for marketing purposes. If you do not want to receive e-mail from us in the future, please let us know by e-mailing firstname.lastname@example.org
You can set your browser to notify you when you receive a cookie and then decide whether or not to accept it.
If you supply us with your postal address online, you may receive periodic mailings from us with information regarding new products and services or upcoming events. If you do not wish to receive such mailings, please let us know by e-mailing email@example.com
If you supply us with your telephone number online, you may receive telephone contact from us with information regarding new products and services or upcoming events. If you do not wish to receive such telephone calls, please let us know by e-mailing firstname.lastname@example.org
From time to time, we may use customer information for new, unanticipated uses not previously disclosed in our privacy notice. If our information practices change at some time in the future, we will post the policy changes to our Web site and provide you with the ability to opt out of these new uses. If you are concerned about how your information is used, you should check back in with our Web site periodically. You may prevent your information from being used for purposes other than those for which it was originally collected by e-mailing email@example.com
Upon request, we provide site visitors with access to unique identifier information (e.g., customer number or password) and contact information (e.g., name, address, phone number) that we maintain. Consumers can access this information by e-mailing firstname.lastname@example.org
Upon request, we offer visitors the ability to have inaccuracies corrected in contact information. You can have this information corrected by e-mailing email@example.com
We use industry-standard encryption technologies when transferring and receiving consumer data exchanged with our site.
If you feel that this site is not following its stated information policy, you may contact us.
Some content on our site requires you to complete a registration form. Information that you provide in these forms is used solely by Aria and third-party affiliates, resellers, joint marketing partners, consultants, agents or contractors.
We do not share personal information with advertisers or marketing organizations, except for those that assist Aria with its own direct advertising.
We have implemented Age, Gender, and Interest Category reporting on our site via Google Analytics Advertising Features. Our website utilizes first-party cookies (Google Analytics) and third-party cookies (Google advertising cookies) in order for us to better understand our web visitors. If you would like to opt-out of the Google Analytics Advertising Features please email us at firstname.lastname@example.org
Rules of Use
Aria expects each of its customers to follow these Rules. Violation of these Rules by any customer may result in suspension or termination of such customer's account with Aria without refund. If any person is aware that any Aria customer is violating these Rules, Aria requests that such person report the violation by calling Aria at (212) 293-1312 or by emailing Aria at email@example.com
Aria customers are prohibited from using Aria's services, system or network, any system or network of any other person that is accessed by means of Aria's services, system or network or any system or network of any other Aria customer, to access the Internet in order to use the Internet in any of the following manners, for any of the following purposes or to take any of the following actions:
1. in any manner that encumbers system or network resources to the point that usage causes interference with other customers' normal use of services, either on Aria’s system or network or any remote system or network;
2. use of auto dialers or use of the Service in a manner that can be interpreted as abusive or fraudulent;
3. to make or attempt to make any unauthorized intrusion or entry into any part of, to violate or attempt to violate the security or integrity of, or to interfere or attempt to interfere with the proper operation of, Aria’s system or network or any system or network of any other person (including, without limitation. any other customer of Aria);
4. to harass anyone in any way;
5. for the unauthorized distribution of copyrighted material;
6. in any manner or for any purpose that violates any Federal, state, local or foreign law, regulation or ordinance;
7. in any manner that may infringe upon any copyright, trademark, service mark, patent, trade secret or other intellectual property right of any person (including, without limitation, any other customer of Aria);
8. in any manner that may violate any privacy, publicity or other personal rights of any person (including, without limitation, any other customer of Aria);
9. to transmit any information that is unlawful, harmful, threatening, abusive, harassing, tortious, defamatory, vulgar, pornographic, obscene, libelous, hateful or racially, ethnically or otherwise objectionable;
10. to impersonate any person (including, without limitation, any other customer of Aria) or to misrepresent an affiliation with any person (including, without limitation, any other customer of Aria);
11. to transmit any information that Customer does not have a right to transmit, whether because of a contractual obligation (such as a confidentiality or non-disclosure agreement) or otherwise;
12. to transmit, send, place or post unsolicited telephone calls, texts or other information to posting individuals or entities;
13. to send unsolicited advertising, promotional materials;
14. to access any server, account or data that you are not authorized to access;
15. to transmit anything that contains corrupted data or that contains a virus, Trojan horse, worm, time bomb or cancelbot, or any other computer programming routine or engine that is intended to damage, detrimentally interfere with, surreptitiously intercept or expropriate any
system, data or information;
16. to decipher, decompile, disassemble or reverse engineer any elements or Aria's system or network or of any system or network of any other person (including, without limitation. any other customer of Aria), or to attempt to do so; or
17. to use or transmit information or materials without all applicable copyright, trademark, service mark, patent or other proprietary authorization, indicia and notices.
Customer acknowledges and understands that there are federal and state statutes governing the electronic recording of telephone conversations and that Aria will not be liable for any illegal use of the service. Because Customer circumstances vary widely, Customers should carefully review their own circumstances when deciding whether to use the recording features of the service and it is the Customer's responsibility to determine if the electronic recordings are legal under applicable federal and state laws. Aria is not responsible for any misinterpretation, lack of understanding or lack of knowledge regarding the use of electronic recordings or the use of its products by the Customer, whether legal or illegal, and Customer will indemnify and hold Aria harmless for any claims, damages, fines, or penalties arising out of Customer's failure to adhere to applicable electronic recording laws.
Responsibility for Registration Information and Content of Customer Communications
Customer is solely responsible for maintaining the confidentiality of Customer's Login, and will not to transfer Login, email address or password, or lend or otherwise transfer use of or access to the Aria Services, to any third party. Customer is solely responsible for any and all activities that occur under Customer's account. Customer will comply with applicable foreign, federal, state, and local law in its use of the Services, including but not limited to laws regarding privacy, online behavior, acceptable content, and the transmission of equipment and information under applicable export laws. Recognizing the global nature of the Internet,
Customer also agrees to comply with applicable local rules or codes of conduct (including, if applicable, codes of conduct or policies imposed by employers) regarding online behavior and acceptable content. Use of the Services is void where prohibited. Customer will immediately notify Aria of any unauthorized use of Customer's account or any other breach of security related to Customer's account or the Aria Services, and to ensure that Customer completes a "log off"/exit from Customer's account (if applicable) at the end of each session. Aria is not liable for any loss or damage arising from Customer failure to comply with any of the foregoing obligations.
In consideration for using the Aria Services, Customer will: (1) provide certain current, complete, and accurate information about Customer when prompted to do so by the Aria Services, and (2) maintain and update this information as required to keep it current, complete and accurate. Customer warrants that any such information will be accurate. Customer agrees that Customer is solely responsible for the content of all visual, written or audible communications ("Content") sent by Customer or displayed or uploaded by Customer in using the Services. Although Aria is not responsible for any such communications, Aria may delete any such communications of which Aria becomes aware, at any time without notice to Customer. Customer retains copyright and any other rights already held in content that Customer submits, posts or displays on or through, the Services. Customer understands and agrees that by displaying, exchanging or uploading Content to the Aria website, transmitting Content using the Services or otherwise providing Content to Aria, Customer automatically grant (and warrant and represent Customer has a right to grant) to Aria a world-wide, royalty-free, sub-licensable (so Aria affiliates, contractors, resellers and partners can deliver the Services) perpetual,
irrevocable license to use, modify, publicly perform, publicly display, reproduce and distribute the Content in the course of offering the Services, including associates websites ("Sites").
Responsibility for Content of Others
Customer acknowledges that agents or other users of the Services ("Users") may violate one or more of the above prohibitions, but Aria assumes no responsibility or liability for such violation. If Customer becomes aware of misuse of the Services by any person, please e-mail Aria Customer Support at firstname.lastname@example.org. Aria may investigate any complaints and violations that come to its attention and may take any action that it believes is appropriate, including, but not limited to issuing warnings, removing the content or terminating accounts and/or user or agent profiles and/or Login. However, because situations and interpretations vary, Aria also reserves the right not to take any action. Under no circumstances will Aria be liable in any way for any data or other content available on a Site, viewed or
actions taken while using the Services, including, but not limited to, any errors or omissions in any such data, content or activity or any loss or damage of any kind incurred as a result of the use of, access to, or denial of access to any data, content or activities incurred from the actions taken on a Site. Aria does not endorse and has no control over what users or agents post, submit to or do on a Site.
Customer acknowledges that Aria cannot guarantee the accuracy of any information submitted by any agent or user of a Site, nor any identity information about any agent or user. Aria reserves the right, in its sole discretion, to reject, posting or other data, or to restrict, suspend, or terminate any user's or agent's access to all or any part of Services or any Site at any time, for any or no reason, with or without prior notice, and without liability. Aria reserves the right to investigate and take appropriate action against anyone who, in Aria's sole discretion, is suspected of violating these Rules of Use.
Responsibility for Toll Fraud
Customer agrees to notify Aria promptly if it becomes aware of any fraudulent or unauthorized use of its account, Service, or Equipment. Aria shall not be liable for any damages whatsoever resulting from fraudulent or unauthorized use of Customer’s account and the payment of all charges to Customer’s account shall be and remain the responsibility of Customer.