From Deflect Public wiki
Jump to: navigation, search

1. About us[edit] Inc. is a Canadian corporation (, we, or us) that provides a distributed denial of service (DDoS) mitigation service called Deflect (Deflect or, the Service) to individuals, organisations, and businesses engaged in advocacy efforts that empower civil society and defend human rights and freedoms (you). We operate the website and its subdomains. We are based in Montreal, Canada but our team is located all over the world. Please refer to the Manifesto to learn more about us.

By registering for the Deflect service you agree to be bound by and to comply with these terms of service and our Privacy Notice (collectively, the Terms).

2. What is Deflect?[edit]

Deflect is a DDoS mitigation service. Our goal is to create a community-driven and open-source technical response to DDoS attacks which result in the censorship of online voices promoting and defending civil liberties and human rights.

Deflect is comprised of the following services:

  • A distributed reverse proxy caching network (Deflect Network)
  • A control panel to manage your website’s protection (Deflect Dashboard)
  • An optional website hosting service (EQpress)

3. Who Can Use Deflect?[edit]

Deflect protection is offered to civil society groups and individuals working to defend human rights and create independent media. Our services are also available to those promoting democracy, ecology, women’s rights and the principles enshrined in the International Bill of Human Rights.

4. Using Deflect[edit]

Deflect is a free service. There are no fees to use Deflect.

To use the Services you will need to create a user account and provide some basic information about your website, including the domain name and the server IP address. Once you have registered you will be able to configure each website that you want to be “deflected” through the Deflect Dashboard.

5. Your Website Representative[edit]

Each organisation that uses the Services must appoint a representative duly authorised to act on its behalf, who will (i) have access to the Deflect Dashboard profile configured for their website(s) and who (ii) has access to and control over the primary email address associated with registration of that website (the Website Representative).

We will only take instructions from and communicate with the Website Representative or others who have been authorised by the Website Representative. Preference will be given to communications made via the Deflect Dashboard, or, via email, from the primary email address associated with registration of the website.

Where, for whatever reason, the Website Representative is unable to continue acting, a new Website Representative must be authenticated by You may contact us using the Contact Us form on the website.

6. Your Obligations[edit]

You grant us a royalty-free, non-exclusive, non-transferable right and licence to use, copy, store and display the data you provide us solely for the purpose of enabling us to perform the Services.

6.1 Your Responsibilities[edit]

In addition to any other obligations contained in these Terms, you shall:

  • Represent and warrant that you have the full power and authority to register your organisation’s website for Deflect.
  • Assign, record and control the issuance of your Website Representative’s authority.
  • Be responsible for the accuracy, completeness and adequacy of your data.
  • Be responsible for ensuring that the content on websites using the Services adheres to these Terms and our Manifesto.
  • Be responsible for ensuring that any copyrighted material shall be used with the permission of the owner or that you are otherwise permitted to post the material.
  • Keep your account password and information confidential.
  • Treat staff and its partners with courtesy and respect, remembering that this is a free best effort service run by some very dedicated and overworked people.

6.2 Prohibited activities[edit]

You shall not:

  • Include, or knowingly allow others to include any Objectionable Content
  • Introduce malware or viruses through our Services.

Objectionable Content is content that infringes on the rights of others, particularly human rights and the right to privacy, and or content which is discriminatory, threatening, or liable to incite violence, or racial hatred.

If we believe that your content or data contains or includes malware, viruses, or Objectionable Content then we may remove your data and website from Deflect. If we receive a complaint about your website's content we may contact you for further information and to give you a chance to explain your content. Following our review we may decide to terminate your account and your use of our Services. Please report any abusive content to

7.'s obligations[edit]

7.1 Our Responsibilities[edit]

We shall

  • Operate according to our DDoS principles and place the utmost importance on data security, your privacy, and respecting your technical and service demands.
  • Expend best efforts to (i) keep your website online during a DDoS attack and (ii) continue providing the Services to you irrespective of attacks against your website and or pressure exerted on our organisation.
  • Provide our Service in accordance with our Privacy Notice.
  • Inform you via email, or, if relevant, over the phone or any other communication medium you have provided to us prior to taking advanced mitigation measures.
  • Endeavour to keep our network and all relevant services current, and install the latest software updates and vulnerability patches as and when they become available.
  • Make our help desk available to support your use of Deflect and aim to respond to help tickets within 3 hours between Monday-Friday and within 6 hours on the weekend.
  • When possible, notify you by email of all interruptions to the Services and try to keep such interruptions to a minimum.

8. Copyright Infringement[edit]

Notices of legitimate copyright infringement that we receive will be forwarded to the Website Representative. We may have to suspend the Service to a website in order to comply with applicable copyright law.

9. Termination[edit]

These Terms take effect when you register for Deflect. You are free to stop using Deflect at any time by pointing your domain’s nameserver records away from us. If we believe that you are not respecting our Terms we may suspend your use of Deflect and terminate your account.

In our discretion, but acting reasonably and in good faith, we may cease providing the Services to you, for example, if our funding sources expire. If this happens you will be notified at least one month in advance, if possible, and offered assistance to migrate away from Deflect.

If you violate these Terms we may take escalating steps to rectify the situation, including suspension of your account and the Service. We will aim to be fair and proportionate. If we do not take immediate action, we are not waiving our right to take action later on.

10. Warranties and Limitation of Liability[edit]

We provide Deflect using a commercially reasonable level of skill and care but we cannot make any promises about specific functions of the Service, its reliability, availability or ability to meet your specific needs. We cannot make any commitments that your website will always be safe from attacks. We provide our Services "as is" and exclude all warranties to the extent permitted by law including implied warranties, conditions of merchantable quality, fitness for a particular purpose, non-infringement, that the services will meet your needs, will be available for use at any particular time, or that they will be error free.

In no event shall we be liable for any direct, consequential, incidental, exemplary or punitive damages even if advised in advance of the possibility of such damages. Nor shall we be liable for any lost revenue, lost profit or lost savings, or the results of your use or misuse of the Services, including any use contrary to law.

11. Your Indemnity[edit]

You, and where applicable, your organisation will hold harmless and indemnify us and our affiliates, officers, agents, and employees from any claim, suit or action arising from or related to the use of the Services or violation of these Terms, including any liability or expense arising from claims, losses, damages, suits, judgments, litigation costs and attorney’s fees.

12. General[edit]

We may modify these Terms from time to time and will notify you when this happens. If you don't agree with our modified Terms then you should stop using Deflect.

The laws of Canada will apply to any disputes arising out of or relating to these Terms and will be litigated in the Province of Quebec, Canada.

If any part of these Terms is not enforceable, then the rest of the Terms will remain in force as though the unenforceable provision had never existed.

Our Data Security and Data Integrity Promise

Our prevailing principle will always be the protection of your privacy and the security of your information. If you are using our Services we know that privacy and security are of the highest importance to you. We take all reasonable steps and utilize the best free and open source tools at our disposal to protect your data from loss, misuse and unauthorized access, disclosure, alteration and destruction. We have put in place appropriate physical, electronic and operational procedures to safeguard and secure your Data. We only process your Data in a way that is compatible with the purpose for which it was collected or authorized. At all times we strive to abide by our Declaration for Distributed Online Services.

We have appointed a Privacy Officer who is accountable for our data handling practices. If you have a question or complaint about our data handling practices, please contact us at

1. Effective Date and Scope[edit]

This Privacy Notice is effective as of October 1, 2016 and forms an integral part of our Terms of Service. In this privacy notice (Privacy Notice), the terms “we”, “our” and “us” mean

This Privacy Notice governs our practices with respect to Data that we collect through the Deflect Service about your organization’s websites that are registered with Deflect (“you”) and visitors to your Deflected websites.

2. What Type of Data Do We Collect?[edit]

By Data we mean any type of information collected through the Services, including your Personal Information and metadata related to your use of the Service and visitors to your websites.

Personal Information is information that identifies you or could be combined with other information, to identify you. Personal information may also be information containing details as to whether you have visited a website or your IP address if that personal information can be associated with you. The only Personal Information we collect from you is your email address and the name of the website you are registering. We may also ask to specify the name of the organization this website represents and other details that may help us qualify your eligibility for Deflect, if relevant. Other data may include any Personal Information that you voluntarily provide us through our website, emails, or help tickets that are associated with your user account. We keep your Personal Information for as long as you are registered with us or until you delete your account with us.

Some examples of other types of Data that we collect are:

  • The date you registered for our services
  • Your domain name
  • Your DNS zone file
  • Your IP address
  • The IP addresses of visitors to your Deflected website
  • Metadata associated with visitors’ browsing activity on your website.
  • Session identifiers. While logged in, we keep a temporary session identifier on your computer that your software uses to prove your authentication state. This is deleted when you log out or the session expires.
  • When you are editing your website protected by Deflect, you must authenticate yourself as the owner of the account. This will set a 24 hour cookie on your computer proving your credentials to the Deflect system and allowing you to access the backend.
  • Emails, support tickets and associated metadata.

3. How Do We Use Data We Collect?[edit]

We use the Data we collect (including your Personal Information) to provide our Services, namely Deflect services for your website, administering your account, and managing our relationship.

Some examples of how your Personal Information is used includes (i) registering accounts and authenticating your access to the Deflect Dashboard and (ii) communicating with you about Deflect.

What about metadata? By default, we collect metadata on your website’s visitors. This is otherwise known as logging, and is used to provide you with statistics. We also need this data in order to protect your website from malicious activity, and apply advanced analytics on the metadata associated with your website’s visitors. Should you opt out of metadata collection (logging) through the Deflect Dashboard, metadata will only be retained for the time required to perform the Service. Any metadata associated with malicious activity on our network or your website we be retained indefinitely.

We do not use any third-party cookies or tracking of any kind.

4. Do We Disclose Your Personal Information to Others?[edit]

No, unless we have obtained your prior consent or if we are legally compelled to do so.

5. Law Enforcement Requests[edit]

We may be forced to disclose Data, including your Personal Information, without your knowledge or consent if we receive an order, subpoena, warrant or other legal requirement issued by a court, tribunal, appropriate regulatory body or other person with jurisdiction to compel disclosure of your information, including your Personal Information. If we receive a request from a law enforcement agency for access to Data, including Personal Information in the course of an actual or potential investigation, our policy is to require the law enforcement agency to obtain an order, subpoena or warrant. It is also our policy to contest such an order, subpoena or warrant if we believe the order to be unjustified.

Unless legally prohibited from doing so, we will notify you as soon as possible of any order, subpoena or warrant to provide information about you and visitors to your website, including Personal Information.

6. Storage of Data Outside Canada[edit]

Data may be used or stored by us or our service providers and our affiliates outside of Canada. If your Personal Information is used or stored outside of Canada it will also be subject to the laws of the country in which it is used or stored. In all instances, Data we collect will be protected using all reasonable technical and legal means at our disposal to prevent any third-party access.

7. How Do We Protect Data?[edit]

We take administrative, technical and physical measures to safeguard Data, including your Personal Information against loss, misuse or unauthorized access, disclosure, alteration and/or destruction. We have put in place physical, electronic, and managerial policies for managing and safeguarding Data. Wherever possible, we encrypt Data at rest and in transit. The only access we retain to encrypted Data is that which is necessary to perform the Services, including administrative functions.

Deflect uses third-party services for the provision of its caching and logging infrastructure. We choose carefully our affiliates and third-party service providers to take comparable steps to ensure the protection of any Data that is shared with them, but cannot assume responsibility for their treatment of your personal Data. This is one reason why we strictly encrypt everything at rest.

Although we take precautions against possible breaches of our security systems, no company can fully eliminate the risks of unauthorized access to Data. We cannot guarantee that unauthorized access, hacking, data loss or breaches of our security systems will never occur. Be aware of the risks and consider not transmitting Personal Information to us if you consider that information to be highly sensitive.

8. How Can You Access and Modify Your Personal Information or Make a Complaint?[edit]

If you have an account, log in to access and modify the Personal Information stored with your account. If you have questions or concerns about other Personal Information collected by us and would like assistance accessing that information, please contact our Privacy Officer at

You may also choose to delete your account through the Deflect Dashboard.

9. Notice to Persons Outside of Canada[edit]

This Privacy Notice is governed by the laws of Canada and applicable provincial law. By submitting Personal Information to us, you understand that your Personal Information will be subject to the laws of Canada and applicable provincial laws.

10. Changes to Our Privacy Notice[edit]

We may need to change certain aspects of the Privacy Notice from time to time. We will email you and post any substantive changes to this policy on our website along with the effective date of those changes.