Backup, Business Continuity and Disaster Recovery Terms

Trusted By

Terms of Service

Updated as of June 22, 2022

These Backup, Business Continuity & Disaster Recovery Terms of Service (“BBCDR Terms”) govern Client’s use of Netsurit’s BBCDR Services. By subscribing to or using Netsurit’s BBCDR Services, Client agrees to be bound by these BBCDR Terms, which are incorporated into the Netsurit Master Service Agreement between Client and Netsurit. Capitalized terms not defined in these Terms of Service have the meaning given to them in the Netsurit Master Service Agreement.


Service Subscription Required. The right to use this Service requires that Client is enrolled in a Service Subscription.

Service Plan. Each Service Subscription has its Service Plan defined by the applicable Order and its Schedule of Services. All Service Plans include licenses to the technology needed to perform backup and business continuity functions. Service Plan options include:

·       1-Year Cloud Retention

·       Infinite Cloud Retention

·       Replicated Storage


Retention determines how and/or for how long data associated with a Service is retained. Certain Services and Devices have local retention settings that control how data is retained on the local Device. The retention settings for replicated or offsite data associated with Services enrolled in Siris Private Service and Netsurit Cloud Capacity Based Storage are determined by the user as an option when the Service is Ordered.

As used in this section, a Retention Schedule refers to how and/or for how long data associated with a Service enrolled in Netsurit Cloud Service is retained. Data associated with Services enrolled in any Netsurit Cloud Service Plan will be retained, as specified in the applicable Retention Schedule associated with the purchased Service Plan, for as long as the Service is under an active Service Subscription for which payments are current. If a Service Subscription terminates, Netsurit reserves the right to delete, after 60 days, the backed-up data in the Netsurit Cloud associated with Client’s Service. It is Client’s responsibility, prior to or during this period, at Client’s expense, to request a copy of the data if Client would like to retain a copy of the backed-up data in the Netsurit Cloud associated with Client’s Service. See our Reverse Round Trip Procedures for further information. For Netsurit Cloud Continuity, access to data in the Netsurit Cloud terminates at the same time as the Service Subscription so Client must export Client’s data prior to termination.

Cloud Service Plan – Retention Schedules. The Netsurit Cloud Service Plan options are: (1) 1-Year Cloud Retention; (2) Infinite Cloud Retention; (3) Capacity Based Storage; (4) Live Dataset Retention; and (5) Mirrored Cloud Retention.

1-Year Cloud Retention. The 1-Year Cloud Retention (also known as 1 Year Time Based Retention) plan is not limited to a pre-defined amount of Netsurit Cloud storage. Rather, incremental data backups are maintained for one year on a rolling basis, with the oldest incremental backups deleted first after one year. Automatic consolidation of incremental backup recovery points is applied on a rolling basis as shown below.

Infinite Cloud Retention. The Infinite Cloud Retention Service Plan uses a set retention schedule for the storage of cloud data. The plan is not limited to a pre-defined amount of Netsurit Cloud storage. Instead, incremental backups are retained for an indefinite period of time for as long as the Infinite Cloud Retention Service Plan Service Subscription for the Service is current. Automatic consolidation of incremental backup recovery points is applied on a rolling basis as shown below.

Capacity Based Storage. Capacity Based Storage allows Client to set Client’s own retention schedule. The plan provides for a pre-defined amount of Cloud storage in the monthly Service Subscription fee. Usage of Netsurit Cloud storage in excess of the pre-defined allotment for the Service is charged an additional amount as described in the applicable pricing sheet.

PRUNING OF INCREMENTAL BACKUPS FOR INFINITE CLOUD OR TIME-BASED RETENTION SCHEDULES. With respect to Infinite Cloud Retention, 1-Year Cloud Retention, or any previously offered multi-year time-based Service Plan, the following schedule is used for consolidating incremental backups, stored in the Netsurit Cloud.

Pruning of Incremental Cloud Backups –

Takes Place After:


7 Days


2 Weeks


45 Days


Depends upon Services Plan


If Client’s Service is not subject to a Committed Service Term, Client may switch from any Service Plan to any other currently offered Service Plan available for Client’s Service model (Note: some limitations may apply in switching between certain Service Plans, please contact Client’s Netsurit Chief Technology Advisor for additional information).

If a Service is subject to a current Committed Service Term, the Service may be converted to another Service Plan only if monthly Service Subscription fees under a new Service Plan are higher than under the current Service Plan. Service Plan conversions may require a different Retention Schedule or involve deletion of data backups and Client are responsible for understanding the consequences of any conversion to a different Service Plan.

Regardless of whether a Service is subject to a Committed Service Plan, some fees may apply in switching a Service’s Service Plan to Infinite Cloud Retention.

Custom Built Devices. Select Netsurit devices can be custom-built by starting with a pre-configured device and adding more RAM and/or a more powerful CPU. In some cases, a RAM and/or CPU change may necessitate using a different motherboard as well. These standard approved configurations are provided by Netsurit. The price for a custom-built device is the price of the pre-configured model, plus the price of the additional hardware. Each device that is custom-built by Netsurit using standard approved configurations comes with the same Standard Warranty as the pre-configured device on which it is based. To learn more about custom-built options, please contact Client’s Netsurit Chief Technology Advisor.


Standard Upgrades. Our Standard Upgrade Policy allows Client to purchase a new device (the Upgrade device) and return an existing device (the Original device) to Netsurit for upgrade credit equal to the price Client paid for the Original device. In no event will the upgrade credit exceed the lesser of the cost of the Upgrade device, or the amount paid for the Original device.

To be eligible for any upgrade, the Upgrade device must be in a higher Service tier and purchased with a higher priced Service Subscription than the Service Subscription for the Original device. The Service Subscription price for the Original device will be the price at the time of the Original device order or the price at the time of the upgrade order, whichever is greater. The only hardware discounts available on an Upgrade device purchase are any standard discounts for Committed Service Terms. Please contact Client’s Netsurit Chief Technology Advisor for available upgrade paths for Client’s device. If the Original device undergoing a Standard Upgrade is subject to a current Committed Service Term, the Upgrade device must be purchased together with a new Committed Service Term at least as long as the time remaining in the Committed Service Term on the Original device. For example, if the Original device has 6 months remaining on a 36 month Committed Service Term at the time of Standard Upgrade, and the shortest Committed Service Term offered is 12 months in length, then the Upgrade device must be purchased together with a Committed Service Term of at least 12 months. A device transferred from the Partner that originally purchased it is not eligible for an upgrade credit under the Standard Upgrade Policy; only the Partner that originally purchased that device can take advantage of a Standard Upgrade for that device.

To perform a Standard Upgrade, Client must contact a Netsurit Chief Technology Advisor and purchase an eligible Upgrade device. Once Client receive the Upgrade device, Client must connect the Upgrade device and the Original device to the same local network, then migrate the data from the Original device to the Upgrade device (this may require the assistance of Netsurit Technical Support). After migration is complete and the Upgrade device is operational, Client must return the Original device to Netsurit following the Service Return Guidelines to receive an upgrade credit. Once Client register the Upgrade device, Client will be billed at the new monthly Service Subscription rate for the Upgrade device. In order to ensure uninterrupted service, Service billing on the Original device continues until we either receive the Original device or Client cancel the Service Subscription on the Original device. To receive the upgrade credit, the Original device must be returned in undamaged, working condition in adequate packaging. If damage occurs while in shipment to us due to poor packaging, Client’s upgrade credit may be reduced to cover damaged hardware.

A Standard Upgrade can only be applied one time within three years from purchase of the Original device. An Upgrade device obtained with a Standard Upgrade comes with a new Standard Warranty applicable to the Upgrade device, but may not be used in a further Standard Upgrade under this policy.

Field Upgrades. For any of the upgrade paths for which a Field Upgrade is an option, in the event Client would like to perform an upgrade to a different model, Client must select a Field Upgrade rather than a Standard Upgrade.

Different from the Standard Upgrade, a Field Upgrade does not require physically swapping an Original device for an Upgrade device. Instead, Client may purchase from Netsurit and install on-site a Field Upgrade Kit, consisting of hard disk drives and in some cases RAM. In most cases a Field Upgrade Kit will upgrade a device to match the specs of a larger model in the same Service line. Field Upgrade Kits are available only for certain devices – please see Client’s Chief Technology Advisor for further information.

You may purchase Field Upgrade Kits through a Netsurit Chief Technology Advisor, paying the difference between the list price (at the time of upgrade) for the Original device and the list price (at the time of upgrade) of the Upgrade device. The price of the Service Subscription applicable to the device after the Field Upgrade must be higher than before the Field Upgrade.

Once the Field Upgrade Kit has been received, Client should initiate the installation by contacting Netsurit Technical Support. A Support Representative will guide Client through the process of adding the RAM to the motherboard, and adding the new drives via the hot-swap bays. Multiple drive swaps and/or resilvering operations may be required. The Field Upgrade process can be suspended should Client need to perform a recovery from the local device. For further details, please consult the Partner Portal, or contact your Netsurit Chief Technology Advisor.

The new Service Subscription rate on the Upgraded device will begin in the month immediately following the completed Field Upgrade.

If the device that has undergone a Field Upgrade has a prepaid Service Subscription, Client will be charged a prorated amount equal to the difference between the original monthly Service Subscription rate and the new monthly Service Subscription rate times the number of months remaining in the prepaid term, rounded down to the nearest month. Discounts originally applied to a prepayment do not extend to new Service Subscription charges resulting from a Field Upgrade.

A Field Upgrade does not affect a Committed Service Term on the device, which will remain in force at the new service Subscription rate.

A Field Upgrade can be applied at any point during the three-year period following purchase of the device, but at no time after. Performing a Field Upgrade does not extend the device’s Standard Warranty and all components installed from a Field Upgrade Kit fall under the device’s original Standard Warranty. At no point will the Field Upgrade Kit components be under warranty when the Standard Warranty for the Original device in which they have been installed has lapsed.


RoundTrip service is used to expedite the replication of large data sets from a local Netsurit device to the Netsurit Cloud (standard RoundTrip) or to retrieve large data sets from the Netsurit Cloud (reverse RoundTrip). RoundTrip service involves the use of a physical storage device, called a RoundTrip device/drive, supplied by Netsurit or by you, that makes a “round trip” (either from Netsurit to Client and back with a Netsurit supplied RoundTrip drive; or from Client to Netsurit and back when Client supply the physical storage device). RoundTrip service allows synchronization of data to the Netsurit Cloud, or retrieval of data from the Netsurit Cloud, in far less time than it takes to transfer large data sets over internet connections.

The primary purpose of standard RoundTrip service is to facilitate the initial replication of full images from a newly deployed Netsurit device to the Netsurit Cloud. After such initial cloud seeding, standard RoundTrip service should be used only to resolve off-site synchronization issues and not to compensate regularly for inadequate bandwidth at a local device site.

Reverse RoundTrip service is a fee-based service. Netsurit requires proper written authorization for all reverse RoundTrip orders before we send any data from the Netsurit Cloud. Client must represent that Client have the authority to request and receive a copy of the data in the Netsurit Cloud and are acting on the instructions of and for the benefit of the owner of the data. Client are responsible for any misrepresentation involving Client’s authority to receive data from the Netsurit Cloud that has not in fact been authorized by the owner of the data.

All RoundTrip service is subject to the RoundTrip Procedures. Netsurit is not responsible for any delayed or incorrect RoundTrip service caused by Client’s improper ordering of RoundTrip service, incorrect shipments or shipment information, or any other failure by Client to follow instructions or the RoundTrip Procedures. Client are responsible for and agree to pay the full current replacement cost of a RoundTrip device/drive supplied by Netsurit if damage occurs to it (a) while in Client’s custody or control; (b) due to Client’s shipment using to inadequate shipping materials; or (c) if Client fail to return it to Netsurit in the time specified in the RoundTrip Procedures. Client are also fully responsible for all consequences of Client’s delay in returning a RoundTrip device/drive that results in incomplete data synchronization between a Netsurit device and the Netsurit Cloud and the need for that data in the event of a disaster or other business continuity event.


Standard Limited Hardware Warranty. New Netsurit business continuity and disaster recovery physical device hardware is warranted against defects in materials and workmanship under normal use, handling and installation for a warranty period, which starts on the date the associated device is shipped to Client and which continues for the period of time applicable to the associated Service (see chart below). With respect to any device covered by this Standard Limited Hardware Warranty (Standard Warranty) that is found by Netsurit to be defective during the warranty period, Netsurit’s obligations under this Standard Warranty are limited to, at Netsurit’s option, either: (i) repairing the device using new or refurbished parts that are equivalent to new in performance and reliability; (ii) replacing the device with one that is new or formed from new and/or refurbished parts that are equivalent to new in performance and reliability; or (iii) issuing a credit for the device. In order to be eligible for warranty service, a device must be enrolled in an active Service Subscription for which payment is current. This Standard Warranty does not extend to or include software included with the associated device. The warranty period on the device is determined at the time of purchase, and is not affected by subsequent software updates or hardware upgrades. All warranty claims must be received by Netsurit within the applicable warranty period.

The Standard Limited Warranty does not cover device defects or failures resulting from 1) accident, neglect or abuse; 2) improper installation or maintenance; or 3) modifications, repairs, improvements, installation of third party software, or other changes to the hardware or software components of the device that have not been authorized in writing by Netsurit. Client is responsible for any costs related to the foregoing exclusions.

A device that has been repaired or is a replacement of a device will continue to be under warranty for a period equal to the greater of (i) the balance of the existing warranty period for the original device; or (ii) sixty (60) days.

If Client has previously purchased an extended warranty for certain devices, all terms, conditions, procedures and limitations of the Standard Warranty will apply during the period of the extended warranty.

Device Hardware Type

Standard Warranty Period

Siris 3 Business, Siris 3 Professional, Siris 3 X Professional, Siris 3 Enterprise, Siris 4

5 years

NAS 3 Business Performance, NAS 3 Professional Performance, NAS 3 X Professional Performance, NAS 3 Enterprise Performance, NAS 4

5 years

All other BBCDR Devices

3 years



All Netsurit BBCDR Hardware Services may be returned at any time within sixty (60) days of purchase. If Client’s purchase involves a BBCDR Service that includes a physical device, the purchase date for the purposes of this Section shall be the shipment date of the Service.  Please contact Client’s Netsurit Chief Technology Advisor to request an RMA email that will include return instructions and, as applicable, a return shipping label.



When Agent Level Encryption is activated, Data remains protected by AES-256 bit encryption during the entire synchronization, storage, and replication process. When Agent Level Encryption is not activated, data is not encrypted at rest either in the cloud or on the device. Only Siris devices support Agent Level Encryption.

Secure Controls

Data centers are compliant with the Service Organization Control (SOC 1/ SSAE 16 and SOC 2) reporting standards. Renowned as the predominant credential for data centers, the criteria for SOC auditing are set forth by the American Institute of Certified Public Accountants. The operational controls and activities of facilities are audited annually to maintain compliance.

Secure Management

The Engineering team proactively monitors and maintains the servers of the BBCDR Service.

The Cloud Engineering team:

·       ensures the health and optimization of hardware

·       overseeing OS updates

·       conducts reactionary fixes for any security exploits either published or discovered.

Data Security

Engineering’s access to node servers is granted via RSA SSH keys and two-factor authentication. Root permission is guarded by a robust 22-character minimum passcode.

Physical Access

Physical access is guarded 24/7 by personnel, biometric scanning, and activity logging.


The BBCDR cloud is composed of nine data centers located in different countries. All US Client data first synchronizes to the primary facility in Pennsylvania. A secondary location in Utah serves as means of replication for the primary data center. All primary sites can provide users remote access to protected files and systems in the case of a disaster.


The data centers themselves are TIER 3 rated according to the American National Standards Institute (ANSI/TIA-942). All infrastructure components are fully fault-tolerant, which translates to a minimum guaranteed uptime of 99.982%. This fault-tolerance is a safeguard against the failure of any given piece of equipment required for data center functionality, infrastructure redundancy, and ensures that the BBCDR Cloud remains intact and operational.


Utility feed, N+1 generators, and eight dual-module UPS battery systems supply BBCDR servers.


Multiple physical entry points and load balancing across three Internet Service Providers (ISP).


Industry-grade passive and active HVAC systems regulate temperature and humidity.

Fire Protection

Waterless FM200 systems use vapor to extinguish fires in 10 seconds while neither conducting electricity nor causing harm to occupants.


The BBCDR Service involves the use of third party technology licensed by Netsurit, the use of which is subject to such third parties’ license or other end user Client terms. Client acknowledges that Netsurit and its Licensor (“Licensor”) own all intellectual property rights in and to the Service. Client will not engage in or authorize any activity that is inconsistent with such ownership.


Licensor will not view, access or use Content, including Personal Information within Content, except as needed to actually provide the Service, as authorized by Netsurit in connection with the Service.

In the course of providing Service support requested by Netsurit, Licensor may have incidental access to Content. Any Netsurit request for Service support will be deemed express permission for us to access Content as needed for the limited purposes of providing the requested Service support. Client, as the data controller, is responsible for furnishing any notices or obtaining any consents required by law from the relevant individuals.

Licensors’ Rights. In the event that Licensor reasonably believe Content or related Service use violates these terms, may disrupt or threaten the operation or security of any computer, network, system or the Service, or may otherwise subject Licensor to liability, Licensor reserve the right to refuse or disable access to the Service or Content. Netsurit may also take such action pursuant to the Digital Millennium Copyright Act and/or as required to comply with law or any judicial, regulatory or other governmental order or request. Netsurit will use reasonable efforts to contact the Client Liaison prior to taking such action. Notwithstanding the foregoing, Netsurit may restrict access to any Service or Content without prior notice as required to comply with law or any judicial, regulatory or other governmental order or request. In the event that Netsurit takes any such action without prior notice, Netsurit will provide notice to the Client Liaison, unless prohibited by law.

Use of Aggregate Data. Notwithstanding anything else in these Terms or otherwise, Licensor may evaluate and process use of the Service and Content in an aggregate and anonymous manner, meaning in such a way that the individual is not or no longer identified or identifiable and compile statistical and performance information related thereto (referred to as “Aggregate Data”). Licensor may use, process and share such Aggregate Data with third parties to improve the Services, develop new Services, understand and/or analyze usage, demand, and general industry trends, develop and publish white papers, reports, and databases summarizing the foregoing, and generally for any purpose related to Licensors’ business. Licensor retains all intellectual property rights in Aggregate Data. For clarity, Aggregate Data does not include any personally identifiable information nor identify any Client or individual.

Right to Interact with Services. Client agree that Netsurit may and Client hereby authorize Netsurit to interact remotely with any deployed Service in order to test, troubleshoot, update, analyze use of or modify the Service or the environment in which it operates.


Netsurit operates and manages use of the Service with Client Content. Netsurit is not an agent of Licensor and is not authorized to make any representations or warranties on behalf of Licensor regarding the Service or its use.

Client is responsible for instructing and authorizing Netsurit with respect to use of the Service including backup settings, management, retention, deletion and/or transfer of Content.

Client expressly agrees that Licensor may rely on the instructions and authorization of Netsurit with respect to use and support of the Service and access and control of Client Content.


If Netsurit authorizes Client to access or use a Service directly, through the Service interface or through a portal account, Client is responsible for all actions Client takes with respect to use of the Service including backup settings and management, retention and deletion of Content and Netsurit may rely on Client’s instructions as an authorized administrator of the Service.

Any support for the Service is provided to Client by Netsurit and not directly by the Licensor.


In consideration of Netsurit’s performance of Services pursuant to these BBCDR Terms, Client shall pay Netsurit the monthly rate as defined in the referencing Order.